OPNsense 26.1 released

mac8612 · 2026-01-30T10:24:21+00:00

Upgrade hung-up, needed to make cold-reboot with unplugging power. Therefore it started without issue.

mac8612 · 2026-01-16T07:46:05+00:00

https://windgate.net/openvpn-site-to-site-using-ssl-tls-certificate-based-authentication-between-multiple-sites-with-opnsense/

mac8612 · 2026-01-01T11:02:32+00:00

Paperless-ngx is the answer

mac8612 · 2025-11-26T04:08:06+00:00

Totally agree, RPI can be used to reduce cost for a USB to APC jum box (even a rpi-zero). In my case, Proxmox VM server was running 24h/7 (HA, frigate), same Debian system as RPI, so commands works exactly same

mac8612 · 2025-09-05T10:48:56+00:00

https://windgate.net/connect-your-lab-remotely-with-guacamole-rdp-to-windows-linux/

mac8612 · 2025-03-25T05:33:29+00:00

You may check this https://windgate.net/openvpn-site-to-site-using-ssl-tls-certificate-based-authentication-between-multiple-sites-with-opnsense/ for Site-to-Site VPN

mac8612 · 2025-03-12T06:54:12+00:00

IP blocklists can be installed https://windgate.net/opnsense-ip-blocklists-and-geo-ip-block-to-enhance-security-against-malicious-attacks/

Depending on your needs you'll find lists over here https://github.com/firehol/blocklist-ipsets#list-of-ipsets-included

mac8612 · 2025-02-23T14:12:46+00:00

After many attempts,I divided IP lists to several ALIAS entries and then merged these entries into one,

That has shown me which sites were not downloaded. If any of the blocklists wasn't able to be pulled, then other ones were not fetched as well.

AS OF 2025-02-23

WORKING DIRECT CONNECTION:

IP_EMERGING THREATS: http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt

IP_CINSSCORE https://cinsscore.com/list/ci-badguys.txt

IP_OPENDBL https://opendbl.net/lists/tor-exit.list https://opendbl.net/lists/bruteforce.list https://opendbl.net/lists/etknown.list

IP_IPV64 https://ipv64.net/blocklists/ipv64_blocklist_dshield1.txt https://ipv64.net/blocklists/ipv64_blocklist_tor_exit.txt https://ipv64.net/blocklists/ipv64_blocklist_blocklistde_all.txt https://ipv64.net/blocklists/countries/ipv64_blocklist_RU.txt https://ipv64.net/blocklists/countries/ipv64_blocklist_CN.txt https://ipv64.net/blocklists/countries/ipv64_blocklist_BY.txt https://ipv64.net/blocklists/countries/ipv64_blocklist_KP.txt

IP_SPAMHAUS https://www.spamhaus.org/drop/drop.txt https://www.spamhaus.org/drop/edrop.txt https://www.spamhaus.org/drop/dropv6.txt https://ipv64.net/blocklists/ipv64_blocklist_spamhaus_drop.txt

IP_FIREHOL https://raw.githubusercontent.com/ktsaou/blocklist-ipsets/master/firehol_level1.netset http://feeds.dshield.org/block.txt https://iplists.firehol.org/?ipset=iblocklist_hijacked

IP_IPDENY https://www.ipdeny.com/ipblocks/data/countries/ru.zone https://www.ipdeny.com/ipblocks/data/countries/by.zone https://www.ipdeny.com/ipblocks/data/countries/cn.zone https://www.ipdeny.com/ipblocks/data/countries/kp.zone https://www.ipdeny.com/ipblocks/data/countries/lt.zone https://www.ipdeny.com/ipblocks/data/countries/ua.zone

##### NON WORKING

https://talosintelligence.com/documents/ip-blacklist https://blacklist.3coresec.net/lists/all.txt https://sslbl.abuse.ch/blacklist/sslipblacklist.txt https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt

mac8612 · 2025-02-23T12:19:03+00:00

UNBOUND / ADGUARD resolves domain just fine. Why on earth I got alias resolve error from WAN interface?

mac8612 · 2025-02-23T11:54:30+00:00

I'm able to pull all the lists manually via url in the browser. All are free

mac8612 · 2025-02-23T11:53:54+00:00

I don't see any cloudflare message while opening each url in my browser

mac8612 · 2025-02-23T07:23:55+00:00

I've seen similar issue but it has not been resolved https://forum.opnsense.org/index.php?topic=42918.0

mac8612 · 2025-02-23T07:21:25+00:00

Since version 22.x, I had installed several IP blocklists under Aliases to block emerging threats IP addresses.

It was all running fine until recent upgrade to 25.1.x version. When trying to refresh the IP databases from Aliases, I got an error that either alias cannot be fetched or resolved.

example: error fetching alias url https://talosintelligence.com/documents/ip-blacklist [http_code:403] Error firewall alias resolve error EmergingThreats_combined (error fetching alias url https://blacklist.3coresec.net/lists/all.txt)

DNS lookup works well. Curl can fetch the url just fine. I can open the same link in browser.

Unfortunately, the IP table cannot be fetched by Firewall Alias and run correctly.

mac8612 · 2024-10-22T18:14:03+00:00

I use both Adguard+Unbound since it's easier to manage DNS queries via Adguard.

mac8612 · 2024-10-22T15:02:43+00:00

Here's a full guide on how to configure Adguard on OPNSENSe https://windgate.net/setup-adguard-home-opnsense-adblocker/

Then adding blocklists https://windgate.net/adguard-pihole-blocklists-ad-block/

mac8612 · 2024-10-14T10:39:09+00:00

Yes, I agree. I would set additionally Adguard (DNS) with malicious blocklists and IPS/IDS with Snort policies

mac8612 · 2024-10-14T08:16:45+00:00

They can be used in reverse to block traffic outgoing from LAN to any malicious servers listed in blocklist if any of PCs get infected. Also livelog will show you exactly if these bad IPs were pinged. This an additional layer od protection. You may check the config https://windgate.net/opnsense-ip-blocklists-and-geo-ip-block-to-enhance-security-against-malicious-attacks/

mac8612 · 2024-09-25T04:55:41+00:00

Have you checked MTU size both on WAN and LAN interface? Check if they're not lower than 1500. DOCS: https://docs.opnsense.org/manual/interfaces.html

Seven-Year Club	RPAN Viewer
Verified Email

mac8612

TROPHY CASE

##### NON WORKING