"Recent posts
#91
25.7, 25.10 Series / Re: ISC deprecation issues
Last post by Patrick M. Hausen - January 19, 2026, 08:08:20 PMThe IPs will be automatic but predictable and stable. Unless the clients use privacy extensions but they are free to do that with DHCP, too.
A server configured with SLAAC will always get the same GUA unless its MAC address changes.
A server configured with SLAAC will always get the same GUA unless its MAC address changes.
#92
25.7, 25.10 Series / Re: ISC deprecation issues
Last post by stanthewizzard - January 19, 2026, 08:04:46 PMQuote from: Patrick M. Hausen on January 19, 2026, 07:50:19 PMQuote from: stanthewizzard on January 19, 2026, 07:44:48 PMISC DHCPv6 gives wan routable ipv6 from my ISP [...] to other devices
SLAAC can do that without any DHCP present at all.
Yes but at my knowledge without fixed IPs ?
#93
25.7, 25.10 Series / Re: ISC deprecation issues
Last post by Patrick M. Hausen - January 19, 2026, 07:50:19 PMQuote from: stanthewizzard on January 19, 2026, 07:44:48 PMISC DHCPv6 gives wan routable ipv6 from my ISP [...] to other devices
SLAAC can do that without any DHCP present at all.
#94
25.7, 25.10 Series / Re: OPNSense throwing multiple...
Last post by BigFreddy - January 19, 2026, 07:48:22 PMQuote from: Patrick M. Hausen on January 18, 2026, 11:35:58 PMI have only ever seen these:Code Selectahcicho 0: Timeout on slot 7 port 0
CAM Status: Command Timeout
Retrying command, 2 more tries remain
with dying devices. If I saw that in a new unit I would never put that into production before I had successfully eliminated the cause. Timeouts in the CAM subsystem must not happen. If they do, something is broken. Never ignore them.
What do you mean by "vanilla" and "backwards compatible"? Save the configuration from your current unit, fix the hardware, install the very same version, restore configuration ...
Thanks, good to know what the mentioned error codes mean, I guess you really do learn something new every day haha. Once I replace the drive, I will check dmesg again but hopefully it will be fine. I must have gotten a unit with a faulty SSD and haven't realised it, it's been running fine for a long time but it became more severe recently. Thanks for helping me with the diagnosis of the issue, it's very much appreciated.
Quote from: franco on January 19, 2026, 04:05:14 AMThe firmware health audit can probably confirm?Not sure if there is one, I already ordered a replacement so will replace and see how it goes. Hopefully the reboot will be instant compared to the current one where it takes quite a while to reboot.
This thread can be closed now, thanks all for your help.
#95
General Discussion / Re: Strange WiFi issue
Last post by suur13 - January 19, 2026, 07:48:00 PMI was able to solve my main issue with Chromecast by enableing "Allow intra-BSS communication", but connecting to BubbleUPnP still gives error that I want to connect from WAN. Yes I could allow Wan settings from Bubble, but do not want (due security).
What OPNSense does block/filter that connecting via its internal Wifi makes one service in LAN to think that I'm trying to connect from WAN ?
What OPNSense does block/filter that connecting via its internal Wifi makes one service in LAN to think that I'm trying to connect from WAN ?
#96
25.7, 25.10 Series / Re: ISC deprecation issues
Last post by stanthewizzard - January 19, 2026, 07:44:48 PMQuote from: meyergru on January 19, 2026, 07:25:10 PMQuote from: stanthewizzard on January 19, 2026, 07:13:54 PMevery server inside the lan (homelab) has a statiq IP fddd:31e8:3076:XX:YY
DHCPv6 with prefix and RA managed on carpv6 (also updated with IPv6 changes) and RA advertises fddd:31e8:3076:XX:YY
Do not send any DNS configuration to clients
fddd:31e8:3076:: is an ULA prefix that is not routed outside of your LAN, unless you use NAT66 or you still have the assigned GUA prefix IPv6s on top for outside access. If you use those ULA IPs for server access, fine.
But then, why / how do you rely on ISC DHCPv6?
I can see only two things it could provide: routeable IPv6 addresses, which can be handed out via SLAAC as well and leases and/or reservations which allow to use internal DNS names (which you say you do not use).
Frankly, I do not get what you are missing.
Oupsi
yes you are right
and it's on purpose (internal dns for exemple with no wan rights)
then ISC DHCPv6 gives wan routable ipv6 from my ISP (2 servers are ban from being contacted from the outside world) to other devices (iphones windows mac etc)
#97
25.7, 25.10 Series / CSRF Check
Last post by spetrillo - January 19, 2026, 07:35:44 PMHello all,
Ever since I upgraded to 25.7.11 I am getting the following when I login:
CSRF check failed. Your form session may have expired, or you may not have cookies enabled.
I have rebooted OPNsense but it does not fix this. What is this about?
Thanks,
Steve
Ever since I upgraded to 25.7.11 I am getting the following when I login:
CSRF check failed. Your form session may have expired, or you may not have cookies enabled.
I have rebooted OPNsense but it does not fix this. What is this about?
Thanks,
Steve
#98
German - Deutsch / Re: Anfänger und sorry --- bek...
Last post by Orion1984 - January 19, 2026, 07:35:32 PMQuote from: uneu on January 19, 2026, 06:14:50 PMHast du ein WAN-GW (IP-Adresse der Fritzbox) eingetragen?Wie konnte das denn passieren. Man sollte das nicht mal eben so nebenbei versuchen.
Quote from: meyergru on January 19, 2026, 07:15:10 PMUnd ja, das WAN-Gateway (wahrscheinlich 192.168.178.1) fehlt. Das wäre alles korrekt, wenn Du auf dem WAN nicht Static IP, sondern DHCPv4 eingestellt hättest.
Vielleicht liest Du mal dies: https://forum.opnsense.org/index.php?topic=39556
Den Post für Dummies hatte ich zugegebenermaßen nicht sehr ausführlich gelesen.
Nachdem ich den Gateway nun richtig konfiguriert habe, konnte ich auf 25.7.11 upgraden.
Der Zugang zum Internet bleibt mir noch verwehrt, da muss ich morgen Mittag nochmal ran.
Werde mich bestimmt nochmal dazu melden.
Bis hierher sage ich aber schonmal DANKE.
#99
25.7, 25.10 Series / Re: ISC deprecation issues
Last post by meyergru - January 19, 2026, 07:25:10 PMQuote from: stanthewizzard on January 19, 2026, 07:13:54 PMevery server inside the lan (homelab) has a statiq IP fddd:31e8:3076:XX:YY
DHCPv6 with prefix and RA managed on carpv6 (also updated with IPv6 changes) and RA advertises fddd:31e8:3076:XX:YY
Do not send any DNS configuration to clients
fddd:31e8:3076:: is an ULA prefix that is not routed outside of your LAN, unless you use NAT66 or you still have the assigned GUA prefix IPv6s on top for outside access. If you use those ULA IPs for server access, fine.
But then, why / how do you rely on ISC DHCPv6?
I can see only two things it could provide: routeable IPv6 addresses, which can be handed out via SLAAC as well and leases and/or reservations which allow to use internal DNS names (which you say you do not use).
Frankly, I do not get what you are missing.
#100
German - Deutsch / Re: Anfänger und sorry --- bek...
Last post by meyergru - January 19, 2026, 07:15:10 PMDu kannst in Interfaces->Overview sehen, welche Interfaces online sind. Bei diesem Router-behind-Router-Setup benötigst Du Outbound NAT, wenn Du von "hinter" der OpnSense Internet-Zugriff haben willst. Und ja, das WAN-Gateway (wahrscheinlich 192.168.178.1) fehlt. Das wäre alles korrekt, wenn Du auf dem WAN nicht Static IP, sondern DHCPv4 eingestellt hättest.
Vielleicht liest Du mal dies: https://forum.opnsense.org/index.php?topic=39556
Vielleicht liest Du mal dies: https://forum.opnsense.org/index.php?topic=39556
