1
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
2
Tutorials and FAQs / Re: How to enable automatic microcode updates
« on: October 10, 2023, 08:40:00 am »
So this update pkg to 1.20.x and it now gives an error checking for new packages/update. Does anyone know how to rollback to the previous version of pkg. I have the package itself locally from a different system, just can't figure out how to properly downgrade.
This is the log
@meyergru I would delete that part before someone else stumbles upon it.
4. (Optional) If you want to verify that the updates are working, you can install the package x86info. This is not contained in OpnSense, therefore you have to edit /usr/local/etc/pkg/repos/FreeBSD.conf to enable FreeBSD repositories temporarily. You can use these commands:Code: [Select]echo "FreeBSD: { enabled: yes }" > /usr/local/etc/pkg/repos/FreeBSD.conf
echo y | pkg install x86info"
echo "FreeBSD: { enabled: no }" > /usr/local/etc/pkg/repos/FreeBSD.conf
rehash
kldload -q cpuctl
x86info -a | fgrep -i microcode
This is the log
Code: [Select]
root@OPNsense:~ # echo y | pkg install x86info
Updating FreeBSD repository catalogue...
Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
Fetching packagesite.pkg: 100% 7 MiB 6.9MB/s 00:01
Processing entries: 100%
FreeBSD repository update completed. 34062 packages processed.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
New version of pkg detected; it needs to be installed first.
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
pkg: 1.19.2 -> 1.20.7 [FreeBSD]
Number of packages to be upgraded: 1
The process will require 21 MiB more space.
9 MiB to be downloaded.
[1/1] Fetching pkg-1.20.7.pkg: 100% 9 MiB 9.0MB/s 00:01 %
Checking integrity... done (0 conflicting)
[1/1] Upgrading pkg from 1.19.2 to 1.20.7...
[1/1] Extracting pkg-1.20.7: 100%
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating OPNsense repository catalogue...
pkg: No SRV record found for the repo 'OPNsense'
pkg: packagesite URL error for pkg+http://mirror.sfo12.us.leaseweb.net/opnsense/FreeBSD:13:amd64/23.7/latest/packagesite.pkg -- pkg+:// implies SRV mirror type
pkg: packagesite URL error for pkg+http://mirror.sfo12.us.leaseweb.net/opnsense/FreeBSD:13:amd64/23.7/latest/packagesite.txz -- pkg+:// implies SRV mirror type
Unable to update repository OPNsense
Error updating repositories!
root@OPNsense:~ # echo "FreeBSD: { enabled: no }" > /usr/local/etc/pkg/repos/FreeBSD.conf
root@OPNsense:~ # rehash
root@OPNsense:~ # kldload -q cpuctl
root@OPNsense:~ # pkg update
Updating OPNsense repository catalogue...
pkg: No SRV record found for the repo 'OPNsense'
Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
pkg: packagesite URL error for pkg+http://mirror.sfo12.us.leaseweb.net/opnsense/FreeBSD:13:amd64/23.7/latest/packagesite.pkg -- pkg+:// implies SRV mirror type
pkg: packagesite URL error for pkg+http://mirror.sfo12.us.leaseweb.net/opnsense/FreeBSD:13:amd64/23.7/latest/packagesite.txz -- pkg+:// implies SRV mirror type
Unable to update repository OPNsense
Error updating repositories!
@meyergru I would delete that part before someone else stumbles upon it.
3
22.1 Legacy Series / Re: Log files getting too large since 22.1
« on: April 24, 2022, 11:17:22 pm »
Just ran into the same issues. I had specifically checked all the rules and logging is disabled for every one of them, yet the space was still getting filled up. Thank you for the solution. I limited the logs to 7 days.
4
22.1 Legacy Series / Re: phase 2 ipsec bug?
« on: April 24, 2022, 11:09:02 pm »
I agree, it's a little confusing, but to add phase 2 entry there is a + button on the same line with your phase 1 entry.
5
19.7 Legacy Series / Re: Constant PHP errors with DYNDNS
« on: April 04, 2020, 10:21:52 pm »
Removing "Description" from all Dynamic DNS entries seems to fix this problem.
6
20.1 Legacy Series / Re: Traffic shaper is not working properly for me
« on: March 11, 2020, 02:05:13 am »
Here you go.
I have no problem with my upload shaping by the way, but it is only 15Mbit/s pipe.
I have no problem with my upload shaping by the way, but it is only 15Mbit/s pipe.
7
20.1 Legacy Series / Re: Traffic shaper is completely broken in opnsense
« on: March 08, 2020, 09:55:36 pm »Where is the link in the Wiki with wrong explanation?https://docs.opnsense.org/manual/how-tos/shaper.html
I suppose after reading those two topics on the forum + github and none of them were marked solved and I was seeing similar behavior I just assumed it wasn't fixed. After reading the help text for masks I realized mask behaves differently for "Pipe" and for "Queue".
Quote
Did you read the Help Text of masks?I did, as I stated in the second post.
Whenever possible avoid generalisation of "it's broken" assessments. It can keep help away from your thread.Apologies, duly noted. Topic subject edited.
I'm still having issue with only half of bandwidth available to me. I've now tested with 3 clients at the same time, and when the pipe bandwidth is set to 300, I only can get ~150 (+/- 10) Mbit/s cumulatively on all clients
8
20.1 Legacy Series / Re: Traffic shaper is completely broken in opnsense
« on: March 08, 2020, 05:20:08 am »
So after reading the comments, one does not need to set the mask. Somebody needs to edit the wiki to get rid of that. Once mask is unset, it limits the bandwidth for the whole pipe.
The other problem is still there though.
Here's the list of corresponding values that I got from testing.
It is value set under Shaper -> Pipe (downpipe) vs actual value I get from speedtest.
Something is really off, and the results are consistent after many runs.
Pipe - actual
150 - 80
300 - 150
320 - 200
330 - 250
340 - ~310 My max connection speed is 300 with initial burst of up to 320
The other problem is still there though.
Here's the list of corresponding values that I got from testing.
It is value set under Shaper -> Pipe (downpipe) vs actual value I get from speedtest.
Something is really off, and the results are consistent after many runs.
Pipe - actual
150 - 80
300 - 150
320 - 200
330 - 250
340 - ~310 My max connection speed is 300 with initial burst of up to 320
9
20.1 Legacy Series / Traffic shaper is not working properly for me
« on: March 08, 2020, 03:01:06 am »
There are 2 issues with it:
- It halves the total bandwidth for every user
- It limits the bandwidth per user, instead of per pipe. Given enough users, the cumulative bandwidth will exceed that of the maximum bandwidth of the pipe.
There are at least 2 topics on this on this forum. One from 2016 and one from 2018. Github issue was closed in 2019 with no resolution (and 1 more problem added while trying to fix the initial one).
Is anyone working on this at all?
https://forum.opnsense.org/index.php?topic=7235.0
https://forum.opnsense.org/index.php?topic=3966.0
https://github.com/opnsense/core/issues/2191
- It halves the total bandwidth for every user
- It limits the bandwidth per user, instead of per pipe. Given enough users, the cumulative bandwidth will exceed that of the maximum bandwidth of the pipe.
There are at least 2 topics on this on this forum. One from 2016 and one from 2018. Github issue was closed in 2019 with no resolution (and 1 more problem added while trying to fix the initial one).
Is anyone working on this at all?
https://forum.opnsense.org/index.php?topic=7235.0
https://forum.opnsense.org/index.php?topic=3966.0
https://github.com/opnsense/core/issues/2191
10
19.7 Legacy Series / Re: Constant PHP errors with DYNDNS
« on: December 13, 2019, 11:39:14 pm »
There is an issue report on github: https://github.com/opnsense/plugins/issues/1564
11
19.7 Legacy Series / Re: Constant PHP errors with DYNDNS
« on: November 28, 2019, 02:26:26 am »
Yup. Same problem here.
12
General Discussion / Re: Unbound won't start with do-not-query-localhost: no for dnscrypt-proxy
« on: July 09, 2019, 11:40:09 pm »
Found out why after inspecting unbound.conf
Custom options are put into the config after domain overrides and unbound doesn't like it.
The solution is to remove all of your overrides and stck them manually between
For example:
Custom options are put into the config after domain overrides and unbound doesn't like it.
The solution is to remove all of your overrides and stck them manually between
Code: [Select]
private-domain: "example.lan"
domain-insecure: "example.lan"
do-not-query-localhost: no
andCode: [Select]
forward-zone:
name: "."
forward-addr: 127.0.0.1@5353
For example:
Code: [Select]
private-domain: "example.lan"
domain-insecure: "example.lan"
do-not-query-localhost: no
forward-zone:
name: "example.lan"
forward-addr: 192.168.1.1
forward-zone:
name: "."
forward-addr: 127.0.0.1@5353
13
General Discussion / Unbound won't start with do-not-query-localhost: no for dnscrypt-proxy
« on: July 09, 2019, 01:13:29 am »
Hello everyone,
I was just following https://docs.opnsense.org/manual/how-tos/dnscrypt-proxy.html to setup dnscrypt-proxy.
In the first paragraph the guide says to "just set this in your Unbound Advanced settings:"
There is no option to use custom options under Unbound --> Advanced, so I assume the author meant Unbound --> General --> Custom options.
Well, inserting the above into Custom Options, saving and applying settings kills Unbound and it won't start again until
Any help would be appreciated.
I was just following https://docs.opnsense.org/manual/how-tos/dnscrypt-proxy.html to setup dnscrypt-proxy.
In the first paragraph the guide says to "just set this in your Unbound Advanced settings:"
Code: [Select]
do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@5353
There is no option to use custom options under Unbound --> Advanced, so I assume the author meant Unbound --> General --> Custom options.
Well, inserting the above into Custom Options, saving and applying settings kills Unbound and it won't start again until
Code: [Select]
do-not-query-localhost: no
is removed (and the rest kept), with the only issue that no address resolves without this option. I assume it just won't forward to 127.0.0.1:5151 because it's localhost and it is disallowed.Any help would be appreciated.
14
General Discussion / Re: Running external socks5 proxy on wan
« on: April 20, 2019, 01:48:16 am »
Well, this is definitely an easier way. I also didn't realise make install would work from the ports tree, like it does for regular sources. Thank you.
I'll list the steps for completeness:
1. As fabian mentioned, install tools and ports:
I'll list the steps for completeness:
1. As fabian mentioned, install tools and ports:
Code: [Select]
opnsense-code tools ports
2. Navigate to /usr/ports/net/ss5Code: [Select]
cd /usr/ports/net/ss5
3. build and installCode: [Select]
make
make install
15
General Discussion / Re: Running external socks5 proxy on wan
« on: April 19, 2019, 08:07:07 pm »
Well, I found a crude way of installing a port, if anyone else is interseted in this in the future:
1. install wget
3. Download ports repo from github
Feel free to comment if there's a better way, but this is what I could come up with with my limited knowledge of freebsd.
1. install wget
Code: [Select]
pkg install wget
2. Code: [Select]
cd ~
to get to your home directory3. Download ports repo from github
Code: [Select]
wget https://github.com/freebsd/freebsd-ports/archive/master.tar.gz
4.deflate Code: [Select]
tar xvzf master.tar.gz
5. Navigate to ss5 directory Code: [Select]
cd freebsd-ports-master/net/ss5
6. compile Code: [Select]
make
7. Copy the package files into their right placesCode: [Select]
cd work/stage
cp -a ./* /
Feel free to comment if there's a better way, but this is what I could come up with with my limited knowledge of freebsd.
Pages: [1] 2