"Recent posts
#91
General Discussion / Re: Where is TCP processed - C...
Last post by Seimus - January 21, 2026, 07:09:28 PMQuote from: chemlud on January 21, 2026, 03:01:11 PMTells me what? ;-)Tells you if there is something on the device itself beyond the NIC that could case the behaviour.
Yea the next step would be to mess with the driver. Best do it indeed locally.
Regards,
S.
#92
25.7, 25.10 Series / wireguard - totally disable ke...
Last post by FredFresh - January 21, 2026, 07:00:02 PMI want to totally disable the keepalive signal to peers of wireguard connections, is it possible?
If I put nothing in the box, it sends signals. If I put 0, it is not allowed. It seems the only thing I can do is to use the maximum value allowed of 65535 secs.
Thanks
If I put nothing in the box, it sends signals. If I put 0, it is not allowed. It seems the only thing I can do is to use the maximum value allowed of 65535 secs.
Thanks
#93
25.7, 25.10 Series / Re: How to increase a proxmox ...
Last post by dgrns - January 21, 2026, 06:50:59 PMThis was a timely nugget of information.
I'm trying to reproduce a multi-site wireguard site-to-site issue and am using VMs to mimic the environments. My VM template disk was too small, but with `touch /.probe.for.growfs` I was back up and running in minutes...
And also a big thanks to @Maurice for the aarch64 images!
I'm trying to reproduce a multi-site wireguard site-to-site issue and am using VMs to mimic the environments. My VM template disk was too small, but with `touch /.probe.for.growfs` I was back up and running in minutes...
And also a big thanks to @Maurice for the aarch64 images!
#94
German - Deutsch / Re: Bridge mit VXLAN verschluc...
Last post by EFS - January 21, 2026, 06:40:25 PMHallo Patrick,
ich habe folgende gesetzt:
Auch nach dem Ändern der Tunables, inkl. Neustart der OPNsense, hat sich leider nichts geändert.
ich habe folgende gesetzt:
- net.link.bridge.pfil_member = 0
- net.link.bridge.pfil_bridge = 1
Auch nach dem Ändern der Tunables, inkl. Neustart der OPNsense, hat sich leider nichts geändert.
#95
25.7, 25.10 Series / Re: python -- several vulnerab...
Last post by franco - January 21, 2026, 06:38:52 PMPython has not gone ahead with releasing a new version yet. It was met with a bit of irritation. For now it is what it is.
Cheers,
Franco
Cheers,
Franco
#96
25.7, 25.10 Series / Re: Unbound to DNSmasq/KEA?
Last post by readr00m - January 21, 2026, 06:26:13 PMI just have a small homelab setup, so I moved to dnsmasq for DHCP only and kept unbound for DNS. I was using KEA for a period of time and it worked fine, but I read that KEA is better for larger setups and smaller/personal setups are better with dnsmasq.
#97
25.7, 25.10 Series / Re: Unbound to DNSmasq/KEA?
Last post by julsssark - January 21, 2026, 06:10:56 PMI was using almost the same setup you are thinking about, and it worked great for my homelab that only uses IPv4. I used Kea for DHCP and AdGuard to Unbound for DNS. Just make sure that you set the DNSMasq port to 53 and use a different port for Unbound (e.g., 15353). Be aware that with this configuration, when you set static hosts in Kea, you will also need to add an entry to DNSMasq if you want to reference that host by name/DNS.
Is there a reason/feature that you want to use Kea for DHCP vs. letting DNSMasq do it? The OPNsense docs summarize the options nicely: https://docs.opnsense.org/manual/dhcp.html#available-options
Edit: I switched to DNSMasq for DHCP when that became the recommended setup for small installations.
Is there a reason/feature that you want to use Kea for DHCP vs. letting DNSMasq do it? The OPNsense docs summarize the options nicely: https://docs.opnsense.org/manual/dhcp.html#available-options
Edit: I switched to DNSMasq for DHCP when that became the recommended setup for small installations.
#98
25.7, 25.10 Series / Re: python -- several vulnerab...
Last post by Patrick M. Hausen - January 21, 2026, 06:02:16 PMWait for the next release which will probably address these issues. There is nothing you can do now.
#99
25.7, 25.10 Series / python -- several vulnerabilit...
Last post by makman26 - January 21, 2026, 05:58:19 PMHello,
I am new here and have looked for an answer to my question but have been unable to. I have been getting this alert when I run the security checkup lately and I am not sure what to do. It states that it is inadvisable to update python on its own but I have been through a few minor upgrades and the issue still perists. I am on version 25.7.11_2
Thank you
Dave
Here is the full error.
***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 25.7.11_2 (amd64) at Wed Jan 21 09:44:22 MST 2026
Fetching vuln.xml.xz: .......... done
python311-3.11.14 is vulnerable:
python -- several vulnerabilities
CVE: CVE-2025-13836
CVE: CVE-2025-12084
WWW: https://vuxml.freebsd.org/freebsd/613d0f9e-d477-11f0-9e85-03ddfea11990.html
1 problem(s) in 1 package(s) found.
***DONE***
I am new here and have looked for an answer to my question but have been unable to. I have been getting this alert when I run the security checkup lately and I am not sure what to do. It states that it is inadvisable to update python on its own but I have been through a few minor upgrades and the issue still perists. I am on version 25.7.11_2
Thank you
Dave
Here is the full error.
***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 25.7.11_2 (amd64) at Wed Jan 21 09:44:22 MST 2026
Fetching vuln.xml.xz: .......... done
python311-3.11.14 is vulnerable:
python -- several vulnerabilities
CVE: CVE-2025-13836
CVE: CVE-2025-12084
WWW: https://vuxml.freebsd.org/freebsd/613d0f9e-d477-11f0-9e85-03ddfea11990.html
1 problem(s) in 1 package(s) found.
***DONE***
#100
25.7, 25.10 Series / Re: IPv6 link-local route does...
Last post by Monviech (Cedrik) - January 21, 2026, 05:50:01 PMKea sets automatic routes now, it was a roadmap item:
https://docs.opnsense.org/manual/kea.html#prefix-delegation-ia-pd
https://docs.opnsense.org/manual/kea.html#prefix-delegation-ia-pd
