"Recent posts
#21
26.1 Series / Re: 26.1 is out!!!
Last post by OPNenthu - Today at 05:42:54 PMQuote from: nero355 on Today at 03:02:46 PMQuote from: OPNenthu on Today at 10:45:40 AMI can't :(Are you sure : https://man.archlinux.org/man/nmcli.1.en ?!
Ever since I made manual changes to my network layout in NetworkManager, IF up/down commands doesn't have any effect on the bridges.
The only thing that works to clear the network stack is to reboot.
And if you are running any Desktop Environment on that 'Desktop Client' you should be able to do it with a single click :)
If both things don't work it's time to submit a bug to the NetworkManager developers IMHO...QuoteJust FF tabs open at that point.Then there is a chance that Firefox was holding onto the IP stack so to speak and preventing it to recover properly.
At least that's my experience with both the Linux and Windows version.
I'll play around some more with the nmcli commands when I get a moment but as for reporting bugs upstream... sigh. This is the downside of Linux and why I wish FreeBSD was on par as a desktop OS. Linux is made up of thousands of independent packages and as a user I would need to open accounts and track bugs all over the damn place. That's not likely to happen if I'm honest.
As a developer of a package or a kernel contributor it's perfectly fine, but as an end user of a distribution it's kind of maddening at times. On the plus side, I've found very little that doesn't work on my particular hardware.
At least OPNsense is easy to contribute / report to. :)
----
UPDATE: to close the loop, I was able to bring the bridge interface down with 'nmcli conn down br0', but the inverse 'nmcli conn up br0' returned success and never actually brought it up. I followed up with 'nmcli device up br0' and this timed out (failed). I then used the GUI toggle switch for the parent interface (which was already up in 'ip a' but showed as down in the GUI) and it brought it back up. However the same toggle switch does not bring the br0 interface down :P
So it's quite an inconsistent mess. Probably either a Mint / Ubuntu bug, or my configuration is just too complex or I set it up incorrectly.
#22
26.1 Series / Re: 26.1_4: Siproxd 1.1.0 not ...
Last post by Monviech (Cedrik) - Today at 05:42:14 PMIn my maintained plugins I use this code fu to avoid that migration issue:
https://github.com/opnsense/plugins/blob/4773ff712e97ee30bb49731c5f564ca6866a45ca/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.php#L40
Best open an issue in plugins for the sipproxy maintainer
https://github.com/opnsense/plugins/blob/4773ff712e97ee30bb49731c5f564ca6866a45ca/net/ndp-proxy-go/src/opnsense/mvc/app/models/OPNsense/NdpProxy/NdpProxy.php#L40
Best open an issue in plugins for the sipproxy maintainer
#23
26.1 Series / Re: Old rules deprecation
Last post by julsssark - Today at 05:41:53 PMCould rule # be displayed in the statics column (or its own column or within the details dialog)? It would make downstream log management more convenient. Today, you need to trigger a rule and catch it in live view, or do some text file manipulation. If it's a feasible request, I can open an issue and help test.
#24
26.1 Series / Re: 26.1_4: Siproxd 1.1.0 not ...
Last post by Monviech (Cedrik) - Today at 05:37:41 PMMost likely this, required interface but no default:
https://github.com/opnsense/plugins/blob/4773ff712e97ee30bb49731c5f564ca6866a45ca/net/siproxd/src/opnsense/mvc/app/models/OPNsense/Siproxd/General.xml#L10
https://github.com/opnsense/plugins/blob/4773ff712e97ee30bb49731c5f564ca6866a45ca/net/siproxd/src/opnsense/mvc/app/models/OPNsense/Siproxd/General.xml#L10
#25
26.1 Series / Re: Identity Association IPv6 ...
Last post by tgurr - Today at 05:35:01 PMQuote from: franco on Today at 05:11:01 PMSimple. The ability to forward DHCPv6 PD to downstream routers from OPNsense is only in ISC-DHCP and Kea. In Kea there is no integration for dynamic prefixes. Dnsmasq does not support it at all.
Thanks for the explanation, I was happy that I got things working in the first place so my networking knowledge sadly really doesn't go very deep, especially for IPv6 so two follow up questions:
1. Will the option "Track interface (legacy)" stay and is the (legacy) just meant to tell that's the "old" way, or is this expected to disappear some time in the future?
2. I was under the assumption that GigaNetz and/or most ISP use dynamic prefixes? Or am I wrong here and basically "The ability to forward DHCPv6 PD to downstream routers from OPNsense is only in ISC-DHCP and Kea" is enough here.
My WAN looks like:
and for HOME/GUEST:
So nothing that fancy I guess, it's working great like that with these settings and Dnsmasq, I just don't want to end up hitting a wall with a future update. So any advice on what and how to change is very welcome.
#26
26.1 Series / 26.1_4: Siproxd 1.1.0 not poss...
Last post by notspam - Today at 05:27:38 PMHow can I solve the sipproxd message I get with 26.1 to 26.1_4 update?
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh.sh'
*** OPNsense\Siproxd\General migration failed from 0.0.0 to 1.1.0, check log for details
Flushing all caches...done.
Writing firmware settings: FreeBSD OPNsense SunnyValley
-----------------------------
full update log
‐-----------------------------
***GOT REQUEST TO UPDATE***
Currently running OPNsense 26.1 (amd64) at Fri Jan 30 16:22:45 UTC 2026
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
Fetching meta.conf: . done
SunnyValley repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
Fetching meta.conf: . done
SunnyValley repository is up to date.
All repositories are up to date.
Checking for upgrades (5 candidates): ..... done
Processing candidates (5 candidates): .... done
The following 3 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
hostwatch: 1.0.9 -> 1.0.11 [OPNsense]
opnsense: 26.1 -> 26.1_4 [OPNsense]
os-git-backup: 1.1_2 -> 1.1_3 [OPNsense]
Number of packages to be upgraded: 3
7 MiB to be downloaded.
[1/3] Fetching hostwatch-1.0.11.pkg: .......... done
[2/3] Fetching os-git-backup-1.1_3.pkg: . done
[3/3] Fetching opnsense-26.1_4.pkg: .......... done
Checking integrity... done (0 conflicting)
[1/3] Upgrading hostwatch from 1.0.9 to 1.0.11...
===> Creating groups
Using existing group 'hostd'
===> Creating users
Using existing user 'hostd'
[1/3] Extracting hostwatch-1.0.11: ..... done
[2/3] Upgrading opnsense from 26.1 to 26.1_4...
[2/3] Extracting opnsense-26.1_4: .......... done
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh.sh'
*** OPNsense\Siproxd\General migration failed from 0.0.0 to 1.1.0, check log for details
Flushing all caches...done.
Writing firmware settings: FreeBSD OPNsense SunnyValley
Writing trust files...done.
Scanning /usr/share/certs/untrusted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
certctl: No changes to trust store were made.
Writing trust bundles...done.
Configuring login behaviour...done.
Configuring cron...done.
Configuring system logging...done.
[3/3] Upgrading os-git-backup from 1.1_2 to 1.1_3...
[3/3] Extracting os-git-backup-1.1_3: ..... done
Reloading plugin configuration
Flushing all caches...done.
Configuring system logging...done.
=====
Message from opnsense-26.1_4:
--
One step ahead, one step behind it, now you gotta run to get even
Checking integrity... done (0 conflicting)
Nothing to do.
Checking all packages: .......... done
The following package files will be deleted:
/var/cache/pkg/os-git-backup-1.1_3.pkg
/var/cache/pkg/os-git-backup-1.1_3~f195faf38f.pkg
/var/cache/pkg/opnsense-26.1_4~37c8c2b668.pkg
/var/cache/pkg/hostwatch-1.0.11.pkg
/var/cache/pkg/opnsense-26.1_4.pkg
/var/cache/pkg/hostwatch-1.0.11~c2a36a32e4.pkg
The cleanup will free 7 MiB
Deleting files: ...... done
Nothing to do.
Starting web GUI...done.
***DONE***
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh.sh'
*** OPNsense\Siproxd\General migration failed from 0.0.0 to 1.1.0, check log for details
Flushing all caches...done.
Writing firmware settings: FreeBSD OPNsense SunnyValley
-----------------------------
full update log
‐-----------------------------
***GOT REQUEST TO UPDATE***
Currently running OPNsense 26.1 (amd64) at Fri Jan 30 16:22:45 UTC 2026
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
Fetching meta.conf: . done
SunnyValley repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
Fetching meta.conf: . done
SunnyValley repository is up to date.
All repositories are up to date.
Checking for upgrades (5 candidates): ..... done
Processing candidates (5 candidates): .... done
The following 3 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
hostwatch: 1.0.9 -> 1.0.11 [OPNsense]
opnsense: 26.1 -> 26.1_4 [OPNsense]
os-git-backup: 1.1_2 -> 1.1_3 [OPNsense]
Number of packages to be upgraded: 3
7 MiB to be downloaded.
[1/3] Fetching hostwatch-1.0.11.pkg: .......... done
[2/3] Fetching os-git-backup-1.1_3.pkg: . done
[3/3] Fetching opnsense-26.1_4.pkg: .......... done
Checking integrity... done (0 conflicting)
[1/3] Upgrading hostwatch from 1.0.9 to 1.0.11...
===> Creating groups
Using existing group 'hostd'
===> Creating users
Using existing user 'hostd'
[1/3] Extracting hostwatch-1.0.11: ..... done
[2/3] Upgrading opnsense from 26.1 to 26.1_4...
[2/3] Extracting opnsense-26.1_4: .......... done
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh.sh'
*** OPNsense\Siproxd\General migration failed from 0.0.0 to 1.1.0, check log for details
Flushing all caches...done.
Writing firmware settings: FreeBSD OPNsense SunnyValley
Writing trust files...done.
Scanning /usr/share/certs/untrusted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
certctl: No changes to trust store were made.
Writing trust bundles...done.
Configuring login behaviour...done.
Configuring cron...done.
Configuring system logging...done.
[3/3] Upgrading os-git-backup from 1.1_2 to 1.1_3...
[3/3] Extracting os-git-backup-1.1_3: ..... done
Reloading plugin configuration
Flushing all caches...done.
Configuring system logging...done.
=====
Message from opnsense-26.1_4:
--
One step ahead, one step behind it, now you gotta run to get even
Checking integrity... done (0 conflicting)
Nothing to do.
Checking all packages: .......... done
The following package files will be deleted:
/var/cache/pkg/os-git-backup-1.1_3.pkg
/var/cache/pkg/os-git-backup-1.1_3~f195faf38f.pkg
/var/cache/pkg/opnsense-26.1_4~37c8c2b668.pkg
/var/cache/pkg/hostwatch-1.0.11.pkg
/var/cache/pkg/opnsense-26.1_4.pkg
/var/cache/pkg/hostwatch-1.0.11~c2a36a32e4.pkg
The cleanup will free 7 MiB
Deleting files: ...... done
Nothing to do.
Starting web GUI...done.
***DONE***
#27
26.1 Series / Re: Identity Association IPv6 ...
Last post by Monviech (Cedrik) - Today at 05:21:25 PMAn alternative is to create a SLAAC network and use this ndp proxy on the downstream OPNsenses (aka Opnsense 2 in this schema).
(If its ISP -> Opnsense 1 -> Opnsense 2...)
https://docs.opnsense.org/manual/ndp-proxy-go.html
(If its ISP -> Opnsense 1 -> Opnsense 2...)
https://docs.opnsense.org/manual/ndp-proxy-go.html
#28
26.1 Series / Re: Suricata - Divert (IPS)
Last post by Monviech (Cedrik) - Today at 05:14:36 PMWhat might also be a benefit is compatibility and stability with VM network interfaces as you dont have to use the emulated netmap driver anymore (the high performance native netmap driver requires intel network cards to work correctly most of the time).
#29
26.1 Series / Re: Identity Association IPv6 ...
Last post by franco - Today at 05:11:01 PMSimple. The ability to forward DHCPv6 PD to downstream routers from OPNsense is only in ISC-DHCP and Kea. In Kea there is no integration for dynamic prefixes. Dnsmasq does not support it at all.
Cheers,
Franco
Cheers,
Franco
#30
26.1 Series / Re: Suricata - Divert (IPS)
Last post by xpendable - Today at 05:09:29 PMIssue has been created as requested.
Another upside to using Divert (IPS) mode, the memory consumption has been cut in half since Netmap is no longer being used :)
Another upside to using Divert (IPS) mode, the memory consumption has been cut in half since Netmap is no longer being used :)
