"Recent posts
#91
German - Deutsch / Re: OpnSense als Mailrelay [ge...
Last post by mr.sarge - January 25, 2026, 07:39:50 PMQuote from: Patrick M. Hausen on November 27, 2023, 09:55:33 PMAlso bei der lokalen Geschichte kann ich dir nicht helfen, weil ich genau das nicht will. Ich benutze den Postfix als Relay für meine ganzen Systemnachrichten hier. Isoliertes privates Netz, und das NAS, die USV, etc. pp. sollen da einfach die Mail abkippen.
Die geht dann authentifiziert über meinen Provider raus. Ich bastel mal einen hinreichend anonymisierten Screenshot. Bezgl. Posteo musst du dann leider selbst gucken.
Hallo,
ich habe Postfix soweit konfiguriert dass die E-Mails über Gmail rausgehen. Ziel ist es dass von den verschiedenen Diensten im Heimnetzwerk die Alerts über Gmail versendet/empfangen werden.
Bei den eingehenden Mails fehlt jedoch die "An: Adresse", diese scheint komplett leer auf. Wenn ich zudem denselben Gmail Account für senden/empfangen eintrage scheint die Gmail Adresse in Bcc auf.
Gibt es zudem eine Möglichkeit die Absenderadresse zu manipulieren? z.B. von "usv@opnsense.lan" an: "<name>@gmail.com"
UPDATE: hat sich erledigt, das Problem wird durch das Clientprogramm (Urbackup) verursacht welches die Empfängeradresse im Header falsch "verpackt". Mit anderen Apps funktioniert die Mail-Benachrichtigung korrekt!
mfg,
#92
25.7, 25.10 Series / Reporting:Unbound DNS - Detail...
Last post by JDabbs - January 25, 2026, 07:33:24 PMI'm running the latest version OPNsense 25.7.11_2
Checking Reporting: Unbound DNS - Details to see what's begin resolved or blocked, the details tab now shows "default" in "Blocklist" column. This is the name showing under the "Description" under Services: Unbound DNS: Blocklists.
However I'm sure until recently before 25.7.11 it used to show the name of the actual block list such as (from memory) SteveBL so it was easy to see which actual list was blocking the URL.
I can understand that given the recent change to the Services: Unbound DNS: Blocklists structure why it's working like this but it makes it hard to fault find. Bizarrely clicking on the gear icon "Commands" in the Reporting Unbound Details panel brings up a dialogue box which shows exactly the blocklist that blocked the URL, so the system knows.
Is it possible that this is an oversight and could the previous functionality be re-instated in that it displays the actual name of the block list rather than the description. It could show both which would assist in fault finding if there are several blocklist groups configured.
Please be careful reading the above as Opnsense appears to nest blocklists into blocklists now (ie uses the same name for what I would consider a block list into a blocklist group) Using this nomenclature I would say the Unbound Details panel is showing the blocklist group where it previously showed the blocklist name.
Has anyone else noticed this behaver and have I missed a simple solution apart from clicking the gear icon against each line in question?
Checking Reporting: Unbound DNS - Details to see what's begin resolved or blocked, the details tab now shows "default" in "Blocklist" column. This is the name showing under the "Description" under Services: Unbound DNS: Blocklists.
However I'm sure until recently before 25.7.11 it used to show the name of the actual block list such as (from memory) SteveBL so it was easy to see which actual list was blocking the URL.
I can understand that given the recent change to the Services: Unbound DNS: Blocklists structure why it's working like this but it makes it hard to fault find. Bizarrely clicking on the gear icon "Commands" in the Reporting Unbound Details panel brings up a dialogue box which shows exactly the blocklist that blocked the URL, so the system knows.
Is it possible that this is an oversight and could the previous functionality be re-instated in that it displays the actual name of the block list rather than the description. It could show both which would assist in fault finding if there are several blocklist groups configured.
Please be careful reading the above as Opnsense appears to nest blocklists into blocklists now (ie uses the same name for what I would consider a block list into a blocklist group) Using this nomenclature I would say the Unbound Details panel is showing the blocklist group where it previously showed the blocklist name.
Has anyone else noticed this behaver and have I missed a simple solution apart from clicking the gear icon against each line in question?
#93
German - Deutsch / Re: Welches DSL-Modem für VDSL...
Last post by k0ns0l3 - January 25, 2026, 07:16:03 PMKurz fragen zum Schnittstellen Einstellungen, private Netzwerke blockieren und bong Netzwerke blockieren bei pppoe0 und Modem vlan01 aktivieren oder deaktivieren.
Danke und liebe Grüße
Danke und liebe Grüße
#94
German - Deutsch / Re: Welches DSL-Modem für VDSL...
Last post by k0ns0l3 - January 25, 2026, 07:10:17 PMQuote from: JeGr on January 25, 2026, 05:18:13 PMQuote from: k0ns0l3 on January 17, 2026, 05:10:57 AMProbiere ich heute Abend, übrigens habe alles vorbereitet wie hier steht https://www.du-consult.de/opnsense-so-konfiguriert-man-eine-deutschlandlan-pppoe-einwahl/ denke wird alles passen oder gibt's irgendwas zum korrigieren.
BTW: Das ist ein 4-5 Jahre alter Blog. Bitte Leute, hört auf irgendwelchen alten Mist als Basis für ne neue Installation ranzuziehen, nur weil da vielleicht ein Keyword drinsteht, das bei euch passt (Deutschland LAN, PPPoE keine Ahnung). Dafür gibts Doku, Wiki, Forum. Und dann kann man sich aus sowas vielleicht noch die letzte Info holen, wenn alles nicht geht. Aber nehmt nicht steinalte Blogs mit Jahrealten Versionen als Installationsanleitung "so wirds gemacht", dazu ändert sich jedes Jahr viel zu viel in der Software. Zumal in dem Blog jetzt auch wirklich so gut wie nichts drinstand, was nicht eh in der Doku oder hier im Forum gestanden hätte.
Cheers
Kein Problem wird nicht mehr vorkommen,
Lg
#95
German - Deutsch / letsencrypt DNS Problem
Last post by Simaryp - January 25, 2026, 06:46:24 PMHallo, ich habe heute eine Baustelle abschließen wollen und bin über ein unerwartetes Problem gestolpert.
Ich möchte gerne auf meinem Server traefik laufen lassen mit letsencrypt.
Ich hatte das auf meinem alten opnsense router auch schon mal funktionierend hin bekommen. Aber wegen anderer Baustellen liegen lassen müssen.
Ich wollte heute die traefik Konfiguration finalisieren und stellte fest, dass das letsencrypt nicht mehr ging.
Erstes Problem war, dass ich dyndns auf meinem neuen opnsense router noch nicht eingerichtet hatte. Das habe ich gerade hin bekommen.
Aber letsencrypt geht noch immer nicht.
Eine Recherche sagt mir, dass es wohl an meinem DNS Setup liegt, was sich bei dem neuen router geändert hatte. Früher hatte der DHCP-Server einfach die leases zum DNS hinzu gefügt. Daher musste ich im DNS nicht viel anpassen und letsencrypt hat bei cloudflare einen dns record angelegt. Im aktuellen Setup mit dnsmasq musste ich aber in unbound ein query forwarding anlegen, weswegen letsencrypt die IP nicht richtig auflöst und die dns challenge nicht machen kann.
Hat irgendjemand das hinbekommen?
Ich möchte gerne auf meinem Server traefik laufen lassen mit letsencrypt.
Ich hatte das auf meinem alten opnsense router auch schon mal funktionierend hin bekommen. Aber wegen anderer Baustellen liegen lassen müssen.
Ich wollte heute die traefik Konfiguration finalisieren und stellte fest, dass das letsencrypt nicht mehr ging.
Erstes Problem war, dass ich dyndns auf meinem neuen opnsense router noch nicht eingerichtet hatte. Das habe ich gerade hin bekommen.
Aber letsencrypt geht noch immer nicht.
Eine Recherche sagt mir, dass es wohl an meinem DNS Setup liegt, was sich bei dem neuen router geändert hatte. Früher hatte der DHCP-Server einfach die leases zum DNS hinzu gefügt. Daher musste ich im DNS nicht viel anpassen und letsencrypt hat bei cloudflare einen dns record angelegt. Im aktuellen Setup mit dnsmasq musste ich aber in unbound ein query forwarding anlegen, weswegen letsencrypt die IP nicht richtig auflöst und die dns challenge nicht machen kann.
Hat irgendjemand das hinbekommen?
#96
26.1 Series / Re: 26.1.r_9 -> to 26.1 offici...
Last post by notspam - January 25, 2026, 06:45:03 PMI know this link. There is described the process how to move to the 26.1 pre-release version.
My question concerns the way from pre-release to the final 26.1.
If there is a need to pay attention to hotfixes or something ?
If i move the repo to community the 26.1_r9 is deleted and replaced with 26.1_r1.
So the question is if i should move the repo to community back if 26.1 final is available or is there a need to manually do something ?
My question concerns the way from pre-release to the final 26.1.
If there is a need to pay attention to hotfixes or something ?
If i move the repo to community the 26.1_r9 is deleted and replaced with 26.1_r1.
So the question is if i should move the repo to community back if 26.1 final is available or is there a need to manually do something ?
#97
Q-Feeds (Threat intelligence) / Re: Testing firewall rules wit...
Last post by Q-Feeds - January 25, 2026, 06:32:19 PMYou can pull the lists using our OpenAPI: https://api.qfeeds.com/openapi/#/
The number is not always increasing since we validate the IOCs, so we often delete old IOCs as well to make it efficient and relevant.
The number is not always increasing since we validate the IOCs, so we often delete old IOCs as well to make it efficient and relevant.
#98
26.1 Series / RC1: hundreds of rc.newwanipv6...
Last post by Patrick M. Hausen - January 25, 2026, 05:55:15 PMHi all,
after upgrade from 25.7.11_2 to 26.1r1 everything looked good at first. I did not yet try the rule migration but intended to wait for RC2 with all the fixes in that specific area.
Half an hour later Internet was down. SSH to the box still working, system quite sluggish, dashboard widgets failing to load.
A couple of hundred processes like this:
"killall -9 php" made the system responsive again for a short while but the processes kept piling up.
Anything specific in the log I should look for?
With 25.7 running, this is the dhcp6d.conf:
I'm a bit puzzled by that "request domain-name-servers;" - is that hard coded? I could not find a way to disable it, anywhere and I certainly do not want any DNS servers, be it v4 or v6 from my ISP.
I isolated the logs for a single PID when the system was running 26.1r1:
Kind regards,
Patrick
after upgrade from 25.7.11_2 to 26.1r1 everything looked good at first. I did not yet try the rule migration but intended to wait for RC2 with all the fixes in that specific area.
Half an hour later Internet was down. SSH to the box still working, system quite sluggish, dashboard widgets failing to load.
A couple of hundred processes like this:
Code Select
/usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe0 force
"killall -9 php" made the system responsive again for a short while but the processes kept piling up.
Anything specific in the log I should look for?
With 25.7 running, this is the dhcp6d.conf:
Code Select
interface pppoe0 {
send ia-na 2; # request stateful address
send ia-pd 2; # request prefix delegation
request domain-name-servers;
request domain-name;
script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc na 2 { };
id-assoc pd 2 {
prefix ::/56 infinity;
};
I'm a bit puzzled by that "request domain-name-servers;" - is that hard coded? I could not find a way to disable it, anywhere and I certainly do not want any DNS servers, be it v4 or v6 from my ISP.
I isolated the logs for a single PID when the system was running 26.1r1:
Code Select
root@opnsense:/var/log/system # grep 56100 *
latest.log:<29>1 2026-01-25T14:53:57+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="701"] Sending Solicit
latest.log:<27>1 2026-01-25T14:53:57+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="702"] transmit failed: Can't assign requested address
latest.log:<29>1 2026-01-25T14:53:58+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="705"] Sending Solicit
latest.log:<29>1 2026-01-25T14:53:59+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="721"] Sending Request
latest.log:<29>1 2026-01-25T14:53:59+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="722"] Received REPLY for REQUEST
latest.log:<29>1 2026-01-25T14:53:59+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="723"] failed to remove an address on pppoe0: Can't assign requested address
latest.log:<29>1 2026-01-25T14:53:59+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="724"] failed to update an address ::
latest.log:<29>1 2026-01-25T14:54:00+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="732"] Sending Solicit
latest.log:<29>1 2026-01-25T14:54:01+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="733"] Sending Request
latest.log:<29>1 2026-01-25T14:54:01+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="734"] Received REPLY for REQUEST
latest.log:<29>1 2026-01-25T14:54:01+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="735"] failed to remove an address on pppoe0: Can't assign requested address
latest.log:<29>1 2026-01-25T14:54:01+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="736"] failed to update an address ::
latest.log:<29>1 2026-01-25T14:54:02+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="741"] Sending Solicit
latest.log:<29>1 2026-01-25T14:54:03+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="744"] Sending Request
latest.log:<29>1 2026-01-25T14:54:06+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="746"] Received REPLY for REQUEST
latest.log:<29>1 2026-01-25T14:54:06+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="747"] failed to remove an address on pppoe0: Can't assign requested address
latest.log:<29>1 2026-01-25T14:54:06+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="748"] failed to update an address ::
latest.log:<29>1 2026-01-25T14:54:07+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="757"] Sending Solicit
latest.log:<29>1 2026-01-25T14:54:08+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="759"] Sending Request
latest.log:<29>1 2026-01-25T14:54:08+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="760"] Received REPLY for REQUEST
latest.log:<29>1 2026-01-25T14:54:08+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="761"] failed to remove an address on pppoe0: Can't assign requested address
latest.log:<29>1 2026-01-25T14:54:08+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="762"] failed to update an address ::
[...]
system_20260125.log:<29>1 2026-01-25T16:12:17+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="20634"] Sending Solicit
system_20260125.log:<29>1 2026-01-25T16:12:18+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="20640"] Sending Request
system_20260125.log:<29>1 2026-01-25T16:12:18+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="20641"] Received REPLY for REQUEST
system_20260125.log:<29>1 2026-01-25T16:12:18+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="20642"] failed to remove an address on pppoe0: Can't assign requested address
system_20260125.log:<29>1 2026-01-25T16:12:18+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="20643"] failed to update an address ::
system_20260125.log:<29>1 2026-01-25T16:12:19+01:00 opnsense.ettlingen.hausen.com dhcp6c 56100 - [meta sequenceId="20646"] Sending Solicit
root@opnsense:/var/log/system #
Kind regards,
Patrick
#99
General Discussion / DNS bind error when accessing ...
Last post by patrick3000 - January 25, 2026, 05:48:36 PMI'm running OPNsense (version 25.7.7) as the router and firewall for my home network. I have a Nextcloud server behind OPNense and have dynamic DNS through NO-IP managed by OPNsense so that the Nextcloud server can be accessed by its domain name from the public internet. I also have the Nextcloud domain name set as an override in Unbound DNS in OPNsense so that it can be accessed locally on my home network.
This setup has been stable for years, but recently, I upgraded to a new version of Firefox on my Mint laptop, and I started getting a DNS bind error when accessing the Nextcloud home page by its domain name from within my home network. The error in Firefox is "A potential DNS Rebind attack has been detected. Try to access the router by IP address instead of by hostname. You can disable this check if needed under System: Settings: Administration." This does not happen when I use Chrome on Windows. It only happens in recent versions of Firefox on Mint.
My understanding is that this is occurring because of stricter DNS bind checking in recent versions of Firefox. I can fix the problem at the local level by turning off DNS bind error checking in the Firefox settings under "privacy & security." However, it's inconvenient to have to do this locally on every device that uses Firefox from now on. My question is this: is there a way to fix this problem server-side from within OPNsense? I already tried adding the Nextcloud domain as a "private domain" under Unbound DNS, Advanced, but that did nothing. Does anyone have any thoughts or advice?
This setup has been stable for years, but recently, I upgraded to a new version of Firefox on my Mint laptop, and I started getting a DNS bind error when accessing the Nextcloud home page by its domain name from within my home network. The error in Firefox is "A potential DNS Rebind attack has been detected. Try to access the router by IP address instead of by hostname. You can disable this check if needed under System: Settings: Administration." This does not happen when I use Chrome on Windows. It only happens in recent versions of Firefox on Mint.
My understanding is that this is occurring because of stricter DNS bind checking in recent versions of Firefox. I can fix the problem at the local level by turning off DNS bind error checking in the Firefox settings under "privacy & security." However, it's inconvenient to have to do this locally on every device that uses Firefox from now on. My question is this: is there a way to fix this problem server-side from within OPNsense? I already tried adding the Nextcloud domain as a "private domain" under Unbound DNS, Advanced, but that did nothing. Does anyone have any thoughts or advice?
#100
25.7, 25.10 Series / Re: Need clarification before ...
Last post by nero355 - January 25, 2026, 05:30:15 PMSee here : https://forum.opnsense.org/index.php?topic=50412.msg256975#msg256975
So as long you do not update to 26.1 you are safe ;)
So as long you do not update to 26.1 you are safe ;)
