Topics

I've updated to 21.1.3_3 and suddenly Unbound stopped running + I can't make it running again, i.e. I start the service and after a few seconds it stops: is anybody experiencing a similar issue?

Bottom line with Unbound not working I cannot surf the Internet and I had to exclude it from the network  ???

Tia.

I need a client on subnet 192.168.0.1/24 (LAN) being able to ping another client which is on subnet 192.168.10.1/24 (LAN2) - and viceversa.

LAN and LAN2 are on two different physical Ethernet ports of the OPNsense router.

I'm playing with Firewall --> NAT --> Outbound, but no luck s far  :-[

Can someone help, please?

Tia.

Does anybody have got the same error message? Rebooting the router didn't make any difference.

Code Select Expand

2021-03-10T22:49:58 ntpd[99842] kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
2021-03-10T22:49:58 ntpd[99842] kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
2021-03-10T22:49:58 ntpd[99842] Listening on routing socket on fd #26 for interface updates
2021-03-10T22:49:58 ntpd[99842] Listen normally on 5 pppoe0 51.x.x.x:123
2021-03-10T22:49:58 ntpd[99842] Listen normally on 4 pppoe0 [fe80::20d:b9ff:fe55:a4e8%8]:123
2021-03-10T22:49:58 ntpd[99842] Listen normally on 3 lo0 127.0.0.1:123
2021-03-10T22:49:58 ntpd[99842] Listen normally on 2 lo0 [::1]:123
2021-03-10T22:49:58 ntpd[99842] Listen and drop on 1 v4wildcard 0.0.0.0:123
2021-03-10T22:49:58 ntpd[99842] Listen and drop on 0 v6wildcard [::]:123
2021-03-10T22:49:58 ntpd[99842] restrict: 'monitor' cannot be disabled while 'limited' is enabled
2021-03-10T22:49:58 ntpd[99842] gps base set to 2021-01-17 (week 2141)
2021-03-10T22:49:58 ntpd[99842] basedate set to 2021-01-13
2021-03-10T22:49:58 ntpd[99842] proto: precision = 0.418 usec (-21)
2021-03-10T22:49:58 ntpd[78182] ----------------------------------------------------
2021-03-10T22:49:58 ntpd[78182] available at https://www.nwtime.org/support
2021-03-10T22:49:58 ntpd[78182] corporation. Support and training for ntp-4 are
2021-03-10T22:49:58 ntpd[78182] Inc. (NTF), a non-profit 501(c)(3) public-benefit
2021-03-10T22:49:58 ntpd[78182] ntp-4 is maintained by Network Time Foundation,

I'm on the latest 21.1.3

And is there an easy fix for this?

Tia.

Can someone please advise how to understand which service is using proxy ACLs?

I'm trying to delete the cron job "download and reload external proxy ACLs" but I get an error.

Tia.

I have Suricata disabled, but I am not able to delete its cron job in system --> settings --> cron: I click on the bin icon but nothing happens, how c ome?

Tia

I am a bit confused, ergo I need some clarification:

One of my 'Aliases' is the Yoyo list which I used to configure a Firewall rule for both LAN and WAN (as per documentation).
Now, I've actually realised (better later than ever) I have the same Yoyo list in Unboubnd--> Blacklist -->  Type of DNSBL, so my question is: do I have to delete both rules in LAN and WAN or just in LAN ?

I was thinking that if I keep the rule in WAN that would prevent those IP addresses to connect to my client(s) or they would be blocked anyway thanks to Unbound?

Tia.

I've installed the Snort ruleset but in the download section I still see all the ETPRO telemetry rules too: how do I rid of them?

Tia.

A few days ago I decided to not renew my Kaspersky licence and to use Windows Defender, but since then I see some 'strange' entries in the Suricata log, that is my laptop trying to connect to 205.185.216.10 or 205.185.216.42 and those two IP addresses trying to connect to my laptop (attached an example).

Does anybody has noticed the same, by any chance? It seems being related to Windows Update, I really doubt my laptop is infected...

Tia.

Can someone please advise on how I can allow ping on the WAN side?

I'm trying to set up an external service which in order to work must receive a ping response from my WAN address.

Tia.

I have a pretty basic setup, modem <--> APU2E4 <--> access point and it works just fine. My connection to ISP is PPPoE and I've seen so many posts claiming that this type of connection seems to impact the performance of OPNsense.

I can change the modem setting from bridge mode onto modem/router, so that it can handle the PPPoE protocol and then connect the OPNsense appliance to the router DMZ (to avoid doube NAT): would this bring any benefits at all?

Tia.

I have a pretty basic setup, that is modem <--> opnsene appliance <--> access point and it works just fine.

My Internet is 80/20 and my opnsense box's got three ports: one connected to the modem, one connected to the AP and the third one to the PS4.
My local LAN is on 192.168.0.1/24 while the PS4 is on a different subnet, 192.168.10.1/24

The issue is my son complaining about his laggy ps4 (ping can go up to 170-180) and was wondering if there is anything at all I can do to improve my setup.

Tia.

[Unbound DNS]

I have a few domains in Unbound DNS --> Blacklist --> Whitelist Domains - is there a file where those domains are stored, so I can check ?

I checked in /var/unbound/etc but nothing...

Tia.

I've installed turbostat from https://pkg.freebsd.org/FreeBSD:12:amd64/quarterly/All/turbostat-4.17_1.txz with the command

Code Select Expand

pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/quarterly/All/turbostat-4.17_1.txz

and I got the following

Code Select Expand

Fetching turbostat-4.17_1.txz: 100%   46 KiB  46.9kB/s    00:01
Installing turbostat-4.17_1...
Extracting turbostat-4.17_1: 100%


But if I just type turbostat I then get the following error

Code Select Expand

root@doom:~ # turbostat
turbostat version 17.06.23 - Len Brown <lenb@kernel.org>
turbostat: /dev/cpuctl0 missing, kldload cpuctl: No such file or directory

Can someone please guide me how to run it?

Tia.

I'd like to know what the timescale is for getting Suricata v5.0.4 or v6 - thanks.

If I don't use IDS/IPS, by enabling the hardware offloads settings, would I gain performance ?

Tia.

Why do I have to provide my credit card details for a free trial and then I have to cancel the subscription if I don't want to continue? You mention a "seamless subscription experience" but it's nonsense... in my humble opinion, this is not he right way to acquire potential customers...

That's annoying, to be honest and I'll pass.

As per subject, I'd like to be able to log in to modem GUI via WAN port, but (and sorry if it's a dumb question) I don't understand how to configure OPNsense.

First thing, I don't have a 'local' address for my WAN port (I've attached screenshots of the configuration) and I was thinking that if I was able to assign the WAN port an IP in the same subnet as LAN, I should be able to do so: my OPNsense IP address is 192.168.0.1 and my LAN addresses range through DHCPv4 is 192.168.0.2 - 192.168.0.50

Appreciated some help.

Tia.

If I'm not mistaken, there is nothing in the GUI which can give me the info of the connection speed of the modem: is there a command I can type through CLI that would give me the speed that the modem's connected?

Tia.

[VLAN Hardware Filtering]

I'd like to know what the default value is (enabled or disabled) for the VLAN Hardware Filtering.

Thanks.

If I'm running the IDS on the WAN interface only, in the 'Home networks' section should I enter:

1) WAN address only

2) LAN networks only

3) WAN address + LAN networks

Tia.