"Recent posts
#91
26.1 Series / Re: [26.1_4] New Firewall rule...
Last post by yeraycito - January 31, 2026, 06:20:22 PM #92
26.1 Series / [26.1_4] New Firewall rule imp...
Last post by Tubs - January 31, 2026, 06:09:53 PMI successfully updated opnSense to version 26.1_4.
I want to to migrate the firewall rules to the new menu with the migration wizard. Export is working. But when I try to import nothing happens. I can select a file and I can click the green hook. The window disappears. But no rules are imported and no error message I get.
Is this a know issue and I just need to wait till it is solved?
You cannot view this attachment.
I want to to migrate the firewall rules to the new menu with the migration wizard. Export is working. But when I try to import nothing happens. I can select a file and I can click the green hook. The window disappears. But no rules are imported and no error message I get.
Is this a know issue and I just need to wait till it is solved?
You cannot view this attachment.
#93
26.1 Series / Re: [Solved] OpnSense 25.7.11_...
Last post by Noci - January 31, 2026, 05:40:15 PMQuote from: franco on January 31, 2026, 02:36:02 PMCan't fix that. This and other things are unavoidable when enabling the FreeBSD repository.What needs to be disabled?
Cheers,
Franco
#94
26.1 Series / Re: Let's talk firewall rule o...
Last post by julsssark - January 31, 2026, 05:39:28 PM@Patrick, thanks for posting your firewall rule structure. You've given me some ideas for improving mine. What are your categories (i.e., how do you use them)?
#95
26.1 Series / Re: Initialization of RRD file...
Last post by Patate - January 31, 2026, 05:37:45 PMHello
You can try that in ssh
# opnsense-patch 6933841
and reboot
Worked for me
You can try that in ssh
# opnsense-patch 6933841
and reboot
Worked for me
#96
26.1 Series / Re: RC1: hundreds of rc.newwan...
Last post by Patate - January 31, 2026, 05:36:02 PMHello
# opnsense-patch 6933841
--> reboot
= Working
Thx
# opnsense-patch 6933841
--> reboot
= Working
Thx
#97
26.1 Series / Re: [Solved] OpnSense 25.7.11_...
Last post by Noci - January 31, 2026, 05:35:43 PMThis might have been the result of installing zenarmor... :-(
#98
26.1 Series / Re: Suricata - Divert (IPS)
Last post by agh1701 - January 31, 2026, 05:29:25 PMThanks!
#99
Virtual private networks / Routing everything through VPN...
Last post by FredFresh - January 31, 2026, 05:21:27 PMIn order to route everything through the wireguard VPN connections (I have 2-3 used one as backup of the previous one), I did:
partially follow the wireguard road warrior:
- flagged "Gateway switching" in System-Settings-General;
- flagged "Upstream Gateway" in System-Gateway-Configuration-each of the wireguard gateways;
- flagged "Failover States" & "Failback States" in each wireguard gateway;
- given an higher priority (lower number) to the wireguard gateways (ie. First VPNgw =1 , Second VPNgw =3, Third VPNgw =5, WAN =7);
- the gateway monitoring brings online/offline each gateway in case something is not working;
-created a static route + firewall to each IP entrypoint through WAN (in order to avoid VPN connections going one through the other)
This way the wireguards are basically used as a multi-wan setup and I am finally able to route everything (also firewall originated traffic) through the VPNs.
The questions is: this configuration has any security issue or any other flaw?
Everything works properly, aside that after a randomic amount of time the handshakes are not renewed but the IP entrypoints are still reachable: I am trying to understand where is the cause of this behaviour.
Thank you.
partially follow the wireguard road warrior:
- flagged "Gateway switching" in System-Settings-General;
- flagged "Upstream Gateway" in System-Gateway-Configuration-each of the wireguard gateways;
- flagged "Failover States" & "Failback States" in each wireguard gateway;
- given an higher priority (lower number) to the wireguard gateways (ie. First VPNgw =1 , Second VPNgw =3, Third VPNgw =5, WAN =7);
- the gateway monitoring brings online/offline each gateway in case something is not working;
-created a static route + firewall to each IP entrypoint through WAN (in order to avoid VPN connections going one through the other)
This way the wireguards are basically used as a multi-wan setup and I am finally able to route everything (also firewall originated traffic) through the VPNs.
The questions is: this configuration has any security issue or any other flaw?
Everything works properly, aside that after a randomic amount of time the handshakes are not renewed but the IP entrypoints are still reachable: I am trying to understand where is the cause of this behaviour.
Thank you.
#100
26.1 Series / Re: Suricata - Divert (IPS)
Last post by xpendable - January 31, 2026, 05:01:28 PMFor me my rule is simple, a new rule in Rules [New] on the WAN interface coming in to pass all traffic and Divert-to set to Intrusion Detection. This basically replicates my previous setup by capturing all packets for inspection, I don't want it to be more granular, maybe in an enterprise environment but not my homelab. The order is up to you, place the rule accordingly based on your other rules for the WAN interface.
NOTE: Divert-to is hidden and is only available in the "Advanced Mode", so be sure to enable that in the top left corner of the new rule dialog.
I use the WAN interface and add my ISP routers IP address to Home Networks in the suricata config, as far as I am aware this is the best method when using an IPS. As when on the LAN interface you may get more false positives and a lack of detection's since that interface is on your internal network. Intrusion attempts come from the external network in most cases, especially for homelab environments.
https://docs.opnsense.org/manual/ips.html#general-setup
https://docs.opnsense.org/manual/ips.html#advanced-options
NOTE: Divert-to is hidden and is only available in the "Advanced Mode", so be sure to enable that in the top left corner of the new rule dialog.
I use the WAN interface and add my ISP routers IP address to Home Networks in the suricata config, as far as I am aware this is the best method when using an IPS. As when on the LAN interface you may get more false positives and a lack of detection's since that interface is on your internal network. Intrusion attempts come from the external network in most cases, especially for homelab environments.
https://docs.opnsense.org/manual/ips.html#general-setup
https://docs.opnsense.org/manual/ips.html#advanced-options
