"Recent posts
#21
General Discussion / Re: Wireguard requires manual ...
Last post by Patrick M. Hausen - Today at 12:17:08 AMFor stable VPN connections static IP addresses are mandatory, IMHO. I never used anything else. At least one side of the connection must have a static IP address. Everything else is a gamble for which OPNsense is not to blame, Pick your poison.
#22
German - Deutsch / Web Application Firewall Servi...
Last post by FriesenRudi - January 03, 2026, 11:02:25 PMHabe die OPNsense Business 25.10 installiert und auf die Version 25.10.1 upgegraded.
Nun wollte ich die Web Application Firewall in Betrieb nehmen, also habe ich das Plugin os-OPNWAF installiert.
Leider kann ich den gesamten web application service nicht starten. Hat jemand eine Idee hierzu?
Nun wollte ich die Web Application Firewall in Betrieb nehmen, also habe ich das Plugin os-OPNWAF installiert.
Leider kann ich den gesamten web application service nicht starten. Hat jemand eine Idee hierzu?
#23
Zenarmor (Sensei) / Re: CVE-2025-14847 vulnerabili...
Last post by PencilHCV - January 03, 2026, 10:37:45 PMHi Patrick,
Thank you for your response and for clarifying the situation.
I appreciate your insights about CVE-2025-14847, but I still feel that there should have been a clearer communication to users, especially given that MongoDB has been deprecated in Zenarmor. I understand it's my responsibility as an administrator to check for vulnerabilities, but it would be more helpful if there was an explicit warning or guidance from the Zenarmor team about how MongoDB users should handle these situations.
While I agree with your point that if MongoDB is not exposed remotely, the vulnerability may not apply, it's still concerning that users are left in the dark unless they are actively looking for this kind of information.
Once again, thanks for your input. I just think there's room for improvement in the way security updates and vulnerabilities are communicated to the user base.
Best regards,
Hugo
Thank you for your response and for clarifying the situation.
I appreciate your insights about CVE-2025-14847, but I still feel that there should have been a clearer communication to users, especially given that MongoDB has been deprecated in Zenarmor. I understand it's my responsibility as an administrator to check for vulnerabilities, but it would be more helpful if there was an explicit warning or guidance from the Zenarmor team about how MongoDB users should handle these situations.
While I agree with your point that if MongoDB is not exposed remotely, the vulnerability may not apply, it's still concerning that users are left in the dark unless they are actively looking for this kind of information.
Once again, thanks for your input. I just think there's room for improvement in the way security updates and vulnerabilities are communicated to the user base.
Best regards,
Hugo
#24
General Discussion / Re: Wireguard requires manual ...
Last post by novel - January 03, 2026, 10:37:43 PMQuote from: Monviech (Cedrik) on January 03, 2026, 09:03:03 PMI don't think I can explain it better without writing way too much.
TLDR: You don't have to change anything more. You could also input your quad dns server in system - settings - general and uncheck using the ISP dns servers again if you want.
For anybody that comes after: Using wireguard with hostnames and forcing the OPNsense to be a DNS client to Adguard itself can be a bad idea due to race conditions during boot.
There is no selection system - settings - general and uncheck using the ISP dns servers again if you want.
You cannot view this attachment.Do you mean untick the selection Allow DNS server list to be overridden by DHCP/PPP on WAN then I put the empy line on DNS server 9.9.9.9 ????
and use gateway?
I upload screenshot
#25
25.7, 25.10 Series / Re: Planing to Change from IpF...
Last post by passeri - January 03, 2026, 10:18:08 PMI looked closely at IPFire when first developing my understanding of firewalls and routing, loading both it and OPNsense and donating to both (hoping for IPFire v3) while I examined them. I found IPFire presented concepts cleanly in its otherwise dated interface and its user-driven documentation, but ultimately went for the greater capability, flexibility, of OPNsense. IPFire can be nigh-dictatorial in its model. You can do "everything and more" in OPNsense and its documentation, though in a different style, gives you both setups and detail. As ever, the user forum is a vital component of the information and Q&A system so questions about any translation of concepts or implementation will be answered here.
I never had IPFire in production so cannot comment directly on working up that transition. While I keep an eye on IPFire by continuing to accept their e-mail announcements (curiosity), for my own circumstances there is no question that my choice was sound.
I never had IPFire in production so cannot comment directly on working up that transition. While I keep an eye on IPFire by continuing to accept their e-mail announcements (curiosity), for my own circumstances there is no question that my choice was sound.
#26
German - Deutsch / Re: Glasfaser Plus + Telekom +...
Last post by Maurice - January 03, 2026, 10:04:28 PMImmer gut, eine Vergleichsmöglichkeit zu haben. Ich würde mich aber zunächst eher auf ein mögliches Kompatibilitätsproblem zwischen NIC und GPON-SFPs konzentrieren.
Hast Du die Möglichkeit, die SFPs in einem Switch oder Medienkonverter zu testen?
Hast Du die Möglichkeit, die SFPs in einem Switch oder Medienkonverter zu testen?
#27
German - Deutsch / Re: Glasfaser Plus + Telekom +...
Last post by Marinazoi - January 03, 2026, 09:43:29 PMScheint, dass das Problem eher an der Verbindung zum OLT oder an der VLAN-Konfiguration liegt als am SFP-Modul selbst. Wenn das Modul O5 erreicht, aber kein PPPoE aufgebaut wird, könnte ein Neustart des Modems nach Änderung der Seriennummer oder ein erneutes Eintragen der VLAN-ID oft helfen.
#28
General Discussion / Re: Wireguard requires manual ...
Last post by Monviech (Cedrik) - January 03, 2026, 09:35:17 PMIt probably can but the issue was that wireguard remained stopped right after boot. If it starts eventually later with a cronjob was not part of the issue here.
#29
General Discussion / Re: Wireguard requires manual ...
Last post by chemlud - January 03, 2026, 09:32:59 PMserious question: and this problem really can't be adressed adequately by the cron job on DNS resolution of wireguard endpoints outtlined above? really?
#30
General Discussion / Re: Wireguard requires manual ...
Last post by Monviech (Cedrik) - January 03, 2026, 09:03:03 PMI don't think I can explain it better without writing way too much.
TLDR: You don't have to change anything more. You could also input your quad dns server in system - settings - general and uncheck using the ISP dns servers again if you want.
For anybody that comes after: Using wireguard with hostnames and forcing the OPNsense to be a DNS client to Adguard itself can be a bad idea due to race conditions during boot.
TLDR: You don't have to change anything more. You could also input your quad dns server in system - settings - general and uncheck using the ISP dns servers again if you want.
For anybody that comes after: Using wireguard with hostnames and forcing the OPNsense to be a DNS client to Adguard itself can be a bad idea due to race conditions during boot.
