Messages

Hello,

I am connecting two OPNsenses via IPSEC successfully but it seams to strange/flakey as connections between both sides drops quite fast even with DPD configured on both sides. At the same time In the "Status Overview"  I have several SPIs with a INSTALLED/routed status.

Side A is a single OPNsense connecting via PPPoE with an dynamically allocated IPv4 address and a DynDNS hostname.
Side B are two OPNsense in HA with a public /29 IPv4 net.

here are my configs

A<>B
Connection method      default<>default
Key Exchange version    auto<>auto
Internet Protocal       IPv4<>IPv4
Interface             WAN<>"CARP IP"
Remote Gateway          "CARP IP"<>"DYNDNS-FQDN"
Dynamic Gateway       No<>YES

Phase 1 proposal (Authentication)
Authentication method    Mutal PSK<>Mutual PSK
My Identifier          DN "DYNDNS-FQDN"<>IPAdress "CARP IP"
Peer Identifier       IPAdress "CARP IP"<>DN "DYNDNS-FQDN"

Phase 1 proposal (Algorithms)
Encryption algorithm    AES 256<>AES 256
Hash Algorithms       SHA256<>SHA256
DH key group         14<>14
Lifetime             28800<>28800
NAT Traversal          Enable<>Enable
Dead Peer Detection    YES<>YES

Tunnel
Mode                Tunnel IPv4<>Tunnel IPv4
LocalNetwork
Type               Network<>Network
Address             172.19.173.0/24<>10.100.0.0/16
Remote Network
Type                 Network<>Network
Address               10.100.0.0/16<>172.19.173.0/24
Phase 2 Proposal
Protocol            ESP<>ESP
Encryption             AES 256bits auto<>AES 256bits auto
Hash algorithms       SHA256<>SHA256
PFS key group          14<>14
Lifetime             3600<>3600
Advanced Options
Automatically ping host "LAN CARP IP"<>"OPN LAN IP"

Thanks for posting this. I am just having the same issue ;-). And the documentation is leading us in this direction https://wiki.opnsense.org/manual/how-tos/carp.html#adding-multiple-carp-ips:

Since adding a VHID for every IP would make the CARP traffic very noisy, you can also add a new IP Alias and choose the correct VHID where the first CARP IP is configured

.

OMG. This is so embarrassing. I total oversaw the second SAVE Button in that window. Pressed it. Works. ARRRRRRGH :o :-[

I am so sorry to have bothered you with this.

I will triple check now about point 1.

Henning :-[

Installing os-nrpe from the GUI removed os-nrpe-devel but unfortunately my issue persists. I even removed and reinstalled it completely.

Regards and appreciating your help

Henning

Upgraded to 19.7.10 and still the same. I am on os-nrpe-devel 1.0. Should I probably change to os-nrpe?

Thats right. After adding the command and saving it the command does not appear in /usr/local/etc/nrpe_commands.cfg. I have to switch to the General tab of the NRPE plugin, deselect the enable NRPE checkbox save it and the selecting the checkbox again save it that again in order to make the command available.

Henning

Today I realized two things:
1. At least check_procs is running with "non elevated privileges" meaning the result is one running process. Guess that is the command itself?

Code Select Expand

/usr/lib/nagios/plugins/check_nrpe -H 10.100.2.251 -c check_procs -a '-c 50 -w 20'
PROCS OK: 1 process | procs=1;;;0;
2. If I tried to add another check I needed to disable NRPE, save and reenable and save it again so that the command was written to nrpe_commands.cfg.

Regards

Henning

And unfortunately it looks like that a fix for this issue is further postponed to 20.7 ;-|

Hi,

plugin is installed and is working as expected.

Thank you.

Henning

Okay then I certainly will give it try and report back. Thanks for your response @mimugmail @fabian.

Hello,

I would love to monitor my OPNsense boxes from my Icinga system and have read about the NRPE plugin. But I can't find that plugin in WebGUI on my 19.7.9_1 installation. After logging in via SSH und running

Code Select Expand

pkg search nrpe I only found

Code Select Expand

os-nrpe-devel-0.1 Am I supposed to install this via pkg?

Regards

Henning

After installing CentOS7 onto the machine and still having the same experience I opened a case with SuperMicro...

Setting

Code Select Expand

sysctl hw.acpi.disable_on_reboot=1
as mentioned in a couple of places did not help either

starting the system from a FreeBSD 11.2 Live image and running the shutdown -p now command had the same effect.

machine still restarts after shutdown  :-\

Henning

So the motherboard of the system https://www.supermicro.com/en/products/motherboard/X10SDV-TP8F is on the compatibility list für FreeBSD 11.

The BIOS is the most current version. I resented the BIOS to the default settings and reinstalled it as well.

Any other ideas what I could check?

Henning

Hello,

I just installed OPNsense for the first time a brandnew Supermicro SuperServer SYS-5018D-FN8T played a bit with it and tried to switch it off but instead of doing a halt the system just restarts. Any idea why this happens?

Sorry for this newbee questions

Regards

Henning