Messages

Both plugins still work with 25.1.

After a reboot, the patch is working.
Thanks!

After upgrading to 24.7.4 my 4G modem (PPP) isn't working anymore.
In the logs I can see the following (descending):

Code Select Expand

[...]
Informational ppp [opt10] IPCP: parameter negotiation failed
Informational ppp [opt10] IFACE: IfaceChangeAddr() error, closing IPCP
Informational ppp [opt10] IFACE: Adding IPv4 address to ppp0 failed: Destination address required
Informational ppp [opt10] 77.1xx.xxx.xxx -> 0.0.0.0
Informational ppp [opt10] IPCP: LayerUp
Informational ppp [opt10] IPCP: state change Ack-Sent --> Opened
[...]
Any idea how to fix this?
Thanks!

For me on APU3 the Announcements-Widget is breaking all others. After removing it, the others I need (System Information, Memory, Disk, Thermal Sensors, Gateways, CPU, Interface Statistics) are working fine.

Update: It seems to me that just too many Widgets break all together. I also applied the patch btw.

[WebDAV (https://gist.github.com/cretl/c0cf801b45020df77e100a6a3e9d447c):]

Since these aren't official plugins, you have to manually create the following files with the source code provided on the linked GitHub Gist:

WebDAV (https://gist.github.com/cretl/c0cf801b45020df77e100a6a3e9d447c):
/usr/local/opnsense/mvc/app/library/OPNsense/Backup/WebDAV.php
/usr/local/opnsense/mvc/app/models/OPNsense/Backup/WebDAVSettings.php
/usr/local/opnsense/mvc/app/models/OPNsense/Backup/WebDAVSettings.xml

SFTP (https://gist.github.com/cretl/9399900b4e623de4fcaab76592508ed0):
/usr/local/opnsense/mvc/app/library/OPNsense/Backup/SFTP.php
/usr/local/opnsense/mvc/app/models/OPNsense/Backup/SFTPSettings.php
/usr/local/opnsense/mvc/app/models/OPNsense/Backup/SFTPSettings.xml

After this, the backup can be configured under System -> Configuration -> Backups just like the Nextcloud Plugin.

[WireGuard instance id:]

I have finally "solved" this problem with the following workaround:
I use Monit to ping the IP address of the WireGuard server. If the connection is stale, WireGuard is restarted.
To do this, you need the following Monit settings:

WireGuard instance id:
You need the ID (UUID) of the WireGuard instance that should be restarted when it becomes stale. I couldn't find an easy way to get the UUID. So I opened the developer tools in the browser on the WireGuard instance page and inspected the 'Edit' button of the instance I wanted to be restarted when stale. The edit button had the UUID embedded in the HTML tag (data-row-id="<instance uuid>")

Monit:
1. Service settings:
Add test:
- Condition: failed ping4 count 3 with timeout 3 seconds for 2 cycles
- Action: Execute
- Path: /usr/local/bin/bash -c '/usr/local/opnsense/scripts/Wireguard/wg-service-control.php restart <ID of the WireGuard instance>'

Note: the usr/local/bin/bash -c '<command>' is the important part. I could not get it to work with the direct command.

2. Add a service:
- Type: "Remote Host"
- Address: <the WireGuard server's IP address>.
- Tests: <the defined ping test>

Result:
If the ping of the WireGuard server's IP address fails 3 times with a timeout of 3 seconds for 2 times, the WireGuard instance is restarted.

I did a rewrite of the Nextcloud backup plugin to support any WebDAV server. For anyone interested, here is the code:
https://gist.github.com/cretl/c0cf801b45020df77e100a6a3e9d447c

Remember: you have to import any custom CA into OPNSense Trust storage (System: Trust: Authorities) if you have a server with a self signed certificate. Otherwise the backup will fail.

This plugin is tested with SFTPGo WebDAV server and Hetzner Storage Box.
Works for me :)

I also created a SFTP Backup Plugin:
https://gist.github.com/cretl/9399900b4e623de4fcaab76592508ed0

I have the same problem and figured out, that a stale state is the problem. OPNsense doesn't kill/reset all states when WAN goes down/up. Manually clearing all states/the VPN connection states (Firewall->Diagnostics->States) is resolving this for me. But this is just a bad workaround and not a fix.

This also helps me in my dual WAN failover setup. When the backup connections kicks in, I get the same problem. The WireGuard client doesn't reconnect automatically, because it is in a stale state.

I tied to automate the state resetting with Monit and gateway alerts, but couldn't get it working.

Hi,

I tried to set up a DHCPv4 server with Dynamic DNS support (bind9 server included as optional package).
I can't make it work since I ran into several issues:

The rndc-key generated by bind9 is a hmac-sha256; the DHCP Server only allows hmac-sha512 (see: https://github.com/opnsense/core/issues/4136).
Error message: security: error: client @0x44c22e2cf68 127.0.0.1#54103: request has invalid signature: TSIG rndc-key: tsig verify failure (BADKEY)

After the workaround it seems that updating the zone files is not allowed because of missing allow-update { key rndc-key; }; in the named.conf.
Error message: update-security: info: client @0x4613802c168 192.168.145.2#54889/key rndc-key: update '[domain]/IN' denied

After manually adding (which is removed by any config change) it seems that there are permission errors since bind9 can't create a journal file in /usr/local/etc/namedb/master since it is owned by root:wheel.
Error message: general: error: /usr/local/etc/namedb/master/[DOMAIN].db.jnl: create: permission denied

After manually changing the owner to bind:wheel it still doesn't seem to work despite no errors in the logs.
When trying to query the added dynamic host the server doesn't respond the IP address.

I can confirm that the Huawei ME909s-120 should be supported with the latest kernel (OPNsense 17.1.9), now trying to get the PPP device to work.

I would also love the get this information. If no support/kernel patch is planned I might switch to a Linux based firewall since I need my 4G card.

/push

Is the here https://forums.freebsd.org/threads/57720/ mentioned patch included in OPNsense?

/push

Any clue?

Update: I updated to newest bios version of the apu, sadly no change.

Is the here https://forums.freebsd.org/threads/57720/ mentioned patch included in OPNsense?

dmesg log:

Code Select Expand


Copyright (c) 1992-2016 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 11.0-RELEASE-p8 #0 e84bb9532(stable/17.1): Sun Mar 26 15:34:40 CEST 2017
    root@sensey64:/usr/obj/usr/src/sys/SMP amd64
FreeBSD clang version 3.8.0 (tags/RELEASE_380/final 262564) (based on LLVM 3.8.0)
[HBSD ASLR] status: opt-out
[HBSD ASLR] mmap: 30 bit
[HBSD ASLR] exec base: 30 bit
[HBSD ASLR] stack: 42 bit
[HBSD ASLR] vdso: 28 bit
[HBSD ASLR] map32bit: 18 bit
[HBSD ASLR] disallow MAP_32BIT mode mmap: opt-out
[HBSD ASLR (compat)] status: opt-out
[HBSD ASLR (compat)] mmap: 14 bit
[HBSD ASLR (compat)] exec base: 14 bit
[HBSD ASLR (compat)] stack: 14 bit
[HBSD ASLR (compat)] vdso: 8 bit
[HBSD HARDENING] procfs hardening: enabled
[HBSD LOG] logging to system: enabled
[HBSD LOG] logging to user: disabled
[HBSD SEGVGUARD] status: opt-out
[HBSD SEGVGUARD] expiry: 120 sec
[HBSD SEGVGUARD] suspension: 600 sec
[HBSD SEGVGUARD] maxcrashes: 5
CPU: AMD GX-412TC SOC                                (998.15-MHz K8-class CPU)
  Origin="AuthenticAMD"  Id=0x730f01  Family=0x16  Model=0x30  Stepping=1
  Features=0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
  Features2=0x3ed8220b<SSE3,PCLMULQDQ,MON,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AESNI,XSAVE,OSXSAVE,AVX,F16C>
  AMD Features=0x2e500800<SYSCALL,NX,MMX+,FFXSR,Page1GB,RDTSCP,LM>
  AMD Features2=0x1d4037ff<LAHF,CMP,SVM,ExtAPIC,CR8,ABM,SSE4A,MAS,Prefetch,OSVW,IBS,SKINIT,WDT,Topology,PNXC,DBE,PTSC,PL2I>
  Structured Extended Features=0x8<BMI1>
  XSAVE Features=0x1<XSAVEOPT>
  SVM: NP,NRIP,AFlush,DAssist,NAsids=8
  TSC: P-state invariant, performance statistics
real memory  = 4815060992 (4592 MB)
avail memory = 4083712000 (3894 MB)
Event timer "LAPIC" quality 400
ACPI APIC Table: <CORE   COREBOOT>
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
FreeBSD/SMP: 1 package(s) x 4 core(s)
random: unblocking device.
ioapic1: Changing APIC ID to 5
ioapic0 <Version 2.1> irqs 0-23 on motherboard
ioapic1 <Version 2.1> irqs 24-55 on motherboard
random: entropy device external interface
wlan: mac acl policy registered
netmap: loaded module
module_register_init: MOD_LOAD (vesa, 0xffffffff81149b90, 0) error 19
kbd0 at kbdmux0
cryptosoft0: <software crypto> on motherboard
acpi0: <CORE COREBOOT> on motherboard
acpi0: Power Button (fixed)
cpu0: <ACPI CPU> on acpi0
cpu1: <ACPI CPU> on acpi0
cpu2: <ACPI CPU> on acpi0
cpu3: <ACPI CPU> on acpi0
atrtc0: <AT realtime clock> port 0x70-0x71 irq 8 on acpi0
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: <AT timer> port 0x40-0x43 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-safe" frequency 3579545 Hz quality 850
acpi_timer0: <32-bit timer at 3.579545MHz> port 0x818-0x81b on acpi0
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> at device 2.2 on pci0
pcib1: failed to allocate initial I/O port window: 0x1000-0x1fff
pci1: <ACPI PCI bus> on pcib1
igb0: <Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k> mem 0xfe600000-0xfe61ffff,0xfe620000-0xfe623fff at device 0.0 on pci1
igb0: Using MSIX interrupts with 3 vectors
igb0: Ethernet address: xx:xx:b9:45:xx:xx
igb0: Bound queue 0 to cpu 0
igb0: Bound queue 1 to cpu 1
igb0: netmap queues/slots: TX 2/1024, RX 2/1024
pcib2: <ACPI PCI-PCI bridge> at device 2.3 on pci0
pci2: <ACPI PCI bus> on pcib2
igb1: <Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k> port 0x2000-0x201f mem 0xfe700000-0xfe71ffff,0xfe720000-0xfe723fff at device 0.0 on pci2
igb1: Using MSIX interrupts with 3 vectors
igb1: Ethernet address: xx:xx:b9:45:xx:xx
igb1: Bound queue 0 to cpu 2
igb1: Bound queue 1 to cpu 3
igb1: netmap queues/slots: TX 2/1024, RX 2/1024
pcib3: <ACPI PCI-PCI bridge> at device 2.4 on pci0
pci3: <ACPI PCI bus> on pcib3
igb2: <Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k> port 0x3000-0x301f mem 0xfe800000-0xfe81ffff,0xfe820000-0xfe823fff at device 0.0 on pci3
igb2: Using MSIX interrupts with 3 vectors
igb2: Ethernet address: xx:0d:b9:xx:xx:xx
igb2: Bound queue 0 to cpu 0
igb2: Bound queue 1 to cpu 1
igb2: netmap queues/slots: TX 2/1024, RX 2/1024
pci0: <encrypt/decrypt> at device 8.0 (no driver attached)
xhci0: <AMD FCH USB 3.0 controller> mem 0xfeb22000-0xfeb23fff at device 16.0 on pci0
xhci0: 32 bytes context size, 64-bit DMA
xhci0: Unable to map MSI-X table
usbus0 on xhci0
ahci0: <AMD Hudson-2 AHCI SATA controller> port 0x4010-0x4017,0x4020-0x4023,0x4018-0x401f,0x4024-0x4027,0x4000-0x400f mem 0xfeb25000-0xfeb253ff at device 17.0 on pci0
ahci0: AHCI v1.30 with 2 6Gbps ports, Port Multiplier supported with FBS
ahcich0: <AHCI channel> at channel 0 on ahci0
ahcich1: <AHCI channel> at channel 1 on ahci0
ehci0: <AMD FCH USB 2.0 controller> mem 0xfeb25400-0xfeb254ff at device 18.0 on pci0
usbus1: EHCI version 1.0
usbus1 on ehci0
ehci1: <AMD FCH USB 2.0 controller> mem 0xfeb25500-0xfeb255ff at device 19.0 on pci0
usbus2: EHCI version 1.0
usbus2 on ehci1
isab0: <PCI-ISA bridge> at device 20.3 on pci0
isa0: <ISA bus> on isab0
sdhci_pci0: <Generic SD HCI> mem 0xfeb25600-0xfeb256ff at device 20.7 on pci0
sdhci_pci0: 1 slot(s) allocated
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
uart0: console (115200,n,8,1)
orm0: <ISA Option ROM> at iomem 0xef000-0xeffff on isa0
ppc0: cannot reserve I/O port range
uart1: <16550 or compatible> at port 0x2f8 irq 3 on isa0
hwpstate0: <Cool`n'Quiet 2.0> on cpu0
Timecounters tick every 1.000 msec
nvme cam probe device init
usbus0: 5.0Gbps Super Speed USB v3.0
usbus1: 480Mbps High Speed USB v2.0
usbus2: 480Mbps High Speed USB v2.0
ugen0.1: <0x1022> at usbus0
uhub0: <0x1022 XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0
ugen1.1: <AMD> at usbus1
uhub1: <AMD EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus1
ugen2.1: <AMD> at usbus2
uhub2: <AMD EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus2
ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0: <KingFast 20150818> ACS-2 ATA SATA 3.x device
ada0: Serial Number AA000000000000008176
ada0: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 512bytes)
ada0: Command Queueing enabled
ada0: 15272MB (31277232 512 byte sectors)
SMP: AP CPU #3 Launched!
SMP: AP CPU #2 Launched!
SMP: AP CPU #1 Launched!
Timecounter "TSC" frequency 998148623 Hz quality 1000
Trying to mount root from ufs:/dev/gpt/rootfs [rw,noatime]...
uhub0: 4 ports with 4 removable, self powered
uhub1: 2 ports with 2 removable, self powered
uhub2: 2 ports with 2 removable, self powered
ugen1.2: <vendor 0x0438> at usbus1
uhub3: <vendor 0x0438 product 0x7900, class 9/0, rev 2.00/0.18, addr 2> on usbus1
ugen2.2: <vendor 0x0438> at usbus2
uhub4: <vendor 0x0438 product 0x7900, class 9/0, rev 2.00/0.18, addr 2> on usbus2
uhub3: 4 ports with 4 removable, self powered
uhub4: 4 ports with 4 removable, self powered
ugen2.3: <Huawei Technologies Co., Ltd.> at usbus2
igb0: link state changed to UP
igb2: link state changed to UP
aesni0: <AES-CBC,AES-XTS,AES-GCM,AES-ICM> on motherboard
amdtemp0: <AMD CPU On-Die Thermal Sensors> on hostb5
igb0: link state changed to DOWN
igb2: link state changed to DOWN
igb0: link state changed to UP
igb2: link state changed to UP
pflog0: promiscuous mode enabled



I checked out the links, but no success with any suggetion they give.

Thanks for the answers, I'll checkout the links.

OPNsense version: 17.1.4
PFSense version: I didnt try it myself, but I read on the PFSense forums that it works with FreeBSD 10.3-RELEASE-p9, 2.3.2-RELEASE-p1

I couldnt achieve success with usb_modeswitch utility.