Recent posts

#21
German - Deutsch / Re: Hardware Suche N150 mit In...
Last post by Patrick M. Hausen - January 12, 2026, 04:28:57 PM
Der Beelink EQ14 hätte z.B. definitiv Intel-Schnittstellen (KTI226-V). Ich hab einen ME-Mini von denen als NAS und bin recht zufrieden.

https://www.bee-link.com/de/products/beelink-eq14-n150
#22
General Discussion / Re: OPNsense insists that DHCP...
Last post by franco - January 12, 2026, 04:24:37 PM
Things are likely changing in the default install of 26.1 as we're trying to unwind these implicit IPv6 behaviours steered from the interface settings  we've inherited.  They don't really work in a post ISC DHCPD world.


Cheers,
Franco
#23
25.7, 25.10 Series / Re: Erratic behaviour of bundl...
Last post by poplin - January 12, 2026, 04:23:59 PM
Quote from: Slashing on January 12, 2026, 05:56:38 AMFor drill, the order of arguments is important...

Thanks for the remark!.  That changes a bit the outcome.  First, unbound is giving NOERROR all time now.

# drill -p 53053 fr.app.lgwebostv.com @127.0.0.1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 3608


But still dnsmasq is giving NXDOMAIN

# drill -p 53 fr.app.lgwebostv.com @127.0.0.1
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 3319

until it is restarted...

# drill -p 53 fr.app.lgwebostv.com @127.0.0.1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 48568

but after 15 min again NXDOMAIN
# drill -p 53 fr.app.lgwebostv.com @127.0.0.1
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 18322

All in all it makes more sense now, and clarifies a bit better the underlying problem: after 15 min dnsmasq stops forwarding the address to unbound.



#24
German - Deutsch / Hardware Suche N150 mit Intel ...
Last post by carepack - January 12, 2026, 04:15:24 PM
Hi,

ich bin auf der Suche nach neuer Hardware. Ich möchte mir einen dieser kleinen Mini-China-PCs holen mit dem N150 und Dual-Lan. Soweit passt auch alles, nur leider bekommt man so gut wie nicht raus, welcher Chipsatz für die Netzwerkkarten verwendet wird. Habe jetzt schon zwei Stück bei Amazon testweise bestellt und beide hatten einen Realtek Chip.

Daher die Frage, ob jemand einen dieser N150 Mini-PCs in Verwendung hat und mir empfehlen kann, allerdings mit Intel Netzwerkchip?

Die Dinger findet man zu Hauf bei Amazon, oft auch mit Dual-Lan, nur den Chipsatz gibt keiner an...

Vielen Dank vorab und beste Grüße
#25
25.7, 25.10 Series / Re: FRR loads with wrong metri...
Last post by Monviech (Cedrik) - January 12, 2026, 03:53:25 PM
Thanks, I think this would be it?

https://github.com/opnsense/plugins/pull/5132
#26
25.7, 25.10 Series / Re: FRR loads with wrong metri...
Last post by alfrisch - January 12, 2026, 03:37:47 PM
OK great, I just added it to the restart event and mentioned so in the PR
#27
High availability / Re: CARP OS-FRR timeout after ...
Last post by rkam - January 12, 2026, 02:49:16 PM
Okay, I understand.

I need to find a time slot where I can downgrade to 24.7.12. and after this step by step to the higher  ver.
Unfortunately, some changes have already been made to the configuration, as changes were also made to the remote site.
I'll get back to you with more information;
#28
High availability / Re: CARP OS-FRR timeout after ...
Last post by Monviech (Cedrik) - January 12, 2026, 02:00:42 PM
Can you be precise with this:

24.7.12 to 25.7.10, there are two major upgrades here (24.7 -> 25.1 -> 25.7).

If that is really true, its very hard to find the exact version where it stopped to work.

To bisect this, you can do incremental updates by going to:
- "System - Firmware - Settings"
- enable "advanced mode"
- Flavour "(custom)"
25.7/MINT/25.7.x/latest
Here slowly increment the versions.

25.1/MINT/25.1.1/latest
25.1/MINT/25.1.2/latest
...

You don't need every minor upgrade, just try to bisect where it happens, that would help a lot.
#29
German - Deutsch / Re: VoIP mit enviaTel ohne Fri...
Last post by Hunter - January 12, 2026, 01:33:52 PM
Das Problem bei enviaTel ist für mich, dass der SIP-Server nur im SIP-VLAN133 sichtbar und erreichbar ist. Nicht im "normalen" WAN-Internet. Nun habe ich mir schon eine Regel gebastelt, die den VLAN20( interne Snoms )-Verkehr den Gateway des vlan133 nutzt. Aber irgendwie will es nicht. Ich muss mein internes VLAN20 also mit dem externen VLAN133 verbinden. Oder eben ohne internen DHCP auf VLAN20 dieses einfach mit dem VLAN133 verbinden. Da bekommt das SNOM zwar eine 172.x.x.x-Adresse aus dem Provider-VLAN, registriert sich aber trotzdem nicht. Und mir fehlt die Sachkenntnis, wieso das so ist.
#30
High availability / Re: CARP OS-FRR timeout after ...
Last post by rkam - January 12, 2026, 01:31:10 PM
Wireguard  and  OPNVPN Legacy   Depend on CARP activated   also OS-FRR

more Facts :

( pairs :  Master:Slave )

Tested on various devices with CARP same behavior

1 pair : without activate  frr   Failover okay .

ipsec side to side tunnel
OPNVPN Legacy  Side to Side  Client
Wireguard Site to Side tunnel

1 pair :  activate only frr   Failover time out  .

ipsec side to side tunnel : no time out
OPNVPN Legacy  Side to Side  Client : timeout
Wireguard Site to Side tunnel : timeout

In OPNVPN Legacy, it's very clear that when there's a connection status, all information about the tunnels is missing.

after  the time out  ( File "/usr/local/sbin/configctl", line 65, in exec_config_cmd line = sock.recv(65536).decode() ^^^^^^^^^^^^^^^^ TimeoutError: timed out)

Then you can see the information  and you can also ping the remote

Wireguard  Status   after 2 min you can ping the remote

**  2 pair **

2 pair : without activate  frr   Failover okay .

ipsec side to side tunnel 
OPNVPN  Instance   Server Side to Side TAP  Brige L2 (move for test the tunnel from leagcy to Instance / see comment below  ****** )
Wireguard Site to Side tunnel


2 pair :  activate only frr   Failover time out  .

ipsec side to side  tunnel:  no time out
OPNVPN  Instance   Server Side to Side TAP  Brige L2  time out (move for test the tunnel from leagcy to Instance )
Wireguard Site to Side tunnel time out

same error  in the logs :  ( File "/usr/local/sbin/configctl", line 65, in exec_config_cmd line = sock.recv(65536).decode() ^^^^^^^^^^^^^^^^ TimeoutError: timed out)

I have the problem with 16 Pairs  ( Master:Slave ) ;  I have performed a rollback to 24.7.12 for all, but 2 pairs for further investigation runs 25.7.10.


*******
OPNVPN Instance  TAP L2 brige (without FRR) 

After switching the OPVN tunnel (server) from legacy to instance TAP L2 with interface and bridge, the failover only works partially. After switching to slave, no connection is established, even after a longer waiting time. It's not possible to connect to the deactivated master, but if you kill it on the master, you can see that the client reconnects to the slave. Even when the master is activated, this doesn't always work immediately.

In Legacy runs without any trouble

*********