Messages

Given up

Help please?

Hi franco, I had another thought so ran putty as admin. I re-execute the command and got this:

root@OPNsense:~ # vim /config/config.xml
E325: ATTENTION
Found a swap file by the name "/var/tmp/config.xml.swp"
          owned by: root   dated: Sat May 25 09:58:06 2019
         file name: /config/config.xml
          modified: YES
         user name: root   host name: OPNsense.localdomain
        process ID: 54565
While opening file "/config/config.xml"
      CANNOT BE FOUND
(1) Another program may be editing the same file.  If this is the case,
    be careful not to end up with two different instances of the same
    file when making changes.  Quit, or continue with caution.
(2) An edit session for this file crashed.
    If this is the case, use ":recover" or "vim -r /config/config.xml"
    to recover the changes (see ":help recovery").
    If you did this already, delete the swap file "/var/tmp/config.xml.swp"
    to avoid this message.

Swap file "/var/tmp/config.xml.swp" already exists!

• pen Read-Only, (E)dit anyway, (R)ecover, (D)elete it, (Q)uit, (A)bort:
  

Hi franco, I had no luck with # pkg add vim-console which gave me the following feedback:

root@OPNsense:~ # pkg add vim-console
pkg: vim-console: No such file or directory
pkg: Was 'pkg install vim-console' meant?
Failed to install the following 1 package(s): vim-console
root@OPNsense:~ #

So I looked around and tried # pkg install vim-console and successfully installed vim-console: 8.1.1248 so all good.

However I got an almost blank screen after executing # vim /config/config.xml like below. Does this mean I don't have an existing file called config.xml?

root@OPNsense:~ # vim /config/config.xml
  1
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
"/config/config.xml" [New DIRECTORY]                                                                                            0,0-1         All
  1
~
~
~
~
~
~
~
~
~
~
~

Thanks franco but I have no idea how to do it. I get the following after executing edit /conf/config.xml but I don't know what to do next.

root@OPNsense:~ # edit /conf/config.xml
help : get help info  |file  : print file name         |line : print line #
read : read a file    |char  : ascii code of char      |0-9 : go to line "#"
write: write a file   |case  : case sensitive search   |exit : leave and save
!cmd : shell "cmd"    |nocase: ignore case in search   |quit : leave, no save
expand: expand tabs   |noexpand: do not expand tabs
===============================================================================
<?xml version="1.0"?>
<opnsense>
  <theme>opnsense</theme>
  <sysctl>
    <item>
      <descr>Disable the pf ftp proxy handler.</descr>
      <tunable>debug.pfftpproxy</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>Increase UFS read-ahead speeds to match the state of hard drives and NCQ.</descr>
      <tunable>vfs.read_max</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>Set the ephemeral port range to be lower.</descr>
      <tunable>net.inet.ip.portrange.first</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>Drop packets to closed TCP ports without returning a RST</descr>
      <tunable>net.inet.tcp.blackhole</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
      <tunable>net.inet.udp.blackhole</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>Randomize the ID field in IP packets (default is 0: sequential IP IDs)</descr>
      <tunable>net.inet.ip.random_id</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>
        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
        It can also be used to probe for information about your internal networks. These functions come enabled
        as part of the standard FreeBSD core system.
      </descr>
      <tunable>net.inet.ip.sourceroute</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>
        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
        It can also be used to probe for information about your internal networks. These functions come enabled
        as part of the standard FreeBSD core system.
      </descr>
      <tunable>net.inet.ip.accept_sourceroute</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>
        Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
        to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
        packets without returning a response.
      </descr>
      <tunable>net.inet.icmp.drop_redirect</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>
        This option turns off the logging of redirect packets because there is no limit and this could fill
        up your logs consuming your whole hard drive.
      </descr>
      <tunable>net.inet.icmp.log_redirect</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
      <tunable>net.inet.tcp.drop_synfin</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>Enable sending IPv4 redirects</descr>
      <tunable>net.inet.ip.redirect</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>Enable sending IPv6 redirects</descr>
      <tunable>net.inet6.ip6.redirect</tunable>
      <value>default</value>
    </item>
    <item>
      <descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
      <tunable>net.inet6.ip6.use_tempaddr</tunable>
command:

Hi Franco, thanks for replying. I got this reply:
root@OPNsense:~ # /usr/local/etc/rc.restart_webgui
Starting web GUI...failed.
Generating RRD graphs...done.
root@OPNsense:~ #

By the way, I updated via console to 19.1.8 hoping this will fix my problem but no joy.

Anyone that is kind enough to help?

Anyone can't get access to GUI after 19.1.7 update? I can use putty and get to console and verified that the LAN (igb0) v4 192.168.x.x is as before the update. I rebooted it via console but still could not access the GUI. My local network can access the internet and other devices in the local network so there is no issue there. Just can't get to GUI.

I tried option 11 in console (reload all services) thinking GUI might be a service that got stuck during booting but the script stalled at "configuring LAN interface" or similar. At this point there is no access to internet until I force reboot the opnsense box. At the end still no GUI.

Hi, is there a way to temporarily block internet or network access based on IP or MAC address of a device? I have assigned static addresses for every device on my network. I wonder if I can use Mac Access Control to deny a MAC address? Cheers.

Hi, I wonder how much it cost in terms of hardware resources (CPU, RAM etc) when accessing GUI? Is there a rule of thumb? Cheers

[top -o res]

1.- open a ssh terminal
2.- enter this command top -o res

Thanks will try that.

Hi, is there a way to see a list of services and corresponding memory consumption? I have 4GB of memory and currently at 72%.

Ok I reinstalled it and upgraded to latest v19.1.6. Used putty and able to ssh into my opnsense box. Wish me luck from this point onwards  :)

Did you configure any access via SSH or serial/USB? That's the first thing I do after an install.

Thanks, I will reinstall and do as you suggested. I live and learn  ;D

I set up my opnsense box and able to reach gui via 192.168.8.1 on a test system. I shut down the box and plugged it into my home network. All devices take its IP from DHCP server. After plugging in, my home network is able to connect to internet but I can o longer reach the box via 192.168.8.1. At this point, all devices' IP is in 192.168.8.xx range and can ping 192.168.8.1. I can't understand why I can't get to GUI.
I unplugged it from my home network and reverted back to the test system (ie a laptop connected directly to the opnsense box). Found out I also cannot reach GUI anymore using 192.168.8.1 but I can ping it. Since I do not have console via VGA (stuck at booting), is my only option is to reinstall everything?