"Recent posts
#91
26.1 Series / Congratulations on 26.1 (plus ...
Last post by waxhead - February 03, 2026, 07:07:00 PMFirst of all congratulations with the 26.1 release and more importantly THANKS!
For me everything works as expected and I had no issues upgrading.
And for what it is worth, the entire thing feels a tad snappier as well which is not something I expected.
And here is the small request that I sneakily and totally accidentally wanted to mention :)
I don't use everything in the menu, and I expect not everybody else does either. For example stuff like the firewall->legacy rules and the services->ISC DHCP are relevant to mention these days.
It would be great if it was possible to click a button to hide (or shade) the services/features that I don't (often) use from the menu. And of course a menu button to globally override all hidden items so that everything comes back if you need to enable it / look at something you don't often look at (kind of like a favorites menu or like how "full help" works today). I am getting old and more easily confused by clutter.
For me everything works as expected and I had no issues upgrading.
And for what it is worth, the entire thing feels a tad snappier as well which is not something I expected.
And here is the small request that I sneakily and totally accidentally wanted to mention :)
I don't use everything in the menu, and I expect not everybody else does either. For example stuff like the firewall->legacy rules and the services->ISC DHCP are relevant to mention these days.
It would be great if it was possible to click a button to hide (or shade) the services/features that I don't (often) use from the menu. And of course a menu button to globally override all hidden items so that everything comes back if you need to enable it / look at something you don't often look at (kind of like a favorites menu or like how "full help" works today). I am getting old and more easily confused by clutter.
#92
26.1 Series / Re: Destination NAT: Configura...
Last post by miketubby - February 03, 2026, 07:04:43 PMHi Franco,
Thanks, patch applied and I am now able to add DNAT rules ;-)
I don't know where my previous NAT rules went... this is what I did:
1. Existing Server, working system (25.7_11) ... Backed up config
2. New (temp) server, installed 26.1, imported backup, upgraded to 26.1_4. Didn't explicitly test DNAT but everything seemed to be working.
3. Flattened exiting server, installed 26.1. Backed up temp server, imported to existing server. Upgraded to 26.1_4
Found that DNAT wasn't working. I guess somewhere along the way it broke...
All is good now. Thanks for the help. Have sent €50,00 donation.
Regards
Mike
Thanks, patch applied and I am now able to add DNAT rules ;-)
I don't know where my previous NAT rules went... this is what I did:
1. Existing Server, working system (25.7_11) ... Backed up config
2. New (temp) server, installed 26.1, imported backup, upgraded to 26.1_4. Didn't explicitly test DNAT but everything seemed to be working.
3. Flattened exiting server, installed 26.1. Backed up temp server, imported to existing server. Upgraded to 26.1_4
Found that DNAT wasn't working. I guess somewhere along the way it broke...
All is good now. Thanks for the help. Have sent €50,00 donation.
Regards
Mike
#93
Tutorials and FAQs / Re: [HOWTO] Reach your ONT or ...
Last post by meyergru - February 03, 2026, 06:56:38 PMI buy this, smilingly, because I actually already had those NULL routes, myself. I added it, together with a caveat...
BTW: The Null4 and Null6 gateways do not have to be created manually, they are already present.
BTW: The Null4 and Null6 gateways do not have to be created manually, they are already present.
#94
Web Proxy Filtering and Caching / Caddy and DDNS
Last post by spetrillo - February 03, 2026, 06:21:48 PMMy OPNsense firewall is behind my ISP router and setup as a DMZ host. I have setup DDNS on the ISP router, since it has the public WAN IP. This has been working for over 2 years. I now want to put a web server behind my OPNsense firewall, but I would like to use Caddy on the OPNsense firewall, for proxy and certificate management. Would it be advisable to use HTTP or DDNS for certificate issuance and management? In my mind's eye I would like to register the domain name, in this case *.petrilloconsulting.net, to Caddy and then use subdomains to identify the actual web services.
#95
25.7, 25.10 Series / Re: What is the official migra...
Last post by opnsense-user123 - February 03, 2026, 06:10:42 PMI typically ask more questions here than answer them, so take any of this below as half 'tip' and half question (as in, am I correct about what I'm saying?).
I just made the swtich on my 25.7.11_9 system. I have three LANs so I thought I'd try one or two before changing the final one that has many more hosts on it. That was unsuccessful because, even though in ISC DHCPv4 config I unchecked the box for those two LANs, ISC seemed to still be bound to port 67 on those LANs. So I had to do all three at once and make sure ISC was really stopped.
Then I noticed in the Kea error logs that the "Control Agent" is deprecated. So though I at first checked the box to turn it on in that page, I later went back and turned it off.
It was easy to export a CSV fie of the reservations from ISC, one for each LAN. I could import those into Kea after I created the three LANs in the Subnets tab (after having of course selected the three interfaces in Settings > General > Interfaces). Reservations should be within the subnet (obviously) but outside the 'pool' allocation.
I'm using the default of raw sockets and did check the box to create standard firewall rules for communications.
I did not have to reboot.
I'm not seeing errors in the Kea log and I am seeing hosts starting to appear in the 'Leases DHCPv4' panel. Early going, but so far so good. Hoping for a smooth update to v26 when the openssl patch comes out which I'm hoping is soon.
I just made the swtich on my 25.7.11_9 system. I have three LANs so I thought I'd try one or two before changing the final one that has many more hosts on it. That was unsuccessful because, even though in ISC DHCPv4 config I unchecked the box for those two LANs, ISC seemed to still be bound to port 67 on those LANs. So I had to do all three at once and make sure ISC was really stopped.
Then I noticed in the Kea error logs that the "Control Agent" is deprecated. So though I at first checked the box to turn it on in that page, I later went back and turned it off.
It was easy to export a CSV fie of the reservations from ISC, one for each LAN. I could import those into Kea after I created the three LANs in the Subnets tab (after having of course selected the three interfaces in Settings > General > Interfaces). Reservations should be within the subnet (obviously) but outside the 'pool' allocation.
I'm using the default of raw sockets and did check the box to create standard firewall rules for communications.
I did not have to reboot.
I'm not seeing errors in the Kea log and I am seeing hosts starting to appear in the 'Leases DHCPv4' panel. Early going, but so far so good. Hoping for a smooth update to v26 when the openssl patch comes out which I'm hoping is soon.
#96
General Discussion / Re: DNS bind error when access...
Last post by patrick3000 - February 03, 2026, 06:06:37 PMThanks, Patrick M. Hausen. I will do one of those when I have some time. Both look rather complicated to set up, although NAT reflection perhaps a bit less so. Still, when I have some time in a couple of weeks, I will do one or the other because it's a hassle to manage this at the browser level.
#97
General Discussion / Re: The pledge of the Network ...
Last post by Maurice - February 03, 2026, 05:57:25 PMAmen.
#98
General Discussion / Re: The pledge of the Network ...
Last post by Greg_E - February 03, 2026, 05:55:20 PMYou should add in mindlessly paste from AI.
#99
Hardware and Performance / Re: CPU recommendations for gi...
Last post by Greg_E - February 03, 2026, 05:54:18 PMYou could step up to an HP T740, or move over to an n150 or n305 based system. I'm not sure the T740 with Zenarmor will handle a full gigabit, I haven't tested it. My similar performance Intel E series Xeon does not give me full gigabit with Zenarmor, but the clock speed is also lower than the AMD v1756b that's in the T740.
Note that if you go with a T740 or T755 there is something you must change or it will not boot. I have a thread on the changes you need to make in here somewhere.
Kind of a long read https://forum.opnsense.org/index.php?topic=38921.msg190577#msg190577 with most of the info at the bottom of the first page and into the second page (I think).
Note that if you go with a T740 or T755 there is something you must change or it will not boot. I have a thread on the changes you need to make in here somewhere.
Kind of a long read https://forum.opnsense.org/index.php?topic=38921.msg190577#msg190577 with most of the info at the bottom of the first page and into the second page (I think).
#100
26.1 Series / Re: os-isc-dhcp-1.0_3 failed t...
Last post by Quirk7272 - February 03, 2026, 05:51:39 PMHad the same issue today after upgrade from 25.7. After the upgrade found out that the os-isc-dhcp wasn't updated to version 1.0_3. Had to manual update the package.
After the update dhcp services failed to start. I have a lot of static mappings configured.
After removing, installing the plugin and a reboot the services started running again.
After the update dhcp services failed to start. I have a lot of static mappings configured.
After removing, installing the plugin and a reboot the services started running again.
