"Recent posts
#81
26.1 Series / Re: Anti-Lockout Rule (Destina...
Last post by OPNenthu - February 01, 2026, 10:22:42 PMQuote from: Patrick M. Hausen on February 01, 2026, 10:08:45 PMI had a rule exactly like this for interface "enc0" in my export which I needed to delete manually before migrating. No idea what the cause of this might be atm.
Related? https://forum.opnsense.org/index.php?topic=50591.0
#82
German - Deutsch / Re: Bootreihenfolge geändert n...
Last post by Patrick M. Hausen - February 01, 2026, 10:18:28 PMWas ist das? Wenn das "KI" ist - ok. Ich hatte dich nach der Ausgabe von "dmesg" gefragt, ich bin raus. Ich unterhalte mich nicht mit sogenannter "KI".
#83
German - Deutsch / Re: Bootreihenfolge geändert n...
Last post by cottec - February 01, 2026, 10:15:00 PMQuoteBasierend auf den von Ihnen hochgeladenen System-Logs lässt sich kein klassischer Systemabsturz (Kernel Panic) feststellen, sondern eher eine Kette von kritischen Hardware- und Konfigurationsproblemen, die das System instabil machen oder einen automatischen Neustart ausgelöst haben könnten.
Die Hauptgründe für die Instabilität sind:
1. Hardware-Fehler des Speichermediums (Kritisch)
Das schwerwiegendste Problem sind Hardware-Fehler beim Schreibzugriff auf das Boot-Medium (mmcsd0), bei dem es sich wahrscheinlich um eine SD-Karte oder ein eMMC-Modul handelt.
Fehlermeldungen: mmcsd0: Setting erase start position failed Timeout und g_vfs_done():gpt/rootfs[DELETE(...)]error = 5.
Bedeutung: Das Dateisystem meldet E/A-Fehler (I/O Errors). "Error 5" steht für einen Input/Output-Fehler. Dies deutet darauf hin, dass das Speichermedium defekt ist oder die Schreibzugriffe aufgrund von Timeouts fehlschlagen. Dies führt zwangsläufig zum "Einfrieren" oder unkontrollierten Neustart der OPNsense.
2. PPPoE-Verbindungsprobleme (Dauerhaft)
Das System versucht ununterbrochen, eine WAN-Verbindung über PPPoE aufzubauen, was scheitert.
Fehlermeldungen: PPPoE connection timeout after 9 seconds und zahlreiche reconnection attempt (bis zu Versuch 12 dokumentiert).
+2
Auswirkung: Da die OPNsense bei jedem gescheiterten Verbindungsaufbau versucht, Dienste wie den DNS-Server (Unbound), das Routing und Filterregeln neu zu konfigurieren, entsteht eine hohe Systemlast und Instabilität in der Konfigurations-Engine.
+2
3. Fehlerhafte Plugin-Konfigurationen
Es gibt mehrere Fehler bei Zusatzdiensten, die beim Systemstart (Bootup) zu Verzögerungen oder Fehlfunktionen führen:
ntopng: Der Dienst meldet Too many interfaces (8) und bricht die Initialisierung des Network Discovery ab. Es wird empfohlen, die Redis-Datenbank zurückzusetzen (redis-cli flushall).
+2
Backup-Fehler (Bitrix24/Rclone): Es treten kritische Fehler beim Versuch auf, Backups auf einen Cloud-Speicher hochzuladen (Failed to create file system [...] server misbehaving), da zu diesem Zeitpunkt keine Internetverbindung (DNS-Fehler) besteht.
NUT (USV-Überwachung): Der Dienst für die USV (Unterbrechungsfreie Stromversorgung) kann nicht starten, da keine Definitionen in der ups.conf gefunden wurden.
Zusammenfassung und Empfehlung: Der wahrscheinlichste Grund für "Abstürze" ist das defekte oder inkompatible Speichermedium (mmcsd0).
Hardware prüfen: Ersetzen Sie das Speichermedium (SD-Karte/eMMC) durch eine hochwertige SSD oder eine neue SD-Karte.
PPPoE prüfen: Stellen Sie sicher, dass das Modem korrekt verbunden ist und die Zugangsdaten stimmen, um die ständigen Neukonfigurationen zu stoppen.
Dienste bereinigen: Deaktivieren Sie testweise ntopng und die Cloud-Backups, bis die Basis-Internetverbindung stabil läuft.
#84
26.1 Series / Re: Anti-Lockout Rule (Destina...
Last post by RamSense - February 01, 2026, 10:11:52 PMI have my imported CSV list still here and looked through them. There is no allow all rule there.
Since I have all the rules with a description it was easy to see that there was none without one like the screen capture above.
When searching for WAN I did not find an allow all rule.
Maybe you can replicate this also for this out of the blue rule.
Since I have all the rules with a description it was easy to see that there was none without one like the screen capture above.
When searching for WAN I did not find an allow all rule.
Maybe you can replicate this also for this out of the blue rule.
#85
26.1 Series / Re: Anti-Lockout Rule (Destina...
Last post by Patrick M. Hausen - February 01, 2026, 10:08:45 PMI had a rule exactly like this for interface "enc0" in my export which I needed to delete manually before migrating. No idea what the cause of this might be atm.
#86
26.1 Series / Re: WiFi interface broken afte...
Last post by binaryx - February 01, 2026, 10:06:18 PMroot@~~~~~~~:/usr/local/www # diff /usr/local/etc/inc/interfaces.inc*
1693,1696c1693
< $doExec = sprintf('/sbin/ifconfig wlan create wlandev %s %s bssid name %s', $baseif, $mode, $device);
<
< #if (mwexecf('/sbin/ifconfig wlan create wlandev %s %s bssid name %s', [$baseif, $mode, $device])) {
< if (mwexecf($doExec)) {
---
> if (mwexecf('/sbin/ifconfig wlan create wlandev %s %s bssid name %s', [$baseif, $mode, $device])) {
root@~~~~~~~:/usr/local/www #
1693,1696c1693
< $doExec = sprintf('/sbin/ifconfig wlan create wlandev %s %s bssid name %s', $baseif, $mode, $device);
<
< #if (mwexecf('/sbin/ifconfig wlan create wlandev %s %s bssid name %s', [$baseif, $mode, $device])) {
< if (mwexecf($doExec)) {
---
> if (mwexecf('/sbin/ifconfig wlan create wlandev %s %s bssid name %s', [$baseif, $mode, $device])) {
root@~~~~~~~:/usr/local/www #
#87
26.1 Series / Re: Anti-Lockout Rule (Destina...
Last post by meyergru - February 01, 2026, 10:05:31 PMActually, that was not a "little" bug. But did that rule come out of the blue or was it present before?
Because you obviously have used the migration assistant, you should be able to look at the rules before the migration.
This would be helpful to tell if there is a potential "HUGE" bug or just a misconfiguration on your part.
Because you obviously have used the migration assistant, you should be able to look at the rules before the migration.
This would be helpful to tell if there is a potential "HUGE" bug or just a misconfiguration on your part.
#88
26.1 Series / Re: Anti-Lockout Rule (Destina...
Last post by RamSense - February 01, 2026, 10:00:51 PMFound it! Some little bug. Thanks Patrick.
Your simple "there must be some rule allowing this" made me wonder if the deleting of the old rules has done its job or not.
And there I went through the old interface rules and there was one rule left on WAN! So the delete all (old)rules with [Remove all legacy rules] in the wizard, did not do it all. Maybe a bug there? The wizard forgot to remove one by rather just adding an important one you do not want to have!
IPv4+6 * * * * * * *
Your simple "there must be some rule allowing this" made me wonder if the deleting of the old rules has done its job or not.
And there I went through the old interface rules and there was one rule left on WAN! So the delete all (old)rules with [Remove all legacy rules] in the wizard, did not do it all. Maybe a bug there? The wizard forgot to remove one by rather just adding an important one you do not want to have!
IPv4+6 * * * * * * *
#89
26.1 Series / Re: Anti-Lockout Rule (Destina...
Last post by Patrick M. Hausen - February 01, 2026, 09:58:20 PMIf you disable the block rules on top, the services are exposed, right? And there's 53 rules on WAN. So the rule responsible must be one of the 45 and a half you did not show.
How are you expecting anyone to help with less than 20% of the relevant information?
Or it's in floating. Or interface groups. Or NAT port forwarding. Yes, I think that sums it up. Somewhere in these places there absolutely must be a rule causing the ports to be open.
How are you expecting anyone to help with less than 20% of the relevant information?
Or it's in floating. Or interface groups. Or NAT port forwarding. Yes, I think that sums it up. Somewhere in these places there absolutely must be a rule causing the ports to be open.
#90
26.1 Series / Re: Running server (Nextcloud)...
Last post by viragomann - February 01, 2026, 09:23:52 PMQuote from: TheSHAD0W on February 01, 2026, 07:07:15 PMtcpdump shows connection replies from activity on the second gateway being sent out the first one despite all attempts I've made to direct the traffic correctly.The "reply-to" tagging is responsible to route replies back to the correct gateway.
This presumes that
- you have the proper gateway stated in WAN interface settings in case manual IP configuration
- and that the firewall rule, which is passing the incoming traffic to the web server, is defined on the incoming interface (no group or floating pass rule must match the traffic).
Note that interface group or floating rules have precedence over interface rules.
