r/opnsense

i have opnsense at home running 24.7.12 setup with tailscale and subnet routes all working correctly

i have a fresh install of opnsense 26.1.5 at work, installed tailcale all set up as it should be, advertised subnet routes 192.168.0.0/24. the only accessible address via tailscale is opnsense itself via 192.168.0.1 nothing else will work, i have another machine on that network with tailscale installed that if i route through that instead the whole network is accessible, is there something im missing or is tailscale not working correctly with this version,

my plan for tomorrow is to reinstall opnsense 24 on this machine to see if it then works

Hey folks,

I ran into an issue with my setup where Zenarmor was sending a ton of small _bulk requests to Elasticsearch. Even though I was using SSD, it still resulted in lots of small disk writes, higher IOPS, and unnecessary load on the cluster.

Instead of tuning ES endlessly, I tried a different approach — I built a small proxy that sits in between and batches _bulk requests in memory before forwarding them to Elasticsearch.

👉 https://github.com/codifierr/es-bulk-proxy

What it does:

• Buffers incoming _bulk requests
• Merges them into larger batches
• Sends fewer, bigger writes to Elasticsearch
• Passes through all read requests unchanged (so dashboards still work normally)

It’s super lightweight and runs as a single container. No disk usage, just in-memory buffering.

Basic usage:

docker run -d \
  -p 8080:8080 \
  -e ES_URL=http://your-es:9200 \
  ssingh3339/es-bulk-proxy

Then just point your client (in my case Zenarmor) to this instead of Elasticsearch.

For me, this significantly reduced write amplification and smoothed out ingestion.

Curious if anyone else has dealt with similar issues or has suggestions to improve this approach. Happy to get feedback!

Zenarmor made 35.7K request which is converted to 361 bulk ES requests

I want to enable DNS query forwarding for the local domain myhouse.home to dnsmasq running on 127.0.0.1:53053 so that host names like jellyfin@myhouse.home resolve.

I am running OPNsense 26.1.5 with Unbound DNS on port 53.

Dnsmasq is providing DNS/DHCP on port 53053 with static hosts jellyfin.myhouse.home pointing to 192.168.1.10.

I have added a Query Forwarding entry for myhouse.home. to 127.0.0.1:53053 under Services > Unbound DNS > Query Forwarding and restarted the Unbound service.

Query forwarding is not working. DNS queries for myhouse.home return NXDOMAIN when sent to port 53, but dnsmasq answers correctly on port 53053.

The backend Unbound API configuration shows "forwarding":{"enabled":"0"}.

How the heck do I turn on the forwarding for this? Where is the global “Enable Query Forwarding” toggle in the OPNsense GUI? The Query Forwarding page shows individual domain entries but I cannot find a master enable/disable option. Any pointers on where that toggle is or how to make Unbound actually forward those domains would be appreciated.

What's the trick to be able to use OPNsense as exit node? I have been following some tutorials and it seems to be straight forward but it doesn't work for me. OPNsense advertising it self as exit node but when choosing the exit node on a client device it just get access to local network.

I get this message in Tailscale admin console.

https://preview.redd.it/i02aacovg8tg1.png?width=872&format=png&auto=webp&s=c8bd94225384da481fc1af04663cdff23d71c07f

Hi all.

My Proxmox hosting the Firewall recently failed and I am striving for a more robust setup.

I think I generally understand the concept, but I am not certain how I would get there.

Today, my FW IP is 192.168.1.1 and the different VLANs have …10.1, …20.1, etc.

This is supposed to move to e.g. 192.168.1.2 and 192.168.1.3, and the original IP will turn into a virtual one.

I don’t want to loose my network with a heavy rework for too long since I usually have tons of questions in between and need to research 😂

Or can I just install the 2nd FW on 192.168.1.3, create the virtual IP and have this one as a drop-in replacement of the first one?

(Settings not synced automatically, I think)

Thanks

Hi,

Here's the error message:

https://preview.redd.it/gs4ssh21jdtg1.png?width=403&format=png&auto=webp&s=7c199114f36977f366e48e65d4065559edbe7d9c

Here's my hardware config:

https://preview.redd.it/wtsir315jdtg1.png?width=865&format=png&auto=webp&s=5fb250f51a9611c8a3381b62ccd8069e6d46dd7e

Any suggestions?

Thanks!

Hi,

Whenever I try root or installer in the console, the password 'opensense' is rejected.
Even checking that 'opensense' appears as I type it, into the login field instead to make sure there's no funky key map.

I've rebuilt the VM a few times, but still no luck.

Copilot/ chatgpt haven't been able to solve this one.

Its a fresh 'dvd' iso from : https://opnsense.org/download/

Any ideas?

https://preview.redd.it/jnniulsaadtg1.png?width=981&format=png&auto=webp&s=b63e6742ab1064b4f05972ec417febaee62795d8