Topics

Got this error. Realized what had happened was when I initially setup this machine I used another port and cable to run the Guest LAN to the switch so I ran it through Zenarmor. Later, I changed it to a VLAN over the same port as my normal LAN, but did not remove the configuration from Zenarmor.
It appears no one thought of something like this happening, as when I went into the settings, igb2 does not appear in the list of interfaces, making it not easily removable.
I ended up doing the following:
Make a fake permanent interface assignment for igb2
Go into Zenarmor and enable the new fake interface, Save
Remove Fake interface from Zenarmor, Save
Start Zenarmor successfully.
Delete fake interface from OpnSense.

Doing this allowed me to start Zenarmor, but I feel like invalid configs should be fixable without doing this workaround. Maybe interfaces that are in the configuration but invalid should show up on the interface configuration screen in red or something so they can be removed.

I am using Cisco 2811 routers as essentially VoIP endpoints. Analog audio goes in, IP Packets come out. Thats all they do* The session target for the VoIP packets is a multicast address as it needs to go to all of the endpoints simultaneously.
Originally I was using all UniFi routers as the real internet-facing router. Their built-in IPSec S2S VPN was used to then link the sites.
To get around the multicast not passing over the VPN, I got GRE tunnels set up between the 2811s.
So there is a VPN between the sites, but then also a GRE tunnel within that between the Cisco routers

I have gone through, trashed all of the Unifi stuff, got it set up with OPNsense running on 1u servers, with ZeroTier as the S2S.
I would like to eliminate the GRE tunnels, as Ive found them to not be reliable. I have to reload the cisco boxen at least once a week to force the tunnel to come back up. Part of the reason I went with zerotier was because it was basically meshing and eliminating the single point of failure but that is maintined with the GRE tunnels.

What I would like is for the multicast to be transmitted from whichever end point, as multicast, then the OPNsense/Zerotier handles getting it sent out to all the recievers. What is the best way to do that?

This is a pretty minor thing, but I logged into one of my boxes and thought the intel coretemp driver was broken. But they I realized that it was reporting but the temperatures were in the range of -1C to 0C. Once one of the cores spiked to 2-3C and the green bar displayed enough to see the white characters.
I fixed it by going to a dark theme.
But I thought a couple ways would be to prevent the green bar from disappearing completely or shifting the text the a different color if it was under a certain amount.
The attached picture show what it was the following day. 2C is about the lowest it will display without characters disappearing.

Have only noticed this recently. Its filling my logs with

Code Select Expand

2023-01-30T01:32:30
vnstatd Traffic rate for "xn0" higher than set maximum 10 Mbit (30s->40894464, r793873 t42004161, 64bit:1), syncing.
10mbit is really low. I cant find a place to set this higher either in the GUI or a conf file. Anyone adjusted this before?

As the title says, unbound quits running. First time it did it just an hour or so after the upgrade and reboot was complete. When I logged in, the services status widget showed it was stopped, I hit the recycle button to start it again, and the loading window came up, but eventually went away and it was still stopped.
I ended up rebooting it from the Power -> Reboot interface and when OPNsense came back up, it was running.
It quit this evening, about 24 hours after the first time. I again ended up rebooting to make it come back up as the interfaces in the web UI were unable to restore it.
In the logs, I cant find any distress. There is nothing logged higher than 'Notice' severity.
Which is why Im coming here for suggestions.
Thank you,

-Colt

My phase 2 entry for my S2S IPSec has gone missing from the GUI. I was messing around trying to figure out how to get Dynamic Routing (VTI) configured to a UniFi network when the P2 entry disappeared. I thought I accidentally deleted it. However, when I go to make a new phase 2 with the correct settings, it doesnt let me because one with the specified subnets already exists.
So far it seems to be working. Both the P1 and P2 show up in the status overview. I just can no longer change settings or anything so it would be nice to get it back.
Though, since the VTI appears to be impossible to do I may not ever need to change anything.

As the subject states, I have a IPsec VPN connecting to my work and after setting up a IPv6-in-v4 tunnel using a GIF interface, it no longer works. It looks to me like the route somehow got messed up.
If I try to ping a remote (private) IP, I get a "Destination Net Unreachable" returned from my ISPs router, which is telling me OPNSense is putting it out to WAN rather than over the IPSec tunnel.
I cant figure out why that is, or what I need to change to fix that. The tunnel shows that is is up and installed so it should work. I even restarted the tunnel several times.
Any assistance is appreciated.