"Recent posts
#91
Development and Code Review / Re: Where to PR a small NVMe t...
Last post by Patrick M. Hausen - January 11, 2026, 11:15:00 AMOpen an issue at bugs.freebsd.org.
#92
German - Deutsch / Re: LDAP gegen eDir
Last post by Patrick M. Hausen - January 11, 2026, 11:14:12 AMDann setz doch Authentication containers auf die Base DN und filter nur mit dem Extended query nach der Gruppe.
#93
25.7, 25.10 Series / New OPNSense setup suffering f...
Last post by ck555 - January 11, 2026, 10:08:19 AMHi all,
Sorry for the long email. Just hoping to give more details to assist with the troubleshooting.
I just build a new VM (VMware) running OPNsense as a new L3 firewall/router which internally works great connecting to all my VLANs (for the moment it is the gateway for all vLANs until I create a transit vLAN on the switch). I am pretty new to OPNSense so not sure if there is something I can check.
As part of my troubleshooting I changed the NIC driver and also rebuild OPNSense not enabling anything i.e. Zenarmor or any services to see if that was interfering. None seem to cause the issue. I even disabled the Wireguard firewall also but that didn't help.
The only issue I have is I am having WAN connection issues. It seems to be fine for around a day once it is rebooted but then starts to lose connectivity. Seems to stem from the DHCP request (my ISP in Australia renews every 30 minutes with a static IP).
I previously used Untangle (linux based) which didn't have any issues but seems to be an issue with possibly BSD since this also seems to happen with PFSense which I tried as part of my troubleshooting.
Topology is the following
LAN -> WAN connected directly to the ISP NTD device gets a public IP address via DHCP. DHCP IPv4 seems to lose connectivity but IPv6 doesn't according to the Gateway monitor which monitors google (8.8.8.8)
Looking at the log file under general.
-----------------
2026-01-11T19:41:13Errordhclientsend_packet: Host is down
2026-01-11T19:39:51Noticedhcp6cdhcp6c_script: RENEW on vmx1 executing
2026-01-11T19:39:51Noticedhcp6cdhcp6c_script: RENEW on vmx1 executing
2026-01-11T19:38:53Errordhclientsend_packet: Host is down
2026-01-11T19:37:45Errordhclientsend_packet: Host is down
2026-01-11T19:37:22Errordhclientsend_packet: Host is down
2026-01-11T19:22:22Noticedhclientdhclient-script: Creating resolv.conf
2026-01-11T19:22:22Noticedhclientdhclient-script: New Hostname (vmx1): hostname
2026-01-11T19:22:22Noticedhclientdhclient-script: Reason RENEW on vmx1 executing
2026-01-11T19:09:51Noticedhcp6cdhcp6c_script: RENEW on vmx1 executing
2026-01-11T19:09:51Noticedhcp6cdhcp6c_script: RENEW on vmx1 executing
2026-01-11T19:07:22Noticedhclientdhclient-script: Creating resolv.conf
2026-01-11T19:07:22Noticedhclientdhclient-script: New Hostname (vmx1): hostname
2026-01-11T19:07:22Noticedhclientdhclient-script: Reason RENEW on vmx1 executing
2026-01-11T18:52:22Noticedhclientdhclient-script: Creating resolv.conf
2026-01-11T18:52:22Noticedhclientdhclient-script: New Hostname (vmx1): hostname
2026-01-11T18:52:22Noticedhclientdhclient-script: Reason RENEW on vmx1 executing
2026-01-11T18:39:51Noticedhcp6cdhcp6c_script: RENEW on vmx1 executing
2026-01-11T18:39:51Noticedhcp6cdhcp6c_script: RENEW on vmx1 executing
2026-01-11T18:37:22Noticedhclientdhclient-script: Creating resolv.conf
2026-01-11T18:37:22Noticedhclientdhclient-script: New Hostname (vmx1): hostname
2026-01-11T18:37:22Noticedhclientdhclient-script: Reason RENEW on vmx1 executing
2026-01-11T18:22:22Noticedhclientdhclient-script: Creating resolv.conf
2026-01-11T18:22:22Noticedhclientdhclient-script: New Hostname (vmx1): hostname
2026-01-11T18:22:22Noticedhclientdhclient-script: Reason RENEW on vmx1 executing
2026-01-11T18:18:17Errordhclientsend_packet: Host is down
2026-01-11T18:15:06Errordhclientsend_packet: Host is down
2026-01-11T18:13:42Errordhclientsend_packet: Host is down
2026-01-11T18:11:19Errordhclientsend_packet: Host is down
2026-01-11T18:10:17Errordhclientsend_packet: Host is down
2026-01-11T18:09:51Noticedhcp6cdhcp6c_script: RENEW on vmx1 executing
------------------
Thanks in advance.
Sorry for the long email. Just hoping to give more details to assist with the troubleshooting.
I just build a new VM (VMware) running OPNsense as a new L3 firewall/router which internally works great connecting to all my VLANs (for the moment it is the gateway for all vLANs until I create a transit vLAN on the switch). I am pretty new to OPNSense so not sure if there is something I can check.
As part of my troubleshooting I changed the NIC driver and also rebuild OPNSense not enabling anything i.e. Zenarmor or any services to see if that was interfering. None seem to cause the issue. I even disabled the Wireguard firewall also but that didn't help.
The only issue I have is I am having WAN connection issues. It seems to be fine for around a day once it is rebooted but then starts to lose connectivity. Seems to stem from the DHCP request (my ISP in Australia renews every 30 minutes with a static IP).
I previously used Untangle (linux based) which didn't have any issues but seems to be an issue with possibly BSD since this also seems to happen with PFSense which I tried as part of my troubleshooting.
Topology is the following
LAN -> WAN connected directly to the ISP NTD device gets a public IP address via DHCP. DHCP IPv4 seems to lose connectivity but IPv6 doesn't according to the Gateway monitor which monitors google (8.8.8.8)
Looking at the log file under general.
-----------------
2026-01-11T19:41:13Errordhclientsend_packet: Host is down
2026-01-11T19:39:51Noticedhcp6cdhcp6c_script: RENEW on vmx1 executing
2026-01-11T19:39:51Noticedhcp6cdhcp6c_script: RENEW on vmx1 executing
2026-01-11T19:38:53Errordhclientsend_packet: Host is down
2026-01-11T19:37:45Errordhclientsend_packet: Host is down
2026-01-11T19:37:22Errordhclientsend_packet: Host is down
2026-01-11T19:22:22Noticedhclientdhclient-script: Creating resolv.conf
2026-01-11T19:22:22Noticedhclientdhclient-script: New Hostname (vmx1): hostname
2026-01-11T19:22:22Noticedhclientdhclient-script: Reason RENEW on vmx1 executing
2026-01-11T19:09:51Noticedhcp6cdhcp6c_script: RENEW on vmx1 executing
2026-01-11T19:09:51Noticedhcp6cdhcp6c_script: RENEW on vmx1 executing
2026-01-11T19:07:22Noticedhclientdhclient-script: Creating resolv.conf
2026-01-11T19:07:22Noticedhclientdhclient-script: New Hostname (vmx1): hostname
2026-01-11T19:07:22Noticedhclientdhclient-script: Reason RENEW on vmx1 executing
2026-01-11T18:52:22Noticedhclientdhclient-script: Creating resolv.conf
2026-01-11T18:52:22Noticedhclientdhclient-script: New Hostname (vmx1): hostname
2026-01-11T18:52:22Noticedhclientdhclient-script: Reason RENEW on vmx1 executing
2026-01-11T18:39:51Noticedhcp6cdhcp6c_script: RENEW on vmx1 executing
2026-01-11T18:39:51Noticedhcp6cdhcp6c_script: RENEW on vmx1 executing
2026-01-11T18:37:22Noticedhclientdhclient-script: Creating resolv.conf
2026-01-11T18:37:22Noticedhclientdhclient-script: New Hostname (vmx1): hostname
2026-01-11T18:37:22Noticedhclientdhclient-script: Reason RENEW on vmx1 executing
2026-01-11T18:22:22Noticedhclientdhclient-script: Creating resolv.conf
2026-01-11T18:22:22Noticedhclientdhclient-script: New Hostname (vmx1): hostname
2026-01-11T18:22:22Noticedhclientdhclient-script: Reason RENEW on vmx1 executing
2026-01-11T18:18:17Errordhclientsend_packet: Host is down
2026-01-11T18:15:06Errordhclientsend_packet: Host is down
2026-01-11T18:13:42Errordhclientsend_packet: Host is down
2026-01-11T18:11:19Errordhclientsend_packet: Host is down
2026-01-11T18:10:17Errordhclientsend_packet: Host is down
2026-01-11T18:09:51Noticedhcp6cdhcp6c_script: RENEW on vmx1 executing
------------------
Thanks in advance.
#94
Hardware and Performance / Re: Internet speeds reduced se...
Last post by meyergru - January 11, 2026, 09:30:42 AMDid you try RSS?
#95
German - Deutsch / Re: Eigener DNS bei einer IPv6...
Last post by meyergru - January 11, 2026, 09:26:18 AMZwei Hinweise:
1. Nicht alle Geräte akzeptieren die Angabe des DNS-Servers per SLAAC, manche brauchen DHCPv6 dazu. Das ist der Grund, weshalb der RA-Mode "Assisted" existiert - dabei wird die IPv6 per SLAAC und nur der DNS-Server per DHCPv6 übergeben.
2. Eigentlich braucht es bei Dual-Stack den IPv6-DNS-Server nicht - es ist sogar eher schädlich, denn jeder DNS-Server kann auch IPv6 auflösen (also reicht der IPv4-Server) und welcher priorisiert wird, falls beide angegeben wurden, ist nicht definiert.
Ergo: In meinem Guide empfehle ich deshalb, gar keinen DNS-Server per IPv6 zu verteilen, also RA-Mode "Unmanaged" (oder wie auch immer das beim verwendeten RA-Daemon heißt) siehe: https://forum.opnsense.org/index.php?topic=45822.0, Note 6.
1. Nicht alle Geräte akzeptieren die Angabe des DNS-Servers per SLAAC, manche brauchen DHCPv6 dazu. Das ist der Grund, weshalb der RA-Mode "Assisted" existiert - dabei wird die IPv6 per SLAAC und nur der DNS-Server per DHCPv6 übergeben.
2. Eigentlich braucht es bei Dual-Stack den IPv6-DNS-Server nicht - es ist sogar eher schädlich, denn jeder DNS-Server kann auch IPv6 auflösen (also reicht der IPv4-Server) und welcher priorisiert wird, falls beide angegeben wurden, ist nicht definiert.
Ergo: In meinem Guide empfehle ich deshalb, gar keinen DNS-Server per IPv6 zu verteilen, also RA-Mode "Unmanaged" (oder wie auch immer das beim verwendeten RA-Daemon heißt) siehe: https://forum.opnsense.org/index.php?topic=45822.0, Note 6.
#96
German - Deutsch / Re: LDAP gegen eDir
Last post by Ullrich - January 11, 2026, 09:02:04 AMMoin Patrick,
danke für die Rückmeldung.
Genau das ist ja das Problem. Die Mitarbeiterkonten sind in mehreren anderen OU's. In der OU Gruppen sind eben nur Gruppen mit den Mitarbeitern aber nicht die eigentlichen Mitarbeiter Objekte.
Gruß
Ullrich
danke für die Rückmeldung.
Genau das ist ja das Problem. Die Mitarbeiterkonten sind in mehreren anderen OU's. In der OU Gruppen sind eben nur Gruppen mit den Mitarbeitern aber nicht die eigentlichen Mitarbeiter Objekte.
Gruß
Ullrich
#97
German - Deutsch / Re: Eigener DNS bei einer IPv6...
Last post by s.meier68 - January 11, 2026, 08:59:01 AMQuote from: n3 on January 10, 2026, 11:59:33 PM1. AdGuard im ADMIN Netzwerk zur IPv4 auch eine IPv6 vergeben
Meine Annahme ist, dass ich dem Server manuell eine IPv6 konfiguriere, entsprechende Regeln in der FW konfigurieren muss und dann sollte es gehen. Werde mich dem mal morgen annehmen.
Hängt davon ab wie die IPv6 Adresse des Admin Netz Interfaces der Opnsense vergeben wurde... Manuell oder per Track Interface... eine feste IP kannst Du bei adguard aber nur über das darunter liegende System vergeben
#98
General Discussion / Re: Plugin developement questi...
Last post by Monviech (Cedrik) - January 11, 2026, 07:56:09 AMIf you are concerned about changes in code, if you run the "Development" version (System - Firmware... change it there), you will always be pretty close to master. The "Community" version lags behind a bit and sometimes features or changes are withheld until the next major version. Major releases are all 6 months and can be seen here: https://opnsense.org/roadmap/
To get a plugin into the plugin list create a PR here: https://github.com/opnsense/plugins
To get it in,
- it should be generally useful (meaning if its something purpose built for just your own personal usecase it might not make it). Though please offer it, who knows if its not generally useful without seeing it
- It should be based on an existing FreeBSD port (no "business" logic inside the plugin, only glue code)
If you need a current example that shows all of this:
https://github.com/opnsense/plugins/tree/master/net/ndp-proxy-go
To get a plugin into the plugin list create a PR here: https://github.com/opnsense/plugins
To get it in,
- it should be generally useful (meaning if its something purpose built for just your own personal usecase it might not make it). Though please offer it, who knows if its not generally useful without seeing it
- It should be based on an existing FreeBSD port (no "business" logic inside the plugin, only glue code)
If you need a current example that shows all of this:
https://github.com/opnsense/plugins/tree/master/net/ndp-proxy-go
#99
Development and Code Review / Where to PR a small NVMe tunab...
Last post by Jwidess - January 11, 2026, 04:29:55 AMThis is stemming from my post here for context: Install problem on NVMe (nvme0: async event occurred)
I currently have some small changes on a branch I made of stable/25.7 just so I could get my changes compiled and installed ASAP. However, now I'd like to PR these changes into either OPNsense src or FreeBSD src, but I'm unsure which repo and branch to PR.
I've checked FreeBSD releng/14.3 and the 3 files I've modified are identical to stable/25.7, so I was thinking of PRing them there, but as it's a release branch, that doesn't seem appropriate... If anyone has some advice on how I should go about this, it would be much appreciated! I have reviewed 25.7/CONTRIBUTING.md, articles/contributing, etc. but have not found a suitable answer.
I currently have some small changes on a branch I made of stable/25.7 just so I could get my changes compiled and installed ASAP. However, now I'd like to PR these changes into either OPNsense src or FreeBSD src, but I'm unsure which repo and branch to PR.
I've checked FreeBSD releng/14.3 and the 3 files I've modified are identical to stable/25.7, so I was thinking of PRing them there, but as it's a release branch, that doesn't seem appropriate... If anyone has some advice on how I should go about this, it would be much appreciated! I have reviewed 25.7/CONTRIBUTING.md, articles/contributing, etc. but have not found a suitable answer.
#100
25.7, 25.10 Series / Re: Dnsmasq stops occasionaly
Last post by ligand - January 11, 2026, 02:59:47 AMOne difference is that I'm still using Unbound for DNS and using dnsmasq only for DHCP and DHCPv6
