"Recent posts
#81
25.7, 25.10 Series / WebGUI isn't accessible. Live ...
Last post by Lymba_Sysm - Today at 05:13:38 AMI'm new to setting up OPNsense and so far until I encountered this issue, I haven't had any. The live environment seemingly works fine (which I would expect) but whenever I try to access the Webgui, I'm hit with this. Now so far based off every video I've seen, this should work. I've done everything correctly as shown. I'm at a bit of a loss. I've tried both ports incase one of them was the assigned LAN instead of WAN, Checked the Starlink app for what DCHP assigned opnsense IP, that didn't work either. Changed my DNS settings in windows so it was using Google over cloudflare and viseversa.
I must be missing a diagnostic step here, what should I do next?
I must be missing a diagnostic step here, what should I do next?
#82
Virtual private networks / Re: WireGuard Exporter Tool
Last post by JMini - Today at 05:12:46 AMI don't understand why there isn't an export button for the conf files. If you don't copy/paste during peer creation, you're out of luck.
You can't even build the conf file from the information in the peer details. No access to the Private Key
You can't even build the conf file from the information in the peer details. No access to the Private Key
#83
25.7, 25.10 Series / Re: service adguardhome not st...
Last post by neek - Today at 04:06:57 AMIt looks like when it tries to create the UDP bind on my openvpn interface, that fails (192.168.99.x, below). My guess is the system is bringing up adguardhome before openvpn has had a chance to start and create that interface. In my config, I only see interfaces where I want adguardhome to run. I don't see an option for disabling just UDP on one of the interfaces. When I temporarily disabled adguardhome on the whole VPN network, it did come up successfully.
Piece of the log from the failed launch at boot
Piece of the log from the failed launch at boot
Code Select
2025/12/10 18:54:33.531933 [info] dnsproxy: creating udp server socket addr=192.168.40.1:53
2025/12/10 18:54:33.531976 [info] dnsproxy: listening to udp addr=192.168.40.1:53
2025/12/10 18:54:33.531992 [info] dnsproxy: creating udp server socket addr=192.168.41.1:53
2025/12/10 18:54:33.532060 [info] dnsproxy: listening to udp addr=192.168.41.1:53
2025/12/10 18:54:33.532076 [info] dnsproxy: creating udp server socket addr=192.168.80.1:53
2025/12/10 18:54:33.532124 [info] dnsproxy: listening to udp addr=192.168.80.1:53
2025/12/10 18:54:33.532140 [info] dnsproxy: creating udp server socket addr=192.168.99.1:53
2025/12/10 18:54:33.532196 [info] dnsproxy: warning: binding attempt=1 err="listen udp 192.168.99.1:53: bind: can't assign requested address"
2025/12/10 18:54:33.533087 [error] closing query log: flushing log buffer: nothing to write to a file
2025/12/10 18:54:33.533120 [fatal] starting dns server: configuring listeners: listening on udp addr 192.168.99.1:53: listening to udp socket: listen udp 192.168.99.1:53: bind: can't assign requested address #84
25.7, 25.10 Series / Re: Dnsmasq stops after swap_p...
Last post by dmurphy - Today at 04:02:18 AMThe restarted process has been running for 12 minutes .. memory size has ballooned to 98MB already (67MB resident) ...
Yikes.
Don't see any errors in the dnsmasq log - just the usual DHCPREQUEST/DHCPACK/RTR-SOLICIT/RTR-ADVERT etc.
Yikes.
Don't see any errors in the dnsmasq log - just the usual DHCPREQUEST/DHCPACK/RTR-SOLICIT/RTR-ADVERT etc.
#85
25.7, 25.10 Series / Re: Dnsmasq stops after swap_p...
Last post by dmurphy - Today at 03:50:15 AMFor sure having an issue with dnsmasq. Restarted the process not 24 hours ago, and its memory consumption continues to balloon.
The process has a 9.5gb memory size, 5.4gb resident.
We have some kind of a memory leak. About to restart the process - when (not if) it crashes my entire network takes a nosedive with no DHCP or local zone DNS service.
Any suggestions or ideas?
Opnsense 25.7.9
edit: Just restarted the process; now the process size is 17MB; resident less than 5MB. This is a lot more in line with what I'd expect.
The process has a 9.5gb memory size, 5.4gb resident.
We have some kind of a memory leak. About to restart the process - when (not if) it crashes my entire network takes a nosedive with no DHCP or local zone DNS service.
Any suggestions or ideas?
Opnsense 25.7.9
edit: Just restarted the process; now the process size is 17MB; resident less than 5MB. This is a lot more in line with what I'd expect.
#86
Tutorials and FAQs / OPNsense under Proxmox - Why O...
Last post by spetrillo - Today at 01:16:36 AMI am still struggling with this. I have made major changes to my VLAN structure but this still is not working. So let me step through my setup.
VLANs:
VLAN 2: Network devices and APs
VLAN 3: Servers
VLAN 10: Home wireless
VLAN 12: IoT wireless
VLAN 20: Streaming
My Proxmox server has an onboard 1 gig NIC. I have added a two port 10 gig PCIe adapter, as well as a USB 2.5 gig adapter. Proxmox UI is on USB adapter(vmbr0.2). OPNsense VLANs are on the 10 gig ports(vmbr1 and vmbr2). OPNsense WAN is on the onboard NIC(vmbr3).
My Proxmox networking config is as follows:
iface enp2s0f0 inet manual
auto vmbr1
iface vmbr1 inet manual
bridge-ports enp2s0f0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2,3,20
#FW 2,3,20
iface enp2s0f1 inet manual
auto vmbr2
iface vmbr2 inet manual
bridge-ports enp2s0f1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 10,12
#FW 10,12
iface eno1 inet manual
auto vmbr3
iface vmbr3 inet dhcp
bridge-ports eno1
bridge-stp off
bridge-fd 0
#FW WAN
iface enx6c1ff70ad1e0 inet manual
auto vmbr0
iface vmbr0 inet manual
bridge-ports enx6c1ff70ad1e0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2,3
#VMs 2,3
auto vmbr0.2
iface vmbr0.2 inet static
address 192.168.1.66/26
gateway 192.168.1.65
#Mgmt
My OPNsense VM config is attached. I have a managed 1 gig switch I am testing with. Port 1 of the switch is connected to my PC and is configured for vlan 2 untagged. Port 2 of the switch is connected to the first port of the 10 gig adapter and both vlan2/3 are set to tagged. VLAN 2 is the LAN side of my OPNsense VM, with an IP of 192.168.1.1/26. I configure my PC side for 192.168.1.10/26 and assign the adapter to VLAN 2 also. When I try to ping 192.168.1.1 from my PC(192.168.1.10) I get nothing. I fully expected the LAN side of the OPNsense firewall to respond, but it is not.
Have I done anything incorrect? I believe the networking is correct but I do not know for sure.
Thanks,
Steve
VLANs:
VLAN 2: Network devices and APs
VLAN 3: Servers
VLAN 10: Home wireless
VLAN 12: IoT wireless
VLAN 20: Streaming
My Proxmox server has an onboard 1 gig NIC. I have added a two port 10 gig PCIe adapter, as well as a USB 2.5 gig adapter. Proxmox UI is on USB adapter(vmbr0.2). OPNsense VLANs are on the 10 gig ports(vmbr1 and vmbr2). OPNsense WAN is on the onboard NIC(vmbr3).
My Proxmox networking config is as follows:
iface enp2s0f0 inet manual
auto vmbr1
iface vmbr1 inet manual
bridge-ports enp2s0f0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2,3,20
#FW 2,3,20
iface enp2s0f1 inet manual
auto vmbr2
iface vmbr2 inet manual
bridge-ports enp2s0f1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 10,12
#FW 10,12
iface eno1 inet manual
auto vmbr3
iface vmbr3 inet dhcp
bridge-ports eno1
bridge-stp off
bridge-fd 0
#FW WAN
iface enx6c1ff70ad1e0 inet manual
auto vmbr0
iface vmbr0 inet manual
bridge-ports enx6c1ff70ad1e0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2,3
#VMs 2,3
auto vmbr0.2
iface vmbr0.2 inet static
address 192.168.1.66/26
gateway 192.168.1.65
#Mgmt
My OPNsense VM config is attached. I have a managed 1 gig switch I am testing with. Port 1 of the switch is connected to my PC and is configured for vlan 2 untagged. Port 2 of the switch is connected to the first port of the 10 gig adapter and both vlan2/3 are set to tagged. VLAN 2 is the LAN side of my OPNsense VM, with an IP of 192.168.1.1/26. I configure my PC side for 192.168.1.10/26 and assign the adapter to VLAN 2 also. When I try to ping 192.168.1.1 from my PC(192.168.1.10) I get nothing. I fully expected the LAN side of the OPNsense firewall to respond, but it is not.
Have I done anything incorrect? I believe the networking is correct but I do not know for sure.
Thanks,
Steve
#87
General Discussion / 25.7.9 update - xorgproto: 202...
Last post by Modom001 - Today at 01:11:05 AMI got this when I did todays update. I restarted the up and all it some needing a update is the need to update xorgproto: 2023.2 -> 2024.1 [SunnyValley] again. Any advise?
***GOT REQUEST TO UPDATE***
Currently running OPNsense 25.7.9 (amd64) at Wed Dec 10 17:49:14 CST 2025
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
Checking for upgrades (68 candidates): .......... done
Processing candidates (68 candidates): . done
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
xorgproto: 2023.2 -> 2024.1 [SunnyValley]
Number of packages to be upgraded: 1
[1/1] Upgrading xorgproto from 2023.2 to 2024.1...
[1/1] Extracting xorgproto-2024.1: .......... done
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/applewmproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/bigreqsproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/compositeproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/damageproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/dmxproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/dpmsproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/dri2proto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/dri3proto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/fixesproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/fontsproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/glproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/inputproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/kbproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/presentproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/randrproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/recordproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/renderproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/resourceproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/scrnsaverproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/videoproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xcmiscproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xextproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xf86bigfontproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xf86dgaproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xf86driproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xf86vidmodeproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xineramaproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xwaylandproto.pc
xorgproto-2023.2: missing file /usr/local/share/licenses/xorgproto-2023.2/LICENSE
xorgproto-2023.2: missing file /usr/local/share/licenses/xorgproto-2023.2/MIT
xorgproto-2023.2: missing file /usr/local/share/licenses/xorgproto-2023.2/catalog.mk
Child process pid=11889 terminated abnormally: Segmentation fault
Starting web GUI...done.
Partial update failure detected: attempting automatic cleanup.
No further actions will be taken. Please restart the update now.
***DONE***
***GOT REQUEST TO UPDATE***
Currently running OPNsense 25.7.9 (amd64) at Wed Dec 10 17:49:14 CST 2025
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
Checking for upgrades (68 candidates): .......... done
Processing candidates (68 candidates): . done
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
xorgproto: 2023.2 -> 2024.1 [SunnyValley]
Number of packages to be upgraded: 1
[1/1] Upgrading xorgproto from 2023.2 to 2024.1...
[1/1] Extracting xorgproto-2024.1: .......... done
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/applewmproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/bigreqsproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/compositeproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/damageproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/dmxproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/dpmsproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/dri2proto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/dri3proto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/fixesproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/fontsproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/glproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/inputproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/kbproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/presentproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/randrproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/recordproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/renderproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/resourceproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/scrnsaverproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/videoproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xcmiscproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xextproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xf86bigfontproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xf86dgaproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xf86driproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xf86vidmodeproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xineramaproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xproto.pc
xorgproto-2023.2: missing file /usr/local/libdata/pkgconfig/xwaylandproto.pc
xorgproto-2023.2: missing file /usr/local/share/licenses/xorgproto-2023.2/LICENSE
xorgproto-2023.2: missing file /usr/local/share/licenses/xorgproto-2023.2/MIT
xorgproto-2023.2: missing file /usr/local/share/licenses/xorgproto-2023.2/catalog.mk
Child process pid=11889 terminated abnormally: Segmentation fault
Starting web GUI...done.
Partial update failure detected: attempting automatic cleanup.
No further actions will be taken. Please restart the update now.
***DONE***
#88
General Discussion / Re: still see traffic going ou...
Last post by robertkwild - Today at 12:30:00 AMthanks RamSense
doing this command on my opnsense
tcpdump -i vtnet0 port 853
should i replace vtnet0 with my lan or wan interface?
thats very wierd i made a floating rule to block 53 and it worked as i couldnt access any websites anymore but when i did a tcpdump on my lan interface on 53 i could see loads of activity so somethings wierd, so it looks like my DoT isnt working
thanks,
rob
doing this command on my opnsense
tcpdump -i vtnet0 port 853
should i replace vtnet0 with my lan or wan interface?
thats very wierd i made a floating rule to block 53 and it worked as i couldnt access any websites anymore but when i did a tcpdump on my lan interface on 53 i could see loads of activity so somethings wierd, so it looks like my DoT isnt working
thanks,
rob
#89
Q-Feeds (Threat intelligence) / q-feeds feedback
Last post by mokaz - December 10, 2025, 11:44:11 PMHi there,
I tested the free plugin and it works according to plan, thanks!
A few items though:
- I guess that with the Community - Self-Provisioned licensing scheme, the provided threat feeds include OSINT only. Are you intending to list what is included within your OSINT package? I.E: all the Q-Feeds triggering threats here were part of my next in line ingress policy object which is the IPSUM_L1 threat intelligence feed.
- I may think that the plugin does not release/give control back to OPNsense once the inactive administrative session timeout has been reached. One may still click on the three Q-Feeds menus. Although, while nothing refreshes within the Q-Feeds menus, once you click anywhere else within the GUI, you're routed to the usual OPNsense login page, which is the normal behavior under these circumstances.
- Why the "Security" new menuitem? why not simply within the "Services > Q-Feeds Connect" menu directly? Perhaps there are other unknown to me plugins that uses the "Security" menuitem although if you're the only one, I don't see the point TBH.
Let me know,
Thanks
I tested the free plugin and it works according to plan, thanks!
A few items though:
- I guess that with the Community - Self-Provisioned licensing scheme, the provided threat feeds include OSINT only. Are you intending to list what is included within your OSINT package? I.E: all the Q-Feeds triggering threats here were part of my next in line ingress policy object which is the IPSUM_L1 threat intelligence feed.
- I may think that the plugin does not release/give control back to OPNsense once the inactive administrative session timeout has been reached. One may still click on the three Q-Feeds menus. Although, while nothing refreshes within the Q-Feeds menus, once you click anywhere else within the GUI, you're routed to the usual OPNsense login page, which is the normal behavior under these circumstances.
- Why the "Security" new menuitem? why not simply within the "Services > Q-Feeds Connect" menu directly? Perhaps there are other unknown to me plugins that uses the "Security" menuitem although if you're the only one, I don't see the point TBH.
Let me know,
Thanks
#90
25.7, 25.10 Series / Re: MIgrating IPsec Legacy to ...
Last post by thorstenR - December 10, 2025, 11:34:05 PManyone?!?
