Messages

I'd like to get an email alert from OPNsense when my WAN connection has dropped and reconnected. As a bonus it would be nice if it could also show me the new IP addresses (v4 and v6) within the email. How could I do this?

I think I finally got it working (ran it twice in the OPNsense console to make sure)! Here's the final script I have:

Code Select Expand

#!/bin/sh

# just in case the other shell doesn't work: /usr/local/sbin/opnsense-shell

ipv6=`curl https://ipv6.icanhazip.com`

curl -X POST -u "<username>:<password>" https://dynupdate.no-ip.com/nic/update?hostname=<hostname> -d myipv6=${ipv6}

It would also have helped if I thought to check the file encoding before saving so many failed versions of my script - it was set to Windows, not Unix... :-[

Thanks to everyone who chipped in :).

OK I decided last night to experiment with creating a custom shell script which I could then schedule via cron.  I know the command I want to invoke, which I ran manually via a shell session:

Code Select Expand

curl "https://<username>:<password>@dynupdate.no-ip.com/nic/update?hostname=<hostname>&myipv6=<ipv6address>&myip=<ipv4address>"

I discovered that putting the URL inside double quotes updates both the v6 and v4 addresses, but without them it only updates the v4 address for some reason.  But if I try to put this into a script I get the following error from curl after running the script:

Code Select Expand

curl: (3) URL using bad/illegal format or missing URL

I tried "escaping the double quotes", as the Internet calls it, but I get the same error.  I even tried changing the shell that gets invoked after the shebang (I had it set to /bin/sh initially) - no difference.  Here's how the script currently looks:

Code Select Expand

#!/usr/local/sbin/opnsense-shell

IPV4=`curl https://ipv4.icanhazip.com/`
IPV6=`curl https://ipv6.icanhazip.com/`

curl \"https://<username>:<password>@dynupdate.no-ip.com/nic/update?hostname=<hostname>&myipv6=${IPV6}&myip=${IPV4}\"

Any ideas?

The plugin is old, and the No-IP part was no doubt written long before it provided IPv6 support. Only a few providers are given IPv6 support in the plugin (https://github.com/opnsense/plugins/blob/master/dns/dyndns/src/etc/inc/plugins.inc.d/dyndns/phpDynDNS.inc).

Judging from this thread (https://github.com/opnsense/plugins/issues/1611#issuecomment-706129596) it seems unlikely that it will be updated any time soon.

Blimey:

Code Select Expand

*  No-IP                       - Last Tested: 20 July 2008

I guess I can settle for manual IPv6 updates as and when needed... :-[

Not sure if this is the right part of the forum to ask but here we go...

I recently signed up to NoIP's dynamic DNS service so I could link it up to my OPNsense box.  I notice that OPNsense currently supports linking your IPv4 address to your NoIP hostname, but not the IPv6 address.  I don't know if NoIP's IPv6 service wasn't available at the time NoIP was initially added to the list of providers, or if it's been tested before but not included because of some issues.

In case it's the former I wanted to ask if it could be added, so I guess this thread is sort of a feature request.  If it helps the developers here's a link I found to the details required for integrating their update service into 3rd party products, including the IPv6 related stuff:

https://www.noip.com/integrate/request

I tested this with my own hostname by resetting my broadband connection to get new IP addresses (I have both v4 and v6 enabled), then I copied/pasted their HTTPS update request link (modified with my account details, hostname, and the IPv6 address to be linked) into my browser to see if it updated my hostname's IP address.  It gave a message that said "good <newipv4address>,<newipv6address>".  I then logged into my NoIP account and both the v4 and v6 addresses got updated (maybe because I have both running on my network).

OK I just picked and set up a ruleset with monit running as outlined in your post, and put it in alert mode.  I'll see how it goes from here.

Thanks for the input.

I'd like to try out the Intrusion Detection feature in OPNsense but I see that there are...rather a lot of choices of different rulesets to choose from.  I won't select all of them as I'd assume this would use more resources and possibly block things I don't want blocked.

Does anyone recommend any particular ruleset(s)?  If it makes any difference I'm playing online games quite a lot at the moment and I have a file server which also runs torrents behind my VPN.

Other than verifying the hardware is fully operational on opnsense there's little benefit of running in live mode.

Furthermore, you'll be missing a lot of security patches and be stuck on the release image at least for the kernel, so in a nutshell, do a regular install and subsequent updates on a decent drive and keep a current backup when all is configured.

Fair enough, thanks for the input.

Greetings,

I've recently bought a new pico-ITX PC to use as my home router and I've chosen to use OPNsense for this.  When I boot into the DVD ISO image I notice it starts by default in live mode.  I've read it can also be run permanently in such a mode ("embedded", I think?) if you want.  Just out of curiosity, I have a couple of questions about this:

- Aside from reducing the number of read/write operations for certain types of flash media (depending on the user's chosen hardware), would there be any other benefit(s) in running OPNsense this way vs. a more permanent installation (e.g. security-wise)?

- I see that you can install plugins for extra functionality in OPNsense.  If I run it in live mode, are these plugins 'installed' in RAM with the rest of the system, or can they be saved onto non-volatile storage (i.e. to reduce recovery time from a power outage)?

- Would backing up the config in live mode just restore your core settings, or would it also include whatever plugins (or their respective config) you chose?