Messages

hmm, yes makes sense to try the other (not free) servers as there should be no packet loss. The servers NL#227 - NL#252 seems to be not that loaded in the NL..

@Chrome, I did the proton vpn setup like @koala outlined and it works fine since Proton made the WG configurations available. The only problem that I have (since switching from Proton OpenVPN to WG) is that the OPNsense system updates and bogon ip updates time out. When I stop WG, the updates go through smoothly.

quick update: when I switch off the wireguard vpn and disable the gateway switching, the firewall firmware can be updated again. Not sure what the problem really is..

Same here, but both opnsense-bootstrap and disable default gateway switching didn't help. I still have 100% packet loss for the updates...

I have a multiwan with 3 single WAN gateways and two gateway groups for the WANs. Used to work well beforehand but struggle since 22.7...

Pls advise

**GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 22.7.3_2 (amd64/OpenSSL) at Sun Sep  4 13:43:45 CEST 2022
Checking connectivity for host: pkg.opnsense.org -> 89.149.211.205
PING 89.149.211.205 (89.149.211.205): 1500 data bytes

--- 89.149.211.205 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv4): https://pkg.opnsense.org/FreeBSD:13:amd64/22.7
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: Operation timed out
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: Operation timed out
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz: Operation timed out
Unable to update repository OPNsense
Error updating repositories!
Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:4f00:a005:5::
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:13:amd64/22.7
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
***DONE***

+1! The upgrade went well on both Intel and AMD based Deciso DEC appliances. Thank you!

Yes wireguard-kmod is installed. It is a just cosmetics, but I go hide then wireguard-go in the dashboard! Thanks 🙏!

Hi, I have the Mulllvad wireguard clients with wg0 and wg1 properly working with 22.1. In the dashboard, the wireguard-go service shows as red as opposed to green (see attached). Is this a mistake or anything I need to worry about?

Hi, In the firewall service (under rules) in the UI there is under Firewall/Rules an interface called WireGuard(Group), see also attachment. Under Firewall/Groups, I have not created any interface group. Why is it there and how (if at all) can I remove this WireGuard(Group) entry?

alright, I followed this route here to get it back to normal..

https://forum.opnsense.org/index.php?topic=26066.0

Hi, I cannot start the elasticsearch service after the most recent update. I tried to uninstall and install sensei multiple times but didn't succeed to make it work... pls advise..



2022-01-01T17:10:41   root[52744]   /usr/local/etc/rc.d/elasticsearch: WARNING: failed precmd routine for elasticsearch   
2022-01-01T17:10:41   root[88508]   /usr/local/etc/rc.d/elasticsearch: WARNING: /usr/local/etc/elasticsearch/elasticsearch.yml is not readable.   
2022-01-01T17:09:45   kernel   /usr/local/sensei/output/active/temp: optimization changed from TIME to SPACE   
2022-01-01T17:09:36   root[1288]   /usr/local/etc/rc.d/elasticsearch: WARNING: failed precmd routine for elasticsearch   
2022-01-01T17:09:36   root[64005]   /usr/local/etc/rc.d/elasticsearch: WARNING: /usr/local/etc/elasticsearch/elasticsearch.yml is not readable.   
2022-01-01T17:07:36   kernel   /usr/local/sensei/output/active/temp: optimization changed from SPACE to TIME   
2022-01-01T17:05:51   kernel   /usr/local/sensei/output/active/temp: optimization changed from TIME to SPACE   
2022-01-01T17:04:10   kernel   /usr/local/sensei/output/active/temp: optimization changed from SPACE to TIME

thanks!

hmm, the only thing that I got to work is the following one:

have a shell script logging to the firewall with SSH in and execute in the CLI:

Code Select Expand

sudo pfctl -k 192.168.1.0/24

Seems to be the brute force method to kill all states for the LAN (in the above case 192.168.1.0/24). 

Perhaps someone in the forum knows more on the killStates API, and how to include Alias?

Got it thanks!

Hi, I try to kill states after enabling some filter rules to stop the (established) connections immediately. This is to turn-off the internet / TV for the kids immediately. I integrate this an on-off switch in HomeKit (via node-red)...

I use the below curl Post killStates command:

Code Select Expand

curl -k -u "$KEY":"$SECRET" -X POST "https://opnsenseIP/api/diagnostics/firewall/killStates" -d ""


Error message I get is as following:

Code Select Expand

{"result":"failed"}%     

The question is: How can I kill the states (via the API) for a specific destination or source ip/alias?

Hi, I couldn't find any 101 article or examples for setting up some simple standard setup of the firewall rules for opnsense. Beside the standard rules, I will need to allow all apple services (bonjour, airprint, homekit) and have some Siemens VOIP phones to connect to the outside world. Pls advise what basic rules need to be set up..