Recent posts

#21
25.7, 25.10 Series / OPNsense 25.7.10 – Crash Due t...
Last post by saleh - Today at 01:22:53 AM
Hello OPNsense Team,

Every day, we are receiving crash reports due to PHP errors in the Captive Portal. Please find the logs and attached files below, and let us know if you can help us resolve this issue.

 PHP Errors:

[21-Dec-2025 23:39:26 Asia/Jerusalem] TypeError: Cannot assign null to property OPNsense\CaptivePortal\Api\AccessController::$arp of type array in /usr/local/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/AccessController.php:105
Stack trace:
#0 /usr/local/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/AccessController.php(254): OPNsense\CaptivePortal\Api\AccessController->getClientMac('10.5.90.224')
#1 /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Dispatcher.php(166): OPNsense\CaptivePortal\Api\AccessController->logonAction()
#2 /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Router.php(156): OPNsense\Mvc\Dispatcher->dispatch(Object(OPNsense\Mvc\Request), Object(OPNsense\Mvc\Response), Object(OPNsense\Mvc\Session))
#3 /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Router.php(139): OPNsense\Mvc\Router->performRequest(Object(OPNsense\Mvc\Dispatcher))
#4 /usr/local/opnsense/www/api.php(36): OPNsense\Mvc\Router->routeRequest('/api/captivepor...', Array)
#5 {main}

Thank you and Best Regards,
Saleh
#22
It looks like OPNSense is still in limbo to try and figure out what the latest installed version is.

```
Type    opnsense    
Version    25.7.10    
Architecture    amd64    
Commit    c2f076f30    
Mirror    http://mirror.sfo12.us.leaseweb.net/opnsense/FreeBSD:14:amd64/25.7    
Repositories    OPNsense (Priority: 11)    
Updated on    Fri Dec 19 17:20:40 AEST 2025    
Checked on    Mon Dec 22 09:27:37 AEST 2025
```

The update page again shows that I need to upgrade the base and kernel package.

```
Package name    Current version    New version    Required action    Repository
base   25.7.8   25.7.10   upgrade   OPNsense
kernel   25.7.8   25.7.10   upgrade   OPNsense
```

Something is wrong here but I can't put a finger on it where it may get the discrepancy from.
#23
General Discussion / Re: assigning static IP addres...
Last post by Hollywood - Today at 12:57:18 AM
Quote from: BrandyWine on Today at 12:24:47 AMIs the pi booting with randomized MAC?

https://raspberrypi.stackexchange.com/questions/68513/pi-using-a-random-mac-address-after-every-reboot-how-do-i-stop-this-behavior
that's not it. I just didn't know how to reserve the IPs. I figured it out using Dnsmasq.
Thanks.
#24
General Discussion / Re: Zoraxy Reverse Proxy does ...
Last post by Maurice - Today at 12:31:53 AM
This indicates Zoraxy sends HTTP GET requests with a body, which is very much discouraged. No browser sends GET requests with a payload. So that's an issue you might want to raise with the Zoraxy devs.

Cheers
Maurice
#25
General Discussion / Re: Opnsense vs mainstream rou...
Last post by BrandyWine - Today at 12:31:14 AM
Quote from: Hollywood on December 21, 2025, 12:36:36 PMThe SSIDs are already setup in the access point.

Is each SSID in it's own subnet (vlan), and you trunk the wifi device to the firewall?
#27
General Discussion / Re: Web Interface Not Secure
Last post by BrandyWine - Today at 12:22:04 AM
Chrome? The ABC company, goole?

Self-signed certs is the issue for the notice. Try installing the cert as "trusted", then the notice will go away.

https://www.codegenes.net/blog/getting-chrome-to-accept-self-signed-localhost-certificate/
#28
Turn off / disable all the power stuff. Why is that even needed?
#29
General Discussion / Re: Suricata detecting outboun...
Last post by wsmlby - Today at 12:11:53 AM
In case people come here for the weird UDP 161 SNMP issue:

TL;DR: You likely have a Windows machine on your network looking for printers. You can block this by set up a floating rule.

I noticed the same issue on my Suricata log.

On opnsense: `tcpdump -n port 161` also shows traffic from opnsense to WAN.

Then I tried what Patrick suggested: Try `tcpdump -i <your-lan-if> -n port 161`. I can see it come from my windows laptop.

To block this, I set up a floating rule [Firewall] -> [Rules] -> [Floating] add rule:

Action: Reject, Interface: <Lan>, Direction: in, Protocol: UDP, Destination Port Range: SNMP, Descript: Block leaking SNMP

After that Suricata is quieter
#30
Quote from: OPNenthu on December 14, 2025, 06:02:29 AMIt Just Works™ in Linux.  Nothing needed besides the NIC driver (built in) and userspace tools like NetworkManager.
Well, the built-in part is perhaps the pitfall in many cases, because we don't always want to wait for a kernel release to fix an issue via driver code.
In some OS's there are ways to unload stuff that was loaded in from kernel directly, but it seems freeBSD is not one of them.
And things don't always "just work" in linux.

Specifically for OPNsense, I would prefer they compile kernel without nic drivers (stop using GENERIC), then during install detect nic and cfg the proper KLM to load on boot, this way we could replace a nic KLM at-will. In recent past I did compile kernel without igc and then loaded that driver manually.