"Recent posts
#21
25.7, 25.10 Series / OPNsense 25.7.10 – Crash Due t...
Last post by saleh - Today at 01:22:53 AMHello OPNsense Team,
Every day, we are receiving crash reports due to PHP errors in the Captive Portal. Please find the logs and attached files below, and let us know if you can help us resolve this issue.
PHP Errors:
[21-Dec-2025 23:39:26 Asia/Jerusalem] TypeError: Cannot assign null to property OPNsense\CaptivePortal\Api\AccessController::$arp of type array in /usr/local/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/AccessController.php:105
Stack trace:
#0 /usr/local/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/AccessController.php(254): OPNsense\CaptivePortal\Api\AccessController->getClientMac('10.5.90.224')
#1 /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Dispatcher.php(166): OPNsense\CaptivePortal\Api\AccessController->logonAction()
#2 /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Router.php(156): OPNsense\Mvc\Dispatcher->dispatch(Object(OPNsense\Mvc\Request), Object(OPNsense\Mvc\Response), Object(OPNsense\Mvc\Session))
#3 /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Router.php(139): OPNsense\Mvc\Router->performRequest(Object(OPNsense\Mvc\Dispatcher))
#4 /usr/local/opnsense/www/api.php(36): OPNsense\Mvc\Router->routeRequest('/api/captivepor...', Array)
#5 {main}
Thank you and Best Regards,
Saleh
Every day, we are receiving crash reports due to PHP errors in the Captive Portal. Please find the logs and attached files below, and let us know if you can help us resolve this issue.
PHP Errors:
[21-Dec-2025 23:39:26 Asia/Jerusalem] TypeError: Cannot assign null to property OPNsense\CaptivePortal\Api\AccessController::$arp of type array in /usr/local/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/AccessController.php:105
Stack trace:
#0 /usr/local/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/AccessController.php(254): OPNsense\CaptivePortal\Api\AccessController->getClientMac('10.5.90.224')
#1 /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Dispatcher.php(166): OPNsense\CaptivePortal\Api\AccessController->logonAction()
#2 /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Router.php(156): OPNsense\Mvc\Dispatcher->dispatch(Object(OPNsense\Mvc\Request), Object(OPNsense\Mvc\Response), Object(OPNsense\Mvc\Session))
#3 /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Router.php(139): OPNsense\Mvc\Router->performRequest(Object(OPNsense\Mvc\Dispatcher))
#4 /usr/local/opnsense/www/api.php(36): OPNsense\Mvc\Router->routeRequest('/api/captivepor...', Array)
#5 {main}
Thank you and Best Regards,
Saleh
#22
25.7, 25.10 Series / Re: Upgrade version discrepanc...
Last post by erwinvanlonden - Today at 01:00:50 AMIt looks like OPNSense is still in limbo to try and figure out what the latest installed version is.
```
Type opnsense
Version 25.7.10
Architecture amd64
Commit c2f076f30
Mirror http://mirror.sfo12.us.leaseweb.net/opnsense/FreeBSD:14:amd64/25.7
Repositories OPNsense (Priority: 11)
Updated on Fri Dec 19 17:20:40 AEST 2025
Checked on Mon Dec 22 09:27:37 AEST 2025
```
The update page again shows that I need to upgrade the base and kernel package.
```
Package name Current version New version Required action Repository
base 25.7.8 25.7.10 upgrade OPNsense
kernel 25.7.8 25.7.10 upgrade OPNsense
```
Something is wrong here but I can't put a finger on it where it may get the discrepancy from.
```
Type opnsense
Version 25.7.10
Architecture amd64
Commit c2f076f30
Mirror http://mirror.sfo12.us.leaseweb.net/opnsense/FreeBSD:14:amd64/25.7
Repositories OPNsense (Priority: 11)
Updated on Fri Dec 19 17:20:40 AEST 2025
Checked on Mon Dec 22 09:27:37 AEST 2025
```
The update page again shows that I need to upgrade the base and kernel package.
```
Package name Current version New version Required action Repository
base 25.7.8 25.7.10 upgrade OPNsense
kernel 25.7.8 25.7.10 upgrade OPNsense
```
Something is wrong here but I can't put a finger on it where it may get the discrepancy from.
#23
General Discussion / Re: assigning static IP addres...
Last post by Hollywood - Today at 12:57:18 AMQuote from: BrandyWine on Today at 12:24:47 AMIs the pi booting with randomized MAC?that's not it. I just didn't know how to reserve the IPs. I figured it out using Dnsmasq.
https://raspberrypi.stackexchange.com/questions/68513/pi-using-a-random-mac-address-after-every-reboot-how-do-i-stop-this-behavior
Thanks.
#24
General Discussion / Re: Zoraxy Reverse Proxy does ...
Last post by Maurice - Today at 12:31:53 AMThis indicates Zoraxy sends HTTP GET requests with a body, which is very much discouraged. No browser sends GET requests with a payload. So that's an issue you might want to raise with the Zoraxy devs.
Cheers
Maurice
Cheers
Maurice
#25
General Discussion / Re: Opnsense vs mainstream rou...
Last post by BrandyWine - Today at 12:31:14 AMQuote from: Hollywood on December 21, 2025, 12:36:36 PMThe SSIDs are already setup in the access point.
Is each SSID in it's own subnet (vlan), and you trunk the wifi device to the firewall?
#26
General Discussion / Re: assigning static IP addres...
Last post by BrandyWine - Today at 12:24:47 AMIs the pi booting with randomized MAC?
https://raspberrypi.stackexchange.com/questions/68513/pi-using-a-random-mac-address-after-every-reboot-how-do-i-stop-this-behavior
https://raspberrypi.stackexchange.com/questions/68513/pi-using-a-random-mac-address-after-every-reboot-how-do-i-stop-this-behavior
#27
General Discussion / Re: Web Interface Not Secure
Last post by BrandyWine - Today at 12:22:04 AMChrome? The ABC company, goole?
Self-signed certs is the issue for the notice. Try installing the cert as "trusted", then the notice will go away.
https://www.codegenes.net/blog/getting-chrome-to-accept-self-signed-localhost-certificate/
Self-signed certs is the issue for the notice. Try installing the cert as "trusted", then the notice will go away.
https://www.codegenes.net/blog/getting-chrome-to-accept-self-signed-localhost-certificate/
#28
Hardware and Performance / Re: Packet loss and ssl connec...
Last post by BrandyWine - Today at 12:13:03 AMTurn off / disable all the power stuff. Why is that even needed?
#29
General Discussion / Re: Suricata detecting outboun...
Last post by wsmlby - Today at 12:11:53 AMIn case people come here for the weird UDP 161 SNMP issue:
TL;DR: You likely have a Windows machine on your network looking for printers. You can block this by set up a floating rule.
I noticed the same issue on my Suricata log.
On opnsense: `tcpdump -n port 161` also shows traffic from opnsense to WAN.
Then I tried what Patrick suggested: Try `tcpdump -i <your-lan-if> -n port 161`. I can see it come from my windows laptop.
To block this, I set up a floating rule [Firewall] -> [Rules] -> [Floating] add rule:
Action: Reject, Interface: <Lan>, Direction: in, Protocol: UDP, Destination Port Range: SNMP, Descript: Block leaking SNMP
After that Suricata is quieter
TL;DR: You likely have a Windows machine on your network looking for printers. You can block this by set up a floating rule.
I noticed the same issue on my Suricata log.
On opnsense: `tcpdump -n port 161` also shows traffic from opnsense to WAN.
Then I tried what Patrick suggested: Try `tcpdump -i <your-lan-if> -n port 161`. I can see it come from my windows laptop.
To block this, I set up a floating rule [Firewall] -> [Rules] -> [Floating] add rule:
Action: Reject, Interface: <Lan>, Direction: in, Protocol: UDP, Destination Port Range: SNMP, Descript: Block leaking SNMP
After that Suricata is quieter
#30
Hardware and Performance / Re: [solved] Intel i226 Firmwa...
Last post by BrandyWine - Today at 12:11:07 AMQuote from: OPNenthu on December 14, 2025, 06:02:29 AMIt Just Works™ in Linux. Nothing needed besides the NIC driver (built in) and userspace tools like NetworkManager.Well, the built-in part is perhaps the pitfall in many cases, because we don't always want to wait for a kernel release to fix an issue via driver code.
In some OS's there are ways to unload stuff that was loaded in from kernel directly, but it seems freeBSD is not one of them.
And things don't always "just work" in linux.
Specifically for OPNsense, I would prefer they compile kernel without nic drivers (stop using GENERIC), then during install detect nic and cfg the proper KLM to load on boot, this way we could replace a nic KLM at-will. In recent past I did compile kernel without igc and then loaded that driver manually.
