"Recent posts
#81
Announcements / Re: OPNsense 25.7.9 released
Last post by franco - December 11, 2025, 11:14:28 AMA hotfix release was issued as 25.7.9_7:
o system: fix hidden syslog HA XMLRPC sync option
o firewall: aliases: add has_parser() to check if an alias has a valid parser available
o firewall: clean up rules edit cancel button
o unbound: fix condition in safesearch template
o unbound: fix "configctl unbound check" after 25.7.8
o system: fix hidden syslog HA XMLRPC sync option
o firewall: aliases: add has_parser() to check if an alias has a valid parser available
o firewall: clean up rules edit cancel button
o unbound: fix condition in safesearch template
o unbound: fix "configctl unbound check" after 25.7.8
#82
25.7, 25.10 Series / Re: os-OPNWAF / Exchange 2019 ...
Last post by Monviech (Cedrik) - December 11, 2025, 11:09:10 AMThanks for testing.
The Sophos config has these two settings, can you add them to the location?
If that didn't change anything remove http/2 and force http/1.1
Replace:
Please try these one by one so we can figure out which one did the trick. I imagine the http/1.1 might do something, since Caddy does the same when enabling the NTML module in it.
The Sophos config has these two settings, can you add them to the location?
Code Select
SetEnv proxy-initial-not-pooled
SetEnv proxy-aside-c
If that didn't change anything remove http/2 and force http/1.1
Replace:
Code Select
Protocols h2 http/1.1With:Code Select
Protocols http/1.1Please try these one by one so we can figure out which one did the trick. I imagine the http/1.1 might do something, since Caddy does the same when enabling the NTML module in it.
#83
25.7, 25.10 Series / Re: os-OPNWAF / Exchange 2019 ...
Last post by humnab - December 11, 2025, 11:01:20 AMAnd the log for the actual test:
Code Select
<166>1 2025-12-11T10:51:22+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="1"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/nspi/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 3798 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="2"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/nspi/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="3"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/nspi/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1480 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="4"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="5"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1752 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="6"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="7"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1627 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="8"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="9"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1565 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="10"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="11"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1471 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="12"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="13"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1482 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="14"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="15"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1682 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="16"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="17"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1453 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="18"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="19"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 844 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="20"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1481 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="21"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="22"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 2149 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="23"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="24"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1472 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="25"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/nspi/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="26"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/nspi/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1479 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="27"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="28"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1484 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="29"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="30"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1482 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="31"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:23+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="32"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1488 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="33"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="34"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 2737 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="35"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="36"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1484 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="37"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="38"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1599 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="39"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="40"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1491 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="41"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="42"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1596 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="43"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="44"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1484 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="45"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="46"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1473 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="47"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="48"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1475 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="49"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 401 702 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)"
<166>1 2025-12-11T10:51:24+01:00 rzfw01.example.com httpd 99272 - [meta sequenceId="50"] mail.example.com:443 62.54.xxx.xxx - - "POST /mapi/emsmdb/?MailboxId=31c164bf-6496-4b7c-8ed4-52e466adb9dd@example.com HTTP/1.1" 200 1455 "-" "Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.14332; Pro)" #84
25.7, 25.10 Series / Re: Help Troubleshooting OPNse...
Last post by Patrick M. Hausen - December 11, 2025, 10:59:59 AMYou are right - you do not have any active peers. The output should look similar to this one:
So the pool entries stay as they are but there should be individual servers *from* these pools that are active peers or candidates, respectively.
The states "pending", "active peer", "candidate" are shown in the UI status page if all is correct.
You can try on OPNsense e.g.:
You do have your NTP service enabled on all interfaces (the default), do you?
Code Select
$ ntpq -pn
remote refid st t when poll reach delay offset jitter
==============================================================================
0.freebsd.pool. .POOL. 16 p - 64 0 0.000 +0.000 0.000
2.freebsd.pool. .POOL. 16 p - 64 0 0.000 +0.000 0.000
+94.16.122.152 131.188.3.222 2 u 754 1024 377 2.674 -0.052 1.608
+78.46.87.46 189.97.54.122 2 u 217 1024 377 0.434 -0.297 0.117
-46.38.241.235 189.97.54.122 2 u 600 1024 377 2.654 -1.037 0.401
*141.144.241.16 195.145.119.188 2 u 435 1024 377 5.366 -0.225 0.043
So the pool entries stay as they are but there should be individual servers *from* these pools that are active peers or candidates, respectively.
The states "pending", "active peer", "candidate" are shown in the UI status page if all is correct.
You can try on OPNsense e.g.:
Code Select
$ drill 0.europe.pool.ntp.org
[...]
0.europe.pool.ntp.org. 130 IN A 185.123.84.51
0.europe.pool.ntp.org. 130 IN A 51.250.68.198
0.europe.pool.ntp.org. 130 IN A 46.160.198.122
0.europe.pool.ntp.org. 130 IN A 87.63.200.138
$ ntpdate -q 185.123.84.51
You do have your NTP service enabled on all interfaces (the default), do you?
#85
25.7, 25.10 Series / Re: os-OPNWAF / Exchange 2019 ...
Last post by humnab - December 11, 2025, 10:59:53 AMHello,
I changed it to:
Unfortunately no difference, popups are still appearing.
I changed it to:
Code Select
ServerName mail.example.com
Listen 443
<VirtualHost *:443>
ServerName mail.example.com
Options -FollowSymLinks
Options -Indexes
Options -ExecCGI
LogLevel warn
ProxyRequests Off
RequestHeader set X-Forwarded-Proto "https"
SSLProxyEngine On
SSLProxyCheckPeerName On
SSLProxyCheckPeerExpire On
SSLEngine on
Protocols h2 http/1.1
SSLCertificateFile /var/etc/apache_2dd88e9b-e1af-45c0-bbb9-b157bf809e66.pem
SSLCertificateKeyFile /var/etc/apache_2dd88e9b-e1af-45c0-bbb9-b157bf809e66.key
# https://wiki.mozilla.org/Security/Server_Side_TLS
# TLS Intermediate configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
SSLHonorCipherOrder off
SSLCompression off
SSLSessionTickets off
SSLOptions +StrictRequire
SSLUseStapling On
# Start ExchangeHttps
OutlookAnywherePassthrough On
Header always set X-Frame-Options SAMEORIGIN
Header set Server Apache
Header unset X-AspNet-Version
Header unset X-OWA-Version
Header unset X-Powered-By
RequestHeader unset Expect early
ProxyRequests Off
ProxyPreserveHost On
ProxyVia Full
RequestHeader edit Transfer-Encoding Chunked chunked early
RequestHeader unset Accept-Encoding
TimeOut 1800
# Change Character set to allow umlaute
AddDefaultCharset ISO-8859-1
# Redirect to owa (Outlook Web Access)
# Redirect / /owa/
# Allow sending large files via attachement in Active Sync > 128KByte (new value 30MB)
<Directory /Microsoft-Server-ActiveSync>
SSLRenegBufferSize 31457280
</Directory>
<Location />
ProxyPass https://10.10.10.5/ connectiontimeout=900
ProxyPassReverse https://10.10.10.5/
</Location>
# End ExchangeHttps
<Location "/__waf_errors__">
ProxyPass "!"
<RequireAny>
# error pages are allowed for all.
Require all granted
</RequireAny>
</Location>
Alias "/__waf_errors__" "/usr/local/opnsense/data/OPNWAF/errors/default"
ErrorDocument 400 /__waf_errors__/400.html
ErrorDocument 401 /__waf_errors__/401.html
ErrorDocument 403 /__waf_errors__/403.html
ErrorDocument 404 /__waf_errors__/404.html
ErrorDocument 408 /__waf_errors__/408.html
ErrorDocument 500 /__waf_errors__/500.html
ErrorDocument 502 /__waf_errors__/502.html
ErrorDocument 504 /__waf_errors__/504.html
</VirtualHost>
<VirtualHost *:443>
ServerName autodiscover.example.com
Options -FollowSymLinks
Options -Indexes
Options -ExecCGI
LogLevel warn
ProxyRequests Off
RequestHeader set X-Forwarded-Proto "https"
SSLProxyEngine On
SSLProxyCheckPeerName On
SSLProxyCheckPeerExpire On
SSLEngine on
Protocols h2 http/1.1
SSLCertificateFile /var/etc/apache_d5ddeeb9-32c1-42a0-be53-f9b92602e492.pem
SSLCertificateKeyFile /var/etc/apache_d5ddeeb9-32c1-42a0-be53-f9b92602e492.key
# https://wiki.mozilla.org/Security/Server_Side_TLS
# TLS Intermediate configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
SSLHonorCipherOrder off
SSLCompression off
SSLSessionTickets off
SSLOptions +StrictRequire
SSLUseStapling On
# Start ExchangeHttps
OutlookAnywherePassthrough On
Header always set X-Frame-Options SAMEORIGIN
Header set Server Apache
Header unset X-AspNet-Version
Header unset X-OWA-Version
Header unset X-Powered-By
RequestHeader unset Expect early
ProxyRequests Off
ProxyPreserveHost On
ProxyVia Full
RequestHeader edit Transfer-Encoding Chunked chunked early
RequestHeader unset Accept-Encoding
TimeOut 1800
# Change Character set to allow umlaute
AddDefaultCharset ISO-8859-1
# Redirect to owa (Outlook Web Access)
# Redirect / /owa/
# Allow sending large files via attachement in Active Sync > 128KByte (new value 30MB)
<Directory /Microsoft-Server-ActiveSync>
SSLRenegBufferSize 31457280
</Directory>
# End ExchangeHttps
<Location "/__waf_errors__">
ProxyPass "!"
<RequireAny>
# error pages are allowed for all.
Require all granted
</RequireAny>
</Location>
Alias "/__waf_errors__" "/usr/local/opnsense/data/OPNWAF/errors/default"
ErrorDocument 400 /__waf_errors__/400.html
ErrorDocument 401 /__waf_errors__/401.html
ErrorDocument 403 /__waf_errors__/403.html
ErrorDocument 404 /__waf_errors__/404.html
ErrorDocument 408 /__waf_errors__/408.html
ErrorDocument 500 /__waf_errors__/500.html
ErrorDocument 502 /__waf_errors__/502.html
ErrorDocument 504 /__waf_errors__/504.html
</VirtualHost>
Unfortunately no difference, popups are still appearing.
#86
25.7, 25.10 Series / Re: Help Troubleshooting OPNse...
Last post by OPNenthu - December 11, 2025, 10:54:11 AMI've so far seen two cases where NTP fails to sync:
1) local DNS is broken (for the firewall itself, not the LAN) so it can't resolve the pools
2) system date is too far out of sync with the local time (like when CMOS battery dies) and NTP refuses to sync
#2 can be fixed by setting the date manually with the 'date' command to within ~5 minutes of the actual time, then NTP starts to work.
1) local DNS is broken (for the firewall itself, not the LAN) so it can't resolve the pools
2) system date is too far out of sync with the local time (like when CMOS battery dies) and NTP refuses to sync
#2 can be fixed by setting the date manually with the 'date' command to within ~5 minutes of the actual time, then NTP starts to work.
#87
German - Deutsch / Re: Probleme mit DNS + VLAN + ...
Last post by Patrick M. Hausen - December 11, 2025, 10:53:57 AMDu kannst den Betreff im ersten Post editieren und "[GELÖST]" oder "[SOLVED]" rein schreiben.
#88
German - Deutsch / Re: Probleme mit DNS + VLAN + ...
Last post by mfreudenberg - December 11, 2025, 10:44:41 AMKann man Posts in dem Forum als gelöst markieren?
#89
25.7, 25.10 Series / Re: OPNCentral cannot provisio...
Last post by franco - December 11, 2025, 10:44:12 AMYes, this was a target fix for syncing network time servers (and other flat values described in XMLRPC sync data).
So the problem continues when all nodes are up to date?
In that case can you downgrade OPNBEcore everywhere?
# opnsense-revert -r 25.10p1 os-OPNBEcore
I don't mind removing the change via hotfix later today if it has these unforeseen issues, but I'd like to be 100% sure that is the problem.
Cheers,
Franco
So the problem continues when all nodes are up to date?
In that case can you downgrade OPNBEcore everywhere?
# opnsense-revert -r 25.10p1 os-OPNBEcore
I don't mind removing the change via hotfix later today if it has these unforeseen issues, but I'd like to be 100% sure that is the problem.
Cheers,
Franco
#90
25.7, 25.10 Series / Re: Help Troubleshooting OPNse...
Last post by mb19 - December 11, 2025, 10:42:07 AMI'm not sure I'm understanding this correctly. When I run the command on OPNsense, I get the following output:
root@opnsense:/var/log/filter # ntpq -pn
remote refid st t when poll reach delay offset jitter
==============================================================================
0.es.pool.ntp.o .POOL. 16 p - 64 0 0.000 +0.000 0.004
1.es.pool.ntp.o .POOL. 16 p - 64 0 0.000 +0.000 0.004
2.es.pool.ntp.o .POOL. 16 p - 64 0 0.000 +0.000 0.004
3.es.pool.ntp.o .POOL. 16 p - 64 0 0.000 +0.000 0.004
0.europe.pool.n .POOL. 16 p - 64 0 0.000 +0.000 0.004
root@opnsense:/var/log/filter #
From what I understand, OPNsense isn't able to synchronize with the public NTP servers.
On the other hand, I still don't fully understand where the "Active Peer" and "Candidate" indicators are supposed to appear.
I'm attaching an image of my GUI as well:
https://ibb.co/yzGMS25
https://ibb.co/1YFJmnpN
root@opnsense:/var/log/filter # ntpq -pn
remote refid st t when poll reach delay offset jitter
==============================================================================
0.es.pool.ntp.o .POOL. 16 p - 64 0 0.000 +0.000 0.004
1.es.pool.ntp.o .POOL. 16 p - 64 0 0.000 +0.000 0.004
2.es.pool.ntp.o .POOL. 16 p - 64 0 0.000 +0.000 0.004
3.es.pool.ntp.o .POOL. 16 p - 64 0 0.000 +0.000 0.004
0.europe.pool.n .POOL. 16 p - 64 0 0.000 +0.000 0.004
root@opnsense:/var/log/filter #
From what I understand, OPNsense isn't able to synchronize with the public NTP servers.
On the other hand, I still don't fully understand where the "Active Peer" and "Candidate" indicators are supposed to appear.
I'm attaching an image of my GUI as well:
https://ibb.co/yzGMS25
https://ibb.co/1YFJmnpN
