Topics

I'm having problem updating. Can someone help?


**GOT REQUEST TO UPDATE***
Currently running OPNsense 24.7.11_2 (amd64) at Wed Feb  5 17:35:56 PST 2025
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (45 candidates): .......... done
Processing candidates (45 candidates): .......... done
Checking integrity... done (0 conflicting)
The following 46 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
   py311-typing-extensions: 4.12.2

Installed packages to be UPGRADED:
   boost-libs: 1.86.0 -> 1.86.0_1
   crowdsec: 1.6.3_3 -> 1.6.4
   curl: 8.11.0_1 -> 8.11.1_1
   e2fsprogs-libuuid: 1.47.1 -> 1.47.2
   gettext-runtime: 0.22.5 -> 0.23.1
   libltdl: 2.4.7 -> 2.5.4
   libpfctl: 0.14 -> 0.15
   lighttpd: 1.4.76 -> 1.4.76_1
   log4cplus: 2.1.1 -> 2.1.2
   nettle: 3.10_1 -> 3.10.1
   ntp: 4.2.8p18 -> 4.2.8p18_1
   oniguruma: 6.9.9 -> 6.9.10
   openvpn: 2.6.12 -> 2.6.13
   opnsense: 24.7.11_2 -> 24.7.12_4
   opnsense-update: 24.7.10_1 -> 24.7.12
   os-mdns-repeater: 1.1_1 -> 1.2
   php82: 8.2.26 -> 8.2.27
   php82-ctype: 8.2.26 -> 8.2.27
   php82-curl: 8.2.26 -> 8.2.27
   php82-dom: 8.2.26 -> 8.2.27
   php82-filter: 8.2.26 -> 8.2.27
   php82-gettext: 8.2.26 -> 8.2.27
   php82-ldap: 8.2.26 -> 8.2.27
   php82-mbstring: 8.2.26 -> 8.2.27
   php82-pcntl: 8.2.26 -> 8.2.27
   php82-pdo: 8.2.26 -> 8.2.27
   php82-session: 8.2.26 -> 8.2.27
   php82-simplexml: 8.2.26 -> 8.2.27
   php82-sockets: 8.2.26 -> 8.2.27
   php82-sqlite3: 8.2.26 -> 8.2.27
   php82-xml: 8.2.26 -> 8.2.27
   php82-zlib: 8.2.26 -> 8.2.27
   py311-anyio: 4.6.2 -> 4.7.0
   py311-attrs: 24.2.0 -> 24.3.0
   py311-certifi: 2024.8.30 -> 2024.12.14
   py311-charset-normalizer: 3.4.0 -> 3.4.1_1
   py311-httpx: 0.27.2 -> 0.28.1
   py311-numexpr: 2.10.1 -> 2.10.2
   py311-six: 1.16.0_1 -> 1.17.0
   py311-sqlite3: 3.11.10_7 -> 3.11.11_7
   py311-trio: 0.27.0 -> 0.28.0
   python311: 3.11.10 -> 3.11.11
   qemu-guest-agent: 9.1.1 -> 9.2.0
   sudo: 1.9.16p2 -> 1.9.16p2_1
   zip: 3.0_3 -> 3.0_4

Number of packages to be installed: 1
Number of packages to be upgraded: 45

The operation will free 3 MiB.
[1/46] Upgrading python311 from 3.11.10 to 3.11.11...
[1/46] Extracting python311-3.11.11: .......... done
python311-3.11.10: missing file /usr/local/lib/python3.11/lib2to3/Grammar3.11.10.final.0.pickle
python311-3.11.10: missing file /usr/local/lib/python3.11/lib2to3/PatternGrammar3.11.10.final.0.pickle
python311-3.11.10: missing file /usr/local/share/licenses/python311-3.11.10/LICENSE
python311-3.11.10: missing file /usr/local/share/licenses/python311-3.11.10/PSFL
python311-3.11.10: missing file /usr/local/share/licenses/python311-3.11.10/catalog.mk
pkg-static: Fail to rename /usr/local/lib/python3.11/__pycache__/.pkgtemp.fractions.cpython-311.opt-2.pyc.CaHP5lqDRcVk -> /usr/local/lib/python3.11/__pycache__/fractions.cpython-311.opt-2.pyc:Invalid argument
Starting web GUI...done.
***DONE***

Anyone having this problem.

all my vlan are getting their 'track interface" ipv6 correctly ONLY single IPv6.

How ever Untagged vLAN (my main vlan for every esxi, vsphere, vmware, computers, home computers) all get the same all the IPv6 tagged IPv6s.

So if I sign into using my Wireless access point i get 1 x IPV6.
So if I sign into my wireless untagged I get 10+ IPv6 as many as my vlans.

Anyone has a solution to fix this?

@franco

I'm trying to learn how to setup OSPF through ZeroTier.
I'm having issues distributing routes in OSPF.

Can Someone see anything odd about this?


1.) I removed all Managed Routes on ZeroTier
2.) Plugin Installed in OPNSense FRR
3.) Routing > General > Checked Enable
4.) OSPF > Check enable
              - Passive - All interface Except ZeroTier Interface
5.) Networks -> Added all networks route over ZeroTier Including ZeroTier Interface
6.) NO WORK

Anyone have a clue what I need to do? no routing table are showing up.

I'm working on setting up a OPNSense for RV customers.

Since they use serveral LTE devices for reliability. When you move from one area to another area you get new ip address.

WAN seem to stick on one ip addres from another city.

How can you set it so WAN renew ip of gateway pings dies?



Overview:
4 VMS
- OPNSense
- Domain Control DHCP, DNS
- 1 File Server
- Windows 10 backup

all of these are tied back using ZeroTier.


I need to find a way so that if DHCP Gateway dies. The wan try to renew/release ip address to get new ip from one location to the new location.

I've been trying to get 2 OPNSense Zero Tier working. Anyone try it?

OPNSense1
- ZeroTier Package Installed
    Configured with IP 172.24.204.2
- Interface Assigned


OPNSense2
- ZeroTier Package Installed
    Configured with IP 172.24.204.2
- Interface Assigned


From OPNSense GUI I can ping each other OPNSense

BUT from
OPNSense LAN 192.168.X I cannot ping 172.24.204.2

I open all firewall

I upgraded to version OPNsense 20.1.5-amd64 today and now ipsec are getting these errors.

There are 4 site to site. 1 works and the other 3 doesnt work.

the 3 that doesnt work show this error below.



2020-04-24T18:16:51   charon: 01[CFG] ignoring acquire, connection attempt pending
2020-04-24T18:16:51   charon: 01[KNL] creating acquire job for policy 96.85.x.x.x/32 === 173.16x.x.x.x.x/32 with reqid {3}
2020-04-24T18:16:46   charon: 01[NET] <con3|2> sending packet: from 96.85.xx.x.x[4500] to 173.160.xx.xx[4500] (1052 bytes)
2020-04-24T18:16:46   charon: 01[IKE] <con3|2> retransmit 4 of request with message ID 1
2020-04-24T18:16:45   charon: 01[CFG] ignoring acquire, connection attempt pending
2020-04-24T18:16:45   charon: 05[KNL] creating acquire job for policy 96.85.xx.xx3/32 === 173.16x.x.x.x/32 with reqid {3}
2020-04-24T18:16:42   charon: 05[CFG] ignoring acquire, connection attempt pending
2020-04-24T18:16:42   charon: 05[KNL] creating acquire job for policy 96.85xx.x.x32 === 173.160.1xx.x.x/32 with reqid {3}

I have WAN & LAN IPv6 set to none. Some how all my internal client getting ipv6 . Tested to see if its routable by going to ipv6 website. Its not routable. How do I stop OPNSense from giving internal networks public ipv6 address?

Finally I got the time to fiddle around with NTOPNG. I'm loving it!

A few question I would like to ask.

1.) Where do you set how long the data is retention in NTOP?


2.) Can someone recommend settings for NTOPNG?

Franco,

Is there a way to reset System > Access

I added Root to a couple of groups and now it wont let me remove it.

Also log on as root I cannot install plugin too. Anyway we can reset the System > Access without reseting everything else?

The upgrade to 19.7 went smooth. Everything looks good so far. its functional as is.

The only issues I see is. After reboot IPSec services show as green but no ping or connections. NO SMB connections to server server across the ipsec.



Here's how I fix it every OPNSense Reboot last 10 reboots:

Every Reboot - the IPSec connection doesnt come up. you would have to go to

VPN > IPSec > Tunnel Settings > select one of the tunnel, click save > apply changes

then tunnel works again. I can access SMB on other side again. THis is no changes. Just save and apply. IPSEC works again.

Anyone can produce this?

Anyone got NordVPN working on OPNSense? I'm trying to get it to work following PFSense tutorial. It didnt work out.

pretty please anyone?

Franco,

I'm getting a upgrade loop.

Upgrade branch: Development


Package Name   Current Version   New Version   Required Action
opnsense   18.7.r1   N/A   obsolete
opnsense-devel   N/A   18.7.r_10   new



after clicking upgrade. It reboots and comes back with this upgrade again stating 18.7.r1 is obsolite and tries to upgrade to 18.7.r_10

@Franco,

So far I love OPNSense. Its my primary production router now. I'm working on implementing Direct Access and AUTOVPn feature of WIndows 2016.

It seem like 10.0.0.5 (DA) server is having problems communicating with Domain Controllers.
The rules are below.

IPv4 *   LAN net   *   *   *   *      Default allow LAN to any rule


When I use another router it can communicate just fine. THis points to firewall problem. All local traffic (such as traffic from 10.0.0.2 to 10.0.0.3 is going through 10.0.0.1 gateway and its being filter.

Am I doing something wrong?

[WAN:]

After fighting around with Comcast Business IPv6 DHCP. I gave up. So I got IPv6 Static from comcast.

I was given
2603:xxxx:0b35::/56

Out if that I carved out

WAN:
2603:xxxx:0b35::1/64
* Can ping internet ipv6

LAN
2603:xxxx:0b35:1::1/64
*  All PC get internal IP's address now. I can ping gateway 2603:XXXX:b35:1::1
* Cannot access internet.
Settings:
- Static IP: 2603:xxx:b35:1::1/64
- IPv6 Upstream Gateway: none
Router Advertisement: LAN - Unmanaged.

can someone point me to the right direction


Thank you!

I'm beginning to share my internet with my neighbors.

we have 4 neighbors that we're going to run cat6 cables directly to their house. We live back against a freeway and 4 of our house are connected to each other.

What rules do I need to:
1. Allow Internet Access
2. Block Inter-vLAN routing. (example vLAN10 can access vLAN20, But vLAN20 (guests,neighbor) cannot acess vLAN10.


all help is appreciated. Sharing your rules would help too =)......learning..

Is there a way to force opnsense to detect new nic card. I added an Intel compatible nic card and it's not detecting the new nic card. Is there a way we force it to detect new graphics card.

Anyone here able to setup Comcast Business IPv6 on OPNSense?

I'm having a hard time.

1. WAN - DHCPv6
      - Prefix 56
2. LAN - Track Interface
   - IPv6 Interface WAN
   - ID : 0


I'm getting IPv6 Ips internally but I cannot ping any ipv6. I cannot ping ipv6 from ssh on OPNSense at all.



WAN IP Address (IPv6): 2001:558:600a:ce:xxxxxx846
WAN Default Gateway Address (IPv6): fe80::2e86:xxxx:xxxx:ec22
Delegated prefix (IPv6): 2603:3023:xxd:xxxx::/56
Primary DNS Server (IPv6):2001:558:feed::1
Secondary DNS Server (IPv6):2001:558:feed::2
WAN Link Local Address (IPv6): fe80::xxx:27ff:xxxx:2461

Hi There!

I'm trying to accessing 10.1.10.1 - if set static ip address from Comcast Block. Internet works and everything but then we cannot access modem GUI admin. If set to dhcp then we can access it.

1. If I set Static IP on wan port then I cannot access 10.1.10.1 (Comcast Modem IP). Is there anyway we can allow this. If I use DHCP then I can access the 10.1.10.1 behind the OPNSense.

Does OPNsense plan on forcing us to have AES-IN forced CPu requirement for future versions?

I hope this is not the case so I can keep deploying OPNSense to my customers with your hardware

Hi There,

is there anything wrong with this system. Swap is a bit high. dont like how it use swap. I got plenty of ram.

Name   OPNsense.ih.lcl
Versions   OPNsense 17.7.5-amd64
FreeBSD 11.0-RELEASE-p12
OpenSSL 1.0.2l 25 May 2017
Updates   Click to check for updates.
CPU Type   Intel(R) Xeon(R) CPU E5645 @ 2.40GHz (4 cores)
CPU usage   
0
100
0
100
Load average   0.65, 0.43, 0.35
Uptime   6 days 19:21:09
Current date/time   Fri Oct 13 20:36:15 PDT 2017
Last config change   Fri Oct 13 15:42:51 PDT 2017
State table size   
0 % ( 1796/406000 )
MBUF Usage   
1 % ( 3648/251500 )
Memory usage   
24 % ( 1000/4060 MB )
SWAP usage   
6 % ( 497/8192 MB )
Disk usage   
28% / [ufs] (22G/88G)