When building the documentation, there are some build errors in the ipsec-rw*.rst files. Additonally, both ipsec-road.rst and ipsec-rw.rst exist, and both are about the same subject.

@mimugmail was the last person to work on it, and it appears to a work in progress. For this reason, I haven't yet touched these files, but I'd like @mimugmail to tell me what the plans are.

Page: https://docs.opnsense.org/manual/how-tos/sslvpn_s2s.html#step-1-add-ssl-server

Section "Step 1 - Add SSL Server"

The table has a line "Server Certificate: SSLVPN Server Certificate (CA: SSL VPN CA)"

But there is no Server certificate option if "Peer to Peer (Shared Key)" is selected.

WARNING: dot code 'blockdiag {\n   OPNsense [shape="cisco.firewall", label=""];\n   internet [shape="cloud"];\n   private_net [shape="cloud", label="private net"];\n   Gateway1 [shape="cisco.router", label=""];\n   Gateway2 [shape="cisco.router", label=""];\n   Gateway3 [shape="cisco.router", label=""];\n   OPNsense -> Gateway1 -> internet;\n   OPNsense -> Gateway2 -> internet [style = dotted];\n   OPNsense -> Gateway3 -> private_net;\n\n}': integer argument expected, got float
WARNING: dot code 'nwdiag {\n\n    span_width = 90;\n    node_width = 180;\n    Internet [shape = "cisco.cloud"];\n    fileserver [label="File Server",shape="cisco.fileserver",address="192.168.1.10"];\n    fileserver -- switchlan;\n\n    network LAN {\n      switchlan [label="",shape = "cisco.workgroup_switch"];\n      label = " LAN";\n      address ="192.168.1.1.x/24";\n      fw1 [address="192.168.1.1/24"];\n    }\n\n    network WAN  {\n      label = " WAN";\n      fw1 [shape = "cisco.firewall", address="172.18.0.164"];\n      Internet;\n    }\n\n    network Remote {\n        Internet;\n        laptop [address="172.10.10.55 (WANIP),10.10.0.1 (IPsec)",label="Remote User",shape="cisco.laptop"];\n    }\n  }': integer argument expected, got float

blockdiag/blockdiag#111
blockdiag/blockdiag#130

@jschellevis @AdSchellevis changes in this repository should be deployed.

would help prevent repetitive discussions like https://forum.opnsense.org/index.php?topic=15900.msg78647, explain what the settings do, point to alternative defaults.

From time to time we see questions about software not distributed by us in binary form, it might be good to explain a bit what we ship, how it's called and how you can use ports to build packages on the machine which are not being shipped by us.

Adding other repositories (FreeBSD, HardenedBSD) has risks, which is good to warn about upfront.

add documentation for opnsense/core#3636

With the latest release 19.7.9 the change "For now, this update brings you a GeoIP database configuration page for aliases which is now required due to upstream database policy changes and
a number of prominent third-party software updates we are happy to see included." is announced. In the web front end help text it says, that the OPNsense documentation contains more information. Searching online, I did find https://wiki.opnsense.org/manual/how-tos/maxmind_geo_ip.html
This how to states "Once you have created an account you’ll need to create a license key. Click in the “My License Key” link and generate a key. Save the key ID somewhere safe!!!", doing so I get asked during the key generation at maxmind if geoip update isused (I assume yes) and which version of geoipupdate is used as starting with version 3.1.1 the key is hased. The OPNsense how to doesn't contain any information regarding this choice.
I would be nice to improve the documentation by

• mentioning that geoip update is used (if that is correct)
• stating if the hashed or unhashed key shall be used

Let's compile a list of the core topics missing at the moment, while restructuring the index.

• System --> Routes
• Interfaces --> Wireless
• Firewall --> Rules
• Firewall --> Groups
• Firewall --> VirtualIPs
• Firewall --> Settings
• Services --> Dnsmasq DNS
• Services --> Network Time
• Services --> OpenDNS
• Services --> Router Advertisements
• Services --> Unbound DNS

(In case it's important: Firefox 63, macOS High Sierra 10.13.6)

The new feature "Enable Linux Package Cache" has a too brief description that looks more likea marketing message than a technical doc:

Enable or disable the caching of packages for linux distributions. This makes sense if you have multiple servers in your network and do not host your own package mirror. This will reduce internet traffic usage but increase disk access.

This does tell the user how the caching would function. Also the official product documentation does not include any mention of this feature.

Please provide more information regardin the outcome of this option as in which condition it would work or not.

I found a broken link (404 error) here. Hope to see this link updated.

I am trying to find figure out how to call the API for DnsCrypt but so far from looking at the code no dice.
Can the missing Documentation for the API for this be added please? TIA

CC @mimugmail

Hello devs,
I was trying to locate the logfile for pf in the filesystem, but was unable to find. That was when I realised, there is no hint in the GUI, from which log the GUI data is coming from. I think it would make sense to reveal the path to the file that is being presented in the various GUI logging related menus. So if one wants to read these logs directly from CLI, there will be specific info which logfile needs to be opened.

Page: https://docs.opnsense.org/support.html

It is currently impossible to make a difference between T2 & T3 - is the documentation wrong or is the information missing at the plugins repository?

Are the plugins really uncritical? Many users depend on reverse proxies such as nginx or HAProxy because they have to route based on the Host header at least because they need the same port for multiple servers. Some users may need to run FRR because they operate at the edge of an AS and without it, they don't have internet access because the other routes don't have the routes back…

This sentence from the carp how-to contains a thinko I think.

When using different network drivers on both machines, like running a HA setup with one physical machine as master and a second machine as slave, states can not be synced as interface names differ. The only workaround would be to set up a LAGG.

I think this edit would fix it: s|second|virtual|

It was mentioned on IRC that https://docs.opnsense.org/manual/install.html has old recommendations to flashing the disk and windows is still a touchy subject on this front doing things it should not.

https://www.deciso.com/write-bootable-image-to-usb-drive/
https://www.balena.io/etcher/

The existing docs are extremely terse. They're good for a brief example, but leave so much untouched-on, that the learning curve is unnecessarily steep once off these basics, for less experienced or new developers, and those not previously using phalcon.

Additionally OPNsense project uses a customised file style, with xml not databases, for which even fewer references exist. Even basics such as "what types exist in a form" or "how are fields organised and collated to get from xml to form?" are hard to find. The main source on available types is the source code file src/opnsense/mvc/app/views/layout_partials/form_input_tr.volt, which isn't at all easy to locate unless one knows a bit already and what to search for, and definitely isn't readily found by a completely new-to-phalcon dev who "just wants to get going". And there's not much at all about our xml files because thats a customisation.

It's often easy to overlook what's needed, hard to learn, or not obvious, once it's become familiar. (That's not in any way meant as a crtitique, it's a recognition of something almost inevitable and almost universal for new devs on many projects). As I'm a new dev, and seem (surprisingly!) to be coping with learning this, and starting to push a few PRs, I'd like to start adding some more targeted brief documentation and examples to ease the way for other new to these things, to simplify the learning curve.

It would be a kind of "New Developers Guide" (or section) taking up where "hello world" stops, to fill the gap between "hello world" and a realistic extension or core code PR, overviewing practical creating and modifying legacy and new-style code, extensions, etc - which I suspect will be useful.

Tl;Dr - If that's okay, can you let me know where to put them in the dev guide, and a preferred title for now?

new spot is Interfaces -> VirtualIPs

new option probably needs some explanation, both in interfaces and vpn examples.

ref https://forum.opnsense.org/index.php?topic=7314.0;topicseen

• Alternative Apps
• QR-Code generated in the Site

The Cloud import button is missing after I added LDAP server (Zentyal, I can communicate with it):

Also I got this error, is it linked somehow?

[07-Oct-2019 16:24:01 Atlantic/Azores] PHP Warning: implode(): Invalid arguments passed in /usr/local/www/system_authservers.php on line 249

I have the system upgrade since 17.0

Currently:
OPNsense 19.7.4_1-amd64
FreeBSD 11.2-RELEASE-p14-HBSD
OpenSSL 1.0.2s 28 May 2019

Debunking the Myths
There are some myths surrounding our project offered mostly by pfSense enthusiasts, if you have read their comments on us then we’d recommend to just ignore them and install OPNsense, if you have not already done so.

I am not sure if you know what debunk means, but you clearly haven't done it here. You literally just say to ignore the claims of your main competitor, and install your software with no explanation of the overall situation. This basically lets the PfSense people say whatever they want about you, and everyone only ever hears their half of the story.

I only recently became aware of the PfSense/OPNSense... "flame war" for lack of a better word, but this failure to address the claims of the PfSense people worries me. Make no mistake, I have no trust whatsoever for PfSense after they stopped releasing their source code, the opnsense.com fiasco, and their deliberately misleading advertising, but I have seen no evidence presented thus far about how OPNSense is supposed to be any better.

Obviously, they make a lot of ridiculous claims and it is difficult to debunk all of them, but there are a few recurring ones that seem to keep coming up:

• They claim that OPNSense attempted to steal the PfSense trademark and become "PfSense in Europe".
• They claim that you are a bunch of amateurs who routinely push alpha quality software, and deliberately remove features, so that you can add them back in over a period of several months so you look like you are doing something.
• They claim that your code quality is bad, and that you have broken VPN functionality, and VLANs on 5 separate occasions.
• They claim that the original OPNSense fork was mainly so that you could sell branded hardware, not because you are actually trying to improve it.
• They claim that they have tried to contribute to OPNSense and been told to "fuck off" by the lead people.

A simple google search for "pfsense vs opnsense" should turn up the respective threads on reddit, various forums, and ycombinator, but for convenience I will list a couple of them here:

Note: A lot of the time, the posters are either gonzopacho or htilonom. I think it is reasonable to assume that they are representative of the PfSense crowd, however there are other people who bring up points on these forums that aren't explicitly associated with PfSense, but who nonetheless make claims about your behavior that I think may need to be addressed.

Broken VLANs, branded hardware and Europe trademark issue:

https://www.reddit.com/r/PFSENSE/comments/3rh9dw/pfsense_vs_opnsense/

They also claim that you tried to delete their Wikipedia page, although from what I understand they also tried to do this to you.

Feature reintroduction issue, broken VLANs:

https://www.reddit.com/r/PFSENSE/comments/35dl17/pfsense_vs_opnsense_articles/

"We've fixed bugs in opnsense for people, and were told to fuck off by both Franco and Jos. We've pointed out errors in how they do things and have been told to fuck off by Franco and Jos." Not sure about this one either, no corroborating evidence.

The point is, you not saying anything about any of this is a bad idea. It makes it seem like you are deliberately avoiding addressing these issues, which might lead some people to conclude that you have something to hide. For context, this is similar to gonzo's response (or lack thereof) to the claims that it has been impossible to reproduce PfSense builds since 2.3.5. Whenever people bring it up, he simply doesn't reply.

I can't personally edit the documentation to add this information, because I am new to this whole affair, and thus cannot comment intelligently on what has been going on. I am also not a representative of OPNSense, so it would be inappropriate.

My trust in OPNSense is undecided as of now, because of this failure to address these issues. Even if you don't cover all of them, there are a lot of them that keep coming up. It may also be a good idea to explain some of the deceptive behavior engaged in by PfSense/Netgate (or whatever their parent company is now called). The failure to release source code/build tools is a big deal, and you should really explain that in the "Why did we fork section".

I tried to get started with the OpnSense API following the given docs:

• https://docs.opnsense.org/development/api/core/ids.html
• https://docs.opnsense.org/development/how-tos/api.html

Connecting and interacting with the API works well so far.

As my goal is "adding custom IDS/IPS rules" to the process I tried doing
so via the following endpoint:
POST https://my-opnsense/api/ids/settings/adduserrule

What I'm missing is the expected data format of the JSON object
used within the POST that describes my actual rule.

Striving through the docs I've not seen any description of POST
values or examples. I would love to see this as an enhancement
for easing the learning curve of the API.

;-)

Hello devs,

a note: maybe its just me, but if I see the service status any of the locations (service status on the dashboard, or System: Diagnostics: Services or the various individual services under \Services), the icon representing the "recycle" symbol can be interpreted in different ways:

1. restart of the service
2. reload of the service

The option 1) will result complete service-interrupting restart of the service, while 2) may just reload the service configuration file, keeping the service still UP.

I figured it out the actual performed action is indeed 1) but that may not be that obvious for any new user. Do you think some hover message when pointing to the icon with mouse should clearly say: "Restart service" to signal it wont be just a non-interrupting "Reload config" ?

The reason why I mentioned this issue under DOCS is that I couldnt find any page that describes the "services" section, where it could be clearly mentioned that the recycle symbol does service-interrupting restart and not config reload.

Thanks!

@fichtner please assign to the author

I was looking into dynamic routing, and there is absolutely no mention whatsoever that a plugin is required for this feature (which I expected would require a plugin). Additionally, figuring out which plugin also look far too much work to figure out, too. The docs should be updated to list required plugins on their various configuration documentation pages.

Examples:
https://wiki.opnsense.org/manual/how-tos/dynamicrouting_ospf.html
https://wiki.opnsense.org/manual/how-tos/dynamicrouting_howto.html

In section 3, the image is just a blank location window. Can we get it updated to show whatever is needed to follow along?

Also, Is that the entirety of everything necessary to setup NGINX? No ports need to be adjusted in NAT, etc?

docs/source/manual/how-tos/nginx.rst

Test AV setup page: https://docs.opnsense.org/manual/how-tos/proxyicapantivirusinternal.html

The link is broken to the EICAR AV test file.
Old link: http://www.eicar.org/85-0-Download.html

Two alternatives.
Archive version, new location: http://2016.eicar.org/85-0-Download.html
New Version location: https://www.eicar.org/?page_id=3950

Presumably, both provide the same file. The site was rebuilt. The old site is at the 2016 subdomain.

Hi guys, don't know if it's me or it's the docs, but, in the online docs (wiki.opnsense.org) I can search for an item the results are in the right frame.
However, when I compile the docs locally I'm not able to perform a search, the 'wheel' keeps running nothing happens.
Now just as a check I didn't miss any library or other piece of software in the docs or on my server, I compiled the Pfsense wiki, put it on my local server and checked if the search function works and it does.

It could still be I'm missing something or this is already know, but I didn't find relevant info.
Thanks again for this beautiful OS, mark

Orange France IPTV setup

The howto looks like "igmp proxy" is installed by default.

It is not. And newbee can search it for days.

Just mention
-must be added from the plugins repo
-and a restart is needed

https://forum.opnsense.org/index.php?topic=16498.msg75251#msg75251

Add PSR-12 guidelines.

Configured Unbound to forward, as per https://wiki.opnsense.org/manual/how-tos/bind.html

Unbound failed to start, with error:
opnsense: /services_unbound.php: The command '/usr/local/sbin/unbound -c '/var/unbound/unbound.conf'' returned exit code '1', the output was '/var/unbound/unbound.conf:106: error: syntax error read /var/unbound/unbound.conf failed

The offending line in config was: do-not-query-localhost: no

Identified that the cause was also having a Domain Override configured. Once the domain override was removed, Unbound started okay and forwarding worked as expected.

This looks like the last batch of things todo to create a baseline for our product documentation:

• System --> Configuration / local backups, defaults and history
• System --> Firmware (partially covert in installation and setup)
• System --> HA sync, status page and some general workflow information
• System --> Settings, move system logging into it.
• System --> Trust, rename menu item for consistency
• System --> Diagnostics, move content to own page, extent content when needed.
• Interfaces --> Interfaces / assignments, not sure yet, doesn't look very useful as is, but might stay this way.
• Interfaces --> Overview.
• Interfaces --> Wireless, add landing page, we (as Deciso) generally don't advice wireless setups at the moment. Not planning to spend a lot of time here, some cards work, some don't.
• Interfaces --> Mobile Networking, probably move
• Interfaces --> Diagnostics, move content to own page, extent content when needed.
• Firewall --> Diagnostics, move content to own page, extent content when needed.
• Some general trouble shooting (some error codes from https://github.com/opnsense/src/blob/master/sys/sys/errno.h )

like https://github.com/opnsense/core/blob/master/src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes/AliasContentField.php

https://forum.opnsense.org/index.php?topic=7816.0

Is your feature request related to a problem? Please describe.
As authentication scripts are not standardized it is not clear which user name and password are used for additional authentication in this case. It is obviously not the account the certificate is connected to.

Describe the solution you'd like

1. An exact description in the OPNsense manual section "Setup SSL VPN Road Warrior" (maybe renaming it might be a good idea because the term "Road Warrior" is not showing up anywhere in the menus) explaining the relationship between the account's user name, the Descriptive Name and the Common Name entries in the linked certificate and which of them is the User Name OpenVPN will demand for authentication.

2. Add some reminders to the info/help texts in the OpenVPN section.

Describe alternatives you've considered
Finding out by reading the source code for hours.

This is a tracking issue, meant to track which parts of the product have been documented, which parts haven't been, and which parts have documentation that is outdated or not up to standard.

This tree follows the menu structure of OPNsense:

• Lobby https://docs.opnsense.org/manual/gui.html
  • Dashboard: #112 ; also somewhat covered by https://docs.opnsense.org/manual/gui.html
  • License (not needed) https://docs.opnsense.org/manual/gui.html
  • Password https://docs.opnsense.org/manual/gui.html
  • Logout https://docs.opnsense.org/manual/gui.html
• Reporting
  • Health https://docs.opnsense.org/manual/systemhealth.html
  • Insight https://docs.opnsense.org/manual/how-tos/insight.html
  • Netflow https://docs.opnsense.org/manual/netflow.html
  • Settings https://docs.opnsense.org/manual/reporting_settings.html
  • Traffic https://docs.opnsense.org/manual/reporting_traffic.html
• System
  • Access
    • Users https://docs.opnsense.org/manual/how-tos/user-local.html
    • Groups https://docs.opnsense.org/manual/how-tos/user-local.html
    • Servers
    • Tester https://docs.opnsense.org/manual/how-tos/two_factor.html
  • Configuration
    • Backups https://docs.opnsense.org/manual/how-tos/cloud_backup.html
    • Defaults
    • History
  • Firmware
    • Updates #113
    • Plugins
    • Packages
    • Changelog #129
    • Settings
    • Reporter
    • Log file https://docs.opnsense.org/manual/logging.html
  • Gateways
    • Single https://docs.opnsense.org/manual/how-tos/multiwan.html
    • Group
    • Log file https://docs.opnsense.org/manual/logging.html
  • High Availability https://docs.opnsense.org/manual/hacarp.html
    • Settings
    • Status
  • Routes
    • Configuration
    • Status
    • Log file https://docs.opnsense.org/manual/logging.html
  • Settings #155
    • Administration #155
    • Cron #155
    • General #155
    • Logging #149
    • Miscellaneous #155
    • Tunables #155
  • Trust
    • Authorities
    • Certificates https://docs.opnsense.org/manual/certificates.html
    • Revocation
  • Wizard
  • Log Files
    • Backend https://docs.opnsense.org/manual/logging.html
    • General https://docs.opnsense.org/manual/logging.html
    • Web GUI https://docs.opnsense.org/manual/logging.html
  • Diagnostics #126
    • Activity
    • Services
• Interfaces
  • [LAN]/[WAN]/etc. #147
  • Assignments #147
  • Overview #151
  • Settings
  • Wireless #141
    • Devices
    • Log Files https://docs.opnsense.org/manual/logging.html
  • Point-to-Point https://docs.opnsense.org/manual/how-tos/multiwan.html
    • Devices https://docs.opnsense.org/manual/how-tos/multiwan.html
    • Log Files https://docs.opnsense.org/manual/logging.html
  • Other Types #162
    • Bridge
    • GIF
    • GRE
    • LAGG
    • VLAN
  • Diagnostics #126
    • ARP Table
    • DNS Lookup
    • NDP Table
    • Packet Capture
    • Ping
    • Port Probe
    • Trace Route
• Firewall
  • Aliases https://docs.opnsense.org/manual/aliases.html
  • Rules
    • Floating
    • (interface-specific)
  • NAT #139
    • Port Forward
    • One-to-One
    • Outbound
    • NPTv6 #134
  • Shaper https://docs.opnsense.org/manual/how-tos/shaper.html https://docs.opnsense.org/manual/shaping.html
    • Settings https://docs.opnsense.org/manual/how-tos/shaper.html
    • Status https://docs.opnsense.org/manual/how-tos/shaper.html
  • Groups
  • Virtual IPs (covered by CARP docs)
    • Settings (covered by CARP docs)
    • Status (covered by CARP docs)
  • Settings
    • Advanced
    • Normalization
    • Schedules
  • Log Files
    • Live View https://docs.opnsense.org/manual/logging.html
    • Overview
    • Plain View https://docs.opnsense.org/manual/logging.html
  • Diagnostics #126
    • pfInfo #126
    • pfTop #126
    • pfTables https://docs.opnsense.org/manual/aliases.html
    • Sockets #126
    • Status Dump #126
    • Status Reset #126
    • Status Summary #126
• VPN https://docs.opnsense.org/manual/vpnet.html
  • IPsec https://docs.opnsense.org/manual/vpnet.html#configuration
    • Tunnel Settings
    • Mobile Clients
    • Pre-Shared Keys
    • Advanced Settings
    • Status Overview
    • Lease Status
    • Security Association Database
    • Security Policy Database
    • Log File https://docs.opnsense.org/manual/logging.html
  • OpenVPN https://docs.opnsense.org/manual/vpnet.html#configuration
    • Servers
    • Clients
    • Client Specific Overrides
    • Client Export
    • Connection Status
    • Log File https://docs.opnsense.org/manual/logging.html
• Services
  • Captive Portal https://docs.opnsense.org/manual/captiveportal.html
    • Administration
    • Sessions
    • Vouchers
    • Log File https://docs.opnsense.org/manual/logging.html
  • DHCPv4 #127
    • (interface-specific)
    • Relay #160
    • Leases
    • Log File https://docs.opnsense.org/manual/logging.html
  • DHCPv6 #127
    • Relay #160
    • Leases
  • Dnsmasq DNS
    • Settings
    • Log File https://docs.opnsense.org/manual/logging.html
  • Dynamic DNS
  • Intrusion Detection
    • Administration
    • Log File https://docs.opnsense.org/manual/logging.html
  • Monit: 8231b13
    • Settings: 8231b13
    • Status: 8231b13
  • Network Time
    • General
    • GPS
    • PPS
    • Status
    • Log File https://docs.opnsense.org/manual/logging.html
  • Net-SNMP
  • OpenDNS
  • Unbound DNS
    • General
    • Overrides
    • Advanced
    • Access Lists
    • Statistics
    • Log File https://docs.opnsense.org/manual/logging.html
  • Web Proxy https://docs.opnsense.org/manual/proxy.html https://docs.opnsense.org/manual/how-tos/cachingproxy.html
    • Administration https://docs.opnsense.org/manual/how-tos/proxywebfilter.html https://docs.opnsense.org/manual/how-tos/cachingproxy.html
    • Log File https://docs.opnsense.org/manual/logging.html
• Power not needed
  • Reboot not needed
  • Power Off not needed

Also see these issues:

• #99

... my pulls linked here ...

It would be good to add a section under https://docs.opnsense.org/development/frontend.html to explain the different javascript helper functions we offer at the moment.

• ajaxCall
• ajaxGet
• mapDataToFormUI
• saveFormToEndpoint
• updateServiceControlUI
• $.SimpleActionButton
• $.UIBootgrid
  • opnsense/core@ffdcbdd
  • opnsense/core@fbaafde
• stdDialogInform
• stdDialogConfirm
• stdDialogRemoveItem

After reading the how to for clamav ( docs/source/manual/how-tos/clamav.rst) ist's unclear to me if the plugin works on its own or if the proxy and c-icap needs to be enabled in addition to make any use of clamav. It would be good to expand a little on how clamav works (on its own) and what it does, or which other plugins (c-icap & web proxy?) need to be used together with clamav to make any use of it.

Will add this the next days

The How-To for VPN mobile users is a very good document. It has gotten me to the point where I am able to successfully connect to my private LAN. The fact that even I can do this is a strong testament to the quality of this document!

However, I do have one long-standing problem that I would very much like to see addressed in this document: How to configure my DNS services in OPNsense so that remote clients can "see" resources on the network as they do when they are physically on the LAN, or at least be able to connect to resources by hostname rather than IP address.

I currently have to do a manual DNS by logging into OPNsense, and reviewing the active DHCP leases! Fortunately for me, I can access the OPNsense server... the other remote users must rely on keen memories :)

Referring to the documentation here, I am unable to find the menu entry for "System > Access > Configuration":

I was looking for the described settings in other sections for quite a while but did not succeed.
I was wondering whether it might be a bug?

Hello,

while i was configuring new OPNsense 18.7.9 - i noticed that https://wiki.opnsense.org/manual/how-tos/user-ldap.html is obsolete.

for example, import users button didn't show up until i set "Authentication" server to LDAP.
also, i didn't found any option to give permission to LDAP group.

You can see some HTML code in it

• use new health output
• lastest version
• etc, etc.

closes opnsense/core#3785

e.g. Explain DependConstraint and back references