Messages

Yes to all of that.  I am posting this via the router right now.  I just need to find a way to force the update or upgrade.  So it will stop looking for the files that are not their.

Yes I have....I haft to force a upgrade.  It will not upgrade or update.  That is the error file not found.

I have 20.7 that will not update.  I have tried command line opnsense-update -i and pkg update or upgrade with zero success.  It their a command to force upgrade and take off all qualifications...no sig no fingerprint etc...just force update??

Anyone know how to force the upgrade to happen?

Fails with this no madder what I do.

pkg_static: https://pkg.opnsense.org/FreeBSD:12:amd64/20.7/latest/meta.txz: No address record

This was retype so I might not have have to 100% correct but it will give someone an idea on how to bypass the upgrade issues I am having!

That is a good option but I will still do host file.  Planning on trying my idea this weekend and will report back how it works and how I made it work too!  If I am successful...

https://1.1.1.1/ from Cloudflare might be an option too.

Will report back next week.

I am looking to use the lists in both directions.  If anything on the LAN side tried to go out drop it.  If anything from the WAN tries to come in then drop it.

I have not had time to try out my idea.  I might test it out today and see if I can make the link I posted to work.

I understand what you are getting at, all tho I do not see a good way to keep it all inside OpnSence.  I want to keep away at all cost from having multiple systems to deal with all network stuff.  Just have one system to deal with everything.

From my research last night, it appears this is about the only viable option in the URL link below.

https://devinstechblog.com/block-ads-with-dns-in-opnsense/

This is using OpnSense own systems.  Could be the best way to go.  I do understand your pi-hole idea but you have 2 systems dealing with network traffic where I need to keep this to 1 system.

Is there a simple way to append the host file with a block list?  I want to add to host file a block list from a url of someonewhocares.org/hosts/

Every time I reboot I haft to go back in and redo the host file.  Before I go and break OpnSense to force the host file is there a way to load all these sites into OpnSense with just one simple command?

Do I have to redo the startup scrips to pull the file and then combine it with the system host file and make a new host file and replace the system host file then let OpnSense come up!  Is that the only option?

Correct.  IPV4 works fine but after a few mins IPV6 stops working on the WAN side.  WAN IPV6 address drops from the interface.  Everything else works as normal.  in 17.7.7.1 their was no issue with IPV6 or IPV4.  In this new update IPV6 stops working after a few mins after reboot.  I am at a loss on what the problem is or how to fix the issue!

Looking for any advice or help to figure this out!

Anyone have IPV6 stop working after the upgrade reboot?  On reboot IPV6 works but then a few mins later it stops working.  Just wondering if anyone else is having this problem??

For me on test hardware I am using with 17.1.4 opnsense.  Suricata work correctly like it works on pfSense on a IPv4 only WAN, but when I setup WAN for both IPv4 & IPv6 suricata with IDS check then IPv6 drops off on WAN and IPv4 keeps working on WAN...and suricata dose block just like pfSense but with out IPv6.  This was the same in 17.1.3 and 17.1.2 version of opnsense.

I have been able to make suricata work but, the scope is not the full range it should be working in.

Well I would like to have the same setup as IPv4 as IPv6.  I looked at that but I could not make it work by just having the public address 2001:xxx:xxx:xxx:xxx and then private address on the LAN side... then have NAT sit between the public 2001: and private fdxx:xxx:xxxx:xxxx:xxxx

NPT how would you config that with lan dhcpv6?  Why I was asking if anyone has it working and how they were able to make it work.  I can not get anything to work beside the default IPv6 setup.

Maybe this is the wrong place to ask this.  If you have a WAN address with Public IPv6 address and you want the inside IPv6 LAN address to be fdxx:xxxx:xxxx ( private address ).

Can this be done with opnsense or do all inside LAN IPv6 address haft to be on the public side?  If this can be done dose anyone have a simple check list or how to configure IPv6 WAN <-> NAT <-> inside DHCPv6 <-> LAN?

I have IPv6 working fine.  I want to be able todo the same as IPv4 WAN <-> NAT <-> inside DHCP <-> LAN but on IPv6 too.  If anyone has done this with opnsense I would like to know how you were able to get it working.

I have IPv4 & IPv6 working on 17.1.4

Same here on 3 different test installs of opnsense for 17.1.3.  Only using 1 core.

Need to enable debug in kernel.  This will allow you to see the KDB stack backtrace dump so you can see the error.  How the error occurred.  FYI you have no address on fault virtual address.  This means the resource is not assigned.  The error your having is caused by opnsense requesting something from other side and the other side is not giving the request back with the address to opnsense.  Why you have no address at fault virtual address, because their was no resource ( think of it like this you have a network interface and you want to read from that interface.  You can open igb0 and read data.  If you can not open igb0 then their is no resource to read from.  This is not your problem I am just using that as an example.)  Since you are low in the RAM space this is were most of the OS or System is.  Could be as your thinking a problem in the driver or it could be something else.  You need KDB output to know what to chase down.  With out that you are really going on a wild chase.  Like looking for a needle in a 10 mile field.

I do not think Xen driver is the problem.  I could be wrong.  KDB would turn the light on for you.  If you want to chase the problem down.  I would strongly suggest you look at debug dump.

I do not run anything that is dual os or hypervisor as some people call is or as you are referencing as ESXi unless the box has over 40+ cores above 2.5 ghz and has over 100gig of ram.  Systems above that I have found to have benefits to running dual os.  Since I run over 100+ systems and have been for over 20 years now.  If the system is under that level of resources, you do not get any benefits of VM / Dual OS and you actually lose resources!

I have not tested opnsense under dual os yet.  My guess it should have no problem doing what you are after with dual os setup.  From what I saw of Ryze 1700, when I saw it in austin at AMD office is a okay processor.  Their arm line coming out is better in my opinion.  Will the 1700 do it?  I do not know but my gut would say yes it should with dual os.

5ghz for opnsense + 4ghz for your VPN load = 9 ghz so call it a even 10 ghz total compute you need just in operations of code.  Then times it by 2 for dual os so you are looking at 20 ghz in total compute for all operations of code.

https://www.amd.com/en/products/cpu/amd-ryzen-7-1700x

Real compute is 30 to 31 ghz compute on ryzen 1700.  So you are right near the max of what it can do by the numbers with a little over or under depending on how you want to look at it around 70% you have not put in the OS overhead if it is more than double...1 for 1 on dual os side... or your VoIP stuff if it would not fit into the 10 ghz where opnsense is allotted...so you would be pushing the limits in my opinion...You will be at the max of what the cpu can do or over what the cpu can do.

I found systems work best when load is keep to under 1/2 of what the system can do.  Extra 50% allows for unknown events like cpu issues or memory or io issues.  So I do not allow anyone to run systems over 50% of their calc ability.  Just my hard rule I make everyone do in my company.