"Recent posts
#81
Hardware and Performance / Re: [solved] Intel i226 Firmwa...
Last post by Seimus - November 20, 2025, 07:11:11 PMUpgraded today as well on my N5105 PRX node
It came with the i226-V firmware:
Upgraded to 2.32 using the 1MB file + the flashing utility for linux, process was without problems.
Regards,
S.
It came with the i226-V firmware:
Code Select
NVM Version : 2.20(2.14)
NVM Version : 2.20(2.14)
NVM Version : 2.20(2.14)
NVM Version : 2.20(2.14)
Upgraded to 2.32 using the 1MB file + the flashing utility for linux, process was without problems.
Code Select
CURRENT FAMILY: 1.0.0
CONFIG VERSION: 1.20.0
; NIC device
BEGIN DEVICE
DEVICENAME: Intel(R) Ethernet Controller I226-V
VENDOR: 8086
DEVICE: 125C
SUBVENDOR: 8086
SUBDEVICE: 0000
NVM IMAGE: FXVL_125C_V_1MB_2.32.bin
EEPID: 80000425
RESET TYPE: REBOOT
REPLACES: 80000290
END DEVICE
Code Select
NVM Version : 2.50(2.32)
NVM Version : 2.50(2.32)
NVM Version : 2.50(2.32)
NVM Version : 2.50(2.32)
Regards,
S.
#82
Tutorials and FAQs / Re: OPNsense aarch64 firmware ...
Last post by Maurice - November 20, 2025, 07:06:14 PMI was indeed wondering which mirror gets used with the default "(default)" setting. That's kind of obfuscated. 😅 But I eventually figured out that opnsense-update reads the "url" value from repos/OPNsense.conf, which does get set to CORE_PACKAGESITE at build time.
Until now, I didn't modify CORE_PACKAGESITE, hence I had to inject my mirror into config.xml.sample. Starting with 25.7.8 I will stop doing this since it's no longer necessary with the correct CORE_PACKAGESITE.
Modifying repositories/opnsense.xml isn't really necessary, correct. I just thought it would make sense to remove the amd64 mirrors while I'm at it.
Going forward, it might make sense to add an "architecture" property to each mirror in repositories/opnsense.xml. Mirrors could offer a single or multiple architectures. The GUI then could only display the mirrors which offer the system's architecture.
Cheers
Maurice
Until now, I didn't modify CORE_PACKAGESITE, hence I had to inject my mirror into config.xml.sample. Starting with 25.7.8 I will stop doing this since it's no longer necessary with the correct CORE_PACKAGESITE.
Modifying repositories/opnsense.xml isn't really necessary, correct. I just thought it would make sense to remove the amd64 mirrors while I'm at it.
Going forward, it might make sense to add an "architecture" property to each mirror in repositories/opnsense.xml. Mirrors could offer a single or multiple architectures. The GUI then could only display the mirrors which offer the system's architecture.
Cheers
Maurice
#83
Hardware and Performance / Re: [solved] Intel i226 Firmwa...
Last post by Seimus - November 20, 2025, 06:25:54 PMUpgraded today as well on my main N100 FW
It came with the i226-V firmware:
Upgraded to 2.32 using the 2MB file, process was without problems.
Regards,
S.
It came with the i226-V firmware:
Code Select
[1] igc0: EEPROM V2.13-0 eTrack 0x80000284
[1] igc1: EEPROM V2.13-0 eTrack 0x80000284
[1] igc2: EEPROM V2.13-0 eTrack 0x80000284
[1] igc3: EEPROM V2.13-0 eTrack 0x80000284
Upgraded to 2.32 using the 2MB file, process was without problems.
Code Select
CURRENT FAMILY: 1.0.0
CONFIG VERSION: 1.20.0
; NIC device
BEGIN DEVICE
DEVICENAME: Intel(R) Ethernet Controller I226-V
VENDOR: 8086
DEVICE: 125C
SUBVENDOR: 8086
SUBDEVICE: 0000
NVM IMAGE: FXVL_125C_V_2MB_2.32.bin
EEPID: 80000422
RESET TYPE: REBOOT
REPLACES: 80000284
END DEVICE
Code Select
[1] igc0: EEPROM V2.32-0 eTrack 0x80000422
[1] igc1: EEPROM V2.32-0 eTrack 0x80000422
[1] igc2: EEPROM V2.32-0 eTrack 0x80000422
[1] igc3: EEPROM V2.32-0 eTrack 0x80000422
Regards,
S.
#84
Tutorials and FAQs / Re: OPNsense aarch64 firmware ...
Last post by franco - November 20, 2025, 06:08:36 PMThanks, this works nicely. Now I can get the fingerprints back if I install a development version from our repo. This is still not optimal but it helps and I'll keep pondering about it. I also pushed the man page update for the opnsense-bootstrap change.
FWIW, I don't think you strictly need to change opnsense.xml as your inject the correct mirror into the configuration as it seems. But I was wondering where it reads the default from anyway which is the OPNsense.conf file so I think you don't even need to do that and "(default)" should just work.
Maybe we can hide the other repositories for aarch64 on opnsense.xml but I'm not sure yet.
Cheers,
Franco
FWIW, I don't think you strictly need to change opnsense.xml as your inject the correct mirror into the configuration as it seems. But I was wondering where it reads the default from anyway which is the OPNsense.conf file so I think you don't even need to do that and "(default)" should just work.
Maybe we can hide the other repositories for aarch64 on opnsense.xml but I'm not sure yet.
Cheers,
Franco
#85
25.7, 25.10 Series / High CPU on Dashboard
Last post by cyberfarer - November 20, 2025, 05:59:29 PMGreetings,
I am seeing an issue on the dashboard where widgets cause many PHP and PHP-CGI processes to spawn that eventually consume all CPU. The widgets themselves become unresponsive. I've noted this issue raised on these forums but not addressed and possibly unrelated.
Logs show entries like this:
This began when configuring IDS, but I have since disabled and removed all rules and the issue persists so I now believe it is unrelated.
Thoughts and ideas are welcome.
P.S. CPU is fine so long as I don't visit the dashboard or remove the impacted widgets.
I am seeing an issue on the dashboard where widgets cause many PHP and PHP-CGI processes to spawn that eventually consume all CPU. The widgets themselves become unresponsive. I've noted this issue raised on these forums but not addressed and possibly unrelated.
Logs show entries like this:
Code Select
2025-11-19T22:11:53-05:00 OPNsense.localdomain configd.py 381 - [meta sequenceId="18"] [68d947aa-2219-44e2-b504-bb0cc73ee1c8] Script action failed with Command '/usr/local/opnsense/scripts/routes/gateway_status.php' died with <Signals.SIGKILL: 9>. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 89, in execute subprocess.run(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.11/subprocess.py", line 571, in run raise CalledProcessError(retcode, process.args, subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/routes/gateway_status.php' died with <Signals.SIGKILL: 9>.
This began when configuring IDS, but I have since disabled and removed all rules and the issue persists so I now believe it is unrelated.
Thoughts and ideas are welcome.
P.S. CPU is fine so long as I don't visit the dashboard or remove the impacted widgets.
#86
General Discussion / Trouble with VLAN setup on 4-p...
Last post by User074357 - November 20, 2025, 05:08:10 PMHi,
I have a 4-port OPNsense box to which I have my WAN, PC and NAS connected. OPT1 and OPT2 (NAS and PC) are bridged for LAN. I know it's not recommended to use a bridge for this, but I'm trying to avoid a dedicated switch for now.
The NAS is running TrueNAS SCALE and I now want to create a VLAN for some of the VMs on it. I added a VLAN interface on TrueNAS with tag 20 and the static IP 192.168.20.2/24. I then created a VLAN for igc1 (OPT1) with tag 20 on OPNsense and removed OPT1 from the bridge, since I read I cannot use the untagged interface on a bridge while also using VLANs. The goal is to use 2 VLANs between TrueNAS and OPNsense and adding one of them to the OPNsense LAN bridge.
I added the VLAN interface under assignments and set the IPv4 Configuration Type to Static IPv4 and configured the IP 192.168.20.1/24.
I was expecting to be able to ping my TrueNAS host under 192.168.20.2 from my PC in LAN now, but this doesn't work (100% packet loss). The firewall live view also doesn't show anything.
I'm new to VLANs and I know I should just buy a managed switch, but I'm confused as to why this doesn't work. Am I missing something?
I have a 4-port OPNsense box to which I have my WAN, PC and NAS connected. OPT1 and OPT2 (NAS and PC) are bridged for LAN. I know it's not recommended to use a bridge for this, but I'm trying to avoid a dedicated switch for now.
The NAS is running TrueNAS SCALE and I now want to create a VLAN for some of the VMs on it. I added a VLAN interface on TrueNAS with tag 20 and the static IP 192.168.20.2/24. I then created a VLAN for igc1 (OPT1) with tag 20 on OPNsense and removed OPT1 from the bridge, since I read I cannot use the untagged interface on a bridge while also using VLANs. The goal is to use 2 VLANs between TrueNAS and OPNsense and adding one of them to the OPNsense LAN bridge.
I added the VLAN interface under assignments and set the IPv4 Configuration Type to Static IPv4 and configured the IP 192.168.20.1/24.
I was expecting to be able to ping my TrueNAS host under 192.168.20.2 from my PC in LAN now, but this doesn't work (100% packet loss). The firewall live view also doesn't show anything.
I'm new to VLANs and I know I should just buy a managed switch, but I'm confused as to why this doesn't work. Am I missing something?
#87
Virtual private networks / Access IPSec-Tunnels "behind" ...
Last post by tuxlemmi - November 20, 2025, 05:01:29 PMI have an OPNsense with a working WireGuard-setup for my mobile devices.
The peer-config routes all ipv4-traffic through the tunnel.
So far so good.
I want to reach subnets on site-2-site IPSec-tunnels (made by OPNsense) from the peer through the tunnel.
Do i have to include the wireguard-network on OPNsense in the IPSec-tunnel-config or is there another way?
Thanx.
The peer-config routes all ipv4-traffic through the tunnel.
So far so good.
I want to reach subnets on site-2-site IPSec-tunnels (made by OPNsense) from the peer through the tunnel.
Do i have to include the wireguard-network on OPNsense in the IPSec-tunnel-config or is there another way?
Thanx.
#88
German - Deutsch / Problem mit sftp Backup über V...
Last post by harald99 - November 20, 2025, 04:39:01 PMHallo zusammen,
ich habe folgenden Aufbau:
Wenn ich ein sftp backup von der OPNsense1 auf den Server mache, funktioniert es.
Der Client kann per SSH auf den server zugreifen.
Wenn ich ein sftp Backup von der OPNsense2 anstoße, kommt die OPNsense2 nicht per SSH an den Server.
Wie bekomme ich die OPNsense 2 dazu per sftp auf den Server zu sichern?
Salü
.h
ich habe folgenden Aufbau:
Code Select
...Client...
|
LAN | 10.1.2.0/24
|
.-----+-----.
| OPNsense2 |
'-----+-----'
|
VPN |
|
.-----+------.
| OPNsense1 +
'-----+------'
|
LAN | 10.1.1.0/24
|
...Server...
Wenn ich ein sftp backup von der OPNsense1 auf den Server mache, funktioniert es.
Der Client kann per SSH auf den server zugreifen.
Wenn ich ein sftp Backup von der OPNsense2 anstoße, kommt die OPNsense2 nicht per SSH an den Server.
Wie bekomme ich die OPNsense 2 dazu per sftp auf den Server zu sichern?
Salü
.h
#89
General Discussion / Re: does anyone currently have...
Last post by Greg_E - November 20, 2025, 03:30:25 PMHopefully the fiber side of things will stay the same for you. It's not in my area yet, but I signed up for a wait list to let them know there is interest. Not much of a risk of spam, I'm already their customer for the cellular internet.
#90
25.7, 25.10 Series / Keep losing access to WebGUI
Last post by maikverheijen - November 20, 2025, 03:22:33 PMI am experiencing a persistent issue with the OPNSense WebGUI. After some unpredictable period of time, I am unable to access the OPNSense login page through the WebGUI. To resolve this, I have to log in via the console, select option 2, change HTTPS to HTTP, and reset the WebGUI. After these steps, I can access the login page again without problems. However, if I remain inactive for a long time, the WebGUI becomes unreachable once more, requiring me to repeat the same console steps.
The system log continuously shows this error whenever I cannot log in (one log entry per access attempt):
After performing the reset steps in the console, the log shows:
I am completely puzzled by this issue, and this problem does not occur on my other OPNSense systems. Could this be somehow related to HTTPS or HSTS?
The system log continuously shows this error whenever I cannot log in (one log entry per access attempt):
Code Select
(/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.82/src/mod_openssl.c.4647) SSL: addr:192.168.10.17 ssl_err:1 error:0A00009C:SSL routines::http requestAfter performing the reset steps in the console, the log shows:
Code Select
(/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.82/src/server.c.1271) [note] graceful shutdown started
(/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.82/src/server.c.2372) server stopped by UID = 0 PID = 93511
(/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.82/src/server.c.1971) server started (lighttpd/1.4.82)
(/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.82/src/h1.c.441) unexpected TLS ClientHello on clear port (192.168.10.17)I am completely puzzled by this issue, and this problem does not occur on my other OPNSense systems. Could this be somehow related to HTTPS or HSTS?
