"Recent posts
#1
German - Deutsch / Re: OPenVPN Routing Problem / ...
Last post by Patrick M. Hausen - Today at 05:51:26 PMFüge bei der Allow-Regel am LAN deinen Gateway ausdrücklich hinzu.
#2
General Discussion / Re: How to Include AdvancedTom...
Last post by franco - Today at 05:50:33 PMextras.conf modifies the default configuration if you need to
https://github.com/opnsense/tools/blob/master/config/25.7/extras.conf
You could also modify the ports package you're building to include the right config.xml.sample.
More than one way to get to Rome. ;)
Cheers,
Franco
https://github.com/opnsense/tools/blob/master/config/25.7/extras.conf
You could also modify the ports package you're building to include the right config.xml.sample.
More than one way to get to Rome. ;)
Cheers,
Franco
#3
German - Deutsch / OPenVPN Routing Problem / Defa...
Last post by fw115 - Today at 05:48:30 PMHallo zusammen,
nutze das Legacy Plugin.
2 Zustände:
Lasse ich beim VPN Client die routen ziehen komme ich über das VPN an meine Webserver , ping usw. So wie es eben soll.
Dafür kann ich dann nicht mehr aus dem LAN raus ins Internet.
Mach ich beim VPN Client no route pull, komme ich vom LAN ins Netz und dafür aber nicht mehr an meiner Webserver und co.
Was übersehe ich ?
Config:
LAN > 192.168.1.0/24
WAN > über Vlan 132 32.xx.xx./24 mit 1 Nutzbaren festen IP
OpenVPN > 213.240.xx.xx./32 auf das ein 195.8.xx.xx/29 groutet ist
Die Firewall DMZ hat die erste Nutzbare IP Adresse des / 29 als Interface Adresse
DMZ > 195.8.xx.xx.1/29
nutze das Legacy Plugin.
2 Zustände:
Lasse ich beim VPN Client die routen ziehen komme ich über das VPN an meine Webserver , ping usw. So wie es eben soll.
Dafür kann ich dann nicht mehr aus dem LAN raus ins Internet.
Mach ich beim VPN Client no route pull, komme ich vom LAN ins Netz und dafür aber nicht mehr an meiner Webserver und co.
Was übersehe ich ?
Config:
LAN > 192.168.1.0/24
WAN > über Vlan 132 32.xx.xx./24 mit 1 Nutzbaren festen IP
OpenVPN > 213.240.xx.xx./32 auf das ein 195.8.xx.xx/29 groutet ist
Die Firewall DMZ hat die erste Nutzbare IP Adresse des / 29 als Interface Adresse
DMZ > 195.8.xx.xx.1/29
#4
25.7 Series / Re: Unable to Upgrade to 25.7....
Last post by franco - Today at 05:46:59 PMMay be worth reinstalling the "pkg" package and see if that helps. If not the package database may be damaged and "opnsense-bootstrap" could help.
Cheers,
Franco
Cheers,
Franco
#5
25.7 Series / Re: Unable to Upgrade to 25.7....
Last post by utkonos - Today at 05:46:28 PMI tried the cleanup audit recommended in other threads. It allowed the update to run again, but it fails with the following:
Code Select
***GOT REQUEST TO UPDATE***
Currently running OPNsense 25.7 (amd64) at Mon Aug 4 15:45:09 UTC 2025
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (13 candidates): .......... done
Processing candidates (13 candidates): .......... done
The following 13 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
boost-libs: 1.88.0_1 -> 1.88.0_2
curl: 8.14.1 -> 8.15.0
ivykis: 0.43.2 -> 0.43.2_1
jq: 1.8.0 -> 1.8.1
libucl: 0.9.2_1 -> 0.9.2_2
nss: 3.113.1_1 -> 3.114
opnsense: 25.7 -> 25.7.1_1
os-ddclient: 1.27_3 -> 1.27_4
os-wol: 2.5_1 -> 2.5_3
py311-duckdb: 1.3.1_1 -> 1.3.2
py311-s3transfer: 0.13.0 -> 0.13.1
sudo: 1.9.17p1 -> 1.9.17p2
syslog-ng: 4.8.2_3 -> 4.8.2_4
Number of packages to be upgraded: 13
36 MiB to be downloaded.
[1/13] Fetching boost-libs-1.88.0_2.pkg: .......... done
[2/13] Fetching nss-3.114.pkg: .......... done
[3/13] Fetching jq-1.8.1.pkg: .......... done
[4/13] Fetching syslog-ng-4.8.2_4.pkg: .......... done
[5/13] Fetching py311-s3transfer-0.13.1.pkg: .......... done
[6/13] Fetching ivykis-0.43.2_1.pkg: .......... done
[7/13] Fetching os-wol-2.5_3.pkg: . done
[8/13] Fetching curl-8.15.0.pkg: .......... done
[9/13] Fetching os-ddclient-1.27_4.pkg: .... done
[10/13] Fetching libucl-0.9.2_2.pkg: .......... done
[11/13] Fetching opnsense-25.7.1_1.pkg: .......... done
[12/13] Fetching py311-duckdb-1.3.2.pkg: .......... done
[13/13] Fetching sudo-1.9.17p2.pkg: .......... done
Checking integrity...Assertion failed: (strcmp(uid, p->uid) != 0), function pkg_conflicts_check_local_path, file pkg_jobs_conflicts.c, line 315.
Child process pid=7184 terminated abnormally: Abort trap
Starting web GUI...done.
***DONE*** #6
25.7 Series / Re: System reports there is an...
Last post by franco - Today at 05:45:15 PMTrue but it looks like the package database was trashed at some point given the very low "candidate" count. This is "more normal" on my end:
Checking for upgrades (134 candidates): .......... done
Processing candidates (134 candidates): . done
Checking integrity... done (0 conflicting)
Your packages are up to date.
Cheers,
Franco
Checking for upgrades (134 candidates): .......... done
Processing candidates (134 candidates): . done
Checking integrity... done (0 conflicting)
Your packages are up to date.
Cheers,
Franco
#7
German - Deutsch / Re: OpnSense PPPoE Einwahl mit...
Last post by Patrick M. Hausen - Today at 05:40:28 PMWahrscheinlich schon. Also egal.
In dem von dir verlinkten Text steht allerdings wörtlich:
Der Satz danach ist allerdings auch wieder Quatsch:
Sowohl die gängigen Zyxel als auch Vigor haben mehr als einen Ethernet-Port. Da kann man für die UI des Modems also easy noch ein Kabel zu einem anderen Interface rein stöpseln. Auch per VLAN und einen Port am Switch.
Was tatsächlich nur einen Port hat, ist der Glasfaser-ONT der Telekom. Der kann das mit dem VLAN aber sowieso nicht und die Sense muss es machen.
In dem von dir verlinkten Text steht allerdings wörtlich:
QuoteAlternative
Bei einiges Modems kann man auch denen das Setzen des VLAN-Tags überlassen. In diesem Fall überspringt man Punkt 2 und legt das PPPoE-Interface im Schritt 3 direkt auf igb1.
Der Satz danach ist allerdings auch wieder Quatsch:
QuoteAllerdings ist eine Konfiguration des Modems dann nicht mehr möglich, da das native Interface nicht über die richtige IP-Adresse verfügt.
Sowohl die gängigen Zyxel als auch Vigor haben mehr als einen Ethernet-Port. Da kann man für die UI des Modems also easy noch ein Kabel zu einem anderen Interface rein stöpseln. Auch per VLAN und einen Port am Switch.
Was tatsächlich nur einen Port hat, ist der Glasfaser-ONT der Telekom. Der kann das mit dem VLAN aber sowieso nicht und die Sense muss es machen.
#8
25.7 Series / Re: Vulnerability detected in ...
Last post by franco - Today at 05:39:50 PMI'm not going to fall for the argument that some people are awesome like that. Yes they are but that's besides the point. As a society I think we have failed open source and corporations are only spending reasonable amounts of money on open source when they are forced to.
At some point AI will answer your reports and try to fix bugs for you in software that is too integral to die but not worth the money to fund. When we are there we will know how good we had it the last two or three decades. ;)
Cheers,
Franco
At some point AI will answer your reports and try to fix bugs for you in software that is too integral to die but not worth the money to fund. When we are there we will know how good we had it the last two or three decades. ;)
Cheers,
Franco
#9
25.7 Series / Unable to Upgrade to 25.7.1
Last post by utkonos - Today at 05:34:19 PMDuring the upgrade there was a crash of some kind. The device restarted and reverted to 25.7. Now, when trying to upgrade again I get the following:
I read other threads requesting a health audit. I tried that and there is a crash during the audit. Here is what was on the screen when the crash occurred:
Code Select
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 25.7 (amd64) at Mon Aug 4 15:13:10 UTC 2025
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Waiting for another process to update repository OPNsense
All repositories are up to date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking for upgrades (13 candidates): .......... done
Processing candidates (13 candidates): .......... done
Checking integrity...Assertion failed: (strcmp(uid, p->uid) != 0), function pkg_conflicts_check_local_path, file pkg_jobs_conflicts.c, line 315.
Child process pid=66704 terminated abnormally: Abort trap
***DONE***I read other threads requesting a health audit. I tried that and there is a crash during the audit. Here is what was on the screen when the crash occurred:
Code Select
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 25.7 (amd64) at Mon Aug 4 15:19:00 UTC 2025
>>> Root file system: /dev/gpt/rootfs
>>> Check installed kernel version
Version 25.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 25.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense (Priority: 11)
>>> Check installed plugins
os-ddclient 1.27_3
os-wol 2.5_1
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .... #10
25.7 Series / Re: upgrading to 25.7.1 hangs ...
Last post by franco - Today at 05:33:39 PMI suspect the old kernel was actually 25.1.12 in that case. What hardware / Intel CPU are you using? Did you install microcode plugin after going to 25.7 or was it previously installed?
Cheers,
Franco
Cheers,
Franco
