Messages

Dann hast Du wahrscheinlich das nano Image auf dem USB Stick?

Für eine installation brauchst Du das serial Image (oder Du schreibst das nano Image direkt auf die SSD).

Edit:
@fabian, da warst Du wohl schneller ;)

Well normally the rules that get generated automatically allow to reach anything from LAN..

Are you able to ping and resolve different sites directly from the OPNsense host?

Seems correct.
I assume you checked that the traffic arrives at your WAN address?
Do you see any blockings in Firewall > Log Files > Live View?
(Especially with destination being the WAN address (with ':8443', which would mean natting doesn't work properly (had this just yesterday, all of a sudden))

Take a look on Firewall > Groups.

Edit:

Firewall not Interfaces

Melde dich mit dem user 'installer' auf der Konsole an (passwort 'opnsense') und befolge die Installationsroutine (achte darauf das Du deine SSD auswählst).

Since squid has a rather large demand in memory (even with only a few rules) it could be that the spikes are from reloading the rules (or maybe other large tables/lists)..

You're welcome :)

Please prepend '[SOLVED]' to the thread title.

The configuration like on your pictures is the right one (destination should be wan address).
But you have to let the source port on 'any' (because the source port is mostly random (like the help text should state)).

Wie wäre es mit einem QOTOM Gerät?

Die G4er haben 4 ports, bei Aliexpress kann von i3 bis i7 und verschiedenen RAM & SSD Kombinationen ausgewählt werden.

If I'm not wrong, the help text on "Source port" should state that you mostly don't need to set it.

Try to set it to 'any'

The sshd_config gets generated, you'll find the template here:

/usr/local/etc/inc/plugins.inc.d/openssh.inc

Be aware that the file gets overwritten after an update/upgrade

Assuming the subnets are able to reach the opnsense instance, you can configure outbound NAT here:

Firewall > NAT > Outbound

You have to switch to 'Hybrid outbound NAT rule genration' and enter them as manual rules.

Until the scp backup push is integrated, you could make it yourself like I did;

Cron action (replace '{USER}'):

/usr/local/opnsense/service/conf/actions.d/actions_scp-backup.conf

Code Select Expand

[scp-backup]
command:su {USER} -c /usr/home/scp-backup.sh
type:script_output
message:backing up config file
description:Backup config file


Because ssh_key and known hosts I make sure it gets executed as the right user, so replace '{USERID}'

/usr/home/scp-backup.sh

Code Select Expand

#!/bin/sh

if [ $(id -u) -eq {USERID} ]; then
    APPENDIX="$(hostname)-$(date +"%Y%m%d%H%M%S")"

    echo "Uploading config-$APPENDIX.xml"
    scp /config/config.xml {USER}@{HOST}:{PATH}/config-$APPENDIX.xml
fi


You can configure static routes here:
System > Routes > Configuration

You need to set login shell for the respective users and allow the admin group to use SSH.

System: Settings: Administration: "Login Group" and System: Access: Users: "your user": Login shell


Cheers,
Franco