"Recent posts
#21
26.1 Series / Re: Anti-Lockout Rule (Destina...
Last post by meyergru - February 01, 2026, 10:05:31 PMActually, that was not a "little" bug. But did that rule come out of the blue or was it present before?
Because you obviously have used the migration assistant, you should be able to look at the rules before the migration.
This would be helpful to tell if there is a potential "HUGE" bug or just a misconfiguration on your part.
Because you obviously have used the migration assistant, you should be able to look at the rules before the migration.
This would be helpful to tell if there is a potential "HUGE" bug or just a misconfiguration on your part.
#22
26.1 Series / Re: Anti-Lockout Rule (Destina...
Last post by RamSense - February 01, 2026, 10:00:51 PMFound it! Some little bug. Thanks Patrick.
Your simple "there must be some rule allowing this" made me wonder if the deleting of the old rules has done its job or not.
And there I went through the old interface rules and there was one rule left on WAN! So the delete all (old)rules with [Remove all legacy rules] in the wizard, did not do it all. Maybe a bug there? The wizard forgot to remove one by rather just adding an important one you do not want to have!
IPv4+6 * * * * * * *
Your simple "there must be some rule allowing this" made me wonder if the deleting of the old rules has done its job or not.
And there I went through the old interface rules and there was one rule left on WAN! So the delete all (old)rules with [Remove all legacy rules] in the wizard, did not do it all. Maybe a bug there? The wizard forgot to remove one by rather just adding an important one you do not want to have!
IPv4+6 * * * * * * *
#23
26.1 Series / Re: Anti-Lockout Rule (Destina...
Last post by Patrick M. Hausen - February 01, 2026, 09:58:20 PMIf you disable the block rules on top, the services are exposed, right? And there's 53 rules on WAN. So the rule responsible must be one of the 45 and a half you did not show.
How are you expecting anyone to help with less than 20% of the relevant information?
Or it's in floating. Or interface groups. Or NAT port forwarding. Yes, I think that sums it up. Somewhere in these places there absolutely must be a rule causing the ports to be open.
How are you expecting anyone to help with less than 20% of the relevant information?
Or it's in floating. Or interface groups. Or NAT port forwarding. Yes, I think that sums it up. Somewhere in these places there absolutely must be a rule causing the ports to be open.
#24
26.1 Series / Re: Running server (Nextcloud)...
Last post by viragomann - February 01, 2026, 09:23:52 PMQuote from: TheSHAD0W on February 01, 2026, 07:07:15 PMtcpdump shows connection replies from activity on the second gateway being sent out the first one despite all attempts I've made to direct the traffic correctly.The "reply-to" tagging is responsible to route replies back to the correct gateway.
This presumes that
- you have the proper gateway stated in WAN interface settings in case manual IP configuration
- and that the firewall rule, which is passing the incoming traffic to the web server, is defined on the incoming interface (no group or floating pass rule must match the traffic).
Note that interface group or floating rules have precedence over interface rules.
#25
26.1 Series / Re: 26.1 - after export & imp...
Last post by OPNenthu - February 01, 2026, 09:23:46 PMQuote from: Noci on February 01, 2026, 12:59:42 PMWhere did the automatic rules end up?
Those that were installed by f.e. crowsec etc.
I don't use crowdsec but try the "Inspect" button. That shows the system generated rules, at least. Maybe others are hidden behind that as well?
Quote from: Noci on February 01, 2026, 12:59:42 PMI do use floating rules that are generic for ALL interfaces, it could be replaced by a group that has ALL interfaces in it if it needs to be.
You can keep using Floating rules in the new UI if they apply to multiple interfaces, that's not a problem. The only new restriction is that you can't have a Floating rule on a single interface.
#26
25.7, 25.10 Series / Re: IPv4 ONLY Firewall Setup w...
Last post by Dude7 - February 01, 2026, 09:23:25 PM I hope that the C-Suite executives, PR and marketing team for both OPNsense and Deciso read this thread. The reason being that while the intention of me creating this thread never was what it turned into, it clearly exposes serious public perception concerns about the OPNsense brand and Deciso's perecption to the world over repeated issues that are rampant throughout this forum. While exposing this was never my intention with starting this thread, it is obvious that my own troubleshooting concerns pale in comparison to a reoccurring, and greater problem on these forums that should be addressed.
I have given this a few days in hopes for a better response from other experts on these forums. I had hopes that the side trails that this thread has gone off into would be brought back on course to provide some further points to consider in my troubleshooting efforts. Specifically a response focused on answering questions, or at least providing direction to helpful resources that I may have missed or that I may be unaware of.
It is obvious that this has not transpired.
So let me address these points of concern, starting with a few of the comments in your responses @meyergru up to this point.
First, I want to make perfectly clear that no where in this post I am trying to attack OPNsense, nor did I intend to come across as blaming OPNsense software for the issues that I was having. I spent many, many hours combing thru posts both on this forum and elsewhere, and have found a very infrequent issue that a few continue to have.
In no way did I mean to come across by posting very detailed responses, as expecting you @meyergru, or anyone else, to fix this issue for me. If that was how it was perceived, then my sincere apologies.
Whether this problem is being logged or not, it is obvious that it persists, even though infrequent. I could not find a running forum thread, or page that is a continuously building list of known hardware issues that OPNsense, and/or it's plug-ins are incompatible with. Is there one? If so, and I missed it in all of my browsing that is my mistake, and I would appreciate simply a link to direct me to read thru that information.
I know how much reading through details in others posts has helped me personally, and have been expressed in replies of gratitude by others long after the post or thread was initially created. Not only here, but elsewhere in the past where people are bold, and honest enough to share their mistakes, and the details for their troubleshooting of issues up to that point. If there is anything we as humans learn from it is from ours and OTHERS mistakes IF we choose to value the lessons they provide. Creating and cultivating a culture where that is welcomed is one of the most critical points of a brand's success or failure. You can have the greatest product in the world, but if you do not include even the person with the most basic understanding of it, success is impeded.
As a result I took the additional time and posted those details above. I did so in hopes that providing them might give someone reason to point me in the direction of other resources, lists, or even other forum threads that would help myself and future viewers out. Hope that taking my time to do so would eliminate additional response time for you as "Hero Members," "Sr. Members," and"Administrators," and other high level users of the forums. I posted to help others that may make a common mistake that I innocently missed in the setup process with my slip-up with Layer2 network conflicts, and trusting the labeling of networking ports on my own hardware.
That obviously did not happen, nor was taken as a value in that sense. My post further was seen as an opportunity to provide yet another condescending rant. One, not just attacking myself, but everyone that you would include as "non-experts," and went as far as venting about those who post "all kids of external internet guides and/or videos." by you @meyergru
@meyergru you mentioned that you, "often say that OPNsense is not your average consumer router where point-and click just works. It is a professional tool that should be operated by experts."
My question to you is, where does one start outside off to be that "network expert?" How does one learn if not by trial and error to become familiar with and knowledgable of the way OPNsense works? How does one become that "expert" who knows how to use OPNsense, if making the same mistakes as others is not permitted? I again could be wrong, but I cannot see where a person just does not one day wake up and become an "expert" at OPNsense.
It is rather by one, regardless of their network experience takes on the challenge to learn. Learn by trial and error, and asking questions, searching for knowledge from experienced users, and content. For OPNsense, there is no other way offered. There is no certification program, official classes, or programs to sit down and learn OPNsense in an officially sanctioned learning environment.
That does not make OPNsense bad in any way, but at the same time it needs to be understood that people are then forced to learn the system on their own thru online communities, forums, and video examples that they can compare and contrast their setup to. Humans instinctively learn more by human interaction and engagement in some modern form of the age-old form of apprenticeship. Whether that be following an "external internet guide," walking them thru the process, or engaging in conversations like was intended when I started this thread.
To say that the OPNsense system "should be operated by experts," completely sequesters OPNsense to being inhibited to growth, adaptation, and opportunity for use by up-and-coming users. Users that would eventually be loyal enthusiasts who encourage their own companies and organizations to purchase enterprise licensing for OPNsense that they have spent time becoming familiar with.
Let me put this another way for you to consider that likely has not been though of. Ask yourself these questions- WHO is posting? Is how I am answering encouraging them to engage FURTHER with the brand of OPNsense to make it a success for Deciso? Or is what I am saying, or how I am responding leaving such a bad experience that this person will forever reject OPNsense, or anything to do with anything from Deciso?
That person posting could be a kid from a small-school or non-profit where he/she may be the only one who understands networking in their organization, or that their organization can afford. The decision makers of that same organization trust them, and are looking to them to not only learn, but figure out if OPNsense is the right solution before purchasing an enterprise level license. Is that person shunned from using OPNsense because they're making mistakes while not qualifying as a "expert," yet willing to learn. Based on your perspective they SHOULD NOT EVEN CONSIDER attempting to learn OPNsense because they do not qualify to be an "expert."
Maybe that person posting the question that you hated answering because it was THE SAME QUESTION OR PROBLEM for the 4,551st time is a Dad who is making a home lab and wants to learn OPNsense. However, for his day job though he is the C-Suite decision maker of his business or franchise. A person where once he could get OPNsense to work, he was going to recommend that his small or medium size company purchase across all of their properties multiple enterprise licenses. Are you going to tell him that he should not consider operating OPNsense either because he is not qualified to be an "expert" according to your qualifications?
For me, I openly admit that I was making this a Homelab exercise. However, I have three non-profits that I work with which need scalable solutions that I was considering recommending OPNsense for. That is, once I could get it to work since they would likely be calling me for any issues. For my day job, I work in the live-event industry and travel globally. I am needing to create 4 travel/temporary network solutions that I am going to be implementing for large scale trade shows, conventions, and tours by the end of Q3 of this year whereby I need a firewall solution. I was considering OPNsense since I THOUGHT it would be great at an enterprise leve. However I needed to figure it out on a personal/consumer level first before recommendations and purchases since likely I would be the one called when issues happened.
All of you that have the title under your name of "Hero Member," "Sr. Member," "Administrator," and others are perceived by those that read your responses, and see your names on these forums as those that KNOW and ARE the "network experts." We look up to, and value your perspective, feedback, and any guidance. Even if that guidance is in providing direction to a post we may not have read, simply because it was missed in our searches. The point of connection with YOUR responses, and by YOU taking the time to answer matters more than you realize. Not just for us, but for the PERCEPTION that we have of the greater brand of Deciso and OPNsense. To those of us that are not, "Hero Members," "Administrators, "Sr. Members," or others in those realms, you REPRESENT the brand to the WORLD whether you are on here voluntarily, or paid to do so. Your response is perceived as the brand's response to US that may be potential users. Your response is also amplified in the perception of the brand by those tens if not hundreds of thousands of users, and potential buyers that may search and land on your response, but never post.
If all of you "Hero Members," "Administrators, "Sr. Members," and others that consistently leave threads without solutions, or berate those who may have asked a question for the 10,723rd time, are you leaving them in a way that you would find motivating to continue engaging with the software and brand if the tables were flipped? If you were just a beginning user, would you continue to find the engagement that a "Hero Member," "Administrator, "Sr. Member," or other high ranking user on these forums posted as a response to you one that would leave you motivated and encouraged to continue to pursue the right answer? Or would it give you cause to move on to another solution of software all together?
As for your statement @meyergru that, "this forum is not an official Decisio support forum, but mostly used by hobbyists," that is a marketing and branding serious concern that may not be yours but one that Deciso and OPNsense needs to address. The PRIMARY domain of this forum is opnsense.org. The forum is also linked on the official main page/site of OPNsense and such is subsequently perceived as THE OFFICIAL resource for anyone looking to connect with others. There is no statement anywhere requiring someone to be a networking "expert" before posting on these forums which leads to the CLEAR misunderstanding that ANYONE is welcome to post their issues or concerns relating to OPNsense. Posting with an assumption that any response IS TO BE CONSIDERED from any "Hero Member," "Administrator, "Sr. Member," or other high ranking user AS from OPNsense. If this was not an "official forum," then there should be explicit visual and verbal details providing that information to first-time viewers, and regular users alike.
That said, all other context, graphics, branding, etc. leads to a complete disagreement with that statement that this is NOT an "official Deciso support forum."
So when a person follows that link that you provided as a "Hero Member," "Administrator, "Sr. Member," or other high ranking user, It doesn't take a "networking expert" to view posts that applaud the "old article" that you lauded in your READ THIS FIRST forum thread to see something seriously wrong. Anyone reading that linked article will quickly realize in NO WAY could that old article be construed to be helpful to users. That is nothing but a condescending, verbal, jerk-off piece intended to do nothing but intentionally berate anyone else whom the author sees as inferior on their knowledge to themselves. It is written by an individual, while possibly a "network expert," who clearly has psychological issues, and is completely deprived of any character that allows him to even care about the value of others who might read that piece.
For anyone that promotes, applauds, and thinks as you mentioned @meyergru in that forum thread, which you posted, that the writer of that condescending piece should be given accolades, I genuinely feel sorry. Not only for the author of the piece but for both of you as human beings. It is clear that there is a massive lack of human decency for anyone who provides that old article accolades. That is the furthest piece of content from providing helpful guidance to anyone.
Furthermore that someone who is a , "Hero Member," "Administrator, "Sr. Member," or other high ranking user who sees any value in providing that as a reference on a forum, and one that represents the brand of Deciso's software OPNsense, is cause for any public-relations and marketing team to find cause for dismissal as a result of promotion of content like that. It not only is damaging to the brand, but creates the unspoken perception that NO ONE is welcomed to post their issues or concerns on this forum unless they are considered an "expert" by the "Hero Member," "Administrator, "Sr. Member," or other high ranking users.
I get it, the forums are free, and voluntary. You as "Hero Members," "Administrators, "Sr. Members," and others high level users, cannot hide behind that excuse though. That leaves no excuse for the tirades and rants about why OPNsense is only for networking "experts" and not for anyone else. If that was the case, then let me ask you again, at what point would you endorse someone just wanting to learn? How would they go about making mistakes while learning without getting berated, and looked down upon by engaging in this forum community? How would they find helpful answers and responses if they do not have your experience, and expertise, or if they missed reading that one thread, or post you have shared thousands of times?
With the responses that many, including myself, have received frequently on these forums, if you were in our shoes, ask yourself these questions. Would YOU walk away from the experience on these forums wanting to purchase a license for your small organization, or startup company? With the lack of positive engagement, even if you made a mistake like tens of thousands before you, yet were berated for asking an honest question, would you recommend to a board of directors, and financial decision makers their need to make a financial purchase to integrate and use an enterprise version of OPNsense?
It doesn't take a "networking expert" to realize the answer is NO.
As for the "external internet guides and/or videos," that you "urge everyone to refrain from using," because, "they are often outdated or too unspecific." Let me provide perspective that may not have been considered by you or others integral in the public relations and marketing management for Decisio and OPNsense.
Organizations like Decisio and OPNsense are missing a great opportunity to connect with their audiences by isolating their only connection point to these forums on their brand's domain, or their reddit forums that they moderate. That may be for budgetary purposes, or other decisions. I get it. While that is a problem that should eventually be resolved, berating other like YouTubers that cover OPNsense has no purpose but to DEGRADE the PERCEPTION of OPNsense to the rest of the world.
Instead of creating problems, those Youtubers posting content about OPNsense are doing one thing that the teams with Deciso and OPNsense are not- THEY ARE FILLING A VOID.
The platform used second to Google on a global scale, for ANY search criteria, is YouTube. Contrary to what others might think, YouTube is where people go to search and LEARN about a topic first. Viewers find greater value in connecting thru posting comments there. Add to that the YouTubers curating those channels are happy to respond to their viewers in a positive manner. This in turn creates a positive and encouraging environment to foster learning. That INCLUDES even answering the most basic or rudimentary questions without providing a condescending response.
These content developers take the time to do so because THEY VALUE THE PERCEPTION OF THEIR BRAND. Connecting with, or politely answering that one person's most basic question, one that clearly would be considered "dumb or stupid" on this forum, IS MORE VALUABLE TO THEM, and they know it. That one answer or comment reply is likely to lead to word of mouth advertisement that the content developer could never pay for, yet will grow their viewership base.
Even the most basic YouTuber's channel posting content about OPNsense, that would qualify for your berating, are doing MORE for the brand of OPNsense, THAN ALL of the "Hero Members," "Administrators, "Sr. Members," and others high level users, on this forum COMBINED! THEY ARE PROMOTING THE BRAND, NOT MAKING THE BRAND EXCLUSIVE for "expert users." These "external internet guides," as you called them, are FILLING A VOID that these forums at the OPNsense brand's domain, fail miserably at.
Instead of going on rants about how external content is "often outdated or too unspecific," Deciso, and those managing OPNsense would make HUGE STRIDES for brand growth if they looked for ways to make these YouTubers their own BRAND AMBASSADORS. As the YouTubers notoriety grows with their increase of their own subscriber base, positive user interaction, and value perceived as a consistent resource, it would reflect positively on Deciso and OPNsense by identifying with their brand. In return this would amplify the value for people to learn and embrace OPNsense. It would create an environment where users, regardless of their network expertise, FEEL WELCOMED to post their questions or issues, and where they would be answered providing the future user and purchaser or OPNsense with a reason to make a financial investment in the brand.
I want to share a few examples that have helped me in my journey with learning OPNsense on YouTube. They are ones that provided details, often visually, that I could not find specific answers to my questions for in the official documentation, tutorials, and certainly on this official forum. I do so in hopes of providing some examples where Deciso and OPNsense could consider collaborating with these content developers that would help amplify the positive engagement of Deciso's brand OPNsense that is desperately lacking in these forums. For the record I know none of them personally, nor have any reason to mention them outside of how helpful their content, or personal feedback in a timely response in one case, has been to me.
Thank you "Sherridan Computers" (https://www.youtube.com/@sheridans)- Thank you for taking the time to provided perspectives and advice on immediately upgrading to the next version of OPNsense. Thank you for the detailed walk-thru of how to properly setup a VPN, and what you should be looking for to qualify a proper setup as the VPN connection is built out in OPNsense. You taking the time to provide screen captures helped to provide details that were not completely clear to understand in the official documentation
Thank you "What's New With Andrew" (https://www.youtube.com/@Whats.New.Andrew)- Thank you for your detailed walk-thrus that were simplistic to understand and get the basics up and going for an OPNsense setup.
Thank you "HomeNetworkGuy" (https://www.youtube.com/@homenetworkguy)- Thank you for providing critical considerations that no one else covered as to why migrating to either DNSMasq /DHCP or Kea both have their advantages, and disadvantages depending on your current setup, and scalability needs for users systems.
Thank you "Apalrd's Adventures" (https://www.youtube.com/@apalrdsadventures)- Thank yo for taking the time to provide a refresher course of the dynamics of the different network layers that are critical to understanding IPv4 and IPv6 network setups. For those of us that do not live in a world of network address assignments daily, your detailed explanations and simple visual diagrams were helpful.
The visuals that all of you provided in each an every step of the setups and tutorials all are helpful to any viewer who is looking to validate whether or not they are taking the right steps to set up their own OPNsense setup properly.
Additionally all of the time that these, and other YouTube content developers take to stay current with GUI versions and updates that are made to the OPNsense system, help to eliminate the confusion for viewers. Confusion that exists persistently throughout the official documentation and tutorials that I took hours and days to read thru. The official content simply is not updated fast enough, sometimes does not provide that visual detail that's needed for the viewer that has changed in an updated version of the software. You all provide helpful, and relevant information to how to properly setup, modify or adjust systems based on current versions of OPNsense.
In speaking with anyone outside of this forum, anyone whom I have talked to hates, and the word was HATES, coming here to the official forums. These forums have curated a reputation for being a place where people, regardless of their experience or not, are either ignored, berated, or at best looked down upon in a condescending manner if you are not a "Hero Members," "Administrators, "Sr. Members," and others high level users; or at the least considered a "networking expert."
That is so sad, because the "Hero Members," "Administrators, "Sr. Members," and others high level users, are the ones in the end that are damning the success of what potentially could be a great community surrounding, and growing the market space, and enterprise license orders, of a fantastic piece of software.
While I hope that taking the time to present this information will help, my suspicion is high that I do not think any of this will change any time soon. Even though I and many others I am sure looking for a positive engagement in these forums would hope that it would. OPNsense is a fantastic product that is ultimately being curtailed from success by its own "network experts."
Since it was misconstrued by you @meyergru that I somehow wanted someone "take me by the hand and [to be] guided through the process." That never was the case. You initially responded to my posting that started this thread, which I am grateful for @meyergru. To which I provided my mistakes, and how I resolved them thanks to what you had mentioned in your initial response.
Consequently though, me posting those solutions I found in resolving my mistakes were then berated, and not seen for the value it could provide others who may read this hundreds, or thousands of times after who may have similar problems or have created the same errors.
Value in honesty and detailing mistakes to provide steps to solutions, is obviously not cultivated or valued here on these official forums. That in and of itself is what has impacted my perception of considering OPNsense not just for personal learning and use, but for commercial opportunities whereby I influence, or make decisions for in the future.
As a result, what I am committed to do is this-
1) I am going to print out this thread, and have already printed out the "READ FIRST," and "old article" posts. I will this post, along with the others, immediately following this post for future personal, and referral reference for others. Should this thread be deleted, or removed, I will have proof that the responses that I received, along with the berating and condescending rants provide proof. Proof of the unprofessional and lack of any resemblance of desire to provide feedback, even at the voluntary level- which leads to a tainted value perception for Deciso's brand of OPNsense.
2) Should any of my client projects, any group that I volunteer with, or even friends that bring up home networking questions ever consider OPNsense, I will print this thread out and give it to them as PROOF why the toxic, lack of community, and condescending approach that those respected as "Hero Members," "Administrators, "Sr. Members," and high level users on these forums have repeatedly presented by representing OPNsense with their voluntary responses.
3) Any of my project builds in the future for commercial purposes in my areas of consulting and decision making for companies I will remember this brand experience with Deciso. It will give me cause to think twice about any products now, or in the future, that Deciso develops. Cause based on the reputation of the experience I personally have had on these forums with those that are presented as their brand representatives of OPNsense.
The experience on these forums that I have seen others have had, and which I now have personally experience myself, has turned me from a potential avid supporter of OPNsense, to one who will never provide the consideration for anything relating to Deciso or OPNsense that I am involved with in the future. I am sure I am one of many, based off of many comments outside of these forums that I have found that this resonates with.
Before I do those things that I stated, I will give this one last challenge to the rest of you "Hero Members," "Administrators, "Sr. Members," and others high level users on this forum that post frequently. @meyergru has clearly presented his character, and lost any credibility to value his response, but the rest of you still have an opportunity.
My challenge is simple- CHANGE MY MIND
Prove to anyone reading this thread, and to myself that you can actually provide value in a positive response to my questions and this thread. Your response could be as simple as providing a link to a running list of conflicting hardware that is known NOT to be compatible with OPNsense. Do you have one? Did I miss it in my searching thru the official documentation or thousands threads these forums? Where did I miss it if so? Can you provide me a link to it without berating me for making the human mistake of missing this useful piece of content? Something that I missed after reading thru content that I have taken days and months to go thru? Can you do it without berating me for messing up, or failing to find it on my own?
That would be greatly appreciated by any of you.
While I will likely move on because of my experience here, I hope that taking the time to present these serious concerns will provide opportunity for growth and change in the organization. Growth that the "Hero Members," "Administrators, "Sr. Members," and others high level users which the rest of us see as the "experts" who curate this forum and online community. "Experts" that REPRESENT Deciso's brand of OPNsense, even if voluntarily. "Experts" who represent OPNsense to the world.
We all make mistakes. How we help each other matters often more than resolving the error. In maintaining that point of understanding the error often times easily is found even quicker for others. At the least the solution often works itself out and becomes the best learning experience of all involved, and those who watch, or read about it in the future regarding what has transpired.
I was hoping that taking the time to detail my errors and the issues that I had found consistently coming up throughout various posts for years where threads were not solved, would provide that opportunity. It did not. I hope that what I have experienced here changes for others in a positive manner in the future. If not, an incredible product like OPNsense will fail like many others. Not because of it's incredible offering and ongoing development. It will fail because the people that represented the brand and software that was developed, or those who were responsible for curating its value to potential users and purchasers, created exclusivity instead of a welcoming community embracing anyone who was willing to take on the challenge. The challenge of learning their software, regardless of their level of expertise.
I have given this a few days in hopes for a better response from other experts on these forums. I had hopes that the side trails that this thread has gone off into would be brought back on course to provide some further points to consider in my troubleshooting efforts. Specifically a response focused on answering questions, or at least providing direction to helpful resources that I may have missed or that I may be unaware of.
It is obvious that this has not transpired.
So let me address these points of concern, starting with a few of the comments in your responses @meyergru up to this point.
First, I want to make perfectly clear that no where in this post I am trying to attack OPNsense, nor did I intend to come across as blaming OPNsense software for the issues that I was having. I spent many, many hours combing thru posts both on this forum and elsewhere, and have found a very infrequent issue that a few continue to have.
In no way did I mean to come across by posting very detailed responses, as expecting you @meyergru, or anyone else, to fix this issue for me. If that was how it was perceived, then my sincere apologies.
Whether this problem is being logged or not, it is obvious that it persists, even though infrequent. I could not find a running forum thread, or page that is a continuously building list of known hardware issues that OPNsense, and/or it's plug-ins are incompatible with. Is there one? If so, and I missed it in all of my browsing that is my mistake, and I would appreciate simply a link to direct me to read thru that information.
I know how much reading through details in others posts has helped me personally, and have been expressed in replies of gratitude by others long after the post or thread was initially created. Not only here, but elsewhere in the past where people are bold, and honest enough to share their mistakes, and the details for their troubleshooting of issues up to that point. If there is anything we as humans learn from it is from ours and OTHERS mistakes IF we choose to value the lessons they provide. Creating and cultivating a culture where that is welcomed is one of the most critical points of a brand's success or failure. You can have the greatest product in the world, but if you do not include even the person with the most basic understanding of it, success is impeded.
As a result I took the additional time and posted those details above. I did so in hopes that providing them might give someone reason to point me in the direction of other resources, lists, or even other forum threads that would help myself and future viewers out. Hope that taking my time to do so would eliminate additional response time for you as "Hero Members," "Sr. Members," and"Administrators," and other high level users of the forums. I posted to help others that may make a common mistake that I innocently missed in the setup process with my slip-up with Layer2 network conflicts, and trusting the labeling of networking ports on my own hardware.
That obviously did not happen, nor was taken as a value in that sense. My post further was seen as an opportunity to provide yet another condescending rant. One, not just attacking myself, but everyone that you would include as "non-experts," and went as far as venting about those who post "all kids of external internet guides and/or videos." by you @meyergru
@meyergru you mentioned that you, "often say that OPNsense is not your average consumer router where point-and click just works. It is a professional tool that should be operated by experts."
My question to you is, where does one start outside off to be that "network expert?" How does one learn if not by trial and error to become familiar with and knowledgable of the way OPNsense works? How does one become that "expert" who knows how to use OPNsense, if making the same mistakes as others is not permitted? I again could be wrong, but I cannot see where a person just does not one day wake up and become an "expert" at OPNsense.
It is rather by one, regardless of their network experience takes on the challenge to learn. Learn by trial and error, and asking questions, searching for knowledge from experienced users, and content. For OPNsense, there is no other way offered. There is no certification program, official classes, or programs to sit down and learn OPNsense in an officially sanctioned learning environment.
That does not make OPNsense bad in any way, but at the same time it needs to be understood that people are then forced to learn the system on their own thru online communities, forums, and video examples that they can compare and contrast their setup to. Humans instinctively learn more by human interaction and engagement in some modern form of the age-old form of apprenticeship. Whether that be following an "external internet guide," walking them thru the process, or engaging in conversations like was intended when I started this thread.
To say that the OPNsense system "should be operated by experts," completely sequesters OPNsense to being inhibited to growth, adaptation, and opportunity for use by up-and-coming users. Users that would eventually be loyal enthusiasts who encourage their own companies and organizations to purchase enterprise licensing for OPNsense that they have spent time becoming familiar with.
Let me put this another way for you to consider that likely has not been though of. Ask yourself these questions- WHO is posting? Is how I am answering encouraging them to engage FURTHER with the brand of OPNsense to make it a success for Deciso? Or is what I am saying, or how I am responding leaving such a bad experience that this person will forever reject OPNsense, or anything to do with anything from Deciso?
That person posting could be a kid from a small-school or non-profit where he/she may be the only one who understands networking in their organization, or that their organization can afford. The decision makers of that same organization trust them, and are looking to them to not only learn, but figure out if OPNsense is the right solution before purchasing an enterprise level license. Is that person shunned from using OPNsense because they're making mistakes while not qualifying as a "expert," yet willing to learn. Based on your perspective they SHOULD NOT EVEN CONSIDER attempting to learn OPNsense because they do not qualify to be an "expert."
Maybe that person posting the question that you hated answering because it was THE SAME QUESTION OR PROBLEM for the 4,551st time is a Dad who is making a home lab and wants to learn OPNsense. However, for his day job though he is the C-Suite decision maker of his business or franchise. A person where once he could get OPNsense to work, he was going to recommend that his small or medium size company purchase across all of their properties multiple enterprise licenses. Are you going to tell him that he should not consider operating OPNsense either because he is not qualified to be an "expert" according to your qualifications?
For me, I openly admit that I was making this a Homelab exercise. However, I have three non-profits that I work with which need scalable solutions that I was considering recommending OPNsense for. That is, once I could get it to work since they would likely be calling me for any issues. For my day job, I work in the live-event industry and travel globally. I am needing to create 4 travel/temporary network solutions that I am going to be implementing for large scale trade shows, conventions, and tours by the end of Q3 of this year whereby I need a firewall solution. I was considering OPNsense since I THOUGHT it would be great at an enterprise leve. However I needed to figure it out on a personal/consumer level first before recommendations and purchases since likely I would be the one called when issues happened.
All of you that have the title under your name of "Hero Member," "Sr. Member," "Administrator," and others are perceived by those that read your responses, and see your names on these forums as those that KNOW and ARE the "network experts." We look up to, and value your perspective, feedback, and any guidance. Even if that guidance is in providing direction to a post we may not have read, simply because it was missed in our searches. The point of connection with YOUR responses, and by YOU taking the time to answer matters more than you realize. Not just for us, but for the PERCEPTION that we have of the greater brand of Deciso and OPNsense. To those of us that are not, "Hero Members," "Administrators, "Sr. Members," or others in those realms, you REPRESENT the brand to the WORLD whether you are on here voluntarily, or paid to do so. Your response is perceived as the brand's response to US that may be potential users. Your response is also amplified in the perception of the brand by those tens if not hundreds of thousands of users, and potential buyers that may search and land on your response, but never post.
If all of you "Hero Members," "Administrators, "Sr. Members," and others that consistently leave threads without solutions, or berate those who may have asked a question for the 10,723rd time, are you leaving them in a way that you would find motivating to continue engaging with the software and brand if the tables were flipped? If you were just a beginning user, would you continue to find the engagement that a "Hero Member," "Administrator, "Sr. Member," or other high ranking user on these forums posted as a response to you one that would leave you motivated and encouraged to continue to pursue the right answer? Or would it give you cause to move on to another solution of software all together?
As for your statement @meyergru that, "this forum is not an official Decisio support forum, but mostly used by hobbyists," that is a marketing and branding serious concern that may not be yours but one that Deciso and OPNsense needs to address. The PRIMARY domain of this forum is opnsense.org. The forum is also linked on the official main page/site of OPNsense and such is subsequently perceived as THE OFFICIAL resource for anyone looking to connect with others. There is no statement anywhere requiring someone to be a networking "expert" before posting on these forums which leads to the CLEAR misunderstanding that ANYONE is welcome to post their issues or concerns relating to OPNsense. Posting with an assumption that any response IS TO BE CONSIDERED from any "Hero Member," "Administrator, "Sr. Member," or other high ranking user AS from OPNsense. If this was not an "official forum," then there should be explicit visual and verbal details providing that information to first-time viewers, and regular users alike.
That said, all other context, graphics, branding, etc. leads to a complete disagreement with that statement that this is NOT an "official Deciso support forum."
So when a person follows that link that you provided as a "Hero Member," "Administrator, "Sr. Member," or other high ranking user, It doesn't take a "networking expert" to view posts that applaud the "old article" that you lauded in your READ THIS FIRST forum thread to see something seriously wrong. Anyone reading that linked article will quickly realize in NO WAY could that old article be construed to be helpful to users. That is nothing but a condescending, verbal, jerk-off piece intended to do nothing but intentionally berate anyone else whom the author sees as inferior on their knowledge to themselves. It is written by an individual, while possibly a "network expert," who clearly has psychological issues, and is completely deprived of any character that allows him to even care about the value of others who might read that piece.
For anyone that promotes, applauds, and thinks as you mentioned @meyergru in that forum thread, which you posted, that the writer of that condescending piece should be given accolades, I genuinely feel sorry. Not only for the author of the piece but for both of you as human beings. It is clear that there is a massive lack of human decency for anyone who provides that old article accolades. That is the furthest piece of content from providing helpful guidance to anyone.
Furthermore that someone who is a , "Hero Member," "Administrator, "Sr. Member," or other high ranking user who sees any value in providing that as a reference on a forum, and one that represents the brand of Deciso's software OPNsense, is cause for any public-relations and marketing team to find cause for dismissal as a result of promotion of content like that. It not only is damaging to the brand, but creates the unspoken perception that NO ONE is welcomed to post their issues or concerns on this forum unless they are considered an "expert" by the "Hero Member," "Administrator, "Sr. Member," or other high ranking users.
I get it, the forums are free, and voluntary. You as "Hero Members," "Administrators, "Sr. Members," and others high level users, cannot hide behind that excuse though. That leaves no excuse for the tirades and rants about why OPNsense is only for networking "experts" and not for anyone else. If that was the case, then let me ask you again, at what point would you endorse someone just wanting to learn? How would they go about making mistakes while learning without getting berated, and looked down upon by engaging in this forum community? How would they find helpful answers and responses if they do not have your experience, and expertise, or if they missed reading that one thread, or post you have shared thousands of times?
With the responses that many, including myself, have received frequently on these forums, if you were in our shoes, ask yourself these questions. Would YOU walk away from the experience on these forums wanting to purchase a license for your small organization, or startup company? With the lack of positive engagement, even if you made a mistake like tens of thousands before you, yet were berated for asking an honest question, would you recommend to a board of directors, and financial decision makers their need to make a financial purchase to integrate and use an enterprise version of OPNsense?
It doesn't take a "networking expert" to realize the answer is NO.
As for the "external internet guides and/or videos," that you "urge everyone to refrain from using," because, "they are often outdated or too unspecific." Let me provide perspective that may not have been considered by you or others integral in the public relations and marketing management for Decisio and OPNsense.
Organizations like Decisio and OPNsense are missing a great opportunity to connect with their audiences by isolating their only connection point to these forums on their brand's domain, or their reddit forums that they moderate. That may be for budgetary purposes, or other decisions. I get it. While that is a problem that should eventually be resolved, berating other like YouTubers that cover OPNsense has no purpose but to DEGRADE the PERCEPTION of OPNsense to the rest of the world.
Instead of creating problems, those Youtubers posting content about OPNsense are doing one thing that the teams with Deciso and OPNsense are not- THEY ARE FILLING A VOID.
The platform used second to Google on a global scale, for ANY search criteria, is YouTube. Contrary to what others might think, YouTube is where people go to search and LEARN about a topic first. Viewers find greater value in connecting thru posting comments there. Add to that the YouTubers curating those channels are happy to respond to their viewers in a positive manner. This in turn creates a positive and encouraging environment to foster learning. That INCLUDES even answering the most basic or rudimentary questions without providing a condescending response.
These content developers take the time to do so because THEY VALUE THE PERCEPTION OF THEIR BRAND. Connecting with, or politely answering that one person's most basic question, one that clearly would be considered "dumb or stupid" on this forum, IS MORE VALUABLE TO THEM, and they know it. That one answer or comment reply is likely to lead to word of mouth advertisement that the content developer could never pay for, yet will grow their viewership base.
Even the most basic YouTuber's channel posting content about OPNsense, that would qualify for your berating, are doing MORE for the brand of OPNsense, THAN ALL of the "Hero Members," "Administrators, "Sr. Members," and others high level users, on this forum COMBINED! THEY ARE PROMOTING THE BRAND, NOT MAKING THE BRAND EXCLUSIVE for "expert users." These "external internet guides," as you called them, are FILLING A VOID that these forums at the OPNsense brand's domain, fail miserably at.
Instead of going on rants about how external content is "often outdated or too unspecific," Deciso, and those managing OPNsense would make HUGE STRIDES for brand growth if they looked for ways to make these YouTubers their own BRAND AMBASSADORS. As the YouTubers notoriety grows with their increase of their own subscriber base, positive user interaction, and value perceived as a consistent resource, it would reflect positively on Deciso and OPNsense by identifying with their brand. In return this would amplify the value for people to learn and embrace OPNsense. It would create an environment where users, regardless of their network expertise, FEEL WELCOMED to post their questions or issues, and where they would be answered providing the future user and purchaser or OPNsense with a reason to make a financial investment in the brand.
I want to share a few examples that have helped me in my journey with learning OPNsense on YouTube. They are ones that provided details, often visually, that I could not find specific answers to my questions for in the official documentation, tutorials, and certainly on this official forum. I do so in hopes of providing some examples where Deciso and OPNsense could consider collaborating with these content developers that would help amplify the positive engagement of Deciso's brand OPNsense that is desperately lacking in these forums. For the record I know none of them personally, nor have any reason to mention them outside of how helpful their content, or personal feedback in a timely response in one case, has been to me.
Thank you "Sherridan Computers" (https://www.youtube.com/@sheridans)- Thank you for taking the time to provided perspectives and advice on immediately upgrading to the next version of OPNsense. Thank you for the detailed walk-thru of how to properly setup a VPN, and what you should be looking for to qualify a proper setup as the VPN connection is built out in OPNsense. You taking the time to provide screen captures helped to provide details that were not completely clear to understand in the official documentation
Thank you "What's New With Andrew" (https://www.youtube.com/@Whats.New.Andrew)- Thank you for your detailed walk-thrus that were simplistic to understand and get the basics up and going for an OPNsense setup.
Thank you "HomeNetworkGuy" (https://www.youtube.com/@homenetworkguy)- Thank you for providing critical considerations that no one else covered as to why migrating to either DNSMasq /DHCP or Kea both have their advantages, and disadvantages depending on your current setup, and scalability needs for users systems.
Thank you "Apalrd's Adventures" (https://www.youtube.com/@apalrdsadventures)- Thank yo for taking the time to provide a refresher course of the dynamics of the different network layers that are critical to understanding IPv4 and IPv6 network setups. For those of us that do not live in a world of network address assignments daily, your detailed explanations and simple visual diagrams were helpful.
The visuals that all of you provided in each an every step of the setups and tutorials all are helpful to any viewer who is looking to validate whether or not they are taking the right steps to set up their own OPNsense setup properly.
Additionally all of the time that these, and other YouTube content developers take to stay current with GUI versions and updates that are made to the OPNsense system, help to eliminate the confusion for viewers. Confusion that exists persistently throughout the official documentation and tutorials that I took hours and days to read thru. The official content simply is not updated fast enough, sometimes does not provide that visual detail that's needed for the viewer that has changed in an updated version of the software. You all provide helpful, and relevant information to how to properly setup, modify or adjust systems based on current versions of OPNsense.
In speaking with anyone outside of this forum, anyone whom I have talked to hates, and the word was HATES, coming here to the official forums. These forums have curated a reputation for being a place where people, regardless of their experience or not, are either ignored, berated, or at best looked down upon in a condescending manner if you are not a "Hero Members," "Administrators, "Sr. Members," and others high level users; or at the least considered a "networking expert."
That is so sad, because the "Hero Members," "Administrators, "Sr. Members," and others high level users, are the ones in the end that are damning the success of what potentially could be a great community surrounding, and growing the market space, and enterprise license orders, of a fantastic piece of software.
While I hope that taking the time to present this information will help, my suspicion is high that I do not think any of this will change any time soon. Even though I and many others I am sure looking for a positive engagement in these forums would hope that it would. OPNsense is a fantastic product that is ultimately being curtailed from success by its own "network experts."
Since it was misconstrued by you @meyergru that I somehow wanted someone "take me by the hand and [to be] guided through the process." That never was the case. You initially responded to my posting that started this thread, which I am grateful for @meyergru. To which I provided my mistakes, and how I resolved them thanks to what you had mentioned in your initial response.
Consequently though, me posting those solutions I found in resolving my mistakes were then berated, and not seen for the value it could provide others who may read this hundreds, or thousands of times after who may have similar problems or have created the same errors.
Value in honesty and detailing mistakes to provide steps to solutions, is obviously not cultivated or valued here on these official forums. That in and of itself is what has impacted my perception of considering OPNsense not just for personal learning and use, but for commercial opportunities whereby I influence, or make decisions for in the future.
As a result, what I am committed to do is this-
1) I am going to print out this thread, and have already printed out the "READ FIRST," and "old article" posts. I will this post, along with the others, immediately following this post for future personal, and referral reference for others. Should this thread be deleted, or removed, I will have proof that the responses that I received, along with the berating and condescending rants provide proof. Proof of the unprofessional and lack of any resemblance of desire to provide feedback, even at the voluntary level- which leads to a tainted value perception for Deciso's brand of OPNsense.
2) Should any of my client projects, any group that I volunteer with, or even friends that bring up home networking questions ever consider OPNsense, I will print this thread out and give it to them as PROOF why the toxic, lack of community, and condescending approach that those respected as "Hero Members," "Administrators, "Sr. Members," and high level users on these forums have repeatedly presented by representing OPNsense with their voluntary responses.
3) Any of my project builds in the future for commercial purposes in my areas of consulting and decision making for companies I will remember this brand experience with Deciso. It will give me cause to think twice about any products now, or in the future, that Deciso develops. Cause based on the reputation of the experience I personally have had on these forums with those that are presented as their brand representatives of OPNsense.
The experience on these forums that I have seen others have had, and which I now have personally experience myself, has turned me from a potential avid supporter of OPNsense, to one who will never provide the consideration for anything relating to Deciso or OPNsense that I am involved with in the future. I am sure I am one of many, based off of many comments outside of these forums that I have found that this resonates with.
Before I do those things that I stated, I will give this one last challenge to the rest of you "Hero Members," "Administrators, "Sr. Members," and others high level users on this forum that post frequently. @meyergru has clearly presented his character, and lost any credibility to value his response, but the rest of you still have an opportunity.
My challenge is simple- CHANGE MY MIND
Prove to anyone reading this thread, and to myself that you can actually provide value in a positive response to my questions and this thread. Your response could be as simple as providing a link to a running list of conflicting hardware that is known NOT to be compatible with OPNsense. Do you have one? Did I miss it in my searching thru the official documentation or thousands threads these forums? Where did I miss it if so? Can you provide me a link to it without berating me for making the human mistake of missing this useful piece of content? Something that I missed after reading thru content that I have taken days and months to go thru? Can you do it without berating me for messing up, or failing to find it on my own?
That would be greatly appreciated by any of you.
While I will likely move on because of my experience here, I hope that taking the time to present these serious concerns will provide opportunity for growth and change in the organization. Growth that the "Hero Members," "Administrators, "Sr. Members," and others high level users which the rest of us see as the "experts" who curate this forum and online community. "Experts" that REPRESENT Deciso's brand of OPNsense, even if voluntarily. "Experts" who represent OPNsense to the world.
We all make mistakes. How we help each other matters often more than resolving the error. In maintaining that point of understanding the error often times easily is found even quicker for others. At the least the solution often works itself out and becomes the best learning experience of all involved, and those who watch, or read about it in the future regarding what has transpired.
I was hoping that taking the time to detail my errors and the issues that I had found consistently coming up throughout various posts for years where threads were not solved, would provide that opportunity. It did not. I hope that what I have experienced here changes for others in a positive manner in the future. If not, an incredible product like OPNsense will fail like many others. Not because of it's incredible offering and ongoing development. It will fail because the people that represented the brand and software that was developed, or those who were responsible for curating its value to potential users and purchasers, created exclusivity instead of a welcoming community embracing anyone who was willing to take on the challenge. The challenge of learning their software, regardless of their level of expertise.
#27
26.1 Series / Re: Anti-Lockout Rule (Destina...
Last post by RamSense - February 01, 2026, 09:21:02 PMHere are the top rules for wan
There is no allow for Opnsense GUI 444 or SSH 22 in the WAN rules.
I found an export as CSV button on the bottom right of the (WAN)rules. When I export this and search for 444 to find the Opnsense Gui port 444 rules, I only find my created own block rule on WAN and on LAN my created allow as "anti lockout" rule.
There is no allow for Opnsense GUI 444 or SSH 22 in the WAN rules.
I found an export as CSV button on the bottom right of the (WAN)rules. When I export this and search for 444 to find the Opnsense Gui port 444 rules, I only find my created own block rule on WAN and on LAN my created allow as "anti lockout" rule.
#28
Hardware and Performance / Re: Starting homelab network -...
Last post by OPNenthu - February 01, 2026, 09:13:15 PMQuote from: nero355 on February 01, 2026, 04:57:50 PMIt's one of their weirdest products ever :
- € 200 for the Switch
- € 90 for the adapter
If you can get by with a PoE injector as Patrick suggested, then the non-PoE version of the same switch is the better deal. But at that point the Mikrotik with its 8x 2.5GbE ports is practically begging, even with the fan.
QuoteAnd add to that Netgear and HPE switches.
I haven't tried the professional Netgear switches and I do expect better of them, but I had a terrible experience with a cheaper Netgear smart switch and had to return it. It was leaking RAs across the VLANs.
#29
26.1 Series / New Rules "Edit/Clone Rule UI"...
Last post by fuba - February 01, 2026, 08:34:24 PMHi there,
the new Rules UI is generally working, and the rules themselves apply correctly.
However, the "Edit/Clone Rule Popup" appears to be "broken" anyhow when switching between different interfaces and editing a rule.
When switching interfaces, Source and Destination fields randomly change to "Nothing selected".
In some cases, Ports also become sown as empty.
But the Values are actually there!
Reproduce:
I tested this with Firefox, Edge, and Brave on Windows, as well as Firefox on CachyOS from a different machine.
I also tested after deleting all browser data.
I've not recognized that bug with the legacy Rule UI.
Here is a video demonstrating the issue:
P.s.
Don't blame me for my rules! 🤣
the new Rules UI is generally working, and the rules themselves apply correctly.
However, the "Edit/Clone Rule Popup" appears to be "broken" anyhow when switching between different interfaces and editing a rule.
When switching interfaces, Source and Destination fields randomly change to "Nothing selected".
In some cases, Ports also become sown as empty.
But the Values are actually there!
Reproduce:
- Open "Interface1" → Edit RuleX → everything is correct
- Select another interface (any interface)
- Check the rules and you may now see some Editboxes or Comboboxes showing "Nothing selected"
- Switch back to the previous "Interface1"
- See even more "Nothing selected" Editboxes or Comboboxes, mostly Source and Destination, but sometimes Ports are also empty (at least in my case)
- Refresh the page while staying on the current interface, the bug is gone until you switch interfaces again
I tested this with Firefox, Edge, and Brave on Windows, as well as Firefox on CachyOS from a different machine.
I also tested after deleting all browser data.
I've not recognized that bug with the legacy Rule UI.
Here is a video demonstrating the issue:
P.s.
Don't blame me for my rules! 🤣
#30
26.1 Series / Re: Anti-Lockout Rule (Destina...
Last post by Patrick M. Hausen - February 01, 2026, 08:22:28 PMCan you show your rules on WAN? Since the default is to block everything, there must be some rule allowing this traffic, right?
