Messages

I am trying to reload a new copy of opnsense and base it on a config.xml.

I can do this and it gets running as my server, however the challenge is I chose a really complex password for my system and it is too hard to type it in manually.   This means I cannot get logged in to run the installer to get it on the hardware.

Is there a way to get the system to do the import but replace the config.xml version of the root password with the standard opnsense default?    If not an option can I do this by modifying config.xml?

Well I've made some steps.  Seems when I tried to reload the partition RW after going into single use mode it failed and I did not notice.  Figured it out in the end and manage to change the default password (so i can easily get in) and also copy the whole conf directory onto a usbstick.

Now for the next challenge.

After 5 years my opnsense router box died.  Worse I found my configbackus were not good.

I bought a new box and I have a USB adapter for the sata drive from the old box as the drive slots differ.  It boots on this adapter, but I cannot login as my password is very long and complex and I cannot get the box to attach to the network or a device attached to its ports.   I think the configuration of the ports is different so the instance thinks it has no ports.

I tried booting to single use mode and doing opnsense-shell password, but when it reboots it does not remember that password, I suspect because the right part of the disk is not mounted through USB, though I cannot manually mount them.

My goal is just to get a current version of the config from this disk.  Anybody got any ideas how I can do that?  Once I have that I will do a reinstall and import that config.

never thought to check that!  Good point though and not something I'm willing to do.  Looks like continuing to do without is the best bet....

Is there an add-in that provides the client side of the cloudflare tunnels to be run on an opnsense router?

I've looked but not seen anything and I am reluctant to do things that are not natively supported.  I'd rather have it break out on the router than go through the fire wall to another box where it then breaks out if possible.

Or do people feel just using this (in a personal context not a business context) is not a great idea?

I am trying to correctly setup HAProxy for my application.

I have three urls that deliver to the haproxy  address1.mydomain.com, address2.mydomain.com,address2.mydomain.com

Each has a real end server defined that points towards the correct internal server and the port number the target service is on.

There is a backend pool defined for each and a public service defined for each using a rule defined for each.

There are conditions for each of them in the form   if host matches address1.mydomain.com

There is a rule for each which have the form if IS_Address1 use pool address1_pool.

As well as this there is a rule put in by the acme service and one to redirect any input from http to https using HTTP Redirect = scheme https code 301

My issue is that if I visit any of these sites address1, 2 or 3 I get sent to the same backend pool.  During the time I have been trying to understand this I have been sent to each of the pools, so I know they all work.  However all three addresses will always go to the same backend pool at any time.

This feels like a rules prescidence issue but I can find no way in the UI to reorganise them. The logs also do not seem to give any usable help.  Anybody got any idea why I have this trouble?  and if there is a better way to use the logs that might help me debug it?

awesome, thank you so much. I was missing the camcontrol devlist command to figure out the target.  I have cut and pasted that in and set it off :-)

hi Pmhausen


root@xxxxxxx:/var/run # camcontrol devlist
<InM2246S3/128G Q0707A>            at scbus0 target 0 lun 0 (ada0,pass0)
<ASMedia USB 3.0 Device 0>         at scbus1 target 0 lun 0 (pass1,da0)

Having come close to having no router I wanted to make an image backup onto a duplicate disk so that if I do get a permanent disk failure I can just plug the spare in.  I have an identical SSD in a USB adapter to which I could copy the disk.  My knowledge of FreeBSD is very basic though and I cannot figure out how to actually use DD to achieve the image I want, I can't even figure out the commands to see whether the USB is actually visible to the OS.

Is there an easier way to do this or any tutorials somewhere that could help me achieve this.

Okay I got this working.

I was choosing the clean reboot option after selecting restore.   When I started choosing n here then it restore the original settings.

Today I did some updating of my certificates for the router.

I decided I would however return to just using the standard https port rather than defining my own.

I made the change in the user interface reverting to 443 in the settings and restarted.  Now I cannot access the web gui!   I can however SSH in so I went in and chose restore, assuming this would restore the settings to a working auto backup.  Alas it seems to make no difference.

I also tried resetting the wired lans ip address in an attempt to force it back to working with HTTP but that did not work either.

Any ideas of how I can get back to the GUI so I can put this right?

Hi there

I am using

OPNsense 22.7_4-amd64
FreeBSD 13.1-RELEASE
OpenSSL 1.1.1q 5 Jul 2022

And trying to make use of NTOPNG.  I cannot get it to keep seeing my Wired network (the one I am actually using to access the switch).   It detects no traffic despite the fact that the machine it is telling me that on is on this network.

I have three physical connections EM3=WAN, EM2=Wired(network switch),  EM1=Wireless(Poe switch).

there are three vlans on EM1 but none on EM2.   I managed to get EM2 to appear the other day by uninstalling and reinstalling NTOPNG.   When I went in two days latter to check on something it was again not there and I cannot find any way to bring it back.

What am I doing wrong here?   Do I need a VLAN for my non router Wired equipment(currently these are on 10.0.0.x where the router is 10.0.0.1)?   I have tried to get on to the NTOPNG Discord to ask this but I'm over a week down and no verification so I thought I would try here in case someone can point me in the right direction.

Many thanks for any ideas.

I am setting up NTOPNG and it looks and works great however It does not appear to see one of my network interfaces.  This is a bit annoying as it is my main wired network.   

My network was originally setup with one Wired network in the router 10.0.0.x on (em2) and wifi was independent just using a port in this network to connect.  The wan is connected to em3.

I created a specific interface for the wireless (em1).   And subsequently created 3 VLANs for various reasons.  I did not move the wired to a separate VLAN though so all wired devices still connect to the same network interface em2

It is this em2 that does not show up, though both em3 and em1 do.   I reason therefore that this is something I am miss configuring but as yet have found no great resource for helping me set it up.   Can anyone tell me where I am going wrong or point me to some step by step configuration advice?

Looking for some help into something that is driving me mad.

I updated my router about a week ago to 22.7.   Since then my Echo devices seem to be unable to maintain a connection.   They often say "something went wrong"  and they always keep breaking off when streaming. 

All my other wireless network devices seem to work at least as well if not better, though debugging wireless is not easy.  Has something changed that requires me to adjust something so that they maintain their connection? 

I am trying to use NTOPNG for the first time in a while and it will not let me login.

I followed the instructions that come up through the login page and various other bits of internet advice that essentially add up to these three

redis-cli set ntopng.prefs.local.auth_enabled 1

redis-cli del ntopng.user.admin.password

redis-cli SET user.admin.password ea847988ba59727dbf4e34ee75726dc3

Iv'e tried the with the service stopped and with the service started following with a refresh but still the login prompt rejects me.  The login itself will not even allow me to enter the admin password for the router as the button stays faded (I think it is too long for the web front end).  I am using NTOPNG with Https and that was working fine, however I have upgraded to 21.7 since the last time I tried to use this.

Anyone got any advice on things to try?  Will removing it from the box and putting it back help or will the setup be retained anyway leading to no change?

Trev