"Recent posts
#71
25.7, 25.10 Series / Re: Updated acme.sh for additi...
Last post by Monviech (Cedrik) - Today at 01:58:45 PMAcme.sh repository tags a release
FreeBSD ports picks it up and bumps packet version
Opnsense ports synchronize that
New package gets built and released
Its that flow of events that must usually happen.
FreeBSD ports picks it up and bumps packet version
Opnsense ports synchronize that
New package gets built and released
Its that flow of events that must usually happen.
#72
25.7, 25.10 Series / Re: Crash on startup
Last post by leony - Today at 01:32:10 PMQuote from: cookiemonster on October 20, 2025, 10:44:14 PMdid you try my last suggestion, what was the outcome ?
Yes your solution has worked. I removed the USB mouse (kept the keyboard on) and rebooted the system. I can now see the console.
I am not asking the reason (do I need to know?) At the end of the day we would need keyboard, not the mouse using the console?
#73
25.7, 25.10 Series / Updated acme.sh for additional...
Last post by Mr.Goodcat - Today at 01:20:12 PMHi,
the release cadence of acme.sh can be slow with gaps of up to a year. If I understand the readme correctly, one should use the latest code instead of waiting for new tags anyway:
Since the last release from April, useful new features such as the DNS API of Hurricane Electric have been added. Would it be possible to update OPNsense with the latest code from github? Thanks!
the release cadence of acme.sh can be slow with gaps of up to a year. If I understand the readme correctly, one should use the latest code instead of waiting for new tags anyway:
Quoteacme.sh is in constant development, so it's strongly recommended to use the latest code.
Since the last release from April, useful new features such as the DNS API of Hurricane Electric have been added. Would it be possible to update OPNsense with the latest code from github? Thanks!
#74
Virtual private networks / Re: Manually customize the Ope...
Last post by jeremias.winter - Today at 01:11:24 PMThis is still a problem. I also need tun-mtu and am therefore currently forced to use the legacy server, with the deprecation notice looming over it.
There even was a related GitHub issue once:
https://github.com/opnsense/core/issues/6758
-- It was about the "port-share" option, but the underlying issue is the same (not being able to set OpenVPN options through the GUI).
This was denied as "not planned".
I really hope that this can be improved. I do understand that OpenVPN options are a nightmare and OpnSense wants to keep the UI tidy, but this feels like Apple removing well-needed features because they think that "you should not need this".
There even was a related GitHub issue once:
https://github.com/opnsense/core/issues/6758
-- It was about the "port-share" option, but the underlying issue is the same (not being able to set OpenVPN options through the GUI).
This was denied as "not planned".
I really hope that this can be improved. I do understand that OpenVPN options are a nightmare and OpnSense wants to keep the UI tidy, but this feels like Apple removing well-needed features because they think that "you should not need this".
#75
25.7, 25.10 Series / Re: netflow on 25.7
Last post by franco - Today at 01:07:30 PMYes, do not use a patch after it was shipped, because you're undoing the patch.
Cheers,
Franco
Cheers,
Franco
#76
General Discussion / Re: Opnsense NordVPN does not ...
Last post by gandizzle - Today at 12:50:59 PMHas realy nobody an idea?
#77
Virtual private networks / Two wireguard routes to one ne...
Last post by Kornelius777 - Today at 12:18:57 PMDear all,
I have two local networks connected to each other via two different wireguard connections.
What I would like to know:
How can I establish a route metric/route cost, so that one of the two connections only works as a kind of a fallback?
Without a metric, the possibility to crate a routing loop is quite high.
Could somebody please give me a hand?
Kind regards,
I have two local networks connected to each other via two different wireguard connections.
What I would like to know:
How can I establish a route metric/route cost, so that one of the two connections only works as a kind of a fallback?
Without a metric, the possibility to crate a routing loop is quite high.
Could somebody please give me a hand?
Kind regards,
#78
Intrusion Detection and Prevention / Re: IDS only detects attack di...
Last post by Monviech (Cedrik) - Today at 11:58:30 AMHosts in the same Layer2 Broadcast domain discover each other via ARP and talk to each other directly without using the router.
For this to work the OPNsense must become a large bridge with 1 interface per client.
For this to work the OPNsense must become a large bridge with 1 interface per client.
#79
Intrusion Detection and Prevention / IDS only detects attack direct...
Last post by sadodosat - Today at 11:52:08 AMI'd like to do a demonstration of the IDS detecting a DoS attack. I'm doing this in a virtualised environment in Proxmox.
I enabled the IDS, downloaded and enabled the relevant ruleset and rules. (I was the most interested in the GoldenEye attack, so I replaced the $EXTERNAL_NET any at the beginning of the rule with any any, because I was planning to do the attack from within the local network.) It worked perfectly when I directed the attack at the internal IP address of the OPNsense machine, but it didn't alert when I tried to attack another machine in the local network.
I tried disabling the 3 options of offload in interface settings, then enabling Promiscuous mode and adding my home network address in the settings of the IDS (then removing the other addresses), and putting the LAN interface in Promiscuous mode (in Interfaces > [LAN]). I tested the attack against the target machine after every change to see if I get an alert, but I didn't.
What could be the problem? What can I do to fix it? Thanks for your answers!
I enabled the IDS, downloaded and enabled the relevant ruleset and rules. (I was the most interested in the GoldenEye attack, so I replaced the $EXTERNAL_NET any at the beginning of the rule with any any, because I was planning to do the attack from within the local network.) It worked perfectly when I directed the attack at the internal IP address of the OPNsense machine, but it didn't alert when I tried to attack another machine in the local network.
I tried disabling the 3 options of offload in interface settings, then enabling Promiscuous mode and adding my home network address in the settings of the IDS (then removing the other addresses), and putting the LAN interface in Promiscuous mode (in Interfaces > [LAN]). I tested the attack against the target machine after every change to see if I get an alert, but I didn't.
What could be the problem? What can I do to fix it? Thanks for your answers!
#80
25.7, 25.10 Series / Re: netflow on 25.7
Last post by 01toabcdef - Today at 11:44:20 AMI tried above patch but its not working for me, any solution to it?
Thank you
Thank you
