Recent posts

Main Menu

Welcome to OPNsense Forum.
Log in
Sign up

OPNsense Forum
► Recent posts

Pages 1 2 3 4 ... 10

#11

General Discussion / Re: DNS Unbound Issue

Last post by viragomann - August 31, 2025, 10:23:58 PM

What exactly do you get, when you do a DNS lookup on private network device?

To ensure all the DNS requests go to Unbound, it's best practice to redirect all DNS request which are not going to "This firewall".
Ensure that Unbound is listening also on localhost and redirect DNS traffic to 127.0.0.1.

#12

French - Français / Helps

Last post by kone - August 31, 2025, 10:16:19 PM

Hi every one ! I have a problem with my OPNsense captive portal. I work with RADIUS server on windows server. I maked all of configuration n RADIUS and on OPNsense but when I try to test the captive portal, it displays "authentication failed." I've tried everything, but nothing works.

#13

25.7 Series / Re: OPNsense certificates show...

Last post by viragomann - August 31, 2025, 09:24:12 PM

Try to restore a backup.

#14

25.7 Series / Re: Weird errors after update ...

Last post by crazywolf13 - August 31, 2025, 09:06:07 PM

Warning to anyone here, using opnsense-bootstrap renders the running installation unusable and manual reinstall is neccessary:

Code Select

root@OPNsense:/home/tobias # sh opnsense-bootstrap.sh.in
Must specify an OPNsense release.
root@OPNsense:/home/tobias # sh opnsense-bootstrap.sh.in -r 25.7
This utility will attempt to turn this installation into the latest
OPNsense 25.7 release.  All packages will be deleted, the base
system and kernel will be replaced, and if all went well the system
will automatically reboot.

Proceed with this action? [y/N]: y
fetch: https://github.com/opnsense/core/archive/stable/25.7.tar.gz: size of remote file is not known
/tmp/opnsense-bootstrap/core.tar.gz                     11 MB 3878 kBps    03s
pkg: 163 packages installed
beep-1.0_2: already unlocked
boost-libs-1.88.0_1: already unlocked
brotli-1.1.0,1: already unlocked
ca_root_nss-3.115: already unlocked
choparp-20150613_1: already unlocked
cpdup-1.22_1: already unlocked
cpustats-0.1: already unlocked
curl-8.14.1: already unlocked
cyrus-sasl-2.1.28_5: already unlocked
cyrus-sasl-gssapi-2.1.28: already unlocked
dhcp6c-20250513: already unlocked
dhcrelay-1.0: already unlocked
dmidecode-3.6: already unlocked
dnsmasq-2.91_1,1: already unlocked
dpinger-3.3: already unlocked
easy-rsa-3.2.3,1: already unlocked
expat-2.7.1: already unlocked
filterlog-0.7_1: already unlocked
flock-2.37.2_1: already unlocked
flowd-0.9.1_5: already unlocked
gettext-runtime-0.23.1: already unlocked
glib-2.84.1_3,2: already unlocked
gmp-6.3.0: already unlocked
hostapd-2.11_3: already unlocked
hyperscan-5.4.2: already unlocked
icu-76.1,1: already unlocked
ifinfo-13.0_1: already unlocked
iftop-1.0.p4_1: already unlocked
indexinfo-0.3.1_1: already unlocked
isc-dhcp44-server-4.4.3P1_2: already unlocked
ivykis-0.43.2: already unlocked
jansson-2.14.1: already unlocked
jq-1.8.0: already unlocked
json-c-0.18: already unlocked
kea-2.6.3_1: already unlocked
krb5-1.21.3_1: already unlocked
ldns-1.8.4: already unlocked
libargon2-20190702_1: already unlocked
libcbor-0.12.0_2: already unlocked
libedit-3.1.20250104,1: already unlocked
libevent-2.1.12: already unlocked
libffi-3.5.1: already unlocked
libfido2-1.16.0: already unlocked
libiconv-1.17_1: already unlocked
libidn2-2.3.8: already unlocked
libinotify-20240724_2: already unlocked
libltdl-2.5.4: already unlocked
liblz4-1.10.0,1: already unlocked
libmcrypt-2.5.8_4: already unlocked
libnet-1.3,1: already unlocked
libnghttp2-1.66.0: already unlocked
libpfctl-0.15: already unlocked
libpsl-0.21.5_2: already unlocked
libsodium-1.0.19: already unlocked
libucl-0.9.2_1: already unlocked
libunistring-1.3: already unlocked
libuuid-2.41.1_1: already unlocked
libxml2-2.14.5: already unlocked
libyaml-0.2.5: already unlocked
lighttpd-1.4.79: already unlocked
log4cplus-2.1.2: already unlocked
lua54-5.4.8: already unlocked
lzo2-2.10_1: already unlocked
monit-5.35.2: already unlocked
mpd5-5.9_19: already unlocked
mpdecimal-4.0.1: already unlocked
nano-8.4: already unlocked
nettle-3.10.2: already unlocked
nspr-4.37: already unlocked
ntp-4.2.8p18_4: already unlocked
oniguruma-6.9.10: already unlocked
openldap26-client-2.6.10: already unlocked
openssh-portable-10.0.p1_1,1: already unlocked
openssl-3.0.17,1: already unlocked
openvpn-2.6.14: already unlocked
opnsense-installer-25.1: already unlocked
opnsense-lang-25.1.11: already unlocked
opnsense-update-25.7: already unlocked
os-dmidecode-1.2: already unlocked
os-telegraf-1.12.12_1: already unlocked
os-theme-rebellion-1.9.3: already unlocked
os-wol-2.5_1: already unlocked
p5-Error-0.17030: already unlocked
pam_opnsense-24.1: already unlocked
pcre2-10.45_1: already unlocked
perl5-5.40.2_2: already unlocked
pftop-0.13: already unlocked
php83-8.3.23: already unlocked
php83-ctype-8.3.23: already unlocked
php83-dom-8.3.23: already unlocked
php83-filter-8.3.23: already unlocked
php83-gettext-8.3.23: already unlocked
php83-mbstring-8.3.23: already unlocked
php83-pcntl-8.3.23: already unlocked
php83-pdo-8.3.23: already unlocked
php83-pear-1.10.13: already unlocked
php83-pecl-mcrypt-1.0.7: already unlocked
php83-pecl-radius-1.4.0b1_3: already unlocked
php83-phalcon-5.9.3: already unlocked
php83-phpseclib-3.0.46: already unlocked
php83-session-8.3.23: already unlocked
php83-simplexml-8.3.23: already unlocked
php83-sockets-8.3.23: already unlocked
php83-xml-8.3.23: already unlocked
php83-zlib-8.3.23: already unlocked
pkcs11-helper-1.29.0_3: already unlocked
pkg-1.19.2_5: already unlocked
py311-Babel-2.17.0_1: already unlocked
py311-Jinja2-3.1.6: already unlocked
py311-anyio-4.9.0: already unlocked
py311-async_generator-1.10_1: already unlocked
py311-attrs-25.3.0: already unlocked
py311-bottleneck-1.3.8_1: already unlocked
py311-certifi-2025.7.14: already unlocked
py311-cffi-1.17.1: already unlocked
py311-charset-normalizer-3.4.2: already unlocked
py311-h11-0.16.0: already unlocked
py311-h2-4.1.0_1: already unlocked
py311-hpack-4.0.0_1: already unlocked
py311-hyperframe-6.0.0_1: already unlocked
py311-idna-3.10: already unlocked
py311-ldap3-2.9.1_1: already unlocked
py311-markupsafe-3.0.2: already unlocked
py311-netaddr-1.3.0: already unlocked
py311-numexpr-2.11.0: already unlocked
py311-numpy-1.26.4_6,1: already unlocked
py311-outcome-1.3.0_2: already unlocked
py311-packaging-25.0: already unlocked
py311-pyasn1-0.6.0: already unlocked
py311-pyasn1-modules-0.4.1: already unlocked
py311-pycparser-2.22: already unlocked
py311-pylsqpack-0.3.22: already unlocked
py311-pysocks-1.7.1_1: already unlocked
py311-python-dateutil-2.9.0: already unlocked
py311-pytz-2025.2_1,1: already unlocked
py311-pyyaml-6.0.1_1: already unlocked
py311-requests-2.32.4: already unlocked
py311-six-1.17.0: already unlocked
py311-sniffio-1.3.1: already unlocked
py311-socksio-1.0.0_1: already unlocked
py311-sortedcontainers-2.4.0_1: already unlocked
py311-trio-0.30.0: already unlocked
py311-truststore-0.10.1: already unlocked
py311-typing-extensions-4.14.1: already unlocked
py311-tzdata-2025.2: already unlocked
py311-ujson-5.10.0_1: already unlocked
py311-urllib3-1.26.20,1: already unlocked
py311-vici-5.9.11_1: already unlocked
python311-3.11.13: already unlocked
radvd-2.20: already unlocked
readline-8.2.13_2: already unlocked
rrdtool-1.9.0_1: already unlocked
samplicator-1.3.8.r1_1: already unlocked
strongswan-5.9.14: already unlocked
sudo-1.9.17p1: already unlocked
syslog-ng-4.8.2_3: already unlocked
tailscale-1.86.4: already unlocked
telegraf-1.35.1: already unlocked
unbound-1.23.1: already unlocked
wol-0.7.1_5: already unlocked
wpa_supplicant-2.11_5: already unlocked
zip-3.0_4: already unlocked
zstd-1.5.7: already unlocked
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 163 packages (of 0 packages in the universe):

Installed packages to be REMOVED:
        beep: 1.0_2
        boost-libs: 1.88.0_1
        brotli: 1.1.0,1
        ca_root_nss: 3.115
        choparp: 20150613_1
        cpdup: 1.22_1
        cpustats: 0.1
        curl: 8.14.1
        cyrus-sasl: 2.1.28_5
        cyrus-sasl-gssapi: 2.1.28
        dhcp6c: 20250513
        dhcrelay: 1.0
        dmidecode: 3.6
        dnsmasq: 2.91_1,1
        dpinger: 3.3
        easy-rsa: 3.2.3,1
        expat: 2.7.1
        filterlog: 0.7_1
        flock: 2.37.2_1
        flowd: 0.9.1_5
        gettext-runtime: 0.23.1
        glib: 2.84.1_3,2
        gmp: 6.3.0
        hostapd: 2.11_3
        hyperscan: 5.4.2
        icu: 76.1,1
        ifinfo: 13.0_1
        iftop: 1.0.p4_1
        indexinfo: 0.3.1_1
        isc-dhcp44-server: 4.4.3P1_2
        ivykis: 0.43.2
        jansson: 2.14.1
        jq: 1.8.0
        json-c: 0.18
        kea: 2.6.3_1
        krb5: 1.21.3_1
        ldns: 1.8.4
        libargon2: 20190702_1
        libcbor: 0.12.0_2
        libedit: 3.1.20250104,1
        libevent: 2.1.12
        libffi: 3.5.1
        libfido2: 1.16.0
        libiconv: 1.17_1
        libidn2: 2.3.8
        libinotify: 20240724_2
        libltdl: 2.5.4
        liblz4: 1.10.0,1
        libmcrypt: 2.5.8_4
        libnet: 1.3,1
        libnghttp2: 1.66.0
        libpfctl: 0.15
        libpsl: 0.21.5_2
        libsodium: 1.0.19
        libucl: 0.9.2_1
        libunistring: 1.3
        libuuid: 2.41.1_1
        libxml2: 2.14.5
        libyaml: 0.2.5
        lighttpd: 1.4.79
        log4cplus: 2.1.2
        lua54: 5.4.8
        lzo2: 2.10_1
        monit: 5.35.2
        mpd5: 5.9_19
        mpdecimal: 4.0.1
        nano: 8.4
        nettle: 3.10.2
        nspr: 4.37
        ntp: 4.2.8p18_4
        oniguruma: 6.9.10
        openldap26-client: 2.6.10
        openssh-portable: 10.0.p1_1,1
        openssl: 3.0.17,1
        openvpn: 2.6.14
        opnsense-installer: 25.1
        opnsense-lang: 25.1.11
        opnsense-update: 25.7
        os-dmidecode: 1.2
        os-telegraf: 1.12.12_1
        os-theme-rebellion: 1.9.3
        os-wol: 2.5_1
        p5-Error: 0.17030
        pam_opnsense: 24.1
        pcre2: 10.45_1
        perl5: 5.40.2_2
        pftop: 0.13
        php83: 8.3.23
        php83-ctype: 8.3.23
        php83-dom: 8.3.23
        php83-filter: 8.3.23
        php83-gettext: 8.3.23
        php83-mbstring: 8.3.23
        php83-pcntl: 8.3.23
        php83-pdo: 8.3.23
        php83-pear: 1.10.13
        php83-pecl-mcrypt: 1.0.7
        php83-pecl-radius: 1.4.0b1_3
        php83-phalcon: 5.9.3
        php83-phpseclib: 3.0.46
        php83-session: 8.3.23
        php83-simplexml: 8.3.23
        php83-sockets: 8.3.23
        php83-xml: 8.3.23
        php83-zlib: 8.3.23
        pkcs11-helper: 1.29.0_3
        pkg: 1.19.2_5
        py311-Babel: 2.17.0_1
        py311-Jinja2: 3.1.6
        py311-anyio: 4.9.0
        py311-async_generator: 1.10_1
        py311-attrs: 25.3.0
        py311-bottleneck: 1.3.8_1
        py311-certifi: 2025.7.14
        py311-cffi: 1.17.1
        py311-charset-normalizer: 3.4.2
        py311-h11: 0.16.0
        py311-h2: 4.1.0_1
        py311-hpack: 4.0.0_1
        py311-hyperframe: 6.0.0_1
        py311-idna: 3.10
        py311-ldap3: 2.9.1_1
        py311-markupsafe: 3.0.2
        py311-netaddr: 1.3.0
        py311-numexpr: 2.11.0
        py311-numpy: 1.26.4_6,1
        py311-outcome: 1.3.0_2
        py311-packaging: 25.0
        py311-pyasn1: 0.6.0
        py311-pyasn1-modules: 0.4.1
        py311-pycparser: 2.22
        py311-pylsqpack: 0.3.22
        py311-pysocks: 1.7.1_1
        py311-python-dateutil: 2.9.0
        py311-pytz: 2025.2_1,1
        py311-pyyaml: 6.0.1_1
        py311-requests: 2.32.4
        py311-six: 1.17.0
        py311-sniffio: 1.3.1
        py311-socksio: 1.0.0_1
        py311-sortedcontainers: 2.4.0_1
        py311-trio: 0.30.0
        py311-truststore: 0.10.1
        py311-typing-extensions: 4.14.1
        py311-tzdata: 2025.2
        py311-ujson: 5.10.0_1
        py311-urllib3: 1.26.20,1
        py311-vici: 5.9.11_1
        python311: 3.11.13
        radvd: 2.20
        readline: 8.2.13_2
        rrdtool: 1.9.0_1
        samplicator: 1.3.8.r1_1
        strongswan: 5.9.14
        sudo: 1.9.17p1
        syslog-ng: 4.8.2_3
        tailscale: 1.86.4
        telegraf: 1.35.1
        unbound: 1.23.1
        wol: 0.7.1_5
        wpa_supplicant: 2.11_5
        zip: 3.0_4
        zstd: 1.5.7

Number of packages to be removed: 163

The operation will free 1 GiB.
[1/163] Deinstalling rrdtool-1.9.0_1...
[1/163] Deleting files for rrdtool-1.9.0_1:   0%
rrdtool-1.9.0_1: missing file /usr/local/bin/rrdcached
[1/163] Deleting files for rrdtool-1.9.0_1:   4%
rrdtool-1.9.0_1: missing file /usr/local/bin/rrdcreate
[1/163] Deleting files for rrdtool-1.9.0_1:   8%
rrdtool-1.9.0_1: missing file /usr/local/bin/rrdinfo
[1/163] Deleting files for rrdtool-1.9.0_1:  12%
rrdtool-1.9.0_1: missing file /usr/local/bin/rrdtool
[1/163] Deleting files for rrdtool-1.9.0_1:  16%
rrdtool-1.9.0_1: missing file /usr/local/bin/rrdupdate
[1/163] Deleting files for rrdtool-1.9.0_1:  20%
rrdtool-1.9.0_1: missing file /usr/local/etc/rc.d/rrdcached
[1/163] Deleting files for rrdtool-1.9.0_1:  25%
rrdtool-1.9.0_1: missing file /usr/local/include/rrd.h
[1/163] Deleting files for rrdtool-1.9.0_1:  29%
rrdtool-1.9.0_1: missing file /usr/local/include/rrd_client.h
[1/163] Deleting files for rrdtool-1.9.0_1:  33%
rrdtool-1.9.0_1: missing file /usr/local/include/rrd_format.h
[1/163] Deleting files for rrdtool-1.9.0_1:  37%
rrdtool-1.9.0_1: missing file /usr/local/lib/librrd.a
[1/163] Deleting files for rrdtool-1.9.0_1:  41%
rrdtool-1.9.0_1: missing file /usr/local/lib/librrd.so
[1/163] Deleting files for rrdtool-1.9.0_1:  45%
rrdtool-1.9.0_1: missing file /usr/local/lib/librrd.so.8
[1/163] Deleting files for rrdtool-1.9.0_1:  50%
rrdtool-1.9.0_1: missing file /usr/local/lib/librrd.so.8.3.0
[1/163] Deleting files for rrdtool-1.9.0_1:  54%
rrdtool-1.9.0_1: missing file /usr/local/lib/perl5/site_perl/RRDp.pm
[1/163] Deleting files for rrdtool-1.9.0_1:  58%
rrdtool-1.9.0_1: missing file /usr/local/lib/perl5/site_perl/mach/5.40/RRDs.pm
[1/163] Deleting files for rrdtool-1.9.0_1:  62%
rrdtool-1.9.0_1: missing file /usr/local/lib/perl5/site_perl/mach/5.40/auto/RRDp/.packlist
[1/163] Deleting files for rrdtool-1.9.0_1:  66%
rrdtool-1.9.0_1: missing file /usr/local/lib/perl5/site_perl/mach/5.40/auto/RRDs/.packlist
[1/163] Deleting files for rrdtool-1.9.0_1:  70%
rrdtool-1.9.0_1: missing file /usr/local/lib/perl5/site_perl/mach/5.40/auto/RRDs/RRDs.so
[1/163] Deleting files for rrdtool-1.9.0_1:  75%
rrdtool-1.9.0_1: missing file /usr/local/lib/perl5/site_perl/man/man3/RRDp.3.gz
[1/163] Deleting files for rrdtool-1.9.0_1:  79%
rrdtool-1.9.0_1: missing file /usr/local/lib/perl5/site_perl/man/man3/RRDs.3.gz
[1/163] Deleting files for rrdtool-1.9.0_1:  83%
rrdtool-1.9.0_1: missing file /usr/local/libdata/pkgconfig/librrd.pc
[1/163] Deleting files for rrdtool-1.9.0_1:  87%
rrdtool-1.9.0_1: missing file /usr/local/share/licenses/rrdtool-1.9.0_1/GPLv2
[1/163] Deleting files for rrdtool-1.9.0_1:  91%
rrdtool-1.9.0_1: missing file /usr/local/share/licenses/rrdtool-1.9.0_1/LICENSE
[1/163] Deleting files for rrdtool-1.9.0_1:  95%
rrdtool-1.9.0_1: missing file /usr/local/share/licenses/rrdtool-1.9.0_1/catalog.mk
[1/163] Deleting files for rrdtool-1.9.0_1: 100%
pkg: sqlite error while executing DELETE FROM packages WHERE id = 1508; in file pkgdb.c:2296: database disk image is malformed
root@OPNsense:/home/tobias #

I will now manually reinstall the machine via usb-stick

#15

Hardware and Performance / Re: Intel i226 Firmware

Last post by meyergru - August 31, 2025, 08:54:12 PM

Quote from: CGrisamore on August 31, 2025, 08:22:54 PMAs it's working fine, I'm kinda reluctant to roll the dice on flashing new firmware.

#16

Hardware and Performance / Re: Intel i226 Firmware

Last post by meyergru - August 31, 2025, 08:52:35 PM

Quote from: CGrisamore on August 31, 2025, 08:22:54 PMAs it's working fine, I'm kinda reluctant to roll the dice on flashing new firmware.

Exactly my thoughts when I researched this:

I have v2.13 and no problems whatsoever. As a matter of fact, Intel offers no firmware updates on their Intel Network Driver disk for these adapters. I have not seen a proper tool to actually flash I226 NICs. Apart from that: Which one should I use? 1M ode 2M?

And BTW: There are different chip types, like I226-V and I226-LM and also, different hardware revisions (early one are said to cause problems).
So, there might be a reason why Intel delegates those updates to the manufacturers, who should know which firmware is appropriate for their build-in specimens.

#17

Hardware and Performance / Re: Intel i226 Firmware

Last post by CGrisamore - August 31, 2025, 08:22:54 PM

Well this message is timely.

2 days ago I swapped my usual Protectli box with a Lenovo M700 tiny to which I had added an m.2 i226 based ethernet port. Just checked firmware as per your message and mine has v2.17 firmware as well (see below).

[1] igc0: <Intel(R) Ethernet Controller I226-V> mem 0xdf100000-0xdf1fffff,0xdf200000-0xdf203fff irq 18 at device 0.0 on pci1
[1] igc0: EEPROM V2.17-0 eTrack 0x80000303

As it's working fine, I'm kinda reluctant to roll the dice on flashing new firmware.

#18

25.7 Series / Re: Overriding DNS wildcard fo...

Last post by amogus - August 31, 2025, 06:58:56 PM

Quote from: Monviech (Cedrik) on August 31, 2025, 06:18:39 PMYou could just use DNS without a catch all override. That would be the simplest solution.

Would be very annoying to have to manually configure DNS entires all the time (as opposed to automatically having stuff come from e.g. docker compose labels).
Also, then I have to type ports at the end of urls for services which require some non-default port to be used to get access to the web UI.

#19

25.7 Series / Re: upgrade to 25.7.2 from 25....

Last post by lebowski - August 31, 2025, 06:47:08 PM

Quote from: BrandyWine on August 31, 2025, 05:11:50 PMWas it the Dell tool you used? Their download for a "v3.30" looks like i210 tool + firmware.
https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=5r8tk

Yes i used the Dell tool, booted windows to go and ran it on windows, but it gave me "update not available".

#20

25.7 Series / Re: upgrade to 25.7.2 from 25....

Last post by lebowski - August 31, 2025, 06:42:37 PM

Quote from: BrandyWine on August 31, 2025, 06:06:15 AM
Quote from: lebowski on August 30, 2025, 12:38:39 AM[1] igb1: EEPROM V3.16-0 eTrack 0x800004d9
It's was on 3.22 now? Hmmm, that does not seem to align with your output post #17. Your EEPROM looks like 3.16, or it was.
Also, I do believe v3.30 or higher is available from somewhere.

Maybe the tool did do upgrade to 3.22. What does "dmesg | grep igb" show you now?

Also to note, integrator's like SM, Asrock, ASUS, HP Dell, etc etc etc, don't care to build firmware upgrades for flashable devices unless they really need to. Some like Dell and others will provide flash images when security issues demand it. Sometimes the integrator builds the firmware to suit their needs or restrictions, other times a device manufacturer has full-featured firmware. As example, some years ago I had a DVD-rw drive in my PC, but the model I had could not rw Blueray. Well, turns out it was only firmware change that was needed, I exported my existing firmware and applied a mod, now it can rw blueray (had to do it this way because the firmware is very specific to some things in the drive). The maker of dvd drive sells the blueray-enabled device for more money, same drive, different words on the box, different firmware.

The fun world of firmware and drivers.

Yes it was on 3.22 . The screenshot which i made (and failed to upload) shows 3.22 being the decimal version, and 3.16 the hex version. This is a bit confusing. The tool showed for both nics "Status: update not available". And then "Tool execution completed with the following status: Device not found." (although before this sentence it shows the both i210 nics).

Pages 1 2 3 4 ... 10