Topics

Hi guys,

I need some help fine-tuning my FRR BGP Setup.

In particular, setting up "set" parameters on the Route Map.

I need to set a weight or local-preference on the route map via the "set" option as shown on the "Edit route Maps" screen.

However, I've tried adding the following combinations there, but it just doesn't show up in the actual config when issuing sh run from vtysh.

I tried:
local-preference 300
"local-preference 300"
set local-preference 300
"set local-preference 300"

I tried the same for weight, with the same results, they just don't show up in the actual config.

I can add them using "vtshy" and conf term. But I would rather have it done by the gui ;)

Any recommendations on the correct syntax for the "Set" field is more than welcome.

Cheers
Niels

It seems I am having the same issues as @karam
https://forum.opnsense.org/index.php?topic=15922.0

We are preparing to migrate from our old PFSense to our new OPNSense on DEC2690 (https://www.applianceshop.eu/security-appliances/19-rack-appliances/opnsense-based/opnsense-dual-a10-qc-ssd-rack-gen2.html)

I recreated almost all of the aliases. (now totaling 143) however, when I login via SSH or WEBGUI it takes forever to login.

I do have a lot of nested aliases. For instance, I created a "PROTO_WEB" as an alias and created two aliases "PORT_HTTP" and "PORT_HTTPS". I've added PORT_HTTP and HTTPS to PROTO_WEB.

Is this normal behavior? Is this tuneable? At the moment this is a big show stopper.

Kind regards
Niels

BGP Table is fucked up

* >   10.4.0.0/16   0.0.0.0   0      32768   i
1 0 .   60.0.0/17 0.0   .0.0   0   32   768 i   
1 0 .   60.4.128/25 0.0   .0.0   0   32   768 i   
* >   10.60.132.0/22   0.0.0.0   0      32768   i
* >   10.60.136.0/24   0.0.0.0   0      32768   i
* >   10.60.251.0/24   0.0.0.0   0      32768   i

As you can see it is "shifted" a bit. (second and third line)...

Seems to be a parsing error of the configuration. the other side is not receiving any route updates as well (logical in this situation..)

Please advise.
NIels

VIP's seem to have disappeared from GUI. Just updated a cluster and VIP's are not to be found in the GUI below "firewall". Direct link does work.. (https://x.y.z.t/firewall_virtual_ip.php#Firewall_VIP).

Dear all,

I encountered the following issue in OPNSense 19.7 & 20.1. It may not be an issue at all, but I am unsure why it is happening. It just could be by design, but then it was never documented. At least, I couldn't find it.

I am running a fully working CARP setup. Installed the CA certificates and selected that certificate to connect to the web interface.

The result it the following;
1. Connecting to the shared CARP public IP addresses work fine (of course certificate warning appears)
2. Connecting to the hostname mapped to the shared IP address works fine. No issue with certificate warning (as expected)
3. Connecting to the hostname mapped to the primary public IP address returns "400 Bad Request".

I would expect, connecting to the primary hostname would work the same as accessing the shared one.

Any clarification is more than welcome.

Cheers
Niels

Hi all,

We've been using OPNSense for quite some time and are very happy with it. So we are now looking to take it to the next level. We are looking into a solution to make two 1Gb (in the future 10gb) leased lines passive / passive vs active / passive by using OSPF equal cost routing.

From the pfSense forum we found that this is possible for pfSense by recompiling FRRouting;

"I'm one of the maintainers of FRR and was asked about this, from the output I was given pfsense compiles FRR w/out any ecmp settings so the ecmp defaults to 1. If you want a higher value FRR needs to be recompiled with --enable-multipath=X where X is the desired max ecmp allowed."

Now we have two questions;
1) does the current opnsense support equal multi path routing (so we can utilize both paths)
2) any recommendation resource wise that we should take into account (cpu, memory, etc?)

BTW, we would be having two carp/synced devices on the east-side and two carp/synced devices on the west-side with two leased lines connecting on layer 2 on each site.

Any tips or recommendations are welcome.
Niels