"Recent posts
#41
German - Deutsch / Re: ISC DHCP & Unbound DNS res...
Last post by Monviech (Cedrik) - December 05, 2025, 07:56:43 PMDas ISC ist EOL und verschwindet bald als unmaintained plugin.
Lieber auf Dnsmasq umstellen wenn möglich:
https://docs.opnsense.org/manual/dnsmasq.html#dhcpv4-with-dns-registration
Lieber auf Dnsmasq umstellen wenn möglich:
https://docs.opnsense.org/manual/dnsmasq.html#dhcpv4-with-dns-registration
#42
Documentation and Translation / Re: Provide clarification on r...
Last post by meyergru - December 05, 2025, 07:22:51 PMThis is not an official answer, only my observations:
1. I never saw any updates for older CE branches after the next release has come out, so I guess, if you do not apply the latest updates, you potentially risk to have unfixed vulnerabilities.
2. Deciso offers the business edition for exactly the purpose you aim at. It is usually 3 months behind the community edition feature-wise (i.e. it has ripened a little), but is updated for vulnerabilities regularly. This version is the one to use if you want production quality. The CE version is free, but you have to be able to cope with problems induced by feature upgrades that come along with new releases. Short story is: YOu can use the CE version for free if you volunteer for testing it - otherwise, buy the business license.
3. Since the "major" updates for CE come out twice a year with YY.1 in January and YY.7 in July, they tend to have more new features in them. The minor updates that follow (e.g. YY.7.x) usually have less new features included - which is not to say that they cannot break.
If you can cope with not always having the "latest" and greatest, you should probably skip YY.X.0 versions or at least wait a few days after a release has been announced to see if there were neccessary fixes (YY.X.Z_n).
1. I never saw any updates for older CE branches after the next release has come out, so I guess, if you do not apply the latest updates, you potentially risk to have unfixed vulnerabilities.
2. Deciso offers the business edition for exactly the purpose you aim at. It is usually 3 months behind the community edition feature-wise (i.e. it has ripened a little), but is updated for vulnerabilities regularly. This version is the one to use if you want production quality. The CE version is free, but you have to be able to cope with problems induced by feature upgrades that come along with new releases. Short story is: YOu can use the CE version for free if you volunteer for testing it - otherwise, buy the business license.
3. Since the "major" updates for CE come out twice a year with YY.1 in January and YY.7 in July, they tend to have more new features in them. The minor updates that follow (e.g. YY.7.x) usually have less new features included - which is not to say that they cannot break.
If you can cope with not always having the "latest" and greatest, you should probably skip YY.X.0 versions or at least wait a few days after a release has been announced to see if there were neccessary fixes (YY.X.Z_n).
#43
25.7, 25.10 Series / Re: GeoIP with ipinfo stopped ...
Last post by Kayakero - December 05, 2025, 07:01:26 PMthe only thing I can assume is that ipinfo removed the "Content-Disposition" header ( it's hosted in cloudflare it doesn't make sense ).
because in geoip.py it gets the name from there. and that header doesn't exist now, tested with curl verbose. I don't know how it was before.
I've forced the name ending in .gz in there so it goes thru the .gzip code instead of the zip code with
filename = "ipinfo_lite.csv.gz"
and it worked.
because in geoip.py it gets the name from there. and that header doesn't exist now, tested with curl verbose. I don't know how it was before.
I've forced the name ending in .gz in there so it goes thru the .gzip code instead of the zip code with
filename = "ipinfo_lite.csv.gz"
and it worked.
Code Select
if url is not None and url.lower().startswith('http'):
# flush data from remote url to temp file and unpack from there
with tempfile.NamedTemporaryFile() as tmp_stream:
try:
r = requests.get(url)
except Exception as e:
syslog.syslog(syslog.LOG_ERR, 'geoip update failed : %s' % e)
return result
if r.status_code == 200:
msg = EmailMessage()
msg["Content-Disposition"] = r.headers.get("Content-Disposition", '')
filename = msg.get_filename()
syslog.syslog(syslog.LOG_NOTICE, 'filename : %s .' % filename)
filename = "ipinfo_lite.csv.gz"
tmp_stream.write(r.content)
tmp_stream.seek(0)
if not filename or filename.lower().endswith('.zip'):
syslog.syslog(syslog.LOG_NOTICE, 'found .zip format, process')
cls.process_zip(tmp_stream, result)
elif filename.endswith('.gz'):
syslog.syslog(syslog.LOG_NOTICE, 'found .gz format, process')
cls.process_gzip(tmp_stream, result)
# dump location hash (detect changes in geoIP source selection)
open(cls._src_hash_file, 'w').write(cls._source_hash())
else:
syslog.syslog(syslog.LOG_ERR,
'geoip update failed : %s [http_code: %s]' % (r.text.replace('\n', ''), r.status_code)
)
#44
German - Deutsch / ISC DHCP & Unbound DNS resolve...
Last post by Eistee - December 05, 2025, 06:52:25 PMHallo,
ich verwende ISC DHCP V4 und Unbound als DNS Server in OPNsense 25.7.9-amd64. Wenn ein neuer Client im Netzwerk ein lease vom DHCP Server holt und dessen Hostname damit im OPNsense bekannt ist funktioniert ein DNS resolve auf dessen Hostnamen leider erst wenn ich manuell den Unbound neustarte. Gibt es hier eine Möglichkeit die Konfiguration so zu ändern das der neue Hostname automatisch aufgelöst werden kann?
ISC DHCP4-Leases registrieren ist im Unbound aktiv
Gruß Alina
ich verwende ISC DHCP V4 und Unbound als DNS Server in OPNsense 25.7.9-amd64. Wenn ein neuer Client im Netzwerk ein lease vom DHCP Server holt und dessen Hostname damit im OPNsense bekannt ist funktioniert ein DNS resolve auf dessen Hostnamen leider erst wenn ich manuell den Unbound neustarte. Gibt es hier eine Möglichkeit die Konfiguration so zu ändern das der neue Hostname automatisch aufgelöst werden kann?
ISC DHCP4-Leases registrieren ist im Unbound aktiv
Gruß Alina
#45
General Discussion / Re: Some sites think I live in...
Last post by reincoder - December 05, 2025, 06:47:37 PMOpnsense primarily uses IPinfo's data, and I work for IPinfo. I am obligated to help the community in any way possible.
The other users have already provided great guidance. Please check your IP address at ipinfo.io/me. If there is an issue, reach out to our support team. They will instruct you on how to fix your location. However, if the sites you access do not use our data, providing accurately located data to you will not help much.
— Abdullah | DevRel, IPinfo
The other users have already provided great guidance. Please check your IP address at ipinfo.io/me. If there is an issue, reach out to our support team. They will instruct you on how to fix your location. However, if the sites you access do not use our data, providing accurately located data to you will not help much.
— Abdullah | DevRel, IPinfo
#46
Documentation and Translation / Provide clarification on recom...
Last post by evilaliv3 - December 05, 2025, 06:35:26 PMHello!
We use OPNsense Community Edition within the GlobaLeaks project, and we are opening this questions because we believe these questions are relevant not only to us but also to many users whose OPNsense appliances are managed by external organizations.
Clear guidance can help reduce operational costs and avoid the risks of updating too early from a stable setup, or staying too long on a version that is no longer adequately supported.
Our questions:
Thank you!
We use OPNsense Community Edition within the GlobaLeaks project, and we are opening this questions because we believe these questions are relevant not only to us but also to many users whose OPNsense appliances are managed by external organizations.
Clear guidance can help reduce operational costs and avoid the risks of updating too early from a stable setup, or staying too long on a version that is no longer adequately supported.
Our questions:
- Does OPNsense have a formal LTS or extended-support policy, or is only the latest major CE release supported with security updates? For example, if 25.12 is the last release of the 25.x series and is presumably more stable than an early 26.1 release, when should users consider upgrading to 26.x?
- Is a "security-only" or frozen-stable branch available, or are all CE users expected to follow the regular feature + security update cycle? We understand the latter is currently the case. From an end-user perspective, it would be helpful if each release clearly indicated whether it includes security fixes, for example via a "security-update" tag.
- What update cadence or version-selection strategy do you recommend for CE users seeking maximum security and stability, while avoiding premature upgrades or outdated releases? We hope the answers will help both our project and the wider OPNsense community adopt safer, more predictable deployment practices.
Thank you!
#47
Zenarmor (Sensei) / Re: Backup & Restore Backup Do...
Last post by OPNDeciso - December 05, 2025, 06:28:58 PMThanks! This appears to be fixed in the 2.2.5 UI update.
#48
German - Deutsch / Re: IPSec site2site neues Setu...
Last post by Monviech (Cedrik) - December 05, 2025, 06:16:08 PMDas geht jetzt einfacher mit der neuen reqid base in den IPsec Advanced settings - Charon.
Wenn man die zb auf 200 setzt können sich legacy und connections nicht mehr überlappen (wenn man weniger als 200 alte Phase 2 hat)
Wenn man die zb auf 200 setzt können sich legacy und connections nicht mehr überlappen (wenn man weniger als 200 alte Phase 2 hat)
#49
General Discussion / Micron exits consumer market
Last post by OPNenthu - December 05, 2025, 06:08:37 PMhttps://investors.micron.com/news-releases/news-release-details/micron-announces-exit-crucial-consumer-business
It looks like the RAM "shortage" for consumers could be a little more than temporary. Gamers Nexus on YT just did an interesting piece with their take on this (won't get into it here).
Maybe don't wait to buy that router or RAM kit you've been thinking about... :(
It looks like the RAM "shortage" for consumers could be a little more than temporary. Gamers Nexus on YT just did an interesting piece with their take on this (won't get into it here).
Maybe don't wait to buy that router or RAM kit you've been thinking about... :(
#50
German - Deutsch / Re: IPSec site2site neues Setu...
Last post by viragomann - December 05, 2025, 06:05:21 PMIch musste bei den Connections auch jeweils eindeutige Requids in den Childs vergeben.
