"Recent posts
#21
German - Deutsch / Re: OPNsense Cluster und Let's...
Last post by TheExpert - Today at 10:21:17 AMOK, danke. Ich habe nun den ACME Client auf dem Backup-Knoten deaktiviert und das Wildcard-Zertifikat dieses Knotens gelöscht.
Nachdem ich dann für den HA-Sync auf dem Master-Knoten die Synchronisierung der Zertifikate aktiviert habe, wurde das Wildcard-Zertifikat des Masters übertragen und im HAProxy auf dem Backup-Knoten ist dieses Zertifikat nun ebenfalls in der Konfiguration eingebunden.
Dann kann ich heute mal testen, ob der HAProxy funktioniert. Lt. Heath-Check usw. sieht alles gut aus...
Nachdem ich dann für den HA-Sync auf dem Master-Knoten die Synchronisierung der Zertifikate aktiviert habe, wurde das Wildcard-Zertifikat des Masters übertragen und im HAProxy auf dem Backup-Knoten ist dieses Zertifikat nun ebenfalls in der Konfiguration eingebunden.
Dann kann ich heute mal testen, ob der HAProxy funktioniert. Lt. Heath-Check usw. sieht alles gut aus...
#22
General Discussion / Re: ddclient and deSEC
Last post by meyergru - Today at 10:00:36 AMYes, I know that there is a specific problem - yet I think it would be better working towards a solution in OpnSense than to use external scripts.
#23
General Discussion / Re: Intermittent Packet Loss o...
Last post by meyergru - Today at 09:58:15 AMDid you enable multiqueue on the VM's network interfaces?
#24
25.7, 25.10 Series / Re: upgrade to 25.7.10 > Intru...
Last post by Steven-B - Today at 09:57:48 AMProblem is solved and is browser related (Edge), I changed my browser back to Firefox > problem solved, logs are displayed.
Did not think about it before, already tried resetting Intrusion Detection several times lol :)
Did not think about it before, already tried resetting Intrusion Detection several times lol :)
#25
French - Français / Re: Pas d'accés WAN
Last post by terry - Today at 09:27:35 AMAprès avoir lu cet excellent post; https://forum.opnsense.org/index.php?msg=213524, je me suis rendu compte que je ne suis pas de niveau pour résoudre mon problème. Ni mes compétences ni le matériel utilisé sont de niveau, je laisse donc tomber cette tentative.
Cependant j'aimerais quand même trouver une solution pour protéger mon réseau et sans avoir de grosse compétence en réseau. Si quelqu'un à une information je suis preneur, merci d'avance.
Cependant j'aimerais quand même trouver une solution pour protéger mon réseau et sans avoir de grosse compétence en réseau. Si quelqu'un à une information je suis preneur, merci d'avance.
#26
26.1 Series / Re: Max table entries does not...
Last post by OPNenthu - Today at 08:46:25 AMUpdate...
This commit was added in 25.7.5.
Based on the formula, you would be capped at 1M as the default table size on systems with very small installed memory (hw.physmem < 667 MiB).
A few points though:
1) OPNsense minimum memory requirement is 3GB, so if you're hitting this 1M limit then you are well below the requirement and need more RAM.
2) There could be a bug. I don't know under what conditions you might be prevented from increasing the value. Is low memory one of them? (Better question for @franco).
3) For most systems with decent RAM the new default is 10M. Maybe you are actually seeing 10000000 and just miscounted the zeros? In any case you should still be able to change the default, so probably still a bug if you have enough RAM.
Hope this helps
Quote from: Jargriddle on February 12, 2026, 02:04:17 AMHas a limit been implemented?Turns out, yes! (kind of)
This commit was added in 25.7.5.
Based on the formula, you would be capped at 1M as the default table size on systems with very small installed memory (hw.physmem < 667 MiB).
A few points though:
1) OPNsense minimum memory requirement is 3GB, so if you're hitting this 1M limit then you are well below the requirement and need more RAM.
2) There could be a bug. I don't know under what conditions you might be prevented from increasing the value. Is low memory one of them? (Better question for @franco).
3) For most systems with decent RAM the new default is 10M. Maybe you are actually seeing 10000000 and just miscounted the zeros? In any case you should still be able to change the default, so probably still a bug if you have enough RAM.
Hope this helps
#27
26.1 Series / Re: Register DHCP Static Mappi...
Last post by memzila - Today at 08:38:20 AMQuote from: nero355 on Today at 12:59:45 AMQuote from: memzila on February 13, 2026, 04:29:44 PMthe only way is to actual use KEA?No.
Please read https://docs.opnsense.org/manual/dnsmasq.html#dhcpv4-with-dns-registration carefully and adjust your configuration accordingly !! ;)
Thanks. Will probably later try to configure it like this. As I currently not have the need for any advanced dhcp options, the KEA and Unbound Way with automatic registration of static dhcp entries in unbound is the more straightforward way at the moment
#28
26.1 Series / Re: 26.1.2 - Destination NAT -...
Last post by Monviech (Cedrik) - Today at 08:04:11 AMIn this case they are shown but cant be used because the underlying model does not allow them.
Right now they are shown all the time even if they cannot be used, and right now the only edge case is in destination NAT.
https://github.com/opnsense/core/pull/9668
Right now they are shown all the time even if they cannot be used, and right now the only edge case is in destination NAT.
https://github.com/opnsense/core/pull/9668
#29
26.1 Series / 26.1.2 - Destination NAT - Can...
Last post by duckworld - Today at 07:59:13 AMI have some destination NAT (port forward) rules configured on my firewall for inbound HTTP and HTTPS. In the destination NAT "translation" section, I am unable to set the "Redirect Target Port" section to any of the well known ports added in 26.1.2. When I try to save my changes, I get an error saying `Please specify a valid port number or alias`. Setting the port to a manually-created alias works fine, as does specifying the port manually.
If it's relevant, I recently installed a clean copy of 26.1.0 onto a new firewall and didn't reimport my config (recreated manually).
If it's relevant, I recently installed a clean copy of 26.1.0 onto a new firewall and didn't reimport my config (recreated manually).
#30
26.1 Series / Re: Register DHCP Static Mappi...
Last post by JohnClark - Today at 05:55:50 AMYou're basically on the right track. If you want Unbound to handle advanced features like DNS overrides, forwarding (for something like NextDNS), and also automatically register static DHCP leases, then Unbound needs to be the resolver that receives those host entries. With the legacy ISC DHCP, that integration can be limited or inconsistent depending on setup. KEA is designed to integrate more cleanly in newer stacks, especially in systems like OPNsense, where KEA can dynamically update Unbound via proper hooks. So yes, if automatic registration of static DHCP entries in Unbound is important alongside advanced DNS features, moving to KEA is usually the cleaner and more reliable approach.
