OPNsense 26.1.8_5 Freezes Randomly

[xenon2008]

Hello everyone,
For several days now I've been having the issue that my OPNsense (OPNsense 26.1.8_5-amd64) completely freezes.
When it freezes, it is no longer pingable, and even if I manually assign an IP address to my client, I still cannot reach the firewall at all
So i couldnt reach the web interface, no ping, no Internet, nothing.
At first I thought it was due to my old hardware, so I bought a brand new CWWK mini Firewall, reinstalled OPNsense, and restored the backup file.
It ran fine for a few days, but today the exact same problem happened again, just like on the old hardware.

Does anyone have an idea what could be causing this? I can rule out a hardware issue since this is completely new hardware.
At this point I'm honestly starting to get really frustrated because I can't figure out what's causing it.

After a reboot everything works normally again, but the freeze keeps coming back after some time (Days).
Could somebody help me please?

Thanks & Kindly Regards

[BrandyWine]

What does the console say?

[punq]

I'm experiencing something very similar, every 2 weeks or so, it just dies. Manually assigned ip, and tried ping, no response.

I have worked through logs (with claude) and found nothing.

cpu temps look good, and memory seems stable. A reboot clears it right up.

Any advice on what to look for would be greatly appreciated. added some screenshot of WAN/LAN traffic

[meyergru]

Disable ASPM, maybe?

[bestboy]

I seem to have similar issues. The firewall seems to be still up & running, but it seems to shut out everything. The issue reminds me of the "new" startup behavior with divert-to rules: all traffic is dropped until the Suricata service is up & running. But this is happening after a day of uptime and the service (probably) up. In the suricata logs I found these errors:

Error
suricata
[100216] <Error> -- thread W-8000 failed

Warning
suricata
[101690] <Warning> -- Write to ipfw divert socket failed: No buffer space available


I'm not sure what buffer space ran out. mbufs seemed to be fine when checking the health graph in reporting. I'm running with kern.ipc.nmbclusters = 1000000

Unfortunately I just upgraded the system on the weekend from the rock solid 25.7.11. I also did the rules migration and migrated Suricata to the new divert-to functionality. So many moving parts changed in just a few days.
To me the problem "feels" to be firewall related so my first mitigation attempt is to revert the divert-to changes back to netmap for now.

I'm using a Protectli FW2B on CoreBoot with an Intel Celeron J3060

[nero355]

At first I thought it was due to my old hardware, so I bought a brand new CWWK mini Firewall, reinstalled OPNsense, and restored the backup file.
It ran fine for a few days, but today the exact same problem happened again, just like on the old hardware.

And if you don't use the old config.xml and start from scratch with a very basic setup and use that for a while : Do you experience the same issue(s) ?

[punq]

I seem to have similar issues. The firewall seems to be still up & running, but it seems to shut out everything. The issue reminds me of the "new" startup behavior with divert-to rules: all traffic is dropped until the Suricata service is up & running. But this is happening after a day of uptime and the service (probably) up. In the suricata logs I found these errors:

Error
suricata
[100216] <Error> -- thread W-8000 failed

Warning
suricata
[101690] <Warning> -- Write to ipfw divert socket failed: No buffer space available


I'm not sure what buffer space ran out. mbufs seemed to be fine when checking the health graph in reporting. I'm running with kern.ipc.nmbclusters = 1000000

Unfortunately I just upgraded the system on the weekend from the rock solid 25.7.11. I also did the rules migration and migrated Suricata to the new divert-to functionality. So many moving parts changed in just a few days.
To me the problem "feels" to be firewall related so my first mitigation attempt is to revert the divert-to changes back to netmap for now.

I'm using a Protectli FW2B on CoreBoot with an Intel Celeron J3060

I havent enabled intrusion detection in mine. I do use maxmind geoblock and crowdsec.

[xenon2008]

Hello together,
Thank you for the numerous replies.

What does the console say?

Unfortunately, I don't have a monitor at the location of the firewall, so I can't say for sure, and I can't access it via SSH anymore.

The device is running, the NICs are active, but there's no communication to or through the firewall. If it were "just" Surricata, I should at least get an IP address from the firewall's DHCP service, right? Because that doesn't work in this state either.

I'm experiencing something very similar, every 2 weeks or so, it just dies. Manually assigned ip, and tried ping, no response.

I have worked through logs (with claude) and found nothing.

cpu temps look good, and memory seems stable. A reboot clears it right up.

Any advice on what to look for would be greatly appreciated. added some screenshot of WAN/LAN traffic

I don't want to say I'm "happy" that others are also having this problem, but it's definitely reassuring not to be the only one.

It seems to have started with the last update – I had already migrated the firewall rules before (with the last update), and as far as I know, there weren't any problems then.
Unfortunately, I didn't take a snapshot, otherwise I could go back.

At first I thought it was due to my old hardware, so I bought a brand new CWWK mini Firewall, reinstalled OPNsense, and restored the backup file.
It ran fine for a few days, but today the exact same problem happened again, just like on the old hardware.

And if you don't use the old config.xml and start from scratch with a very basic setup and use that for a while : Do you experience the same issue(s) ?

I honestly can't say what it's like without a backup file, and I can't even test it because I'd have to reconfigure everything manually.

But there haven't been any changes to the firewall's configuration for months, and I still have about 10 different old configuration versions. At least the last two always have the same problem.

Unfortunately, I can't say exactly how often it happens; sometimes it's after 1-2 days, or sometimes after a week. I haven't found a way to reproduce it yet.

But in my opinion, this seems to be a software problem, especially since I'm not the only one experiencing it.

Kindly Regards

[BrandyWine]

I have same version with suricata, but not having any issues.

Migrating FW rules? Since I installed the FW image around mid 2025 all I do is login to webgui and click the buttons to upgrade. It does its thing and reboots. Most upgrades have not even been strict incremental because I only do the upgrades every 3-4mo. I have yet to have any issues.

It's probably nothing to do with FW stuff, probably more related to the OS and your hardware.

Without being able to do actual troubleshooting, this thread is just an exercise in maybe-this maybe-that.

[xenon2008]

It can't be a hardware issue, since it's happening on two completely different devices, and one of them has been running OpenSense for a long time.

And I'm doing the upgrade process exactly the same way as you.

Is there anything I can check in the logs or something similar?

Because I've already skimmed through them, but I didn't find anything unusual.