"Recent posts
#61
25.7 Series / Re: Weird errors after update ...
Last post by HARLEY_VH - September 04, 2025, 07:07:53 PMexperienced similar situation when updating from 25.7 to 25.7.2
N305 system
bootstrap not successful
had to reinstalled from scratch, removed plugins (dark theme & os-ddclient), removed pihole DNS ip from config and re-attempted 25.7 to 25.7.2 update
not successful
system is up & running but remains at 25.7
result of health audit -> all 68 pkgs are version missmatched which is expected considering
will wait and see
N305 system
bootstrap not successful
had to reinstalled from scratch, removed plugins (dark theme & os-ddclient), removed pihole DNS ip from config and re-attempted 25.7 to 25.7.2 update
not successful
system is up & running but remains at 25.7
result of health audit -> all 68 pkgs are version missmatched which is expected considering
will wait and see
Code Select
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 25.7 (amd64) at Thu Sep 4 12:50:44 EDT 2025
>>> Root file system: /dev/gpt/rootfs
>>> Check installed kernel version
Version 25.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 25.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense (Priority: 11)
>>> Check installed plugins
No plugins found.
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" at 25.7 has 68 dependencies to check.
Checking packages: ..
ca_root_nss-3.108 version mismatch, expected 3.115
Checking packages: ...............
lighttpd-1.4.79 version mismatch, expected 1.4.81
Checking packages: ......
opnsense-25.7 version mismatch, expected 25.7.2
Checking packages: ..
opnsense-lang-25.1.11 version mismatch, expected 25.7.2
Checking packages: .
opnsense-update-25.7 version mismatch, expected 25.7.2
Checking packages: ...
php83-ctype-8.3.23 version mismatch, expected 8.3.24
Checking packages: .
php83-curl-8.3.23 version mismatch, expected 8.3.24
Checking packages: .
php83-dom-8.3.23 version mismatch, expected 8.3.24
Checking packages: .
php83-filter-8.3.23 version mismatch, expected 8.3.24
Checking packages: .
php83-gettext-8.3.23 version mismatch, expected 8.3.24
Checking packages: .
php83-ldap-8.3.23 version mismatch, expected 8.3.24
Checking packages: .
php83-pcntl-8.3.23 version mismatch, expected 8.3.24
Checking packages: .
php83-pdo-8.3.23 version mismatch, expected 8.3.24
Checking packages: .....
php83-session-8.3.23 version mismatch, expected 8.3.24
Checking packages: .
php83-simplexml-8.3.23 version mismatch, expected 8.3.24
Checking packages: .
php83-sockets-8.3.23 version mismatch, expected 8.3.24
Checking packages: .
php83-sqlite3-8.3.23_1 version mismatch, expected 8.3.24
Checking packages: .
php83-xml-8.3.23 version mismatch, expected 8.3.24
Checking packages: .
php83-zlib-8.3.23 version mismatch, expected 8.3.24
Checking packages: ....
py311-duckdb-1.3.1_1 version mismatch, expected 1.3.2
Checking packages: .
py311-jq-1.8.0_1 version mismatch, expected 1.10.0
Checking packages: ...
py311-numpy-1.26.4_6,1 version mismatch, expected 1.26.4_7,1
Checking packages: ..........
sudo-1.9.17p1 version mismatch, expected 1.9.17p2
Checking packages: ..
syslog-ng-4.8.2_3 version mismatch, expected 4.8.2_4
Checking packages: ... done
***DONE***
#62
German - Deutsch / schlechter Downloadspeed, erwa...
Last post by sternchen45 - September 04, 2025, 07:06:08 PMHallo,
ich habe eine S2S mittels Wireguard gebaut und bin der mehr oder weniger offiziellen Anleitung gefolgt. Die funktioniert auch. Aber noch nicht vollständig so, wie ich es gerne hätte. Ich erreiche alle Hosts auf allen Seiten des Tunnels.
Schaubild
LAN Proxmox-> Linux-Bridge-> OPNSense-VM WG-Tunnel->
Internet-> <
Hosting>Proxmox-OPNSense VM WG-Tunnel-> Linux-Bridge-> diverse Proxmox-VMs
Ziel war es vor allem, ein Plex in der Familie verfügbar zu machen. Leider klappen nur 720P zuverlässig. Also dachte ich, ich überprüfe das mittels iperf3 und habe da aber blöde Resultate herausbekommen (um die 11Mb/s). Dann dachte ich, wer weiß, was da schiefläuft, teste doch end-to-end mittels sftp. Meine Internetleitung zuhause ist 600/200 FTTH (Fritzbox). Beim Transfer vom LAN zur gehosteten Windows-VM erreiche ich 20MB/s, alles gut.
Aber andere Richtung zum LAN zuhause nur 2,7MB/s. Die OPNSenses haben dieselben Einstellungen. MSS Clamping ist wie in der Anleitung gesetzt und soweit ich im Capture gesehen habe sind die Längen der aufgezeichneten Pakete auch ungefähr in dem Range (MTU habe ich auf 1380, MSS Clamping auf 1340, versuchsweise auf 1320 (ohne Verbesserung), gesetzt. Quelle der Übertragung ist ein Mac (der sich im WAN der ersten OPNSense versteckt). IPv4+6 ICMP ist erlaubt. CPU-Auslastung scheint nicht hoch zu sein.
Hat jemand eine Ahnung, was da schieflaufen könnte und was ich versuchen könnte? Vielen Dank
ich habe eine S2S mittels Wireguard gebaut und bin der mehr oder weniger offiziellen Anleitung gefolgt. Die funktioniert auch. Aber noch nicht vollständig so, wie ich es gerne hätte. Ich erreiche alle Hosts auf allen Seiten des Tunnels.
Schaubild
LAN Proxmox-> Linux-Bridge-> OPNSense-VM WG-Tunnel->
Internet-> <
Hosting>Proxmox-OPNSense VM WG-Tunnel-> Linux-Bridge-> diverse Proxmox-VMs
Ziel war es vor allem, ein Plex in der Familie verfügbar zu machen. Leider klappen nur 720P zuverlässig. Also dachte ich, ich überprüfe das mittels iperf3 und habe da aber blöde Resultate herausbekommen (um die 11Mb/s). Dann dachte ich, wer weiß, was da schiefläuft, teste doch end-to-end mittels sftp. Meine Internetleitung zuhause ist 600/200 FTTH (Fritzbox). Beim Transfer vom LAN zur gehosteten Windows-VM erreiche ich 20MB/s, alles gut.
Aber andere Richtung zum LAN zuhause nur 2,7MB/s. Die OPNSenses haben dieselben Einstellungen. MSS Clamping ist wie in der Anleitung gesetzt und soweit ich im Capture gesehen habe sind die Längen der aufgezeichneten Pakete auch ungefähr in dem Range (MTU habe ich auf 1380, MSS Clamping auf 1340, versuchsweise auf 1320 (ohne Verbesserung), gesetzt. Quelle der Übertragung ist ein Mac (der sich im WAN der ersten OPNSense versteckt). IPv4+6 ICMP ist erlaubt. CPU-Auslastung scheint nicht hoch zu sein.
Hat jemand eine Ahnung, was da schieflaufen könnte und was ich versuchen könnte? Vielen Dank
#63
25.7 Series / Re: 25.7.2 needing hard reboot...
Last post by pfry - September 04, 2025, 07:05:00 PM #64
25.7 Series / Re: Can anybody verify that dn...
Last post by IsaacFL - September 04, 2025, 06:59:37 PMI am hiding actual domain/ipv6 addresses, but this is using my router address on vlan 30:
I get the same results using any router interface. All is good from the router itself.
Code Select
root@OPNsense:~ # dig @2603:aaaa:bbbb:fb30::cccc -p 53053 bedroom.mydomain.com a
; <<>> DiG 9.20.11 <<>> @2603:aaaa:bbbb:fb30::cccc -p 53053 bedroom.mydomain.com a
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2429
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
; bedroom.mydomain.com. IN A
;; ANSWER SECTION:
bedroom.mydomain.com. 300 IN A 10.23.20.102
;; Query time: 0 msec
;; SERVER: 2603:aaaa:bbbb:fb30::cccc#53053(2603:aaaa:bbbb:fb30::cccc) (UDP)
;; WHEN: Thu Sep 04 09:56:31 PDT 2025
;; MSG SIZE rcvd: 64
I get the same results using any router interface. All is good from the router itself.
#65
25.7 Series / Re: Can anybody verify that dn...
Last post by Monviech (Cedrik) - September 04, 2025, 06:54:27 PMWell this means unbound is your primary resolver and it is responsible right now for the ipv6 traffic on port 53.
#66
25.7 Series / Re: Can anybody verify that dn...
Last post by IsaacFL - September 04, 2025, 06:52:11 PMon the opnsense itself I get for sockstat -l
Code Select
unbound unbound 99237 5 udp6 *:53 *:*
unbound unbound 99237 6 tcp6 *:53 *:*
unbound unbound 99237 7 udp4 *:53 *:*
unbound unbound 99237 8 tcp4 *:53 *:*
unbound unbound 99237 9 udp6 *:53 *:*
unbound unbound 99237 10 tcp6 *:53 *:*
unbound unbound 99237 11 udp4 *:53 *:*
unbound unbound 99237 12 tcp4 *:53 *:*
unbound unbound 99237 13 udp6 *:53 *:*
unbound unbound 99237 14 tcp6 *:53 *:*
unbound unbound 99237 15 udp4 *:53 *:*
unbound unbound 99237 16 tcp4 *:53 *:*
unbound unbound 99237 17 udp6 *:53 *:*
unbound unbound 99237 18 tcp6 *:53 *:*
unbound unbound 99237 19 udp4 *:53 *:*
unbound unbound 99237 20 tcp4 *:53 *:*
unbound unbound 99237 21 tcp4 127.0.0.1:953 *:*
nobody dnsmasq 47107 4 udp4 *:67 *:*
nobody dnsmasq 47107 8 udp6 *:547 *:*
nobody dnsmasq 47107 10 udp4 *:53053 *:*
nobody dnsmasq 47107 11 tcp4 *:53053 *:*
nobody dnsmasq 47107 12 udp6 *:53053 *:*
nobody dnsmasq 47107 13 tcp6 *:53053 *:*
#67
General Discussion / Re: Switch necessary for match...
Last post by Patrick M. Hausen - September 04, 2025, 06:46:07 PMYou do not need a switch if all your devices connect wirelessly and you have just a single access point. If you have multiple a switch is recommended although you could emulate one in software with OPNsense's bridge interfaces.
#68
General Discussion / Switch necessary for matching ...
Last post by Mosman - September 04, 2025, 06:40:49 PMHi all,
I have a very brief question which is still taking me a bit of time to figure out properly.
A lot of online searching has kept guiding me towards the 'just not exactly what I needed' answers but elucidated quite a bunch already. The amazing work of HomeNetworkGuy, Jim's Garage, and several others were definitely of great help (and are an absolute recommendation for learning more). Still, I haven't found the gemstone in the mud so I am taking the chance to just ask it bluntly on our user forum and hope to get the information easily available for fellow internet humans who might search for the same keywords in their setup.
For my SOHO setup I am looking at a simple and reasonably foolproof solution with just 3 devices.
The intended setup is : 1) ISP modem > 2) OPNsense Firewall [with VLANs] > 3) Access Point --> access for all
My expectation is to easily assign the VLANs matching WiFi SSIDs via my ASUS router in Access Point mode. For proper segmentation I tagged all VLANs and assigned proper firewall rules. Then again, I also see quite a number of threads stating that managed switches are necessary(?) before adding the Access Points. But to my understanding, won't the Access Point just pick up VLANs if these are correctly tagged (and fulfills the required technical specifications)?
Hoping to learn more about this part of the puzzle and why switches are such a big deal :)
I have a very brief question which is still taking me a bit of time to figure out properly.
A lot of online searching has kept guiding me towards the 'just not exactly what I needed' answers but elucidated quite a bunch already. The amazing work of HomeNetworkGuy, Jim's Garage, and several others were definitely of great help (and are an absolute recommendation for learning more). Still, I haven't found the gemstone in the mud so I am taking the chance to just ask it bluntly on our user forum and hope to get the information easily available for fellow internet humans who might search for the same keywords in their setup.
For my SOHO setup I am looking at a simple and reasonably foolproof solution with just 3 devices.
The intended setup is : 1) ISP modem > 2) OPNsense Firewall [with VLANs] > 3) Access Point --> access for all
My expectation is to easily assign the VLANs matching WiFi SSIDs via my ASUS router in Access Point mode. For proper segmentation I tagged all VLANs and assigned proper firewall rules. Then again, I also see quite a number of threads stating that managed switches are necessary(?) before adding the Access Points. But to my understanding, won't the Access Point just pick up VLANs if these are correctly tagged (and fulfills the required technical specifications)?
Hoping to learn more about this part of the puzzle and why switches are such a big deal :)
#69
25.7 Series / Re: OPNSense 25.7 Firewall:Dia...
Last post by franco - September 04, 2025, 04:59:16 PM@hharry thanks for confirming!
#70
25.7 Series / Re: OPNSense 25.7 Firewall:Dia...
Last post by tuto2 - September 04, 2025, 04:56:44 PMFor what it's worth, these pages have also been fixed through https://github.com/opnsense/core/commit/adc58c39511dda6429aa8d565cef924a93fc326f and https://github.com/opnsense/core/commit/cb31d64ab356d3cd82ee6941e10b95c5733d28ff respectively
