Messages

First of all...............upgrade to RC1 succeeded.
Applied all the patches mentioned in the other thread.
All the old rules migrated to new following the 5 steps of the Migration Assistant done.
OpenVPN Instance and port forwarding rules (now Destination NAT) all working (also the ones using Aliases).
Not tried the Shaper yet.

I'd have a question: in the OpenVPN section and in the WAN section of the Rules (new) I find rules that are already present in Destination NAT.
Furthemore if a rule is disabled in Destination NAT but enabled in the WAN section of Rules (new) the thing doesn't work till I enable it in Destination NAT.

I find confusing the apparent "duplication" of rules, could someone please help me clarifyng the function of the two section and why rules are present in both?

Thanks in advance

Hello everybody,
I had the message on 2 of my 3 OPNSense sysyems.
The only difference between them is that the two with the danger message had running:
- one OpenVPN Legacy server
- one OpenVPN Instance

while the one without the danger message has only the new OpenVPN Instance running.

All three systems upgraded succesfully and are working without problems as far a s I can see.

Don't know if it's related but hope this can help.

Best Wishes

Thanks for the quick answer, Franco.

We do not use the Business Edition, that's why I wrote 24.7 and not 24.10.

In the forum, here the why of my question, they are not differentiated while in reality, by your answer, they are.

Anyway now the situation is clear, thank you very much.

@Franco

I apologize for my dumbness but I've not the thing clear enough.

Let me rephrase the question:

is 25.1 stable enough to be used in a production environment?
is 24.7 secure enough to be used in a production environment till the shipping of 25.4?

Apart from the wording, it'd seem that a EOL (or not?) version can still be used safely.

Thanks in advance

Greetings,

I meant exactly what DEC670airp414user said.

If 24.7 is EOL why is still marked as production on the forum?

Best Wishes

Greetings,

with the release of Community version 25.1 as Production I see the 24.7 is still indicated as Production too.

Is it a typo or ......

Thanks in advance

Hello,

I remotely connected and, since I had no access to the described VM, installed ZenArmor on a working OPNSense install in a slightly less powerful host I had access to:

CPU Model: 12th Gen Intel(R) Core(TM) i7-12700
CPU Score: 1203386
Physical Memory Size: 16.6 GB

On this one, for now, I'm able to apply to ZenArmor free the same customizations I did on the other (no ads, High Control in the Category based tab..........) without any bandwidth limitation side effect.

So, for the moment, I thank you vey much for your help and when I come back to work I'll experiment on settings paying attention to the bandwidth side after every modification.

This way, if the problem arises again, I'll be able to describe which step introduced the problem and provide the logs you asked for.

Thanks you very much again for your support.

Sure,

I'm away from work for a few days for the holidays but I'll post it ASAP.

Thanks for the help

Best Wishes

Hi,

yeah, stopping ZenArmor didn't change the behaviour at all.

Best Regards

Thank you for your post, I was aware of the implication.

For test purpose, I didn't mention production anywhere, should be good.

Is someone able to give some advice in order to the performace problem? Didn't experience it with any other product I tested before.

Best regards

Hello,

I installed the Zenarmor plugin in a well working VM installation of Opnsense.

The host is the following Windows 11 PC:

- Intel Core i7 12700
- 128 GB RAM
- Intel(R) Ethernet Connection (17) I219-LM
- Micron 3400 NVMe 1TB
- ST2000DM008-2UB02 (actually the VM is installed on this HDD)

The OPNSense VM has a static IP and is performing basic functions:

- acts as Internet gateway for internal network
- a few nat port-forwarding
- traffic shaping for some internal IPs

Following the details of the VM:

- last version (7.0.14) of Virtualbox Hypervisor
- 16 GB RAM
- 500 GB HDD space
- one core (tried 4 core but had only stability problems) assigned to the VM
- two Intel PRO/1000 MT desktop network cards in bridge mode, every card has its internal IP

When there is no ZenArmor i can obtain all the 100Mbit up/down bandwidth.
When ZenArmor (free) is installed (doesn't seem netmap mode matters, I tried all the option) I barely reach 20 MBit in both directions.
This behaviour even stopping / bypassyng ZenArmor.

Uninstalling ZenArmor revert the system to full bandwidth.

If someone could give advice on how to proceed it's be greatly appreciated.

Thanks in advance

Hi,

for the first time I dedicated 4 cores to the Virtualbox VM hosting OPNSense (24.1 updated to the last patch).
Before, only one core was available and the system never had problems.

Since the change the system stops working, usually in a few hours; PC having it as GW not connected to Internet, WEB UI not reachable..............only console works.
Tried the shell: even ping doesn't work.
Reverting to one core "solves" the problem.
The functions activated on OPNSense are: NAT with Port Forwarding, an OpenVPN (Legacy, and wasn't used but is active), two rules of traffic shaping.

Tried to give a look at logs from console, didn't notice anything but I'd like some advice where (which logs) to search for answers.
And if someone else experienced similar behaviour .........please let me know.

If further info are needed just drop a line, please.

Thanks in advance

Since I solved the thing using the following steps, could be useful for someone else:

I) From the Hypervisor tools adjust the disk size to what you want
II) Boot opnsense in single-user mode
III) use "gpart show" ---> it should report a corrupt ada0
IV) Fix ada0 with "gpart recover ada0"
V) Now "gpart show" shows a correct ada0 and free space after freebsd-ufs (which in my case has id = 3)
VI) Do the resize of the freebsd partition "gpart resize -i 3 ada0"
VII) "gpart show" shows a resized freebsd-ufs
VIII) "growfs /dev/gpt/rootfs" resize the filesystem
IX) Optional: you can make an "fsck" just to be sure
X) "exit" so the system go in multi-user mode

Best Wishes

Hi,

I have a virtualbox Opnsense VM whose VDI size has been defined as dynamically allocated till a defined max size.

Now I'd like to increase the max size; tried using the CloneVDI program using the option to increase the size but this leads (seen through "gpart show") to a corrupt ada0 GPT.

Could you please give me advices on how to resize it properly?

Thanks in advance

Hello, I can say that an OpenVPN configured as in the OPNsense manual works (I could connect and RDP into my remote PC without any problem) also in the last version, I used it yesterday too (you can see my last post for details if needed).

So it must be something specific to your configuration and I think a few more details about it will be needed in order to help you.

Best Wishes