"Recent posts
#21
25.7, 25.10 Series / Unable to boot after update.
Last post by AnnaRenee87 - Today at 06:14:34 PMHello,
New here, registered to report this, I'm running on the latest Proxmox and OPNsense has been running fine for like... 5ish months?
When updating to the latest version of OPNsense I'm getting this error in the console and it never boots. (In Screenshot)
The version I tried to install is 25.7.8 (November 26, 2025)
I have backups of the VM so I just restored the VM.
I've attached a screenshot of what Plugins are installed too.
Thanks
EDIT/PS, VM has 6 Cores/Threads assigned to it and it's got 8GB of RAM.
New here, registered to report this, I'm running on the latest Proxmox and OPNsense has been running fine for like... 5ish months?
When updating to the latest version of OPNsense I'm getting this error in the console and it never boots. (In Screenshot)
The version I tried to install is 25.7.8 (November 26, 2025)
I have backups of the VM so I just restored the VM.
I've attached a screenshot of what Plugins are installed too.
Thanks
EDIT/PS, VM has 6 Cores/Threads assigned to it and it's got 8GB of RAM.
#22
German - Deutsch / Re: Verstädnisfrage Wireguard ...
Last post by wirehire - Today at 05:46:33 PMDie Reihenfolge verstehe ich, nur nicht was du mit Gruppe Local meinst, bei floating.
#23
General Discussion / Re: Gateway Monitoring and Pac...
Last post by Meg - Today at 05:42:27 PMThanks for the replies. Can you tell me how to change the default monitor address. I added 8.8.8.8 in monitor ip under gateway configuration but it doesn't seem to be monitoring that address. Or am I doing that wrong?
#24
Hardware and Performance / Re: N150 / N355 good fits?
Last post by Greg_E - Today at 05:26:02 PMSuricata does support multithreaded workflows, but it does not trap everything Zenarmor will trap. And I thought ZA had mulithread support in the paid versions higher than "home"? I'm working towards a contract for this as another contract sunsets (never give back the budget, find another tool to buy), and a big part of this purchase would be to get multithreaded performance and increase my maximum throughput.
Currently on a Xeon E3-1230v5 4 core 8 thread processor in the "high efficiency" or low TDP class from Intel (old Supermicro server repurposed). With a gigabit connection to a 2gb ISP I get around 500-600mbps download due to filtering, get around 900mbps upload (uploads are not filtered by ZA).
All that said, I'm trying to budget for an OPNsense DEC 2770, but that's going nowhere fast. I'll probably be looking at threads like these with more interest as time goes by, when I need to buy something different.
For 10g routing, I'd also be suggesting a modern i5 or comparable AMD processor, I don't think the n355 will have enough grunt to do what you want with a bunch of filtering. For Zen Armor single thread, clock speed is the only thing that really overcomes the limits, buy the fastest you can get.
Currently on a Xeon E3-1230v5 4 core 8 thread processor in the "high efficiency" or low TDP class from Intel (old Supermicro server repurposed). With a gigabit connection to a 2gb ISP I get around 500-600mbps download due to filtering, get around 900mbps upload (uploads are not filtered by ZA).
All that said, I'm trying to budget for an OPNsense DEC 2770, but that's going nowhere fast. I'll probably be looking at threads like these with more interest as time goes by, when I need to buy something different.
For 10g routing, I'd also be suggesting a modern i5 or comparable AMD processor, I don't think the n355 will have enough grunt to do what you want with a bunch of filtering. For Zen Armor single thread, clock speed is the only thing that really overcomes the limits, buy the fastest you can get.
#25
General Discussion / Re: Problems with IPv6 subnett...
Last post by joxsanttu - Today at 04:50:16 PMFixing found problems final hybrid "Hybrid outbound NAT rule generation
(automatically generated rules are applied after manual rules)" and WAN, IPv6, Source LAN net, translation / target WAN Address. /etc/sysctl.conf enable router IPv6 ULA fix net.ipv6.conf.all.forwarding = 1 boot normal working!! Thak you. Homelab testing.
(automatically generated rules are applied after manual rules)" and WAN, IPv6, Source LAN net, translation / target WAN Address. /etc/sysctl.conf enable router IPv6 ULA fix net.ipv6.conf.all.forwarding = 1 boot normal working!! Thak you. Homelab testing.
#26
Hardware and Performance / Re: N150 / N355 good fits?
Last post by Billy2010 - Today at 04:46:06 PMI went with minisforum but, the one I have does draw 100TDP (I have metered it) whilst far from max load.
I will play with the settings.
I will play with the settings.
#27
Virtual private networks / multi WAN, OpenVPN Instances, ...
Last post by venex - Today at 04:10:32 PMI have 2 upstream WAN gateways from 2 different ISP.
They have different IPv4 configuration types: one is PPPoE and he other is DHCP.
WAN1 is the default gateway and it's priority is 10, WAN2's priority is 20.
Both of the gateways are non-stop online.
Previously I had a perfectly working OpenVPN Roadwarrior setup configured with the deprecated 'Firewall /VPN/OpenVPN/Servers' option. I could connect from the internet via both gateways (WAN1 and WAN2) to my OpenVPN server. I was able to access all local websites behind the firewall on my LANs, and I also had access to the internet via the firewall.
I migrated my OpenVPN Roadwarrior setup to the new 'Firewall/VPN/OpenVPN/Instances'. I can connect to my OpenVPN server via WAN1 and WAN2 from the Internet. If I connect via the default WAN1 gateway everything seems to be working fine, just like before. I'm able to access local websites on the LANs and I can also access the Internet via the firewall. I'm also able to access the Web GUI of OPNsense.
However, when I connect via the WAN2 gateway, I experience the following strange behaviors:
DNS (nslookup) works and I can ping any domain/IP on the internet. I can open some websites on the Internet using curl, but I can not open the same websites using a web browser. I also can not open the Web GUI of OPNsense. I can open some local websites on my LANs with my web browser, but not others.
I would like to be able to open all local websites on the LANs and also all websites on the Internet when connected via a WAN2 gateway.
What I have already tried to solve the issue, but it didn't help:
- I changed the MTU and MSS values on a trial and error basis.
- I changed the 'Firewall/Settings/Advanced/Disable force gateway' option.
- I changed the 'Firewall/Rules/OpenVPN' rules, but nothing solved the issue.
- I have followed the official 'WireGuard Road Warrior Setup' (https://docs.opnsense.org/manual/how-tos/wireguard-client.html) to create a new Roadwarrior setup with WireGuard insetad of OpenVPN. As a result, I experienced almost exactly the same problems as those encountered with the OpenVPN Roadwarrior setup. Connecting via the default WAN1 gateway everything seemed to be working fine but connecting via the WAN2 gateway, I experienced the same strange behaviors what I have with the OpenVPN Roadwarrior setup.
I would gladly pay anyone to help me figure out what's wrong with my settings.
If anyone can help, please send me a PM or write here.
They have different IPv4 configuration types: one is PPPoE and he other is DHCP.
WAN1 is the default gateway and it's priority is 10, WAN2's priority is 20.
Both of the gateways are non-stop online.
Previously I had a perfectly working OpenVPN Roadwarrior setup configured with the deprecated 'Firewall /VPN/OpenVPN/Servers' option. I could connect from the internet via both gateways (WAN1 and WAN2) to my OpenVPN server. I was able to access all local websites behind the firewall on my LANs, and I also had access to the internet via the firewall.
I migrated my OpenVPN Roadwarrior setup to the new 'Firewall/VPN/OpenVPN/Instances'. I can connect to my OpenVPN server via WAN1 and WAN2 from the Internet. If I connect via the default WAN1 gateway everything seems to be working fine, just like before. I'm able to access local websites on the LANs and I can also access the Internet via the firewall. I'm also able to access the Web GUI of OPNsense.
However, when I connect via the WAN2 gateway, I experience the following strange behaviors:
DNS (nslookup) works and I can ping any domain/IP on the internet. I can open some websites on the Internet using curl, but I can not open the same websites using a web browser. I also can not open the Web GUI of OPNsense. I can open some local websites on my LANs with my web browser, but not others.
I would like to be able to open all local websites on the LANs and also all websites on the Internet when connected via a WAN2 gateway.
What I have already tried to solve the issue, but it didn't help:
- I changed the MTU and MSS values on a trial and error basis.
- I changed the 'Firewall/Settings/Advanced/Disable force gateway' option.
- I changed the 'Firewall/Rules/OpenVPN' rules, but nothing solved the issue.
- I have followed the official 'WireGuard Road Warrior Setup' (https://docs.opnsense.org/manual/how-tos/wireguard-client.html) to create a new Roadwarrior setup with WireGuard insetad of OpenVPN. As a result, I experienced almost exactly the same problems as those encountered with the OpenVPN Roadwarrior setup. Connecting via the default WAN1 gateway everything seemed to be working fine but connecting via the WAN2 gateway, I experienced the same strange behaviors what I have with the OpenVPN Roadwarrior setup.
I would gladly pay anyone to help me figure out what's wrong with my settings.
If anyone can help, please send me a PM or write here.
#28
Tutorials and FAQs / Re: Proxy ISP provided /64 Pre...
Last post by Monviech (Cedrik) - Today at 04:09:10 PMThe discussion in here has been superseded.
I have written my own ndp proxy in lang/go which circumvents all of the issues described here.
I use it myself to proxy my /64 to multiple internal interfaces, and @Maurice tested it as well.
It's now generally available in 24.7.8. Have fun with it :)
I have written my own ndp proxy in lang/go which circumvents all of the issues described here.
I use it myself to proxy my /64 to multiple internal interfaces, and @Maurice tested it as well.
It's now generally available in 24.7.8. Have fun with it :)
#29
25.7, 25.10 Series / Re: New skin "flexcolor"
Last post by Schnuffel2008 - Today at 03:55:58 PMHi,
today flexcolor was released.
Franco helped me a lot and find a solution to fix a problem with the browser cache. The theme will change the color now immediatley after editing the /etc/rc.conf to the desired color-scheme and running the command "service flexcolor start" as it is described in the file info.
I want to say that even though the way flexcolor works changed a little bit, you still have the option to change every color of any scheme by changing the values in the default_scheme.css in the different subfolders of the color_schemes folder. And of course you can design your own color scheme starting from any of the three schemes. That's why I provided three different schemes, a light a dark (black) and a mixed dark-light theme along with flexcolor. This makes it easier to find the right starting template for your own personalized theme. But keep in mind that you have to backup your designed default_css for using it after a reinstallation or an upgrade.
today flexcolor was released.
Franco helped me a lot and find a solution to fix a problem with the browser cache. The theme will change the color now immediatley after editing the /etc/rc.conf to the desired color-scheme and running the command "service flexcolor start" as it is described in the file info.
I want to say that even though the way flexcolor works changed a little bit, you still have the option to change every color of any scheme by changing the values in the default_scheme.css in the different subfolders of the color_schemes folder. And of course you can design your own color scheme starting from any of the three schemes. That's why I provided three different schemes, a light a dark (black) and a mixed dark-light theme along with flexcolor. This makes it easier to find the right starting template for your own personalized theme. But keep in mind that you have to backup your designed default_css for using it after a reinstallation or an upgrade.
#30
German - Deutsch / Re: Verstädnisfrage Wireguard ...
Last post by meyergru - Today at 03:12:24 PMEs gibt eine "Abarbeitungsreihenfolge" der Regeln, siehe: https://docs.opnsense.org/manual/firewall.html#processing-order
Die greift noch vor der Reihenfolge innerhalb der dort dargestellten Regeltypen. Somit würde eine "Allow" quick-Regel in den Floating Regeln immer vor jeder eventuellen "Block"-Regel im Interface ziehen, mithin kannst Du in den Interface-Regeln nichts mehr verbieten, was in den Floating-Regeln erlaubt wird. Die Floating-Regel feuert und dann ist der Rest egal. Deswegen beschränke ich Floating-Regeln meist auf eine Interface-Gruppe "LOCAL".
Die greift noch vor der Reihenfolge innerhalb der dort dargestellten Regeltypen. Somit würde eine "Allow" quick-Regel in den Floating Regeln immer vor jeder eventuellen "Block"-Regel im Interface ziehen, mithin kannst Du in den Interface-Regeln nichts mehr verbieten, was in den Floating-Regeln erlaubt wird. Die Floating-Regel feuert und dann ist der Rest egal. Deswegen beschränke ich Floating-Regeln meist auf eine Interface-Gruppe "LOCAL".
