Recent posts

#21
German - Deutsch / Re: Keine Plugins nach Update ...
Last post by meyergru - November 28, 2025, 07:49:22 PM
Oben rechts, Haken bei "community plugins" setzen.
#22
German - Deutsch / Re: Plugin "os-cpu-microcode-a...
Last post by meyergru - November 28, 2025, 07:47:52 PM
Durchaus möglich, die CPU ist ja auch ziemlich alt.
#23
25.7, 25.10 Series / Re: (Solved?) Freeradius - can...
Last post by andymac1 - November 28, 2025, 07:27:27 PM
Just to say I had same issue.  But the default accept let any device connect to the WiFi.  I got some new Christmas lights and they didn't need to be added to freradius.  I reverted to pre-upgrade snapshot and then found this thread.

Andy
#24
German - Deutsch / Re: Verständnisfrage zu Portfo...
Last post by awado - November 28, 2025, 07:17:48 PM
@meyergru: Ja, manchmal ist der Schlauch auf dem man steht auch eine Art Traffic Shaper... Danke. Hab die Schnittstelle für die VM jetzt angelegt, MAC eingetragen, aber keine Änderung.

@JeGr: Versuche es mal so – Beim Hetzner sind es drei IPs (Proxmox, WAN1, WAN2) und deren Firewall, die alles zu WAN1/2 durchlässt. In Proxmox gibt es vmbr0 = OPNsense LAN und vmbr1 = OPNsense WAN, siehe Screenshot. Die OPNsense VM hat drei Netzwerkkarten (LAN, WAN1 mit MAC1, WAN2 mit MAC2). Naja, und eine der anderen VMs ist der Reverse Proxy, der die WAN IP 2 bedienen soll, während die Wordpress VM die WAN IP 1 bedient. Wie würdest Du das sonst lösen?

Inzwischen hab ich mit tcpdump in der Proxmox Shell gesehen, dass die Pings auf die WAN IP 2 ankommen. Aber nur auf enp0s31f6, nicht auf der vmbr1. Somit sieht die OPNsense VM die gar nicht. Der Hund liegt also im Networking von Proxmox. Hier mal meine aktuelle /etc/network/interfaces:

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback
iface lo inet6 loopback

auto enp0s31f6
iface enp0s31f6 inet manual

auto vmbr1
iface vmbr1 inet static
        address x.x.x.91/27
        gateway x.x.x.65
        pointopoint x.x.x.65
        bridge-ports enp0s31f6
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
        post-up echo 1 > /proc/sys/net/ipv6/conf/eth0/forwarding
#OPNsense WAN

auto vmbr0
iface vmbr0 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0
#OPNsense LAN

Zu den IPs: Proxmox = .91, IP1 = .88, IP2= .78, GW = .65

P.S.: Im Screenshot ist noch eine alte Netzmaske drin mit /24.
#25
Dutch - Nederlands / Re: Time settings - DEC750 wil...
Last post by RamSense - November 28, 2025, 07:11:20 PM
Je zou kunnen kijken wat er gebeurt als je (de plugin) Chrony gebruikt - Chrony time synchronisation
#26
German - Deutsch / Re: Plugin "os-cpu-microcode-a...
Last post by ziegler - November 28, 2025, 06:59:58 PM
Ich habe das Plugin installiert und ein reboot gemacht.
Per SSH habe ich mich dann auf die opnsense verbunden.

x86info -a | grep -i microcode
ergab --> /dev/cpuctl0: No such file or directory

nach dem Befehl "kldload cpuctl"
CPU microcode: no matching update found

Das heisst also CPU ist schon so alt das AMD nichts mehr anbietet?

x86info + cpuctl
x86info v1.31pre
Unknown CPU family: 0x16
Unknown CPU family: 0x16
Unknown CPU family: 0x16
Unknown CPU family: 0x16
Found 4 identical CPUs
Extended Family: 7 Extended Model: 3 Family: 15 Model: 48 Stepping: 1
CPU Model (x86info's best guess):
Processor name string (BIOS programmed): AMD GX-412TC SOC                               

Monitor/Mwait: min/max line size 64/64, ecx bit 0 support, enumeration extension
SVM: revision 1, 8 ASIDs, np, lbrVirt, SVMLock, NRIPSave, TscRateMsr, FlushByAsid, DecodeAssists, PauseFilter, PauseFilterThreshold
Address Size: 48 bits virtual, 40 bits physical
The physical package has 4 of 8 possible cores implemented.
 running at an estimated 1.00GHz
#27
German - Deutsch / Keine Plugins nach Update auf ...
Last post by H1N1 - November 28, 2025, 06:59:03 PM
Ich habe gerade OPNsense 25.7 frisch installiert. Ich wollte dann ein Plugin (os-squid) installieren: nach Auswahl des gewünschten Plugins aus der langen Liste bekam ich aber die Fehlermeldung, ich müsse zunächst OPNsense aktualisieren. Habe das gemacht, ist jetzt auf 25.7.8, aber jetzt werden überhaupt keine Plugins mehr angezeigt, die Liste ist leer bis auf den Hinweis "Prüfen Sie auf Aktualisierungen, um die verfügbaren Plugins anzuzeigen". Wenn ich das mache, bekomme ich die Fehlermeldung 'No packages available to install matching 'opnsense'. Ich bin ratlos.
Internet Verbindung funktioniert, auch alles andere funktioniert, repository ist "OPNsense (HTTPS, Amsterdam, NL)"

Hat jemand eine Idee, was das Problem sein könnte? Meine Vermutung ist, dass 25.7.8 so neu ist, dass die Plugins noch nicht dafür freigegeben sind?
#28
German - Deutsch / Frage bzgl. Unmanaged Switches...
Last post by Classic89 - November 28, 2025, 06:44:37 PM
Hallo zusammen,
ich hoffe es ist okay wenn ich hier eine eher Netzwerk-spezifische Frage stelle die nur am Rande mit OPNSense zu tun hat. Und zwar hätte ich eine Frage über die Verwendung von Unmanaged switches in Verbindung mit VLANs.

Kurz zu meinem Ausgangspunkt. Ich habe aktuell hinter meiner OPNSense-Maschine drei Netzwerkbuchsen, eine ist für das WAN, aus einer geht aktuell das LAN (und damit alle VLANs) raus und die dritte ist unbenutzt. An dem LAN hängen über eine Powerlan-Verbindung (leider keine Netzwerkkabel in der Wohnung verlegt und der Internet-Anschluss liegt sehr ungünstig) an zwei Ausgängen jeweils ein Managed Switch der die LAN-Geräte und den WLAN-AP anschließt und den entsprechenden VLANs zuordnet. Das ganze ist gerade mit dem WLAN AP eher ungünstig, da die Powerline-Verbindung die Bandbreite doch schon stark einschränkt und wenn ich auf meinem Desktop PC mal etwas größere Runterlade frisst das die gesamte Bandbreite. Daher möchte ich das jetzt auftrennen, da ich über einen Kabelkanal zumindest einen der beiden Switche direkt per Ethernet-Kabel dran hängen kann. In dem Zuge möchte ich auch noch einen dritten Switch einbauen, der direkt hinter der OPNSense sitzt und an dem dann auch der WLAN AP direkt angeschlossen werden soll. Um sich Stromkabel zu sparen, würde ich hier gerne eine POE-Switch einsetzen, da die verwendeten Switche und der AP jeweils POE-fähig sind.

Nun zu meiner Frage. Ich würde in dem Zuge auch planen, den dritten Ethernet-Port an der OPNSense zu nutzen und die VLANs gewissermaßen auf beide aufteilen. Ich plane aktuell mir einen 6 Port Switch mit 4 POE-Ports zu kaufen. In die beiden nicht POE-Ports würde ich dann die Kabel direkt aus den beiden Ausgängen der OPNSense führen und mit den POE-Ports dann die aktuell vorhandenen Switche und den WLAN AP speisen. Damit könnte ich zumindest die beiden direkt über Ethernet angehängten Geräte ohne Netzkabel betreiben. In diesem Fall müssten die VLANs an alle dahinter liegenden Switche und den AP weitergeleitet werden. Geht dies über einen Unmanaged Switch? Leitet dieser einfach den gesamten getaggten Traffic weiter? Oder ist hierfür ebenfalls ein Managed Switch notwendig, da die VLANs ja von zwei verschiedenen Ports kommen? Ich würde mir gerne den Aufpreis für den Managed POE Switch sparen, wenn er nicht unbedingt erforderlich ist. Oder bringt das Aufteilen der VLANs auf zwei Ethernet-Ports in diesem Setup gar nichts? Dann könnte ich auch weiterhin den gesamten Traffic über einen Port leiten und dann würde in jedem Fall ein Unmanaged Switch reichen.

Vielen Dank schon mal im Voraus!
#29
25.7, 25.10 Series / Re: 25.7.8 upgrade
Last post by TekunoKage - November 28, 2025, 06:41:19 PM
I would like to bring to your attention an issue I encountered during a recent upgrade. Unfortunately, I lost all connection to the firewall before the reboot. This is the first time I've experienced such a situation in my six years of using OPNsense.

***GOT REQUEST TO UPDATE***
Currently running OPNsense 25.7.7_4 (amd64) at Fri Nov 28 12:58:02 AST 2025
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (118 candidates): .......... done
Processing candidates (118 candidates): .... done
The following 42 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
    py311-pyopenssl: 25.3.0_1,1

Installed packages to be UPGRADED:
    brotli: 1.1.0,1 -> 1.2.0,1
    ca_root_nss: 3.117 -> 3.117_2
    curl: 8.16.0 -> 8.17.0
    libiconv: 1.17_1 -> 1.18_1
    liblz4: 1.10.0,1 -> 1.10.0_2,1
    nspr: 4.37 -> 4.38.2
    nss: 3.117 -> 3.118.1
    ntp: 4.2.8p18_4 -> 4.2.8p18_5
    openvpn: 2.6.15 -> 2.6.16
    opnsense: 25.7.7_4 -> 25.7.8
    opnsense-update: 25.7.5_1 -> 25.7.8
    pcre2: 10.46 -> 10.47
    php83: 8.3.27 -> 8.3.28
    php83-ctype: 8.3.27 -> 8.3.28
    php83-curl: 8.3.27 -> 8.3.28
    php83-dom: 8.3.27 -> 8.3.28
    php83-filter: 8.3.27 -> 8.3.28
    php83-gettext: 8.3.27 -> 8.3.28
    php83-ldap: 8.3.27 -> 8.3.28
    php83-mbstring: 8.3.27 -> 8.3.28
    php83-pcntl: 8.3.27 -> 8.3.28
    php83-pdo: 8.3.27 -> 8.3.28
    php83-session: 8.3.27 -> 8.3.28
    php83-simplexml: 8.3.27 -> 8.3.28
    php83-sockets: 8.3.27 -> 8.3.28
    php83-sqlite3: 8.3.27 -> 8.3.28
    php83-xml: 8.3.27 -> 8.3.28
    php83-zlib: 8.3.27 -> 8.3.28
    pkcs11-helper: 1.29.0_3 -> 1.31.0
    py311-aioquic: 1.3.0 -> 1.3.0_1
    py311-cryptography: 44.0.3_4,1 -> 45.0.7_1,1
    py311-dnspython: 2.8.0,1 -> 2.8.0_1,1
    py311-numpy: 1.26.4_7,1 -> 1.26.4_10,1
    py311-trio: 0.31.0 -> 0.32.0
    py311-vici: 5.9.11_1 -> 6.0.3
    qemu-guest-agent: 10.1.2 -> 10.1.2_1
    readline: 8.2.13_2 -> 8.3.1
    sqlite3: 3.50.4,1 -> 3.50.4_2,1
    strongswan: 6.0.3 -> 6.0.3_1
    sudo: 1.9.17p2_1 -> 1.9.17p2_2
    zstd: 1.5.7 -> 1.5.7_1

Number of packages to be installed: 1
Number of packages to be upgraded: 41

The operation will free 1 MiB.
35 MiB to be downloaded.
[1/42] Fetching py311-cryptography-45.0.7_1,1.pkg: .......... done
[2/42] Fetching php83-filter-8.3.28.pkg: . done
[3/42] Fetching opnsense-update-25.7.8.pkg: . done
[4/42] Fetching php83-curl-8.3.28.pkg: . done
[5/42] Fetching py311-numpy-1.26.4_10,1.pkg: .......... done
[6/42] Fetching nss-3.118.1.pkg: .......... done
[7/42] Fetching libiconv-1.18_1.pkg: ......... done
[8/42] Fetching php83-ldap-8.3.28.pkg: ... done
[9/42] Fetching py311-aioquic-1.3.0_1.pkg: ....... done
[10/42] Fetching openvpn-2.6.16.pkg: ......... done
[11/42] Fetching php83-simplexml-8.3.28.pkg: . done
[12/42] Fetching php83-pdo-8.3.28.pkg: .. done
[13/42] Fetching ntp-4.2.8p18_5.pkg: ......... done
[14/42] Fetching php83-sockets-8.3.28.pkg: .. done
[15/42] Fetching php83-pcntl-8.3.28.pkg: . done
[16/42] Fetching ca_root_nss-3.117_2.pkg: .... done
[17/42] Fetching php83-sqlite3-8.3.28.pkg: .. done
[18/42] Fetching py311-vici-6.0.3.pkg: . done
[19/42] Fetching py311-trio-0.32.0.pkg: .......... done
[20/42] Fetching py311-dnspython-2.8.0_1,1.pkg: ....... done
[21/42] Fetching php83-session-8.3.28.pkg: . done
[22/42] Fetching php83-mbstring-8.3.28.pkg: .......... done
[23/42] Fetching php83-gettext-8.3.28.pkg: . done
[24/42] Fetching liblz4-1.10.0_2,1.pkg: ... done
[25/42] Fetching pkcs11-helper-1.31.0.pkg: .... done
[26/42] Fetching php83-zlib-8.3.28.pkg: . done
[27/42] Fetching zstd-1.5.7_1.pkg: ........ done
[28/42] Fetching pcre2-10.47.pkg: .......... done
[29/42] Fetching php83-ctype-8.3.28.pkg: . done
[30/42] Fetching brotli-1.2.0,1.pkg: ....... done
[31/42] Fetching curl-8.17.0.pkg: .......... done
[32/42] Fetching nspr-4.38.2.pkg: ......... done
[33/42] Fetching php83-8.3.28.pkg: .......... done
[34/42] Fetching php83-xml-8.3.28.pkg: . done
[35/42] Fetching php83-dom-8.3.28.pkg: .. done
[36/42] Fetching sqlite3-3.50.4_2,1.pkg: .......... done
[37/42] Fetching opnsense-25.7.8.pkg: .......... done
[38/42] Fetching qemu-guest-agent-10.1.2_1.pkg: ..... done
[39/42] Fetching readline-8.3.1.pkg: ......... done
[40/42] Fetching strongswan-6.0.3_1.pkg: .......... done
[41/42] Fetching sudo-1.9.17p2_2.pkg: ........ done
[42/42] Fetching py311-pyopenssl-25.3.0_1,1.pkg: .. done
Checking integrity... done (1 conflicting)
  - py311-pyopenssl-25.3.0_1,1 conflicts with py311-openssl-25.0.0_1,1 on /usr/local/lib/python3.11/site-packages/OpenSSL/SSL.py
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 43 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
    py311-pyopenssl: 25.3.0_1,1

Installed packages to be UPGRADED:
    brotli: 1.1.0,1 -> 1.2.0,1
    ca_root_nss: 3.117 -> 3.117_2
    curl: 8.16.0 -> 8.17.0
    libiconv: 1.17_1 -> 1.18_1
    liblz4: 1.10.0,1 -> 1.10.0_2,1
    nspr: 4.37 -> 4.38.2
    nss: 3.117 -> 3.118.1
    ntp: 4.2.8p18_4 -> 4.2.8p18_5
    openvpn: 2.6.15 -> 2.6.16
    opnsense: 25.7.7_4 -> 25.7.8
    opnsense-update: 25.7.5_1 -> 25.7.8
    pcre2: 10.46 -> 10.47
    php83: 8.3.27 -> 8.3.28
    php83-ctype: 8.3.27 -> 8.3.28
    php83-curl: 8.3.27 -> 8.3.28
    php83-dom: 8.3.27 -> 8.3.28
    php83-filter: 8.3.27 -> 8.3.28
    php83-gettext: 8.3.27 -> 8.3.28
    php83-ldap: 8.3.27 -> 8.3.28
    php83-mbstring: 8.3.27 -> 8.3.28
    php83-pcntl: 8.3.27 -> 8.3.28
    php83-pdo: 8.3.27 -> 8.3.28
    php83-session: 8.3.27 -> 8.3.28
    php83-simplexml: 8.3.27 -> 8.3.28
    php83-sockets: 8.3.27 -> 8.3.28
    php83-sqlite3: 8.3.27 -> 8.3.28
    php83-xml: 8.3.27 -> 8.3.28
    php83-zlib: 8.3.27 -> 8.3.28
    pkcs11-helper: 1.29.0_3 -> 1.31.0
    py311-aioquic: 1.3.0 -> 1.3.0_1
    py311-cryptography: 44.0.3_4,1 -> 45.0.7_1,1
    py311-dnspython: 2.8.0,1 -> 2.8.0_1,1
    py311-numpy: 1.26.4_7,1 -> 1.26.4_10,1
    py311-trio: 0.31.0 -> 0.32.0
    py311-vici: 5.9.11_1 -> 6.0.3
    qemu-guest-agent: 10.1.2 -> 10.1.2_1
    readline: 8.2.13_2 -> 8.3.1
    sqlite3: 3.50.4,1 -> 3.50.4_2,1
    strongswan: 6.0.3 -> 6.0.3_1
    sudo: 1.9.17p2_1 -> 1.9.17p2_2
    zstd: 1.5.7 -> 1.5.7_1

Installed packages to be REMOVED:
    py311-openssl: 25.0.0_1,1

Number of packages to be removed: 1
Number of packages to be installed: 1
Number of packages to be upgraded: 41

The operation will free 2 MiB.
Checking integrity... done (0 conflicting)
[1/46] Upgrading brotli from 1.1.0,1 to 1.2.0,1...
[1/46] Extracting brotli-1.2.0,1: .......... done
[2/46] Upgrading libiconv from 1.17_1 to 1.18_1...
[2/46] Extracting libiconv-1.18_1: .......... done
[3/46] Upgrading nspr from 4.37 to 4.38.2...
[3/46] Extracting nspr-4.38.2: .......... done
[4/46] Upgrading pcre2 from 10.46 to 10.47...
[4/46] Extracting pcre2-10.47: .......... done
[5/46] Upgrading php83 from 8.3.27 to 8.3.28...
[5/46] Extracting php83-8.3.28: .......... done
[6/46] Upgrading php83-mbstring from 8.3.27 to 8.3.28...
[6/46] Extracting php83-mbstring-8.3.28: .......... done
[7/46] Upgrading pkcs11-helper from 1.29.0_3 to 1.31.0...
[7/46] Extracting pkcs11-helper-1.31.0: .......... done
[8/46] Upgrading qemu-guest-agent from 10.1.2 to 10.1.2_1...
[8/46] Extracting qemu-guest-agent-10.1.2_1: .......... done
[9/46] Upgrading readline from 8.2.13_2 to 8.3.1...
[9/46] Extracting readline-8.3.1: .......... done
[10/46] Upgrading sqlite3 from 3.50.4,1 to 3.50.4_2,1...
[10/46] Extracting sqlite3-3.50.4_2,1: .......... done
[11/46] Upgrading nss from 3.117 to 3.118.1...
[11/46] Extracting nss-3.118.1: .......... done
[12/46] Upgrading zstd from 1.5.7 to 1.5.7_1...
[12/46] Extracting zstd-1.5.7_1: .......... done
[13/46] Upgrading curl from 8.16.0 to 8.17.0...
[13/46] Extracting curl-8.17.0: .......... done
[14/46] Upgrading liblz4 from 1.10.0,1 to 1.10.0_2,1...
[14/46] Extracting liblz4-1.10.0_2,1: .......... done
[15/46] Deinstalling opnsense-25.7.7_4...

As can be seen, the moment I lost connection to the firewall was when "Deinstalling opnsense-25.7.7_4" was running.

These are the prompts when trying to access by console:

FreeBSD/amd64 (ACME-OPNsense-01.example.net) (ttyu0)

login: root
Password:
sh: /usr/local/libexec/opnsense-auth: not found
Login incorrect
login: root
Password:
sh: /usr/local/libexec/opnsense-auth: not found
Login incorrect
login:

After about 25 minutes, the interface came back online normally. It was just a brief moment of uncertainty, during which I was able to continue watching the upgrade process until it rebooted as expected. Below is a capture when it came back. I was unable to retrieve the last messages because the reboot prevented me from copying the output to the clipboard.

***GOT REQUEST TO UPDATE***
Currently running OPNsense 25.7.7_4 (amd64) at Fri Nov 28 12:58:02 AST 2025
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (118 candidates): .......... done
Processing candidates (118 candidates): .... done
The following 42 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
    py311-pyopenssl: 25.3.0_1,1

Installed packages to be UPGRADED:
    brotli: 1.1.0,1 -> 1.2.0,1
    ca_root_nss: 3.117 -> 3.117_2
    curl: 8.16.0 -> 8.17.0
    libiconv: 1.17_1 -> 1.18_1
    liblz4: 1.10.0,1 -> 1.10.0_2,1
    nspr: 4.37 -> 4.38.2
    nss: 3.117 -> 3.118.1
    ntp: 4.2.8p18_4 -> 4.2.8p18_5
    openvpn: 2.6.15 -> 2.6.16
    opnsense: 25.7.7_4 -> 25.7.8
    opnsense-update: 25.7.5_1 -> 25.7.8
    pcre2: 10.46 -> 10.47
    php83: 8.3.27 -> 8.3.28
    php83-ctype: 8.3.27 -> 8.3.28
    php83-curl: 8.3.27 -> 8.3.28
    php83-dom: 8.3.27 -> 8.3.28
    php83-filter: 8.3.27 -> 8.3.28
    php83-gettext: 8.3.27 -> 8.3.28
    php83-ldap: 8.3.27 -> 8.3.28
    php83-mbstring: 8.3.27 -> 8.3.28
    php83-pcntl: 8.3.27 -> 8.3.28
    php83-pdo: 8.3.27 -> 8.3.28
    php83-session: 8.3.27 -> 8.3.28
    php83-simplexml: 8.3.27 -> 8.3.28
    php83-sockets: 8.3.27 -> 8.3.28
    php83-sqlite3: 8.3.27 -> 8.3.28
    php83-xml: 8.3.27 -> 8.3.28
    php83-zlib: 8.3.27 -> 8.3.28
    pkcs11-helper: 1.29.0_3 -> 1.31.0
    py311-aioquic: 1.3.0 -> 1.3.0_1
    py311-cryptography: 44.0.3_4,1 -> 45.0.7_1,1
    py311-dnspython: 2.8.0,1 -> 2.8.0_1,1
    py311-numpy: 1.26.4_7,1 -> 1.26.4_10,1
    py311-trio: 0.31.0 -> 0.32.0
    py311-vici: 5.9.11_1 -> 6.0.3
    qemu-guest-agent: 10.1.2 -> 10.1.2_1
    readline: 8.2.13_2 -> 8.3.1
    sqlite3: 3.50.4,1 -> 3.50.4_2,1
    strongswan: 6.0.3 -> 6.0.3_1
    sudo: 1.9.17p2_1 -> 1.9.17p2_2
    zstd: 1.5.7 -> 1.5.7_1

Number of packages to be installed: 1
Number of packages to be upgraded: 41

The operation will free 1 MiB.
35 MiB to be downloaded.
[1/42] Fetching py311-cryptography-45.0.7_1,1.pkg: .......... done
[2/42] Fetching php83-filter-8.3.28.pkg: . done
[3/42] Fetching opnsense-update-25.7.8.pkg: . done
[4/42] Fetching php83-curl-8.3.28.pkg: . done
[5/42] Fetching py311-numpy-1.26.4_10,1.pkg: .......... done
[6/42] Fetching nss-3.118.1.pkg: .......... done
[7/42] Fetching libiconv-1.18_1.pkg: ......... done
[8/42] Fetching php83-ldap-8.3.28.pkg: ... done
[9/42] Fetching py311-aioquic-1.3.0_1.pkg: ....... done
[10/42] Fetching openvpn-2.6.16.pkg: ......... done
[11/42] Fetching php83-simplexml-8.3.28.pkg: . done
[12/42] Fetching php83-pdo-8.3.28.pkg: .. done
[13/42] Fetching ntp-4.2.8p18_5.pkg: ......... done
[14/42] Fetching php83-sockets-8.3.28.pkg: .. done
[15/42] Fetching php83-pcntl-8.3.28.pkg: . done
[16/42] Fetching ca_root_nss-3.117_2.pkg: .... done
[17/42] Fetching php83-sqlite3-8.3.28.pkg: .. done
[18/42] Fetching py311-vici-6.0.3.pkg: . done
[19/42] Fetching py311-trio-0.32.0.pkg: .......... done
[20/42] Fetching py311-dnspython-2.8.0_1,1.pkg: ....... done
[21/42] Fetching php83-session-8.3.28.pkg: . done
[22/42] Fetching php83-mbstring-8.3.28.pkg: .......... done
[23/42] Fetching php83-gettext-8.3.28.pkg: . done
[24/42] Fetching liblz4-1.10.0_2,1.pkg: ... done
[25/42] Fetching pkcs11-helper-1.31.0.pkg: .... done
[26/42] Fetching php83-zlib-8.3.28.pkg: . done
[27/42] Fetching zstd-1.5.7_1.pkg: ........ done
[28/42] Fetching pcre2-10.47.pkg: .......... done
[29/42] Fetching php83-ctype-8.3.28.pkg: . done
[30/42] Fetching brotli-1.2.0,1.pkg: ....... done
[31/42] Fetching curl-8.17.0.pkg: .......... done
[32/42] Fetching nspr-4.38.2.pkg: ......... done
[33/42] Fetching php83-8.3.28.pkg: .......... done
[34/42] Fetching php83-xml-8.3.28.pkg: . done
[35/42] Fetching php83-dom-8.3.28.pkg: .. done
[36/42] Fetching sqlite3-3.50.4_2,1.pkg: .......... done
[37/42] Fetching opnsense-25.7.8.pkg: .......... done
[38/42] Fetching qemu-guest-agent-10.1.2_1.pkg: ..... done
[39/42] Fetching readline-8.3.1.pkg: ......... done
[40/42] Fetching strongswan-6.0.3_1.pkg: .......... done
[41/42] Fetching sudo-1.9.17p2_2.pkg: ........ done
[42/42] Fetching py311-pyopenssl-25.3.0_1,1.pkg: .. done
Checking integrity... done (1 conflicting)
  - py311-pyopenssl-25.3.0_1,1 conflicts with py311-openssl-25.0.0_1,1 on /usr/local/lib/python3.11/site-packages/OpenSSL/SSL.py
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 43 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
    py311-pyopenssl: 25.3.0_1,1

Installed packages to be UPGRADED:
    brotli: 1.1.0,1 -> 1.2.0,1
    ca_root_nss: 3.117 -> 3.117_2
    curl: 8.16.0 -> 8.17.0
    libiconv: 1.17_1 -> 1.18_1
    liblz4: 1.10.0,1 -> 1.10.0_2,1
    nspr: 4.37 -> 4.38.2
    nss: 3.117 -> 3.118.1
    ntp: 4.2.8p18_4 -> 4.2.8p18_5
    openvpn: 2.6.15 -> 2.6.16
    opnsense: 25.7.7_4 -> 25.7.8
    opnsense-update: 25.7.5_1 -> 25.7.8
    pcre2: 10.46 -> 10.47
    php83: 8.3.27 -> 8.3.28
    php83-ctype: 8.3.27 -> 8.3.28
    php83-curl: 8.3.27 -> 8.3.28
    php83-dom: 8.3.27 -> 8.3.28
    php83-filter: 8.3.27 -> 8.3.28
    php83-gettext: 8.3.27 -> 8.3.28
    php83-ldap: 8.3.27 -> 8.3.28
    php83-mbstring: 8.3.27 -> 8.3.28
    php83-pcntl: 8.3.27 -> 8.3.28
    php83-pdo: 8.3.27 -> 8.3.28
    php83-session: 8.3.27 -> 8.3.28
    php83-simplexml: 8.3.27 -> 8.3.28
    php83-sockets: 8.3.27 -> 8.3.28
    php83-sqlite3: 8.3.27 -> 8.3.28
    php83-xml: 8.3.27 -> 8.3.28
    php83-zlib: 8.3.27 -> 8.3.28
    pkcs11-helper: 1.29.0_3 -> 1.31.0
    py311-aioquic: 1.3.0 -> 1.3.0_1
    py311-cryptography: 44.0.3_4,1 -> 45.0.7_1,1
    py311-dnspython: 2.8.0,1 -> 2.8.0_1,1
    py311-numpy: 1.26.4_7,1 -> 1.26.4_10,1
    py311-trio: 0.31.0 -> 0.32.0
    py311-vici: 5.9.11_1 -> 6.0.3
    qemu-guest-agent: 10.1.2 -> 10.1.2_1
    readline: 8.2.13_2 -> 8.3.1
    sqlite3: 3.50.4,1 -> 3.50.4_2,1
    strongswan: 6.0.3 -> 6.0.3_1
    sudo: 1.9.17p2_1 -> 1.9.17p2_2
    zstd: 1.5.7 -> 1.5.7_1

Installed packages to be REMOVED:
    py311-openssl: 25.0.0_1,1

Number of packages to be removed: 1
Number of packages to be installed: 1
Number of packages to be upgraded: 41

The operation will free 2 MiB.
Checking integrity... done (0 conflicting)
[1/46] Upgrading brotli from 1.1.0,1 to 1.2.0,1...
[1/46] Extracting brotli-1.2.0,1: .......... done
[2/46] Upgrading libiconv from 1.17_1 to 1.18_1...
[2/46] Extracting libiconv-1.18_1: .......... done
[3/46] Upgrading nspr from 4.37 to 4.38.2...
[3/46] Extracting nspr-4.38.2: .......... done
[4/46] Upgrading pcre2 from 10.46 to 10.47...
[4/46] Extracting pcre2-10.47: .......... done
[5/46] Upgrading php83 from 8.3.27 to 8.3.28...
[5/46] Extracting php83-8.3.28: .......... done
[6/46] Upgrading php83-mbstring from 8.3.27 to 8.3.28...
[6/46] Extracting php83-mbstring-8.3.28: .......... done
[7/46] Upgrading pkcs11-helper from 1.29.0_3 to 1.31.0...
[7/46] Extracting pkcs11-helper-1.31.0: .......... done
[8/46] Upgrading qemu-guest-agent from 10.1.2 to 10.1.2_1...
[8/46] Extracting qemu-guest-agent-10.1.2_1: .......... done
[9/46] Upgrading readline from 8.2.13_2 to 8.3.1...
[9/46] Extracting readline-8.3.1: .......... done
[10/46] Upgrading sqlite3 from 3.50.4,1 to 3.50.4_2,1...
[10/46] Extracting sqlite3-3.50.4_2,1: .......... done
[11/46] Upgrading nss from 3.117 to 3.118.1...
[11/46] Extracting nss-3.118.1: .......... done
[12/46] Upgrading zstd from 1.5.7 to 1.5.7_1...
[12/46] Extracting zstd-1.5.7_1: .......... done
[13/46] Upgrading curl from 8.16.0 to 8.17.0...
[13/46] Extracting curl-8.17.0: .......... done
[14/46] Upgrading liblz4 from 1.10.0,1 to 1.10.0_2,1...
[14/46] Extracting liblz4-1.10.0_2,1: .......... done
[15/46] Deinstalling opnsense-25.7.7_4...
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
[15/46] Deleting files for opnsense-25.7.7_4: .......... done
[16/46] Upgrading ca_root_nss from 3.117 to 3.117_2...
[16/46] Extracting ca_root_nss-3.117_2: ..... done
[17/46] Upgrading ntp from 4.2.8p18_4 to 4.2.8p18_5...
[17/46] Extracting ntp-4.2.8p18_5: .......... done
[18/46] Upgrading openvpn from 2.6.15 to 2.6.16...
===> Creating groups
Using existing group 'openvpn'
===> Creating users
Using existing user 'openvpn'
[18/46] Extracting openvpn-2.6.16: .......... done
[19/46] Upgrading opnsense-update from 25.7.5_1 to 25.7.8...
[19/46] Extracting opnsense-update-25.7.8: .......... done
[20/46] Upgrading php83-ctype from 8.3.27 to 8.3.28...
[20/46] Extracting php83-ctype-8.3.28: ........ done
[21/46] Upgrading php83-curl from 8.3.27 to 8.3.28...
[21/46] Extracting php83-curl-8.3.28: .......... done
[22/46] Upgrading php83-dom from 8.3.27 to 8.3.28...
[22/46] Extracting php83-dom-8.3.28: .......... done
[23/46] Upgrading php83-filter from 8.3.27 to 8.3.28...
[23/46] Extracting php83-filter-8.3.28: ......... done
[24/46] Upgrading php83-gettext from 8.3.27 to 8.3.28...
[24/46] Extracting php83-gettext-8.3.28: ........ done
[25/46] Upgrading php83-ldap from 8.3.27 to 8.3.28...
[25/46] Extracting php83-ldap-8.3.28: ........ done
[26/46] Upgrading php83-pcntl from 8.3.27 to 8.3.28...
[26/46] Extracting php83-pcntl-8.3.28: ......... done
[27/46] Upgrading php83-pdo from 8.3.27 to 8.3.28...
[27/46] Extracting php83-pdo-8.3.28: .......... done
[28/46] Upgrading php83-session from 8.3.27 to 8.3.28...
[28/46] Extracting php83-session-8.3.28: .......... done
[29/46] Upgrading php83-simplexml from 8.3.27 to 8.3.28...
[29/46] Extracting php83-simplexml-8.3.28: ......... done
[30/46] Upgrading php83-sockets from 8.3.27 to 8.3.28...
[30/46] Extracting php83-sockets-8.3.28: .......... done
[31/46] Upgrading php83-sqlite3 from 8.3.27 to 8.3.28...
[31/46] Extracting php83-sqlite3-8.3.28: ......... done
[32/46] Upgrading php83-xml from 8.3.27 to 8.3.28...
[32/46] Extracting php83-xml-8.3.28: ......... done
[33/46] Upgrading php83-zlib from 8.3.27 to 8.3.28...
[33/46] Extracting php83-zlib-8.3.28: ........ done
[34/46] Upgrading py311-numpy from 1.26.4_7,1 to 1.26.4_10,1...
[34/46] Extracting py311-numpy-1.26.4_10,1: .......... done
[35/46] Upgrading py311-vici from 5.9.11_1 to 6.0.3...
[35/46] Extracting py311-vici-6.0.3: .......... done
[36/46] Upgrading strongswan from 6.0.3 to 6.0.3_1...
[36/46] Extracting strongswan-6.0.3_1: .......... done
[37/46] Upgrading sudo from 1.9.17p2_1 to 1.9.17p2_2...
[37/46] Extracting sudo-1.9.17p2_2: .......... done
[38/46] Deinstalling py311-dnspython-2.8.0,1...
[38/46] Deleting files for py311-dnspython-2.8.0,1: .......... done
[39/46] Upgrading py311-trio from 0.31.0 to 0.32.0...
[39/46] Extracting py311-trio-0.32.0: .......... done
[40/46] Deinstalling py311-aioquic-1.3.0...
[40/46] Deleting files for py311-aioquic-1.3.0: .......... done
[41/46] Deinstalling py311-openssl-25.0.0_1,1...
[41/46] Deleting files for py311-openssl-25.0.0_1,1: .......... done
[42/46] Upgrading py311-cryptography from 44.0.3_4,1 to 45.0.7_1,1...
[42/46] Extracting py311-cryptography-45.0.7_1,1: .......... done
[43/46] Installing py311-pyopenssl-25.3.0_1,1...
[43/46] Extracting py311-pyopenssl-25.3.0_1,1: .......... done
[44/46] Installing py311-aioquic-1.3.0_1...
[44/46] Extracting py311-aioquic-1.3.0_1: .......... done
[45/46] Installing py311-dnspython-2.8.0_1,1...
[45/46] Extracting py311-dnspython-2.8.0_1,1: .......... done
[46/46] Installing opnsense-25.7.8...
[46/46] Extracting opnsense-25.7.8: .......... done
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh.sh'
Migrated OPNsense\Unbound\Unbound from 1.0.12 to 1.0.13
Flushing all caches...done.
Writing firmware settings: FreeBSD OPNsense
Writing trust files...done.
Scanning /usr/share/certs/untrusted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
certctl: No changes to trust store were made.
Writing trust bundles...done.
Configuring login behaviour...done.
Configuring cron...done.
Configuring system logging...done.
You may need to manually remove /usr/local/etc/ssl/cert.pem if it is no longer needed.
=====
Message from openvpn-2.6.16:

--
Note that OpenVPN now configures a separate user and group "openvpn",
which should be used instead of the NFS user "nobody"
when an unprivileged user account is desired.

It is advisable to review existing configuration files and
to consider adding/changing user openvpn and group openvpn.
=====
Message from strongswan-6.0.3_1:

--
The default strongSwan configuration interface have been updated to vici.
To use the stroke interface by default either compile the port without the vici option or
set 'strongswan_interface="stroke"' in your rc.conf file.
=====
Message from opnsense-25.7.8:

--
Some will win, some will lose, some are born to sing the blues
Checking integrity... done (0 conflicting)
Nothing to do.
Checking all packages: .......... done
The following package files will be deleted:
    /var/cache/pkg/py311-cryptography-45.0.7_1,1~c815f3235b.pkg
    /var/cache/pkg/php83-filter-8.3.28~4a8f33be7d.pkg
    /var/cache/pkg/py311-cryptography-45.0.7_1,1.pkg
    /var/cache/pkg/opnsense-update-25.7.8.pkg
    /var/cache/pkg/php83-filter-8.3.28.pkg
    /var/cache/pkg/opnsense-update-25.7.8~fee3f6a970.pkg
    /var/cache/pkg/php83-curl-8.3.28~6accc1b1ac.pkg
    /var/cache/pkg/py311-numpy-1.26.4_10,1.pkg
    /var/cache/pkg/php83-curl-8.3.28.pkg
    /var/cache/pkg/py311-numpy-1.26.4_10,1~448cb68ef2.pkg
    /var/cache/pkg/nss-3.118.1~5ad385b9f3.pkg
    /var/cache/pkg/libiconv-1.18_1.pkg
    /var/cache/pkg/nss-3.118.1.pkg
    /var/cache/pkg/libiconv-1.18_1~f25bb554f1.pkg
    /var/cache/pkg/php83-ldap-8.3.28~8c8d10b5e9.pkg
    /var/cache/pkg/py311-aioquic-1.3.0_1.pkg
    /var/cache/pkg/php83-ldap-8.3.28.pkg
    /var/cache/pkg/py311-aioquic-1.3.0_1~254dacaf7b.pkg
    /var/cache/pkg/openvpn-2.6.16~4f8aacf57c.pkg
    /var/cache/pkg/php83-pdo-8.3.28.pkg
    /var/cache/pkg/openvpn-2.6.16.pkg
    /var/cache/pkg/php83-simplexml-8.3.28~270147682b.pkg
    /var/cache/pkg/php83-pdo-8.3.28~af0a7d61fb.pkg
    /var/cache/pkg/php83-simplexml-8.3.28.pkg
    /var/cache/pkg/ntp-4.2.8p18_5~53ce7b3a74.pkg
    /var/cache/pkg/pcre2-10.47.pkg
    /var/cache/pkg/php83-pcntl-8.3.28.pkg
    /var/cache/pkg/ntp-4.2.8p18_5.pkg
    /var/cache/pkg/php83-sockets-8.3.28~be778264e4.pkg
    /var/cache/pkg/py311-vici-6.0.3~b2271437be.pkg
    /var/cache/pkg/php83-sockets-8.3.28.pkg
    /var/cache/pkg/php83-pcntl-8.3.28~93eff41d3d.pkg
    /var/cache/pkg/ca_root_nss-3.117_2~f94361d547.pkg
    /var/cache/pkg/ca_root_nss-3.117_2.pkg
    /var/cache/pkg/php83-sqlite3-8.3.28~a9398ff640.pkg
    /var/cache/pkg/php83-sqlite3-8.3.28.pkg
    /var/cache/pkg/php83-session-8.3.28.pkg
    /var/cache/pkg/py311-vici-6.0.3.pkg
    /var/cache/pkg/py311-trio-0.32.0~379cd91a24.pkg
    /var/cache/pkg/py311-trio-0.32.0.pkg
    /var/cache/pkg/py311-dnspython-2.8.0_1,1~e877f271aa.pkg
    /var/cache/pkg/php83-session-8.3.28~a99ce5be66.pkg
    /var/cache/pkg/py311-dnspython-2.8.0_1,1.pkg
    /var/cache/pkg/php83-mbstring-8.3.28~aea088c9f8.pkg
    /var/cache/pkg/php83-mbstring-8.3.28.pkg
    /var/cache/pkg/php83-gettext-8.3.28~f630bfacb2.pkg
    /var/cache/pkg/php83-gettext-8.3.28.pkg
    /var/cache/pkg/liblz4-1.10.0_2,1~665677c9bb.pkg
    /var/cache/pkg/liblz4-1.10.0_2,1.pkg
    /var/cache/pkg/pkcs11-helper-1.31.0~e98973b0f9.pkg
    /var/cache/pkg/php83-zlib-8.3.28~0ace26b122.pkg
    /var/cache/pkg/pkcs11-helper-1.31.0.pkg
    /var/cache/pkg/zstd-1.5.7_1~788f890814.pkg
    /var/cache/pkg/php83-zlib-8.3.28.pkg
    /var/cache/pkg/zstd-1.5.7_1.pkg
    /var/cache/pkg/pcre2-10.47~81f85770cc.pkg
    /var/cache/pkg/php83-ctype-8.3.28~b4ea07e69e.pkg
    /var/cache/pkg/php83-ctype-8.3.28.pkg
    /var/cache/pkg/brotli-1.2.0,1~6e6393bc03.pkg
    /var/cache/pkg/brotli-1.2.0,1.pkg
    /var/cache/pkg/curl-8.17.0~0363fce9c2.pkg
    /var/cache/pkg/curl-8.17.0.pkg
    /var/cache/pkg/nspr-4.38.2~38753a629c.pkg
    /var/cache/pkg/nspr-4.38.2.pkg
    /var/cache/pkg/php83-8.3.28~9dc92cfc41.pkg
    /var/cache/pkg/php83-xml-8.3.28~c5ef2658e7.pkg
    /var/cache/pkg/php83-8.3.28.pkg
    /var/cache/pkg/php83-xml-8.3.28.pkg
    /var/cache/pkg/php83-dom-8.3.28~847af91472.pkg
    /var/cache/pkg/php83-dom-8.3.28.pkg
    /var/cache/pkg/sqlite3-3.50.4_2,1~3c97aae41e.pkg
    /var/cache/pkg/sqlite3-3.50.4_2,1.pkg
    /var/cache/pkg/opnsense-25.7.8~c4e566826f.pkg
    /var/cache/pkg/opnsense-25.7.8.pkg
    /var/cache/pkg/qemu-guest-agent-10.1.2_1~b37217a222.pkg
    /var/cache/pkg/readline-8.3.1~f2b679163f.pkg
    /var/cache/pkg/qemu-guest-agent-10.1.2_1.pkg
    /var/cache/pkg/readline-8.3.1.pkg
    /var/cache/pkg/strongswan-6.0.3_1~51975838ce.pkg
    /var/cache/pkg/strongswan-6.0.3_1.pkg
    /var/cache/pkg/sudo-1.9.17p2_2~c026b03dc3.pkg
    /var/cache/pkg/sudo-1.9.17p2_2.pkg
    /var/cache/pkg/py311-pyopenssl-25.3.0_1,1~d4e6f43fa1.pkg
    /var/cache/pkg/py311-pyopenssl-25.3.0_1,1.pkg
The cleanup will free 35 MiB
Deleting files: .......... done
Nothing to do.
Starting web GUI...done.
Fetching base-25.7.8-amd64.txz: .............................. done
Fetching kernel-25.7.8-amd64.txz: ........ done
!!!!!!!!!!!! ATTENTION !!!!!!!!!!!!!!!
! A critical upgrade is in progress. !
! Please do not turn off the system. !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Installing kernel-25.7.8-amd64.txz... done
Installing base-25.7.8-amd64.txz...

I just wanted to share some thoughts regarding a specific behavior I've noticed. I believe it's important for anyone planning a maintenance window to be aware of this. It's not meant as criticism—on the contrary, I truly appreciate the great work the OPNsense team is doing!

If it's deemed appropriate, I encourage the team to evaluate this behavior for potential improvements. It could further enhance the already fantastic software we've come to rely on. Thank you for all your hard work, OPNsense team!
#30
Dutch - Nederlands / Re: opnsense ha en kea-dhcp ha...
Last post by @Nospam - November 28, 2025, 06:18:05 PM
Quote from: ckruijntjens on May 22, 2025, 11:25:04 PMGoedemiddag,

Ik heb 2 firewalls waar ha perfect werkt. Echter nu wil ik de kea-dhcp server ook ha maken. ik heb alles ingesteld volgens de documentatie, Maar als ik in kea-dhcp de control agent wil starten stop en kea-dhcp server ermee en de control agent start niet.

Heeft iemand enige ervaring hiermee? en eventueel de oplossing?


Mooi artikel over juist dit onderwerp.  een op een migratie mogelijk.

https://4sysops.com/archives/running-a-dhcp-server-on-opnsense-with-kea/

Zelf zoek ik nog een DNS oplossing voor mijn AD/windows omgeving met Opnsense.