Hi everyone,

I've been running opnsense for a while now (mostly set and forget) and it has been a great addition to my network.

There is however one point I've never addressed and lately I've been thinking on doing it, but not sure how. Until now, my devices on my network they all are in the same default vlan, but with only 2 distinctions via firewall rules:

• can connect to the internet
• can only access local devices (so no internet. All iot sort of devices get this rule)

As expected, opnsense deals with dhcp and have also installed on the same machine adguard (with all expected rules to redirect all DNS traffic to adguard). All of my machines that are permanent in the network they have aliases and static ips.

I am aware this is not a great setup, and this is why I wanted to implement vlans to make sure if a rogue device is installed at first creates no harm to the network at large (meaning: devices by default fall into a vlan without access to the internet at least, more drastic measure is not allow access to anything besides the router). Eventually, a vlan where devices can only go to the internet can be added, and of course, a vlan that just has all the expected access to the home devices.

I did some research on this and there is information on how to do vlans and such but sometimes the explanation goes a bit over my head (or the explanations don't cover some important details). So my broad question to all of this is:

• do you guys know anyone that explains vlans on an understandable manner inside opnsense? Usually video form is best, but articles can be useful too
• does this setup with 3 vlans makes sense in the 1st place?

If someone has input on how this can be best done I would like to know as well, since I can be approaching this in a too complex manner.

Hi! I'm currently trying to set up my network as seen in the image. USER VLAN has the tag 11, IOT VLAN has the tag 13 and GUEST VLAN has the tag 14. These are tagged by an Omada AP and Omada Switch on individual ports.

So far I have:

• Assigned igc1 (LAN) and igc2 (Wifi) and enabled them (no IP configured).

• Created a Bridge between igc1 and igc2 so they are in the same subnet, which I think of as some sort of management subnet.

• Configured a static IP (192.168.10.1/24) on this Bridge and enabled DHCP. All devices are reachable here and it is also possible to reach the internet from the Omada devices.

• Created VLANs vlan01.11, vlan01.13, vlan01.14 with their parent being igc1 (Omada Switch).

• Created VLANs vlan02.11, vlan02.13, vlan02.14 with their parent being igc2 (Omada AP)

• Assigned all of them and enabled them (no IP configured)

• Created a Bridge between each pair (vlan01.11 + vlan02.11 etc.)

Now my problem is that seemingly no matter what I do some devices on the VLANs cannot reach the internet because they cannot reach their Gateway.

I tried:

• Configuring a static IP to the VLAN Bridge (192.168.11.1 for USER VLAN) and enabling DHCP on it with the correct subnet. Doing so not a single device was able to reach the Gateway, but they were able to talk to each other. DHCP worked this way for both endpoints.
• Instead of configuring a static IP to the VLAN Bridge I configured it right on the vlan02.11 interface and enabled DHCP there. Doing so only the devices on the wifi are able to reach the Gateway but the devices connected via the Switch cannot. In addition DHCP does also not work for devices on the Switch.

Does anyone here maybe have a hint on what I am doing wrong?

Edit: I also tried:

• Combinations of net.link.bridge.pfil_member and net.link.bridge.pfil_bridge but that didnt work either.
• Removing the bridge and using only the vlans but with the same subnet

What hardware is nice for opnsense?
From AliExpress?

cross-posted from: https://infosec.pub/post/27200076

My first blog series on headscale with traefik through podman quadlets was pretty well received on here. I'm just getting started with this blog, and thought the second topic I recently worked on might be popular in this crowd too: a lower resource method of centralizing logs for OPNSense with Grafana Loki (and Alloy) including geoIP!

Hello I have some strange behavior with my suricata on opnsense and was wondering if anyone is experiencing the same:

I wanted to keep a IPS signature active, dropping the packages, but not get an alert every time, since the source is beyond the scope of my control (neighbour) and the alerts spamming my log.

Since this isn't implemented in the GUI yet, I manually added

include: threshold.config

To /usr/local/etc/suricata/custom.yaml

And added

suppress gen-id 1, sig-id 1234567

To /usr/local/etc/suricata/threshold.config

However after this suricata wouldn't start anymore, giving the error it couldn't load threshold.config, cause it needs to have YAML 1.1 and --- as first lines.

Not only does this differ from the documentation, it also differs form the example file.

With this added anyway suricata will start, but have errors in the logs, it couldn't parse YAML 1.1 couldn't parse --- And couldn't parse suppress gen-id 1, sig-id 1234567

So its still not working....

Anyone got an idea what's wrong here, or how I could drop packets silently?

EDIT: when changing the suppression to

suppress gen_id 1, sig_id 1234567

I get the warning

suppress gen_id 1, sig_id 1234567 is deprecated. Please use suppress gen-id 1, sig-id 1234567 on line 3

When starting suricata

BUT NO parsing error about the suppress line (only about the YAML and --- lines), indicating it works now?

Seems not intended, or do I do something wrong?

I am thinking of building a router for OPNsense. I am familiar with building computers but I am not familiar with networking. What kind of hardware would I need to hit 1, 2.5 (my most likely target), 5 or 10 gigabit speeds on my local network?

I was thinking of buying a small form factor PC and sticking an Intel I226 Network Card or something similiar in it.

So, what kind of processor would I need?

cross-posted from: https://lemmy.dbzer0.com/post/33789945

Is it possible to set up an i2p gateway in opnsense so that everyone on the network can access i2p?

Hello all you lovely people!

I'm trying to figure out if I can port forward to different servers based on the destination domain.

I have a domain with a wildcard cert and I'd like to be able to route all traffic headed towards "1.domain.com" to a server I'm calling "1". I'd still like traffic headed to domain.com to go to where it's currently going, we can call this server "0", and to be able to have a 2.domain.com or 3 or 4 in the future.

I thought that having a port forward rule with: interface: WAN Protocol: any source: any destination: a url alias including 1.domain.com redirect target ip: local ip

Would work, but it doesn't seem to. Any tips?

Hi!

I have a question. If I enable IPS mode, my outbound traffic graphs stop working.

This is a known bug? Is there something that I can do?

https://imgur.com/Igzjc6I

I'm running OPNsense 24.1.3_1.

Thanks!

Hi all, I've got a cheap Celeron box running OPNSense and it's been pretty good so far, but I found twice that the device turned off at some point while I was at work, and I have been unable to figure out what's causing it.

The only change was that I enabled Monit to see if I could figure out what was causing crowdsec to stop sometimes but never ended up configuring anything. I've only been running it for a couple months though, so it's possible that that is not related.

I know that on a Mac (based on freebsd, right?) you can determine whether the shutdown reason was a hard shutdown, regular shutdown, or the power cable being unplugged. Is it possible to do that with OPNSense? I'd like to narrow it down to software or hardware ideally.

After a home rewire, I'm ready to bump up to 2.5GbE, and demote my old 1Gbps router/wifi box to "AP Only mode".

I want at least five six total ports, four of which need to be 2.5+ (three to different rooms, one for uplink, one 1G+ for the AP, and one "any speed is enough" for the networked printer :) )

It seems like the "mini-PC with a bunch of 2.5GbE ports running OPNSense" option fits neatly between "Build a router out of my old i5-2500K and some eBay NICs and ignore the USD450 electric bill", and "enterprise rackmount gear with Delta fans left over from people overclocking their Socket A Athlons."

I see a lot of machines of the form "fanless case with a little castle of fins on top, Intel N100 CPU, six 2.5G ports from I226 chipset". A representative example is https://www.aliexpress.us/item/3256806214512701.html

I suspect they may all be re-brands of the same basic product, but I wanted to know real-world experiences:

• Basic question: can anyone vouch for any specific one of these devices/sellers and confirm it worked for them?

• I understand the i225-v LAN chipset was much buggier than the i226-v and to be avoided; still the case? I see a few products that are like USD50 cheaper, with different CPUs and i225-based LAN.

• For routing/firewall duties (probably 4 PCs, 3 phones, a couple printers, and some smart devices) , are the bottom-of-the-line configs (8GB RAM/128G disc) suitable? Is the CPU sufficient? The N100 makes me laugh-- Intel doesn't even want to give it a brand name.

• Regarding WiFi, should I just block out that little Mini-PCIe slot on the board from my mind? I know that FreeBSD WiFi has been sort of a fourth-class citizen for years, but I was wondering if there had been a breakthrough, or at least a "here is one specific card you can buy for a largely drama-free experience"

• Weird question: Any problems with RF noise? I have had some devices where the power brick made a mess of a neighbour's AM radio reception, and I don't want to start a war with him. I figure when you're buying a device with a 60w wall-wart from a random brand, it might not be the cleanest.

Just a few tips for installing on a Sophos SG135 (and perhaps others in the Sophos family?) using the serial build via usb

1. Sophos device starts at 38400,n,8,1 as com settings. OPNsense switches to 115200 after bios. If you set your session to 115200 prior to OPNsense taking over, this causes PuTTY to not be able to input keyboard characters until you kill and re-open the session. Something happens in the transition on either serial interface to cause problems.

2. Perform the auto detection of interfaces. For some reason I got screwed up on the interfaces and couldn't for the life of me get LAN to come up to configure the box. I believe this was twofold: one, the interfaces were all down when I configured them - and two, that caused them to go into a state to where even if 'ifconfig' showed active as I moved my cabling around, pings would not work (LAN). Once I redid the usb live and utilized the auto detection feature properly, no issues occurred.

Hope this helps someone who may run into similar issues.

Hey all, I've been trying to figure out why enabling IPS kills my network. I have some services I host and would like to get some sort of IPS running. I used to have Snort running through pfSense and didn't experience issues like this.

Edit: as an update to this, I resolved it by installing the realtek plugin.

Hey all, recent convert from pfSense. I'm trying to make sure only the DNS servers I've defined are being used for lookups? I'm using Unbound and noticing a lot of traffic on port 53 to destinations other than the ones I've put in.

Hi There,

Please excuse the lenghty post, I wanted to explain/have all the information I can possibly write down

I've been trying to have "udpbroadcastrelay" plugin to relay SSDP (Simple Service Discovery Protocol) between two subnets, LAN and Bridge. However, I've hit a roadblock with this setup.

The peculiar thing is that mDNS (Multicast DNS) works flawlessly using the same plugin and setup!

I hope that someone can help shed some light on this issue and help me get SSDP relay working as smoothly as mDNS does in my setup. If anyone has experience with the "udpbroadcastrelay" plugin in OPNsense or has encountered a similar issue, your insights and guidance would be greatly appreciated. Thanks in advance for any assistance or suggestions!

SIDENOTE:-

I have used BOTH of :

- os-udpbroadcastrelay 1.0_3 (frpm repo)
- compiled from source (Github) so i can use --msearch option

1. My Setup

   • Virtualized OPNsense in Proxmox
     • Pass-Through (WAN)
     • 2 VirtIO Interfaces (LAN & Bridge)
   • OPNsense Version: OPNsense 23.7.10_1-amd64 FreeBSD 13.2-RELEASE-p7
   • Proxmox Version: proxmox-ve: 8.1.0 (running kernel: 6.5.11-7-pve)

2. Troubleshooting Attempts:

I've tried various solutions from different sources to resolve this issue, including:

• HOW TO - Configure OPNsense for TV7 (init7) Multicast Stream

  LAN
  First we have to enable allow options on the default LAN rule Default allow LAN to any rule.

  • Navigate to Firewall -> Rules -> LAN
  • Edit the rule with the description "Default allow LAN to any rule" by clicking the pencil.
  • Scroll down until you see Advanced Options: and click on Show/Hide
  • Make sure that the allow options checkbox is checked
  • Click Save
  • Back on Overview click on Apply changes to enable the changed rule

• [SOLVED] - Multicast bridge problem | Proxmox Support Forum

  maybe try to disable multicast snooping on bridges ?

  echo 0 > /sys/class/net/vmbrX/bridge/multicast_snooping

• Multicast notes - Proxmox VE

  Linux: Disabling Multicast snooping on bridges

  Snooping should be enabled on either the router / switch or on the linux bridge, but it may not work if enabled on both. If you have a hosting provider that has igmp snooping enabled on the multicast switch, it may be necessary to disable snooping on the linux bridge. In that case use:

  post-up ( echo 1 > /sys/devices/virtual/net/$IFACE/bridge/multicast_querier )

  post-up ( echo 0 > /sys/class/net/$IFACE/bridge/multicast_snooping )

To help diagnose the issue effectively, here is what i managed to gather:

FW Ruleset

cat /tmp/rules.debug

LAN Rule Set
pass in log quick on vtnet0 inet from {(vtnet0:network)} to {any} keep state label "3070463c8d527cf93da451fa4f88c7cb" # Default allow LAN to any rule

Bridge Rule Set
 pass in log quick on vtnet1 inet from {(vtnet1:network)} to {any} keep state label "2681e3c4a046e0ab9b3ab64679df3edc" # Allow Bridge to any rule

Interfaces

igc0: flags=8963 metric 0 mtu 1500
	description: WAN (wan)
	options=4802028
	ether xx:xx:xx:xx:xx:xx
	inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
	media: Ethernet autoselect (1000baseT )
	status: active
	nd6 options=29
vtnet0: flags=8963 metric 0 mtu 1500
	description: LAN (lan)
	options=800a8
	ether xx:xx:xx:xx:xx:xx
	inet 192.168.100.3 netmask 0xffffff00 broadcast 192.168.100.255
	media: Ethernet autoselect (10Gbase-T )
	status: active
	nd6 options=29
vtnet1: flags=8963 metric 0 mtu 1500
	description: Bridge (opt1)
	options=800a8
	ether xx:xx:xx:xx:xx:xx
	inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255
	media: Ethernet autoselect (10Gbase-T )
	status: active
	nd6 options=29

CLI USED

./udpbroadcastrelay -d -d --id 1 --port 1900 --dev vtnet1 --dev vtnet0 --multicast 239.255.255.250 --msearch dial

2023/12/29 21:48:17.555 <- [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet1 len=438 tos=0x00 DSCP=0 ttl=4)
   Found NOTIFY search term upnp:rootdevice
2023/12/29 21:48:17.555 -> [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet0 len=438 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:17.593 <- [ 10.10.10.46:52323 -> 239.255.255.250:1900 (iface=vtnet1 len=462 tos=0x00 DSCP=0 ttl=4)
   Found NOTIFY search term urn:schemas-sony-com:service:Party:1
2023/12/29 21:48:17.593 -> [ 10.10.10.46:52323 -> 239.255.255.250:1900 (iface=vtnet0 len=462 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:17.593 <- [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet1 len=447 tos=0x00 DSCP=0 ttl=4)
   Found NOTIFY search term uuid:00000001-0000-1010-8000-045d4bdcbc2f
2023/12/29 21:48:17.593 -> [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet0 len=447 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:17.614 <- [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet1 len=490 tos=0x00 DSCP=0 ttl=4)
   Found NOTIFY search term urn:schemas-upnp-org:device:MediaServer:1
2023/12/29 21:48:17.614 -> [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet0 len=490 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:17.637 <- [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet1 len=502 tos=0x00 DSCP=0 ttl=4)
   Found NOTIFY search term urn:schemas-upnp-org:service:ContentDirectory:1
2023/12/29 21:48:17.637 -> [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet0 len=502 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:17.663 <- [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet1 len=504 tos=0x00 DSCP=0 ttl=4)
   Found NOTIFY search term urn:schemas-upnp-org:service:ConnectionManager:1
2023/12/29 21:48:17.663 -> [ 10.10.10.46:64321 -> 239.255.255.250:1900 (iface=vtnet0 len=504 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:18.315 <- [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet1 len=283 tos=0x00 DSCP=0 ttl=4)
   Found M-SEARCH search term urn:schemas-upnp-org:device:MediaRenderer:1
   Applying default action FORWARD
2023/12/29 21:48:18.315 -> [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet0 len=283 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:18.373 <- [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet1 len=283 tos=0x00 DSCP=0 ttl=4)
   Found M-SEARCH search term urn:schemas-upnp-org:device:MediaRenderer:1
   Applying default action FORWARD
2023/12/29 21:48:18.373 -> [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet0 len=283 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:18.460 <- [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet1 len=283 tos=0x00 DSCP=0 ttl=4)
   Found M-SEARCH search term urn:schemas-upnp-org:device:MediaRenderer:1
   Applying default action FORWARD
2023/12/29 21:48:18.460 -> [ 10.10.10.46:58092 -> 239.255.255.250:1900 (iface=vtnet0 len=283 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:24.824 <- [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet0 len=127 tos=0x00 DSCP=0 ttl=4)
   Found M-SEARCH search term urn:schemas-upnp-org:device:MediaServer:1
   Applying default action FORWARD
2023/12/29 21:48:24.824 -> [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet1 len=127 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:24.924 <- [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet0 len=127 tos=0x00 DSCP=0 ttl=4)
   Found M-SEARCH search term urn:schemas-upnp-org:device:MediaServer:1
   Applying default action FORWARD
2023/12/29 21:48:24.924 -> [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet1 len=127 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:25.425 <- [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet0 len=118 tos=0x00 DSCP=0 ttl=4)
   Found M-SEARCH search term urn:ses-com:device:SatIPServer:1
   Applying default action FORWARD
2023/12/29 21:48:25.425 -> [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet1 len=118 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:48:25.525 <- [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet0 len=118 tos=0x00 DSCP=0 ttl=4)
   Found M-SEARCH search term urn:ses-com:device:SatIPServer:1
   Applying default action FORWARD
2023/12/29 21:48:25.525 -> [ 192.168.100.76:35630 -> 239.255.255.250:1900 (iface=vtnet1 len=118 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:49:16.556 <- [ 10.10.10.46:50201 -> 239.255.255.250:1900 (iface=vtnet1 len=267 tos=0x00 DSCP=0 ttl=4)
   Found NOTIFY search term upnp:rootdevice
2023/12/29 21:49:16.556 -> [ 10.10.10.46:50201 -> 239.255.255.250:1900 (iface=vtnet0 len=267 tos=0x04 DSCP=1 ttl=4)

2023/12/29 21:49:16.577 <- [ 10.10.10.46:50201 -> 239.255.255.250:1900 (iface=vtnet1 len=276 tos=0x00 DSCP=0 ttl=4)
   Found NOTIFY search term uuid:00000004-0000-1010-8000-045d4bdcbc2f
2023/12/29 21:49:16.577 -> [ 10.10.10.46:50201 -> 239.255.255.250:1900 (iface=vtnet0 len=276 tos=0x04 DSCP=1 ttl=4)

Lan Wireshark Capture

Hi everyone,

I’m at my wits end here getting port forwarding working on my setup with Nginx Proxy Manager (NPM) and OPNsense.

I recently upgraded my networking gear, and everything is working great, I’m loving OPNsense and 10G networking. I’ve had the same setup for port forwarding for years and never had issues, the main change was the addition of OPNsense and a switch.

Previous setup (I realize this wasn’t the best):

ISP modem -> DHCPv4 with ports 80/443 forwarded to ASUS wireless router WAN -> DHCPv4 with ports 80/443 forwarded to VM on proxmox running NPM -> NPM set up with hosts to proxy services on other VMs/server.

This (or a variation thereof) has all been working great for years, along with ddns set up as I have a dynamic IP.

New setup:

ISP modem -> DHCP off with ports 80/443 forwarded to OPNsense WAN via MAC address -> OPNsense NAT-Port Forwarding set up to the NPM host/port, rest is the same as before.

The settings for the port forward are the standard I’ve found in guides. WAN address, any source/port, redirect to NPM host and ports. Tried the domain I usually use, no luck. Port checker shows the ports are closed.

Tried the following:

1. DMZ on the ISP modem keeping WAN IP default/automatic and adding OPNsense to the DMZ, no change.
2. Advanced DMZ on ISP, WAN is the external IP, no change
3. Same as 2, but changed OPNsense WAN settings from DHCPv4 to PPPoE, and added the ISP login info. Received new IP, updated ddns, still no change.
4. Checked over port forwarding settings, enabled NAT reflection, still nothing.

I’m between all these steps, I rebooted OPNsense, proxmox, switches, etc.

Any ideas on what I could try for next steps? All of the local networking and external connections work awesome, it’s just the port forwarding as the last piece. Thanks!

Edit 2023-01-03:

I finally solved this, turned out the OPNSense and NPM configuration was all correct.

The problem was a glitch in the docker compose/portainer. I had my ports in docker compose set to 80:80/443:443, but when the container was deployed, it assigned 1880:80/18443:443 because of…reasons, and I didn’t notice until going through it all line by line 🤦.

Redeploying the stack/container didn’t solve it, so I changed the time zone to another city, redeployed and viola, everything works perfect as it should!

This comes with some fixes to the new openVPN system, and route-gateway was added (a big oversight imo). More updates to wireguard and improvements have been added, and are still ongoing.

Here are the full patch notes:

system: correctly set RFC 5424 on remote TLS system logging

system: remove hasGateways() and write DHCP router option unconditionally

system: avoid plugin system for gateways monitor status fetch

system: remove passing unused ifconfig data to Gateways class on static pages

system: remove passing unused ifconfig data on gateway monitor status fetch

system: remove the unused "alert interval" option from the gateway configuration

interfaces: calculate_ipv6_delegation_length() should take advanced and custom dhcp6c into account

interfaces: teach ifctl to dump all files and its data for an interface

interfaces: remove dead link/hint in GIF table

interfaces: avoid duplicating $vfaces array

interfaces: introduce interfaces_restart_by_device()

firewall: remove old __empty__ options trick from shaper model

firewall: update models for clarity

firmware: update model for clarity

ipsec: omit conditional authentication properties when not applicable on connections

ipsec: fix key pair generator for secp256k1 EC and add properer naming to GUI (contributed by Manuel Faux)

ipsec: allow the use of eap_id = %any in instances

openvpn: fix certificate list for client export when optional CA specified (contributed by Manuel Faux)

openvpn: add CARP VHID tracking for client instances

openvpn: add tun-mtu/fragment/mssfix combo for instances

openvpn: add "route-gateway" advanced option to CSO

openvpn: use new File::file_put_contents() wrapper for instances

openvpn: updated model and clarified "auth" default option

mvc: remove "non-functional" hints from form input elements

mvc: uppercase default label in BaseListField is more likely

ui: add bytes format to standard formatters list

plugins: os-ddclient 1.16[1]

plugins: os-frr 1.36[2]

plugins: os-wireguard 2.1[3]

plugins: os-tinc 1.7 adds support for "StrictSubnets" variable (contributed by andrewhotlab)

lang: update translations and add Polish

src: bring back netmap tun(4) ethernet header emulation (contributed by Sunny Valley Networks)

src: axgbe: gracefully handle i2c bus failures

src: bnxt: do not restart on VLAN changes

src: ice: do not restart on VLAN changes

src: net: do not overwrite VLAN PCP

src: net: remove VLAN metadata on PCP / VLAN encapsulation

src: if_vlan: always default to 802.1

src: iflib: fix panic during driver reload stress test

src: iflib: fix white space and reduce some line lengths

src: ixgbe: define IXGBE_LE32_TO_CPUS

src: ixgbe: check for fw_recovery

src: net80211: fail for unicast traffic without unicast key[4]

src: pcib: allocate the memory BAR with the MSI-X table[5]

ports: php 8.2.10[6]

ports: python 3.9.18[7]

ports: unbound 1.18.0[8]

This is an open ended question, it seems we need to encourage people to join here as well as being on their preferred platform (which is not ours to discourage or be derogatory about).

I still frequent the "that site" because I want to help - but honestly I dont want to help "that site". Not that I am really doing so.

However, it feels weird if I do have to say "we are also on fede.. blah blah" and lets be honest about this -- its less support, but by more knowledgeable people (??probably I believe so).

How do we get them (and lets face it, Franco) over here to support OSS.

I know Franco has paid subscriptions but opnsense is OSS, the community is more than happy to help out if it is not paywalled.

https://forum.opnsense.org/index.php?topic=35682.msg173524#msg173524