"Recent posts
#11
German - Deutsch / Re: Absoluter Anfänger hat Ver...
Last post by cola247 - June 26, 2026, 10:50:00 PMUnd warum kann man die Regeln unter "Rules [New]" nicht gescheit sortieren und anzeigen, ohne ein Baumdiagramm oder Filter zu benutzen ?
Ich richte LAN1 Regeln ein, dann für andere Subnetze, dann noch mal eine Regel für LAN1 und es wird unter allen anderen Regeln ein neuer Reiter eröffnet, obwohl es mit in Kategorie LAN1 einsortiert werden könnte. Verschieben geht auch nicht, weil es nicht bei den anderen Regeln eingruppiert wurde.
Entweder ich bin echt zu blöd, bin eine andere Logik gewohnt oder es ist umständlich in der Handhabung.
Ich richte LAN1 Regeln ein, dann für andere Subnetze, dann noch mal eine Regel für LAN1 und es wird unter allen anderen Regeln ein neuer Reiter eröffnet, obwohl es mit in Kategorie LAN1 einsortiert werden könnte. Verschieben geht auch nicht, weil es nicht bei den anderen Regeln eingruppiert wurde.
Entweder ich bin echt zu blöd, bin eine andere Logik gewohnt oder es ist umständlich in der Handhabung.
#12
26.7 Development Series / Re: OPNsense 26.7-BETA images
Last post by franco - June 26, 2026, 10:28:48 PMSali and thanks for checking this out so quickly!
> All of the above works as it worked before, thanks Devs for the excellent work!
Lovely to hear.
> Remark: All the IPv6 NAT-ting is just because I can, I could have solved it different with less NAT but where is the fun in that.
That's a good benchmark for regressions and happy to hear that nothing was visible on that front.
> Remark II: I had to re-enable console password protection, otherwise the installer - after importing the config - shows the console menu as user root and I couldn't run the installer. Just a reminder to my future self.
You can literally at any point in time go to option 8 and type "opnsense-installer" in the console.
Cheers,
Franco
> All of the above works as it worked before, thanks Devs for the excellent work!
Lovely to hear.
> Remark: All the IPv6 NAT-ting is just because I can, I could have solved it different with less NAT but where is the fun in that.
That's a good benchmark for regressions and happy to hear that nothing was visible on that front.
> Remark II: I had to re-enable console password protection, otherwise the installer - after importing the config - shows the console menu as user root and I couldn't run the installer. Just a reminder to my future self.
You can literally at any point in time go to option 8 and type "opnsense-installer" in the console.
Cheers,
Franco
#13
Zenarmor (Sensei) / Cancelling my subscription: fe...
Last post by dinguz - June 26, 2026, 09:21:12 PMI've run Zenarmor for 5 years now, and I've decided to cancel my subscription (turned off auto-renewal). The form on the website only allows 200 characters, so wanted to lay out the reasoning properly here, partly as feedback, partly because I suspect other home/SOHO users are weighing the same trade-off.
The core issue is that the value-for-money for a non-commercial, single-site deployment has eroded over time. Each release seems to move more functionality behind premium tiers priced for businesses, not individuals. That's a reasonable strategy if the target market is enterprise, but it leaves home users increasingly squeezed: paying for capability that used to be standard, or going without.
The development roadmap also reads as enterprise-first. Centralized management, multi-tenant features, advanced reporting: all sensible for MSPs and larger deployments, but largely irrelevant to a single firewall at home.
What tipped this from "frustrating" to "not worth it" is multi-core support being restricted to paid subscriptions. For anyone running OPNsense on older or budget hardware, that's not a nice-to-have, it's the difference between Zenarmor being usable at all and pegging a single core under load. Gating it behind a premium plan effectively prices out the exact hardware profile where the feature matters most.
For context: as a home/SOHO user I've never minded being treated as a kind of beta tester. I appreciate the direct line to the developers through the forum and email, and genuinely enjoy contributing to the product's development. That's actually what makes this decision sting more than a simple price complaint would: paying for what is, in practice, a deliberately limited version of the product feels at odds with that relationship.
I don't doubt the engineering effort behind the product, and I understand a company needs a sustainable business model. But the current tiering no longer makes sense for my use case, so I'll be switching back to a lighter inline IDS/IPS setup. Curious whether others here have reached the same conclusion or found a tier that still works for home use.
The core issue is that the value-for-money for a non-commercial, single-site deployment has eroded over time. Each release seems to move more functionality behind premium tiers priced for businesses, not individuals. That's a reasonable strategy if the target market is enterprise, but it leaves home users increasingly squeezed: paying for capability that used to be standard, or going without.
The development roadmap also reads as enterprise-first. Centralized management, multi-tenant features, advanced reporting: all sensible for MSPs and larger deployments, but largely irrelevant to a single firewall at home.
What tipped this from "frustrating" to "not worth it" is multi-core support being restricted to paid subscriptions. For anyone running OPNsense on older or budget hardware, that's not a nice-to-have, it's the difference between Zenarmor being usable at all and pegging a single core under load. Gating it behind a premium plan effectively prices out the exact hardware profile where the feature matters most.
For context: as a home/SOHO user I've never minded being treated as a kind of beta tester. I appreciate the direct line to the developers through the forum and email, and genuinely enjoy contributing to the product's development. That's actually what makes this decision sting more than a simple price complaint would: paying for what is, in practice, a deliberately limited version of the product feels at odds with that relationship.
I don't doubt the engineering effort behind the product, and I understand a company needs a sustainable business model. But the current tiering no longer makes sense for my use case, so I'll be switching back to a lighter inline IDS/IPS setup. Curious whether others here have reached the same conclusion or found a tier that still works for home use.
#14
26.7 Development Series / Re: OPNsense 26.7-BETA images
Last post by patient0 - June 26, 2026, 08:55:56 PMRan an upgrade from a 26.7.b_68 VM on Proxmox on Hetzner using OPNsense-devel-26.7.b-dvd-amd64.iso/26.7.b_110.
Booting into the DVD, importing the config from the zroot pool and then ran the installer. Went all smooth, few missing packages which I replaced with the *-devel package variant.
All of the above works as it worked before, thanks Devs for the excellent work!
Remark: All the IPv6 NAT-ting is just because I can, I could have solved it different with less NAT but where is the fun in that.
Remark II: I had to re-enable console password protection, otherwise the installer - after importing the config - shows the console menu as user root and I couldn't run the installer. Just a reminder to my future self.
Booting into the DVD, importing the config from the zroot pool and then ran the installer. Went all smooth, few missing packages which I replaced with the *-devel package variant.
- WAN is set to a static private IPv4 and IPv6/ULA (Proxmox does the NAT-ting)
- LANs have static IPv4 and IPv6 (different ULA), with outbound NAT for both IPv4 and IPv6
- Tayga does what it doas
- KEA for DHCPv4/v6
- Unbound for DNS
All of the above works as it worked before, thanks Devs for the excellent work!
Remark: All the IPv6 NAT-ting is just because I can, I could have solved it different with less NAT but where is the fun in that.
Remark II: I had to re-enable console password protection, otherwise the installer - after importing the config - shows the console menu as user root and I couldn't run the installer. Just a reminder to my future self.
#15
Virtual private networks / Re: Wireguard VPN can't access...
Last post by Patrick M. Hausen - June 26, 2026, 08:37:47 PMWithout you showing *all* details of your configuration (minus private keys) it's not possible to help you. You configured something "wrong". We need to find that something.
#16
Virtual private networks / Wireguard VPN can't access LAN...
Last post by Pedroa - June 26, 2026, 08:07:53 PMHi!!
I'm trying to set up a VPN using Wireguard, but it's impossible to me to make it works 100% ok.
I tried to setup Wireguard VPN on 25 version and recently on 26.1.9 and It's impossible for me to communicate with the other network devices.
I set up, interface, assignements...
I verified firewall rules and normalization, peers configuration...
I followed one hundred of tutorials!
My laptop connects ok using Wireguard client. I see traffic in the client and in Opnsense\VPN\Wireguard\Status\laptop-peer. I can ping firewall ip and I've Internet connection but I can't ping my Windows server or another pc that are connected at LAN.
Need help. Please!!
I'm trying to set up a VPN using Wireguard, but it's impossible to me to make it works 100% ok.
I tried to setup Wireguard VPN on 25 version and recently on 26.1.9 and It's impossible for me to communicate with the other network devices.
I set up, interface, assignements...
I verified firewall rules and normalization, peers configuration...
I followed one hundred of tutorials!
My laptop connects ok using Wireguard client. I see traffic in the client and in Opnsense\VPN\Wireguard\Status\laptop-peer. I can ping firewall ip and I've Internet connection but I can't ping my Windows server or another pc that are connected at LAN.
Need help. Please!!
#17
26.1, 26,4 Series / Re: 2 WAN Uplinks split routin...
Last post by viragomann - June 26, 2026, 07:40:52 PMIs the gateway status shown up as "online" for both IPv4 gateways in System: Gateways: Configuration?
How did you configure firewall rule for incoming traffic?
How did you configure firewall rule for incoming traffic?
#18
26.1, 26,4 Series / Re: 2 WAN Uplinks split routin...
Last post by pfry - June 26, 2026, 07:34:05 PMDocumentation is pretty light... I don't know of any examples. Searching this forum would probably be your best bet for that.
#19
26.1, 26,4 Series / Re: 2 WAN Uplinks split routin...
Last post by paul5012 - June 26, 2026, 07:10:57 PMwould I find something in the documentation, how to achieve this?
#20
26.1, 26,4 Series / Re: Issues with Reboot / Power...
Last post by mrzaz - June 26, 2026, 06:25:39 PMQuote from: wincent on June 26, 2026, 03:47:07 AMThis command "/usr/local/etc/rc.d/suricata onestop" will check the status of Suricata and delete the stale PID file, you previously used `kill` to shut down Suricata abnormally, a PID file may be left behind.
Now try to shut down or reboot OPNsense directly using the webGUI.
Thanks wincent,
I will save that one for the future. 🙂
I think I have kind of found out why it never shuts down or restart from WebGUI.
What is actually happening is the issue I have reported in other thread regarding PID for suricata never ending.
When I do the shutdown from webgui a lot of the shutdown messages is only seen in the session stdout who starts the shutdown which console is not.
To console is only some part of the later printouts that is printed to all stdout.
But as the system gets stuck endlessly waiting for suricata PID to end the shutdown never proceeds.
If I do the shutdown from console then you will see all sdtout including the hanging suricata PID.
Feels like a corner case that will seldom happen but could possibly be added as a robustness to the shutdown/reboot scripts handling suricata PID or any PID in future releases. 🙂
I propose to close this case and handle it through the other thread.
Best
Dan Lundqvist
Stockholm, Sweden
