Recent posts

#91
German - Deutsch / VLAN und Rules
Last post by lurks - January 30, 2026, 08:02:43 PM
Hallo zusammen,

ich habe ein Problem und zwar ich habe VLANS auf der opnsesne angelegt und ich komme per ip der VLANS nicht auf die OPNsense ausser wenn ich wie im Bild eine Floating rule anlege wenn ich diese Entferne funktioniert der Zugriff über das VLAN nicht mehr.
Auch ein Any Any geht nicht in den Vlan rules.


Werden VLANS anders behandelt?
Oder habe ich was Falsch verstanden ?
Danke und lg
#92
German - Deutsch / Re: letsencrypt DNS Problem
Last post by Simaryp - January 30, 2026, 07:58:48 PM
Hat hier vlt. jemand noch einen Tipp für mich?
#93
25.7, 25.10 Series / Re: [SOLVED] hostwatch at 100%...
Last post by 0xd - January 30, 2026, 07:37:32 PM
I wasn't sure if the update clears the database so here is an attempt to save someone some time:

Web UI: System->Settings->Administration:
Check:
Enable Secure Shell
Permit root user login
Permit password login
Apply

ssh root@<yourgateway>

root@OPNsense:/var/db/hostwatch # ls -lh
total 207598624
-rw-r--r--  1 hostd hostd  4.0M Jan 30 17:30 hosts.db
-rw-r--r--  1 hostd hostd  393M Jan 30 18:05 hosts.db-shm
-rw-r--r--  1 hostd hostd  198G Jan 30 18:05 hosts.db-wal

service hostwatch stop
rm -rf /var/db/hostwatch/*

Update to OPNsense 26.1_4:
exit
12) Update from console

Web UI: System->Settings->Administration:
Uncheck:
Enable Secure Shell
Permit root user login
Permit password login
Apply
#94
25.7, 25.10 Series / Core API - Kea Leases "Endpoi...
Last post by tbone - January 30, 2026, 06:51:57 PM
Hi.
I'd like to query the actual leases from a client PC.
According to documentation https://docs.opnsense.org/development/api/core/kea.html the endpoint should be GET /api/kea/leases/search.
Other Kea endpoint do return values, but at this one I get "Endpoint not found".

Can someone help me how to retrieve the list of dhcp leases?

-Thomas
#95
26.1 Series / Re: Old rules deprecation
Last post by julsssark - January 30, 2026, 06:47:39 PM
I was looking for "rulenr" as displayed in the live-view details dialog. I use them in Grafana for log analysis of specific rules.
#96
26.1 Series / Re: Identity Association IPv6 ...
Last post by bazineta - January 30, 2026, 06:45:28 PM
Quote from: tgurr on January 30, 2026, 06:11:02 PMWith that info I guess I'll stay on Dnsmasq+Track interface (legacy) for now then. It would be great if you could somehow release a tutorial / short howto then on how to configure these things for regular ISP usage then, as in "Configuration for just replacing my ISP Fritz!Box with OPNsense" as it's really hard to puzzle together everything, especially in this kind of constellations where things and certain combinations don't work at all.

Our setups are, I think, identical, and the best way to determine the optimal approach is to have someone excoriate you for doing it wrong, so I'll explain my approach, which is, you know, probably wrong.

So my ISP hands me a /56, which has not changed in ages, but that is by no means guaranteed, etc. As with your setup, I've always prefixed this into /64s for my internal networks, i.e., LAN is 0, GUEST is 1, etc. I've been migrated for months now from ISC to dnsmasq, and I'm happy with the dnsmasq setup, which I've had set to only do DHCP for v4.

Options appear to be two:
  • I could configure IPv6 ranges in dnsmasq for each of the lan segments, turn on RA in dnsmasq, and have it hand out addresses.
  • I can skip all that, and just turn on RA (Services -> Router Advertisements) for each of the segments, setting them to 'Unmanaged'.

Option 1 being seemingly the more complicated of the two, I went with option 2, which results dnsmasq doing IPv4 DHCP + DNS only, and IPv6 clients getting addresses purely via SLAAC.

I suspect but do not know for certain that this is more resilient to a renumbering when the /56 changes.

This appears to work properly with the prefix delegation setup, and all the usual IPv6 tests pass, but this is usually the point where more learned individuals tell me that I'm being an idiot, so let's see what they have to say.
#97
25.1, 25.4 Series / Re: Community to Business
Last post by PotatoCarl - January 30, 2026, 06:38:59 PM
I have the same subject here and just want to confirm that I am not running into some walls here:

- We run an older Deciso appliance with OPNSense Community edition and just upgraded to a brand new including business edition.

So, we can import the config of the 25.7. community into the 25.10. business? What about if we decide to do the community upgrade to 26.1 before we have the new appliance ready?
#98
26.1 Series / Re: Old rules deprecation
Last post by OPNenthu - January 30, 2026, 06:38:47 PM
Unless I'm mistaken, I'm seeing that the rule UUIDs have changed since I migrated my rules to the new UI.  They no longer match the UUIDs I had used in my Monit tests.

Do those UUIDs persist between config imports and OPNsense updates?
#99
Chinese - 中文 / 橋接網卡直接設備問題
Last post by willy99924 - January 30, 2026, 06:26:34 PM
請問我的設備有三個網口橋接成一個192.168.0.1的LAN並連接到一台交換機上,我現在想要把一台設備改成直接連接到橋接群組中的其中一個口上
該設備網口IP設定為 192.168.0.4,並將net.link.bridge.pfil_member設為0和net.link.bridge.pfil_bridge設為1,但接上後始終無法連上
是哪邊還需要另外設定嗎
#100
26.1 Series / Re: Old rules deprecation
Last post by Monviech (Cedrik) - January 30, 2026, 06:11:03 PM
There is some kind of volatile ID inside the live log that changes and out of that the current rule reference is generated (aka the UUID). So you can map from the live log to the firewall rule (the firewall rule uuid will always be the same), but you cannot map from the firewall rule to a specific livelog ID.

But not 100% sure here, just somethibg I picked up a while ago I think.