"Recent posts
#21
25.7, 25.10 Series / Re: Can't update 25.7
Last post by meyergru - Today at 12:08:51 AMLook at this. It is also mentioned here: https://forum.opnsense.org/index.php?topic=42985.0, point 23.
#22
25.7, 25.10 Series / Can't update 25.7
Last post by Jboy4 - Today at 12:06:46 AMNot able to install packages because updating 25.7 causes a frozen machine and forces me to reboot after waiting over 20 mins. Ive tried multiple reformats back to 25.7 then updating the loading my xml but the update process fails each time. Some errors below arter it attempts then failure on reboot.
system: Error (1) aunching the init system... Id-elf.so.1: Shared object "libxm12.so.16" not found, required by "php" Enter full pathname of shell or RETURN for /bin/sh:
system: Error (1) aunching the init system... Id-elf.so.1: Shared object "libxm12.so.16" not found, required by "php" Enter full pathname of shell or RETURN for /bin/sh:
#23
Web Proxy Filtering and Caching / Re: HAProxy to home server not...
Last post by meyergru - Today at 12:06:08 AMThat is strange. If a TLS client does not send the hostname any more, how would name based access in HAproxy work? It serves as the selector for the presented certificate in the first place. Of course, there is a fallback that you can create in HAproxy, but this would only be used for really ancient clients, IP-based access or a catch-all for unknown hostnames.
It that something "new" for IOS 26? If so, it will sure break things.
It that something "new" for IOS 26? If so, it will sure break things.
#24
General Discussion / Re: Trouble with VLAN setup on...
Last post by User074357 - November 22, 2025, 10:53:20 PMQuote from: pfry on November 21, 2025, 03:04:54 PMQuote from: User074357 on November 21, 2025, 12:33:14 PMI was under the impression the "Default allow LAN to any rule" would be enough to allow pinging devices in the DMZ from LAN.[...]
It should be, and blocked packets would be logged, assuming default block logging is enabled. Valid sessions would be visible regardless of logging.
How about "Interfaces: Devices: Bridge" and "Interfaces: Overview"?
Yeah, nothing seems to be getting blocked.
Here are the bridge settings and interface overview (had to remove some of the VPN interfaces due to their names containing private information).
#25
German - Deutsch / Re: Routing-Performance
Last post by sternchen45 - November 22, 2025, 10:31:26 PMdanke Dir! Ich probiere das aus. Allerdings ist Zenarmor ganz neu, ich hatte ja vorher den n5105 - und da hatte ich dieselbe lausige Performance. Deshalb bin ich ein wenig skeptisch.
#26
General Discussion / Re: Missing Interfaces
Last post by pfry - November 22, 2025, 10:10:55 PMWith the x710 (as with other Intel interfaces) it's a good idea to make sure your NVM is up to date (assuming you haven't already).
I can't comment on Dnsmasq; I only have 9 VLANs configured at the moment (on an x710); I do not use an IPS.
I can't comment on Dnsmasq; I only have 9 VLANs configured at the moment (on an x710); I do not use an IPS.
#27
German - Deutsch / Re: Kann curl nicht auf die im...
Last post by Patrick M. Hausen - November 22, 2025, 09:54:12 PMProbier mal
auf der OPNsense auszuführen. Wir hatten das schon auf Standard FreeBSD, was du beschreibst, und das war die Lösung. Mach einen Snapshot vorher (wenn du ZFS benutzt) oder mindestens ein Config-Backup.
Code Select
certctl rehash
auf der OPNsense auszuführen. Wir hatten das schon auf Standard FreeBSD, was du beschreibst, und das war die Lösung. Mach einen Snapshot vorher (wenn du ZFS benutzt) oder mindestens ein Config-Backup.
#28
Web Proxy Filtering and Caching / Re: HAProxy to home server not...
Last post by satcomjimmy - November 22, 2025, 09:43:03 PMFound the fix on the haproxy, the iphones stopped sending a hostname in the packet header so it didn't match any of my rules. I had to add a default backend server, and now iphones work again.
#29
General Discussion / Missing Interfaces
Last post by Unregistered Member - November 22, 2025, 07:38:43 PMHello,
I'm new to OPNsense and have been really enjoying working with this firewall. However, I'm encountering a strange issue with my setup and am not sure whether it's a bug or something I've configured incorrectly.
I'm running OPNsense v25.7.7_4 and have a dozen VLANs configured with IPv4 Static IPs (except for the IPs themselves, the VLANs are all setup the same way with the LAN port as the parent). DHCP is being handled by Dnsmasq DNS & DHCP.
Here's where the issue comes in: when I go to the Leases section under Dnsmasq DNS & DHCP, the drop-down menu for interfaces is missing a few VLANs. However, I can confirm that the VLANs are configured correctly, as clients are able to connect and receive the correct IPs.
Strangely, two of the missing VLANs are showing up under the WAN interface in the lease list, with the correct IP addresses. These clients are functioning normally, with internet access and proper firewall rule enforcement. But there are still three other VLANs that are missing from the lease drop-down altogether.
My question is: Does the lease drop-down only show interfaces that have been assigned IPs? Could it be that if an interface doesn't register an IP, it doesn't show up in the list? And if that's the case, how do you explain the two VLANs that are showing up under WAN?
Additionally, I've noticed some errors in the console from time to time (the first set of numbers 015.xxxxxxx is different but the message about ixl0 full is consistent). Not sure if this is related or a separate issue related to netmap. On the WAN port (ixl0), I'm only running Suricata in IPS mode, and the error message I'm seeing is as follows:
015.030954 [4335] netmap_transmit ixl0 full hwcur 205 hwtail 645 qlen 583
I've been troubleshooting this issue with ChatGPT, and after working through a few tests, it was suggested that this might be a cosmetic bug in OPNsense, with no significant impact.
Has anyone encountered something similar? Any advice or thoughts on this issue would be greatly appreciated!
I'm new to OPNsense and have been really enjoying working with this firewall. However, I'm encountering a strange issue with my setup and am not sure whether it's a bug or something I've configured incorrectly.
I'm running OPNsense v25.7.7_4 and have a dozen VLANs configured with IPv4 Static IPs (except for the IPs themselves, the VLANs are all setup the same way with the LAN port as the parent). DHCP is being handled by Dnsmasq DNS & DHCP.
Here's where the issue comes in: when I go to the Leases section under Dnsmasq DNS & DHCP, the drop-down menu for interfaces is missing a few VLANs. However, I can confirm that the VLANs are configured correctly, as clients are able to connect and receive the correct IPs.
Strangely, two of the missing VLANs are showing up under the WAN interface in the lease list, with the correct IP addresses. These clients are functioning normally, with internet access and proper firewall rule enforcement. But there are still three other VLANs that are missing from the lease drop-down altogether.
My question is: Does the lease drop-down only show interfaces that have been assigned IPs? Could it be that if an interface doesn't register an IP, it doesn't show up in the list? And if that's the case, how do you explain the two VLANs that are showing up under WAN?
Additionally, I've noticed some errors in the console from time to time (the first set of numbers 015.xxxxxxx is different but the message about ixl0 full is consistent). Not sure if this is related or a separate issue related to netmap. On the WAN port (ixl0), I'm only running Suricata in IPS mode, and the error message I'm seeing is as follows:
015.030954 [4335] netmap_transmit ixl0 full hwcur 205 hwtail 645 qlen 583
I've been troubleshooting this issue with ChatGPT, and after working through a few tests, it was suggested that this might be a cosmetic bug in OPNsense, with no significant impact.
Has anyone encountered something similar? Any advice or thoughts on this issue would be greatly appreciated!
#30
Hardware and Performance / Re: Dec740 connected to a USW-...
Last post by meyergru - November 22, 2025, 07:36:32 PMI have never encountered any compatibility problems with 10G DAC cables.
