"Recent posts
#91
25.7, 25.10 Series / 25.7.11 GeoIP
Last post by MoonbeamFrame - January 17, 2026, 06:38:35 PMFollowing a 25.7.11 build and config restoration I'm not seeing any of my rules trigger that use GeoIP aliases.
I originally thought it might be an issue with the IPinfo feed but I see the same behavior when I use the Maxmind data.
Both sources report the expected number of number ranges:
Maxmind
Last updated 2026-01-16T09:38:04
Total number of ranges 1255047
IPinfo
Last updated 2026-01-17T17:26:22.321535
Total number of ranges 4464742
Any ideas?
#92
25.7, 25.10 Series / Re: Hostwatch - high disk writ...
Last post by yeraycito - January 17, 2026, 06:25:47 PMIn my opinion, the plugin is useless; it should work like this:
https://github.com/netalertx/NetAlertX
https://github.com/netalertx/NetAlertX
#93
Virtual private networks / WireGuard IPv6 with dynamic pr...
Last post by _drs_opn - January 17, 2026, 06:13:13 PMHello,
I am having a dual-stack connection with a dynamic prefix for IPv6 and set a delegation size of /58 for the WAN interface. I run multiple VLANs with track interface on WAN. Also I am running multiple WireGuard server on the OPNsense.
Assume the following setup:
VLAN 80: GUEST Network 10.100.80.0/24 and prefix ID 0x2
WG_GUEST: GUEST WireGuard instance with tunnel addresses: 10.100.81.1/24 and fda9:7933:346b:100:81::1/64
and a peer with allowed IPs: 10.100.81.100/32 fda9:7933:346b:100:81::100/128 assigned to that instance.
I created a Loopback interface: WAN_WG_GUEST and enabled it, tracking the WAN interface with prefix ID 0x3. Afterwards I created a NPTv6 rule with the following settings:
Interface: WAN
Internal IPv6 Prefix (source): fda9:7933:346b:100:81::/64
Track interface: WAN_WG_GUEST
I have firewall rules in place, which allow the required traffic and my connected peers get a IPv6 address and pass all IPv6 tests online.
My question is, is there something else do consider or change? Is the IP address layout fine? Should I switch to Outbound NAT? I guess NPTv6 is the recommended and compliant approach or?
I am having a dual-stack connection with a dynamic prefix for IPv6 and set a delegation size of /58 for the WAN interface. I run multiple VLANs with track interface on WAN. Also I am running multiple WireGuard server on the OPNsense.
Assume the following setup:
VLAN 80: GUEST Network 10.100.80.0/24 and prefix ID 0x2
WG_GUEST: GUEST WireGuard instance with tunnel addresses: 10.100.81.1/24 and fda9:7933:346b:100:81::1/64
and a peer with allowed IPs: 10.100.81.100/32 fda9:7933:346b:100:81::100/128 assigned to that instance.
I created a Loopback interface: WAN_WG_GUEST and enabled it, tracking the WAN interface with prefix ID 0x3. Afterwards I created a NPTv6 rule with the following settings:
Interface: WAN
Internal IPv6 Prefix (source): fda9:7933:346b:100:81::/64
Track interface: WAN_WG_GUEST
I have firewall rules in place, which allow the required traffic and my connected peers get a IPv6 address and pass all IPv6 tests online.
My question is, is there something else do consider or change? Is the IP address layout fine? Should I switch to Outbound NAT? I guess NPTv6 is the recommended and compliant approach or?
#94
25.7, 25.10 Series / Re: After updating Opnsense fr...
Last post by Patrick M. Hausen - January 17, 2026, 05:56:14 PMSpin up the system isolated and only your desktop/laptop connected to LAN. No WAN, no switch, no other devices.
System working? No problems? Also no Internet, of course.
If yes, go to Interfaces: Neighbors: Automatic Discovery and disable that. Then reconnect.
HTH,
Patrick
System working? No problems? Also no Internet, of course.
If yes, go to Interfaces: Neighbors: Automatic Discovery and disable that. Then reconnect.
HTH,
Patrick
#95
General Discussion / Re: NEED WITH HELP OPNSENSE CO...
Last post by Patrick M. Hausen - January 17, 2026, 05:52:28 PMHow is your Internet uplink supposed to work? DHCP? PPPoE? That information can come from your ISP only. Or from examining a working device if you have access to its admin UI.
You must know this upfront or no YT video is going to help you. There are settings very specific to your ISP and the "Internet" product you rented alone.
You must know this upfront or no YT video is going to help you. There are settings very specific to your ISP and the "Internet" product you rented alone.
#96
25.7, 25.10 Series / Re: DEC2752 - How to check har...
Last post by Seimus - January 17, 2026, 05:03:17 PMQuote from: pfry on January 17, 2026, 02:56:40 PMDoes stress-ng generate enough load?
Yes it does.
I needed a soft to test a new HW for OPNsense, there are several tools to do it but one directly accessible to us on OPN is stress-ng.
You can load all Cores at once or a single core. Or even you can put more load than cores available. From what I have seen it will MAX the cores if you set it to do so. I even test 100 load on a 8 Core system, worked like charm.
Benefit of stress-ng in my opinion is I could load the CPU and Memory at once to see how stable the system will be during an event where more memory is used with conjugation of CPU peaking at Turbo. Helped to find a problem with a memory (which I fixed by underclocking it).
Regards,
S.
#97
25.7, 25.10 Series / Re: IPv6 connectivity error af...
Last post by dmurphy - January 17, 2026, 04:34:50 PMQuote from: franco on January 17, 2026, 08:04:58 AMI don't think there are structural issues that would warrant this behaviour. Very rarely I see that dhcp6c is not starting, but that's because e.g. the port it's being run over is not plugged in for example.
There are logs and context missing here. 26.1 would not change what is described here. We're relying on the same mechanism to start the dhcp6c service which works IMO.
Cheers,
Franco
Then I'll do some more digging and see if I can identify why dhcp6c isn't starting. My WAN connection (Verizon Fios) is dual-stacked and comes up fine on IPv4; has no issue grabbing and holding its IP.
As usual I'm sure it's a misconfiguration on my part somewhere; just not entirely sure what I'd misconfigure as the DHCPv6 configuration is very basic on the WAN interface:
Generic Configuration
- IPv6 Configuration Type: DHCPv6
DHCPv6 client configuration
- Use VLAN priority: Disabled
- Configuration mode: Basic
- Prefix delegation size: 56
- Request Prefix Only: Yes
- Send prefix hint: Yes
And, that's about it.
I just rebooted the firewall and it still isn't firing - starting dhcp6c and then a "configctl interface newip wan" brought up the V6 connectivity.
#98
General Discussion / NEED WITH HELP OPNSENSE CONFIG...
Last post by iwanttolearn - January 17, 2026, 04:19:06 PMHi everyone.
Im tryinging to install a opensense firewall for about 1 and a half year now without succes. I have wasted countless hours trying and watching all yt content without succes. Both HomeNetworkGuy's 2025 and old guides, sheridan computers videos you name it. I dont even know why and what im doing wrong. Last year at new years eve i finally had a IP Lease but i noticed it after restarting the firewall appliance. The setup goes like this: modem>(protectli)Opnsense firewall>(Zyxel) managed switch> Openwrt AP. I dont know if im doing it wrong on the Opnsense firewall, the zyxel managed switch or on the Openwrt AP im configuring.
Can someone help me out with this task since i tried by myself for about a year now and cant pull it off. Im using the GUI (NO COMAND LINE) to do it.
Im tryinging to install a opensense firewall for about 1 and a half year now without succes. I have wasted countless hours trying and watching all yt content without succes. Both HomeNetworkGuy's 2025 and old guides, sheridan computers videos you name it. I dont even know why and what im doing wrong. Last year at new years eve i finally had a IP Lease but i noticed it after restarting the firewall appliance. The setup goes like this: modem>(protectli)Opnsense firewall>(Zyxel) managed switch> Openwrt AP. I dont know if im doing it wrong on the Opnsense firewall, the zyxel managed switch or on the Openwrt AP im configuring.
Can someone help me out with this task since i tried by myself for about a year now and cant pull it off. Im using the GUI (NO COMAND LINE) to do it.
#99
25.7, 25.10 Series / After updating Opnsense from 2...
Last post by wide - January 17, 2026, 04:17:57 PMI've updated from 25.7.10 to 25.7.11_1 yesterday. It's now impossible to access WebGUI because after the login screen when dashboard starts loading the UI spawns hundreds of PHP processes which causes system load to raise above 100 and after few minutes sytem runs out of memory and also consumes all the allocated swap space finally killing the network traffic completely.
System recovers from the situation after closing the WebGUI browser tab but it might take 30-60 minutes when all the PHP processes are finished and memory consumption and system load returns back to normal values.
System recovers from the situation after closing the WebGUI browser tab but it might take 30-60 minutes when all the PHP processes are finished and memory consumption and system load returns back to normal values.
#100
25.7, 25.10 Series / Re: Continual issues updating
Last post by Matthew_Kent - January 17, 2026, 04:10:43 PMQuote from: franco on December 04, 2025, 03:23:02 PMFor some reason (lib)fetch has issues with LTE connections. The package manager itself switched to libcurl. I assume your packages updated fine and you're left struggling with how to update the base/kernel? If so I can show you the manual commands to update (and downloading the sets with curl).
Cheers,
Franco
I'm back again as 25.7.11 has been released and I'm again failing to update over LTE. Is there a way of downloading the binaries manually?
