Recent posts

#91

General Discussion / Re: Help with turnserver commu...

Last post by nero355 - February 12, 2026, 05:20:25 PM

I have nextcloud and Matrix instances running on my unRAID machine, but neither of them have working voice/video calls.

Do you have 1:1 Port Translation configured for them ?

I am guessing you need to since a lot of Voice/Video Call software does not function correctly without it.

With the new Discord policy change, I would really like to get Coturn working.

Discord is SPYWARE as far as I am concerned so the less you have to deal with it the better! ;)

#92

General Discussion / Re: DNS Processsing Time faste...

Last post by nero355 - February 12, 2026, 05:13:33 PM

Why are run of the mill public DNS servers much faster than Unbound?

Because you share their "Cache Pool" so to speak with a lot of other users and a lot of domains may already be cached :)

And this :

Using Unbound, Adguard Home stated my Average Processing Time was in the 40ms range while the Average Upstream Response Time was in the 80ms range, but some ports raised it to the 100ms range (probably a one-off there concerning the 100ms)

Could be a case of geographical location of the domain you are trying to access or some kind of congestion on their network.

#93

General Discussion / Re: http_proxy for bogons-upda...

Last post by franco - February 12, 2026, 04:56:39 PM

> Is there a(n easy) way to make fetch in the bogons-download use the http_proxy as well? Also without breaking other stuff?

Well:

# cat /var/cron/tabs/root | grep bogon
1   3   *   *   0   (/usr/local/sbin/configctl -d filter schedule bogons) > /dev/null

So that means when configd environment is set up correctly the bogons fetch should work. Unless the daemon call loses the env, but I haven't heard of this before:

src/opnsense/service/conf/actions.d/actions_filter.conf:[schedule.bogons]
src/opnsense/service/conf/actions.d/actions_filter.conf-command:daemon -f /usr/local/opnsense/scripts/firmware/launcher.sh -ur 900 bogons

> Is there other cronjobs/daemons/functions that I missed that may have the same problem when no Internet is available on the secondary firewall?

I'm not sure. That's not a usual setup and most people in stricter environments don't care too much about not having outside access for stray components since everything is configured to use local services.


Cheers,
Franco

#94

26.1 Series / Re: 26.1.1: Unbound: Option "q...

Last post by coffeecup25 - February 12, 2026, 04:53:12 PM

I have deleted, saved the dns entrys in the System: Settings: General.
Restarted the system and enter again the dns-server in System: Settings: General.

But the DANGER message pop up in the two sections:

Services → Unbound DNS → Query Forwarding
Services → Unbound DNS → DNS over TLS

So what the heck is wrong...?????

I just applied 26.1.2 this morning. I also have Query Forwarding checked with a few servers listed on the system setup page. I made the change to System DNS over Unbound yesterday for reasons mentioned in a new post in the General Discussions section.

I did not reboot as everything seemed to work immediately.

No issues of any kind, then or now.

I do not use DNS over TLS and my other settings are almost out of the box simple. (2 subnets, KEA and all devices with DHCP reservations, Adguard Home).

Hopefully, this will help narrow things down in the detective work.

edit:

DNS over TLS uses a different format for DNS servers. Perhaps the two DNS settings conflict? Use one or the other??

#95

Hardware and Performance / Re: DEC-850v1 with Netboard A2...

Last post by pfry - February 12, 2026, 04:49:40 PM

[...]Do I need a jumper or something?[...]

Given that the quote is "PCIe x4", I assume both sockets are M-keyed... There are shared signals between PCI-e and SATA, but it may auto-detect. I may have even tested it unknowingly - I'd have to go look at my pile o'motherboards. They're signal anyway - it should not be possible to damage an M-keyed SSD by sticking it into an M or M+B slot. I'd definitely look at the link width and version via "pciconf -lbcevV [device]" (format could be wrong) (assuming it's detected).

#96

26.1 Series / Re: Divert mode "Write to ipfw...

Last post by franco - February 12, 2026, 04:48:19 PM

> Invalid argument

This wasn't fixed by the recent change. It's also different from the initial "Permission denied".

> Will this fix allow the firewall to continue if suricata crashes/fails?

This isn't supported by FreeBSD at the moment as far as I know.


Cheers,
Franco

#97

26.1 Series / Re: 26.1.1: Unbound: Option "q...

Last post by franco - February 12, 2026, 04:46:17 PM

Are you using any browser extensions? And is the health audit clean?

#98

26.1 Series / Re: Clean upgrade from 25.1.7 ...

Last post by franco - February 12, 2026, 04:32:59 PM

> My question is: would you advise against doing a clean 26.1.1 install and restoring the config? If so, what are the main risks, and what alternative approach would you recommend?

There's no reals pros and cons except maybe the time you spend doing this. You'll lose historic logs but normally not a big deal either.

The most pressing reasons for a reinstall are change of file system (to ZFS) or a damaged install beyond repair or switching the disk.


Cheers,
Franc

#99

26.1 Series / Re: [SOLVED] 26.1.1 to 26.1.2 ...

Last post by seelk - February 12, 2026, 04:18:19 PM

Marking this as solved.  Ultimately what ended up working was the following:

pkg upgrade -fy (download and overwrite every single package)
opnsense-update -fk (ensure the Kernel is also explicitly rewritten)
reboot

#100

German - Deutsch / Re: VPN Wireguard Peer Generat...

Last post by osmom - February 12, 2026, 04:17:36 PM

Speichere dir alles was unter Config steht in eine Text Datei bevor du "store and generate next" drückst. Dann kannst du die Konfiguration in deinen Client und in der Firerwall unter Peers eintragen. Den Private-Key brauchst du nur im Client. in den Peers der Firerwall benötigst du nur den Public-Key.
Abschließend musst du den Peer in der Instanz zuordnen.