Recent posts

#21
Hardware and Performance / Re: Starting homelab network -...
Last post by hacktheplanet - January 13, 2026, 09:54:01 PM
Quote from: Patrick M. Hausen on January 13, 2026, 12:30:47 PMKeep in mind that active PoE in a switch means

- way more expensive than without
- most units are deep 19" devices
- passive cooling is very rare

Depending on how "home" your home lab is going to be (do you have an extra room for a rack?) a switch like the mentioned CSR326, available in either rack or desktop format and passive cooling might be preferable to a loud rack mount only unit intended for data centres.

P.S. The CSR326 does not support 2.5 G Ethernet.

Thanks for sharing that model and your experiences with it. I'm not sure about a rack yet, space is at a bit of a premium so I am considering a mini-rack of the type that seem to be quite popular currently. I will set up a patch panel, so a rack probably makes sense.

I mainly would need PoE for some cameras (2 initally) and possibly later some single board computers and such.
#22
Hardware and Performance / Re: DEC2752 console settings
Last post by Monviech (Cedrik) - January 13, 2026, 09:42:11 PM
I think this is wrong, remove that checkbox:

USB-based serial: "Use USB-based serial ports" - Yes

#23
Hardware and Performance / DEC2752 console settings
Last post by dmurphy - January 13, 2026, 09:37:49 PM
Hi all - I'm sure I'm missing a very simple console setting, but I just did a reload, and now I'm having serial console trouble.

Step 1) Install 25.7 via amd64/vga image
Step 2) Install default dec2752 settings from https://docs.opnsense.org/hardware/defaults.html
Step 3) Patch up to 25.7.10
Step 4) Restore my prior configuration (minus tunables - that is what I'm trying to get "clean" ...)

What is occurring:

Console works fine from BIOS to boot loader to console output.  But once boot finishes and I should be getting the login details, it stops providing output or accepting input right here:

>>> Invoking start script 'openvpn'
>>> Invoking start script 'sysctl'
Service `sysctl' has been restarted.
>>> Invoking start script 'beep'
Root file system: zroot/ROOT/default
Tue Jan 13 15:21:37 EST 2026

*** dmurphy-gw.home: OPNsense 25.7.10 (amd64) ***

 DMZ (vlan0.77)  -> v4: 10.77.0.1/24
 FIOS (igc0)     -> v4/DHCP4: 1.2.3.4/24
                    v6/DHCP6: fe80::ffff:aaaa:bbbb:cccc%igc0/64
 GUEST (vlan0.99) -> v4: 172.16.100.1/24
 LAN (ax0)       -> v4: 172.16.0.1/22
 Tailscale (tailscale0) ->
 WINTENDO (vlan0.91) -> v4: 172.16.91.1/24

 HTTPS: SHA256 83 AA EC BB 3D CC DD 0C EE 27 FF 0D AA 7A BB 6F
               CC DD EE FF AA BB BCC1 EF E0 60 05 0A AA BB CC DD
 SSH:   SHA256 PfdajklfdljkfgakvjczkzckHadfjkfdajfasjdcxxQ (ECDSA)
 SSH:   SHA256 PfdajklfdljkfgakvjczkzckHadfjkfdajfasjdcxxQ (ED25519)
 SSH:   SHA256 PfdajklfdljkfgakvjczkzckHadfjkfdajfasjdcxxQ (RSA)

Now if I do something that kicks out a kernel message (i.e. reboot) - I WILL see that output here.

So what setting am I missing?  In System -> Settings -> Administration, the Console settings are as such:

Console driver: "Use the virtual terminal driver (vt)" - Yes
Primary Console: Serial Console
Secondary Console: None
Serial Speed: 115200
USB-based serial: "Use USB-based serial ports" - Yes
Console menu: Password protect the console menu

EDIT: Forgot to mention, I did make sure "UART 0 Legacy" is disabled in the BIOS.

Setup Utility –> AMD CBS –> FCH Common Options –> UART Configuration Options –> UART 0 Legacy Options
#24
25.7, 25.10 Series / Re: Dnsmasq stops occasionaly
Last post by Monviech (Cedrik) - January 13, 2026, 09:35:19 PM
You are indeed not doing anything strange (other than having some custom config files but that can be found out).
Can you try some of these things:

- 1. comment these out, one by one, see if anything changes. If we know the exact folder/file that would be great:
(Go to /usr/local/opnsense/service/templates/OPNsense/Dnsmasq/dnsmasq.conf and just put a "#" before these lines one by one. Then restart dnsmasq via Apply in the GUI each time and monitor for a while)
# addn-hosts=/var/etc/dnsmasq-hosts
# addn-hosts=/var/etc/dnsmasq-leases
# conf-dir=/usr/local/etc/dnsmasq.conf.d,*.conf

- 2. Random guess, can you try to disable Router Advertisements/DHCPv6 in the GUI and see if that changes anything?

Try these one by one and see if it changes anything.


PS: Just make sure to mask your dhcp-host entries in that prior dnsmasq.conf file attached to your post, so not everyone knows your network.
#25
25.7, 25.10 Series / Re: Dnsmasq stops occasionaly
Last post by ligand - January 13, 2026, 09:13:19 PM
Hi.  I don't see a lot of churn on the files referenced in the conf file
root@OPNsense:/usr/local/etc/dnsmasq.conf.d # ls -l
total 16
-rw-r--r--  1 root wheel  85 Dec 18 08:13 README
-rw-r--r--  1 root wheel  41 Sep 15 15:21 jdownloader.conf
-rw-r--r--  1 root wheel 211 Sep 14 21:26 lucid.conf
-rw-r--r--  1 root wheel  31 Sep 14 19:41 plex.conf

I'm attaching my dnsmasq.conf.  I don't think I'm doing anything special with my installation. 

My WAN connection is stable.  I don't see instability in it but if you tell me what to look for then I can validate the logs to be certain. 

#26
Hardware and Performance / Re: [solved] Intel i226 Firmwa...
Last post by pOpY2k25 - January 13, 2026, 09:09:52 PM
Quote from: Stom14680 on January 13, 2026, 09:08:40 AM
Quote from: pOpY2k25 on November 07, 2025, 07:12:47 PMI finally upgraded my rather old 2.13 to 2.32.

Do you still have the 2.13 firmware backup? If so, can you share the hash (such as MD5) of the 2.13 files?

I have a card with 2.13 firmware but I was never able to upgrade to 2.32. I began to think there might be something special for my card's firmware. It will be great to see if mine is the same as yours. Thanks in advance!

here is my backup of 2.13: https://drive.google.com/file/d/1XVVNRI5ieIVpNAA7GTV5qA7a9RX8lDTL/view?usp=sharing
#27
German - Deutsch / Re: Eigener DNS bei einer IPv6...
Last post by meyergru - January 13, 2026, 09:03:57 PM
Ja. Dann brauchst Du aber auch keine ULA - Du würdest ja nur die IPv6 der OpnSense erreichbar machen und den Rest per Reverse-Proxy oder bei sehr speziellen Anwendungen NAT64 in eine DMZ (was sowieso für exponierte Geräte und Services eine gute Übung ist).

Die anderen Geräte können auch intern ruhig GUA benutzen, die Firewall blockt ja den Zugriff von außen (abgesehen davon, dass man die internen GUAs nicht erraten oder scannen kann, selbst, wenn man den Präfix kennt - 2^64 IPs sind ein bisschen zu viel zum Raten).

Für Android-Geräte gibt es m.W. inzwischen auch die Möglichkeit der MAC Randomization und wie gesagt, die IP ist inzwischen nicht mehr das relevante Kriterium zum Erkennen eines spezifischen Geräts.
#28
25.7, 25.10 Series / Re: Any dates as to when 26.1 ...
Last post by OPNenthu - January 13, 2026, 09:02:42 PM
Well that's the due date for the deliverables, not necessarily the drop date for the installer.  But I wouldn't expect anything until at least all the items are closed.