"Recent posts
#91
Tutorials and FAQs / Tayga firewall rule?
Last post by Jackknife4782 - Today at 06:05:07 AMI am on 26.1_4 and have Tayga setup according to the NAT64 How-To in the opnsense documentation. It works just fine, but I am not sure I have the firewall rules setup properly. I have the anti-lockout disabled and only allow access to the opnsense web gui via my LAN. For some reason, I can still access the gui from other VLANs when Tayga is enabled. I notice in the firewall live log that the connection is sourced from the Tayga NAT64 IPv4 pool no matter which VLAN I access the gui from. As soon as I disable Tayga, The gui is correctly only accessible from the LAN as I would expect. Any ideas?
#92
26.1 Series / Re: rrdtool error after upgrad...
Last post by Jackknife4782 - Today at 05:54:39 AMNever mind. Found the related thread, https://forum.opnsense.org/index.php?topic=50657.0 and applied the patch. All works great now. Thanks
#93
General Discussion / Re: Native NAT64 support
Last post by Maurice - Today at 05:50:50 AMThanks a lot for the feedback! I'll go ahead then and create a pull request for the patch.
https://github.com/opnsense/plugins/pull/5183
Cheers
Maurice
https://github.com/opnsense/plugins/pull/5183
Cheers
Maurice
#94
General Discussion / Re: Native NAT64 support
Last post by Dorsal4831 - Today at 04:52:23 AMQuote from: Maurice on January 21, 2026, 01:46:47 AMThanks a lot for your detailed explanation, apalrd!
I've now used the OPNsense Tayga plugin with 'udp-cksum-mode fwd' for about a week and didn't notice any side effects. Before creating a pull request, it would be great if we could get a few more testers. @bestboy, it would be particularly interesting if this fixes VoWiFi for you.Code Selectopnsense-patch -c plugins 3be934f
You have to re-apply the Tayga config (Services: Tayga: Apply) or reboot OPNsense after applying the patch. Restarting Tayga isn't sufficient.
Cheers
Maurice
I was having issues reliably getting wifi calling to establish a connection on all my mobile devices and after applying this patch I can reliably establish a connection.
Thank you.
#95
26.1 Series / Re: rrdtool error after upgrad...
Last post by Jackknife4782 - Today at 04:43:22 AMQuote from: Vincent Chen on Today at 01:38:14 AM/usr/local/opnsense/scripts/health/updaterrd.php: The command </usr/local/bin/rrdtool create '/var/db/rrd/ovpns4-traffic.rrd' --step 0 DS:'inpass:COUNTER:120:0:2500000000' DS:'outpass:COUNTER:120:0:2500000000' DS:'inblock:COUNTER:120:0:2500000000' DS:'outblock:COUNTER:120:0:2500000000' DS:'inpass6:COUNTER:120:0:2500000000' DS:'outpass6:COUNTER:120:0:2500000000' DS:'inblock6:COUNTER:120:0:2500000000' DS:'outblock6:COUNTER:120:0:2500000000' RRA:'AVERAGE:0.5:1:1200' RRA:'AVERAGE:0.5:5:720' RRA:'AVERAGE:0.5:60:1860' RRA:'AVERAGE:0.5:1440:2284'> returned exit code 1 and the output was "ERROR: step size: value must be positive"
Also seeing system-->logs-->general filled with this error after 26.1_4.
Has something to do with Reporting. I disabled and re-enabled local gathering of statistics and RRD graphing backend, but now In Health Reporting it says: "Local data collection is not enabled. Enable it in Reporting Settings page". It won't re-enable health monitoring no matter what I select in Reporting Settings.
#96
26.1 Series / Re: Ooma Telo VOIP device can ...
Last post by agh1701 - Today at 03:57:01 AMAre you blocking DNS request from your LAN? I my experience telo needs to be able to send DNS requests to their own servers bypassing the routers DNS
#97
26.1 Series / Ooma Telo VOIP device can no l...
Last post by pseudonym3k - Today at 03:20:48 AMMy Ooma Telo VOIP device (I'm a home user, this is residential service for my home phone) stopped connecting out to Ooma's servers on or about January 16th (about 2 1/2 weeks ago). It has been working for the past couple of years on the same hardware and OPNsense.
I was on 25.7 with all updates at the time it stopped working. But I just upgraded to 26.1 and it's still happening, so looking for help on this version.
A few things happened on or about the 16th:
1. ISP upgraded service in my area around that time
2. OPNsense had updates around that time
3. I migrated from ISC to DNSMasq around that time
I don't get calls every day and can't normally see the Telo device, it was another week when I realized I'd had no calls and saw the Telo was offline. Everything else had been working fine and stil is. On both 25.7 then and 26.1 now. AFAIK the Telo is the only issue.
Here's what I've done:
1. After checking basic things like swapping cables, power supply, DHCP lease gets assigned, troubleshooting using Telo's own config webpage, I called Ooma support and after several days of struggle with their various troubleshooting reports, Ooma says everything is good so if it isn't connecting the Telo is probably dead. They could not see it try to connect to their servers at all.
2. I bought a new Telo, called Ooma to activate it, we set it up, and it doesn't connect either.
3. I got referred to the next level Ooma support, they had me cable the new Telo inbetween the ISP's modem and OPNsense (it's on a protectli box), and it connected. It passes through all non Ooma traffic through. All was working again, albeit slowly, and my Ooma service was working.
I put the Telo back as a client on the LAN as it has been for years, and it doesn't connect. So I must've done something wrong on OPNsense I'm assuming, but I've no idea what since everything else works great.
I did want to try going back to ISC as a test, but on 26.1 I can't figure out how to add new devices? I don't have any plus signs anywhere to setup something new, at least not that I can see?
I do not use Unbound. DNSMasq uses the DNS servers I have under System area. I can see in the firewall logs everything is going to ones I specified and not my ISP's so I think that is working correctly. It is configured for all clients to forward all DNS queries to OPNsense (192.168.1.1) and let OPNsense handle the DNS, this way there is no client that can go around the DNS I've coded. (I think that's how it works.)
The Telo does make some DNS queries periodically, I can see that in the Firewall logs, they are going to OPNsense 192.168.1.1 just like all the other clients on my home network.
I did check that SIP ALG is still disabled and it is.
I have never done anything to use the Telo, just gave it a reserved IP address (to make it easier for me to find its setup page) and it has just worked all this time until now.
Oh, and my OPNsense configuration is very little more than the defaults, and nothing has been changed in a few years except for moving to DNSMasq. I've used a simple DNSMasq config with other routers in the past with no issue, I don't expect that's the problem now but I don't know for sure. I basically only use it to assign reserved leases and of course handle DHCP and DNS.
I am happy to try moving back to ISC for a test to narrow it down, but I need help figuring out how to add new devices. If there's anything else I can look at or try please let me know?
I don't know much about OPNsense, I'm just a home user who put it up pretty much by default a few years ago and tweaked a little over time, so please have some patience with my lack of know-how.
Thank you for any help and info on figuring this one out.
Kind regards.
I was on 25.7 with all updates at the time it stopped working. But I just upgraded to 26.1 and it's still happening, so looking for help on this version.
A few things happened on or about the 16th:
1. ISP upgraded service in my area around that time
2. OPNsense had updates around that time
3. I migrated from ISC to DNSMasq around that time
I don't get calls every day and can't normally see the Telo device, it was another week when I realized I'd had no calls and saw the Telo was offline. Everything else had been working fine and stil is. On both 25.7 then and 26.1 now. AFAIK the Telo is the only issue.
Here's what I've done:
1. After checking basic things like swapping cables, power supply, DHCP lease gets assigned, troubleshooting using Telo's own config webpage, I called Ooma support and after several days of struggle with their various troubleshooting reports, Ooma says everything is good so if it isn't connecting the Telo is probably dead. They could not see it try to connect to their servers at all.
2. I bought a new Telo, called Ooma to activate it, we set it up, and it doesn't connect either.
3. I got referred to the next level Ooma support, they had me cable the new Telo inbetween the ISP's modem and OPNsense (it's on a protectli box), and it connected. It passes through all non Ooma traffic through. All was working again, albeit slowly, and my Ooma service was working.
I put the Telo back as a client on the LAN as it has been for years, and it doesn't connect. So I must've done something wrong on OPNsense I'm assuming, but I've no idea what since everything else works great.
I did want to try going back to ISC as a test, but on 26.1 I can't figure out how to add new devices? I don't have any plus signs anywhere to setup something new, at least not that I can see?
I do not use Unbound. DNSMasq uses the DNS servers I have under System area. I can see in the firewall logs everything is going to ones I specified and not my ISP's so I think that is working correctly. It is configured for all clients to forward all DNS queries to OPNsense (192.168.1.1) and let OPNsense handle the DNS, this way there is no client that can go around the DNS I've coded. (I think that's how it works.)
The Telo does make some DNS queries periodically, I can see that in the Firewall logs, they are going to OPNsense 192.168.1.1 just like all the other clients on my home network.
I did check that SIP ALG is still disabled and it is.
I have never done anything to use the Telo, just gave it a reserved IP address (to make it easier for me to find its setup page) and it has just worked all this time until now.
Oh, and my OPNsense configuration is very little more than the defaults, and nothing has been changed in a few years except for moving to DNSMasq. I've used a simple DNSMasq config with other routers in the past with no issue, I don't expect that's the problem now but I don't know for sure. I basically only use it to assign reserved leases and of course handle DHCP and DNS.
I am happy to try moving back to ISC for a test to narrow it down, but I need help figuring out how to add new devices. If there's anything else I can look at or try please let me know?
I don't know much about OPNsense, I'm just a home user who put it up pretty much by default a few years ago and tweaked a little over time, so please have some patience with my lack of know-how.
Thank you for any help and info on figuring this one out.
Kind regards.
#98
26.1 Series / Re: One of the two NICs stops ...
Last post by TheSHAD0W - Today at 03:08:15 AM26.1 appears to have broken dual NAT. https://forum.opnsense.org/index.php?topic=50571.0
#99
26.1 Series / rrdtool error after upgrade to...
Last post by Vincent Chen - Today at 01:38:14 AMI just do a fresh 26.1 install and uploaded my configuration. It works
but has some issues.
1. I see a lot of error like below, how can I fix it
/usr/local/opnsense/scripts/health/updaterrd.php: The command </usr/local/bin/rrdtool create '/var/db/rrd/ovpns4-traffic.rrd' --step 0 DS:'inpass:COUNTER:120:0:2500000000' DS:'outpass:COUNTER:120:0:2500000000' DS:'inblock:COUNTER:120:0:2500000000' DS:'outblock:COUNTER:120:0:2500000000' DS:'inpass6:COUNTER:120:0:2500000000' DS:'outpass6:COUNTER:120:0:2500000000' DS:'inblock6:COUNTER:120:0:2500000000' DS:'outblock6:COUNTER:120:0:2500000000' RRA:'AVERAGE:0.5:1:1200' RRA:'AVERAGE:0.5:5:720' RRA:'AVERAGE:0.5:60:1860' RRA:'AVERAGE:0.5:1440:2284'> returned exit code 1 and the output was "ERROR: step size: value must be positive"
2. Export old rule give me a csv but nothing happen when import it.
My bad, I just found out I need to use pull down to select interface and rules are all there.
Maybe a message box after import will be better. If this happen to you, check the pull down
first.
Thanks for your help,
but has some issues.
1. I see a lot of error like below, how can I fix it
/usr/local/opnsense/scripts/health/updaterrd.php: The command </usr/local/bin/rrdtool create '/var/db/rrd/ovpns4-traffic.rrd' --step 0 DS:'inpass:COUNTER:120:0:2500000000' DS:'outpass:COUNTER:120:0:2500000000' DS:'inblock:COUNTER:120:0:2500000000' DS:'outblock:COUNTER:120:0:2500000000' DS:'inpass6:COUNTER:120:0:2500000000' DS:'outpass6:COUNTER:120:0:2500000000' DS:'inblock6:COUNTER:120:0:2500000000' DS:'outblock6:COUNTER:120:0:2500000000' RRA:'AVERAGE:0.5:1:1200' RRA:'AVERAGE:0.5:5:720' RRA:'AVERAGE:0.5:60:1860' RRA:'AVERAGE:0.5:1440:2284'> returned exit code 1 and the output was "ERROR: step size: value must be positive"
2. Export old rule give me a csv but nothing happen when import it.
My bad, I just found out I need to use pull down to select interface and rules are all there.
Maybe a message box after import will be better. If this happen to you, check the pull down
first.
Thanks for your help,
#100
26.1 Series / Re: Imported Firewall rules : ...
Last post by lox - Today at 01:37:36 AMAlright. It was because of filtering, it is on floating rules by default and I don't have any.
The bad thing : no message stating that the import has been successful
The good thing : no duplicates, whereas I imported three times
The bad thing : no message stating that the import has been successful
The good thing : no duplicates, whereas I imported three times
