Topics

I was installing my Dell R230 with OPNsense 23.1 and got it updated, then restored a backup which messed up console output on boot.
Fixed it by ticking "Use the virtual terminal driver (vt)" and setting Primary Console to EFI.
Though I am unsure if the latter is needed when using vt?

Anyway, I set EFI Console to Primary and left the Secondary console set to Serial.

But booting the machine, the Loader shows option 5 (Cons) as Serial Primary.
dmesg shows this as well:

Dual Console: Serial Primary, Video Secondary

That doesn't seem right?

[/usr/local/etc/rc.loader.d/20-ipmi]

I am trying to load the ipmi module, after installing the ipmitool package via SSH, but somehow it doesn't load.
Loading it manually works fine.

I created /usr/local/etc/rc.loader.d/20-ipmi and added ipmi_load="YES" to it.

Seems the file doesn't need any special permissions or user:group on it, so what could I be missing?

I just noticed in Live View under Firewall traffic on the WAN interaface going to 172.28.195.1:4455.
Source shows my WAN's IP-address:64xxx with the xxx increasing every second.

Oddly enough, after port 64556 it turned to 53913 and start going up again.

172.28.195.1 is a private address. But I don't even use that private address range in my network.
What is this?

In the screenshots I blacked out my WAN IP address.

I've noticed this in 17.* too, and now in 18.1.r2 as well.
In several web browsers I noticed that when I hover the mouse cursor over the CPU graph it always shows the percentage in the middle, showing the CPU percentage it was when at the middle.

Example, the screenshot shows 3%, but that's from after the spike a bit to the left of the middle.

My OS is Windows 10, web browsers are Edge and Waterfox. Also saw this in Google Chrome and Vivaldi.

I created a Gen 2 VM with 4 cores, 1GB RAM and a 16GB dynamic VHDX, 2 NICs.

Gen 1 started installing fine, then realized FreeBSD 11.1 supports Gen 2, so started over.
But, as soon as the installer starts the copy of files, after selecting the guided disk part, it crashes with the below error.

Reset and try again fails in the same spot.

The image I had from Franco a while back with the new kernel installed fine.

The documentation on Configuring LDAP has an error in the text that makes Active Directory (don't know about OpenLDAP or Novell eDirectory) confusing to configure.

https://wiki.opnsense.org/manual/how-tos/user-ldap.html

Under Step 1 there is a list of things to fill in. The Bind Credentials part is wrong.
At User DN you need to fill in <username>@<domain name> like ldap@opnsense.local.
As it is now, it won't work when doing the container search.

For the record, domain\username works too, but is Pre-2000 and should really not be used anymore.
It works fine, just old skool.


Last, there is a small typo under Step 5: "configureS" should be "configureD", without the capitol letters of course.

[NOK]

At home I'm playing around with OPNsense VM nn a ESXi 6.5.0 U1 setup, next to my Hyper-V 2016 setup which runs my main OPNsense VM.

Also working to setup a new network setup, so just trying out some thing.
But I have a routing problem I can't get my head around.
Hopefully someone here has an idea.

My Cisco switch has several VLAN's, including 42.
The IP address of the that VLAN interface is 10.42.42.20/24
Default gateway is 192.168.1.1 (VLAN 10)

The OPNsense VM (RouterA) on Hyper-V 2016 has, for the interface connected to VLAN 42 (Opt1), IP address 10.42.42.100.
It also has a interface connected to VLAN 10 (LAN), IP address 192.168.1.1.
No other interfaces, besides the one for WAN.

The OPNsense VM (RouterB) on ESXi 6.5.0 U1 has, for the interface connected to VLAN 42, IP address 10.42.42.1.
No other interfaces, besides the one for WAN.

Client IP address 192.168.1.61 (VLAN 10 set on the Switch port).

NAS IP address 192.168.1.11 (VLAN 10 set on the Switch Port)

Now comes the weird part, as layed out below:

Switch
Ping to 10.42.42.100 OK
Ping to 10.42.42.1 OK
Ping to 192.168.1.1 OK
Ping to 192.168.1.11 OK
Ping to 192.168.1.61 NOK

RouterA
Ping to 10.42.42.20 OK
Ping to 10.42.42.1 OK
Ping to 192.168.1.11 OK
Ping to 192.168.1.61 NOK

RouterB
Ping to 10.42.42.20 OK
Ping to 10.42.42.100 OK
Ping to 192.168.1.11 NOK
Ping to 192.168.1.61 NOK

Client (192.168.1.61/24 VLAN 10)
Ping to 10.42.42.20 OK
Ping to 10.42.42.100 OK
Ping to 10.42.42.1 NOK
Ping to 192.168.1.1 OK
Ping to 192.168.1.11 OK


I hope anyone can make sense out of this. It must be something simple, but I can't see it.

I'm messing around with ESXi 6.5.0 U1 at home, and created a VM based on VM version 13 (6.5 and later) using mostly basic settings, except I removed the USB controller and added a second NIC (vmxnet3).
OS set to Other, FreeBSD (64-bit).
Left the SCSI controller at LSI Logic Parallel, because FreeBSD still does not support the VMware Paravirtual controller.

Booting the OPNsense-17.7.5-OpenSSL-dvd-amd64.iso, and installing from it using GPT/UEFI is fine too, but the first reboot messes up the VM in such a way that the ESXi web console shows the VM as powered off, but you can't power it on in any way.
Even the console can't reach it ("esxcli vm process list" only shows running VM's), so a host reboot is the only way to reach it again.

Maybe I've searched wrong, but I can't find anything related to FreeBSD 11 and this. I did read something about FreeBSD 10 on a VMware page, but EFI is almost fully supported in 11...

Anyone tried this yet?
Going to try a BIOS/MBR installation next. See if that works.

I just did the update from 17.7 to 17.7.1, and at some point it popped up a error message.
Updating continued, and reboot went fine too.

An API exception occured
Error at /usr/local/opnsense/mvc/app/library/OPNsense/Core/Backend.php:95 - stream_socket_client(): unable to connect to unix:///var/run/configd.socket (Connection refused) (errno=2)

I'm reading through some documentation to optimize my home virtual environment.
Running a Hyper-V 2012 R2 Free server which holds several VM's.
One is running OPNsense, another is a Windows Server 2012 R2 Domain Controller.

There is also a physical Windows Server 2012 R2 Domain Controller.
This one is my current Time Server for the domain and other devices to sync their time against.

It is recommended to have virtual Domain Controllers (DC) sync their time to the DC running the "PDC Emulator" role, while other VM's get their time through the "Time synchronization" from the Integration Services provided by Hyper-V host to the Guest VM.
On Linux and FreeBSD VM's this simply means not installing a NTP daemon so the Integration Service keeps the virtual clock in sync with the clock from the host.

One exception it OPNsense. It's config does not allow a blank entry for the "NTP Time Server" option in "General | Settings | System".

Is there a way to work around this, or does a patch need to be made to allow not setting a NTP Time Server?

Running 16.1.3 and when I click to expand a interface on Overview | Interfaces, alle interfaces expand.
But that's not all. For some reason it flashes the overview of a interface, and then expands every line by almost a full vertical page length.

I am probably understanding this wrong, but why does the processor graph show this for processes?
Is the CPU at 100% or not?

I use a outbound static mapping for my PlayStation 3 and 4. They need it to get a Type 2 connection.
Without it, voice communication doesn't work and multiplayer games barely work.

But for the Source I can only set a Network (ie. 192.168.1.0/24), "any" or "This Firewall (self)".
I don't need my entire LAN to use static mapping towards the internet, just the IP address of the PlayStation console.

Is it possible to get a "Single IP address" type option?

I just upgraded to 15.7.7_1 to test the updated LDAP patches
Using a Active Directory setup I run at home I can now add the server configuration.
The setup page might need some information to clarify things though.

Anyway, selecting containers works great. I can see a list of my OU's.
On the settings tab I select Active Directory as the Authentication Server.
Test and save shows a bit misleading message imo, but I could be wrong.
It shows "Testing OPNsense LDAP settings... One moment please..." in the top, but also a close button in the bottom.
It might be that the close button only shows after completion or a timeout, but I would expect some "Test successful".


But that bring me to my issue: I now have a LDAP integration, but still can't login with a domain account.
Because, I cannot create a local user (on the box) and link it to a domain account.
And trying to log in with a domain account simply responds with a wrong user/password.

Step forward, but not quite there yet.
If I missed something on the forum or on IRC, let me know.

I've been noticing that the spacing is a bit off.
The text beneath the bars is too much. It looks like the text is above the bar below it.

I was messing around with OpenVPN, and when cleaning up I notice that the buttons for edit and delete csc aren't showing.
Looks like the issue that I mentioned months ago on different pages.

After restoring ALL went not very good, I decided to try and select certain areas of the config to restore.
Apart from the DDNS area missing from the list and possibly the config backup, NAT and DHCP server both give a error message after clicking the Restore configuration button.

I went back to Hyper-V and created a new VM for OPNsense.
Installed the LibreSSL version of 15.1.9, and did the console upgrade to 15.1.10.1.

After going through the setup wizard and went to turn off HTTPS as I don't need it for my home use.
I don't own a certificate anyway.

Then, I went to import my backup config but upon clicking the Restore button I get a 501 and can't even login anymore. It just doesn't repond at all anymore.
Only thing I can do is a Option 4 (Reset to factory defaults) from the console.

Kind of a bummer, now I need to set up everything manually again :-(

Oh, and the message is not correct anyway.
System > Advanced does not exist anymore. It's System > Settings > Admin Access.

I am trying to update my 15.1.7.2_1-bdd927343 (amd64) LibreSSL installation to 15.1.8 using the console option (12) but it seems not a lot is happening.

Reading the announcement, it would appear a LibreSSL version update is available too?



I will wait for a response here, before I do a GUI update and console update command.

I am using the DNS Fordwarder (default setting) and added some override entries for a couple of machines on my home LAN network.
Maybe I am doing things wrong, but I can't resolve any of those machines. Not with a ping or a nslookup.

In nslookup, when I type in the hostname of one of those entries, it returns the message:

*** opnsense.local.net can't find hostname: Non-existent domain

To me that means that the entry is simply not registered in the DNS server file/database.

Perhaps I am interpreting the override entries wrong, and if so, where do I add my own entries?
If this is a bug, I will add an issue on GitHub.