Messages

Upgrade steps taken:
1. Made backup of config before doing the upgrade.
2. Use Dashboard upgrade path from the last version of 23.7 to 24.1
3. After completion, logged back into web interface and the Dashboard loaded but with no widgets and just the side menu. None of the menu options in the side menu work when clicking on any menu heading.
4. Completed the upgrade to 24.1.10 via the console
5. After completion, logged back into web interface and Dashboard still loads the same as in step 3 above. The same happens on different PC's and with 3 different browsers: Chrome, Firefox & Brave
6. When opening Developer Tools to check for any errors, the following jquery errors appears and keeps on repeating itself:


Uncaught TypeError: Cannot read properties of undefined (reading 'split')
    at Object.<anonymous> (index.php:2429:73)
    at Function.each (jquery-3.5.1.min.js:2:2976)
    at index.php:2402:23
    at Object.complete (opnsense.js?v=172af3050155f626:298:21)
    at c (jquery-3.5.1.min.js:2:28294)
    at Object.fireWith (jquery-3.5.1.min.js:2:29039)
    at l (jquery-3.5.1.min.js:2:79928)
    at XMLHttpRequest.<anonymous> (jquery-3.5.1.min.js:2:82254)
(anonymous) @ index.php:2429
each @ jquery-3.5.1.min.js:2
(anonymous) @ index.php:2402
complete @ opnsense.js?v=172af3050155f626:298
c @ jquery-3.5.1.min.js:2
fireWith @ jquery-3.5.1.min.js:2
l @ jquery-3.5.1.min.js:2
(anonymous) @ jquery-3.5.1.min.js:2
load (async)
send @ jquery-3.5.1.min.js:2
ajax @ jquery-3.5.1.min.js:2
ajaxGet @ opnsense.js?v=172af3050155f626:290
fetch_services @ index.php:2394
setTimeout (async)
fetch_services @ index.php:2447

[/usr/local/etc/rc.dyndns: Dynamic DNS (xxxxx) There was an error trying to determine the public IP for interface - xxx(yyy). Probably interface is not a WAN interface]

OPNsense: 21.1.9_1-amd64

Current setup before changes:
2x Wan Ports
1x Lan Port
2x VLANS
Rasberry Pi with Pihole, Freeradius & OpenLDAP
Wifi AP's validated Wifi connections against Freeradius & OpenLDAP
At this point Dynamic DNS were updating the WAN addresses

I have made the following changes on Saturday:
Added 2 more VLANS
Created a Group (LAN Group) with the LAN & VLANS and moved all the LAN rules to the LAN group
Moved all the wired LAN connections to a VLAN (VLAN ID2)
Moved all the Wifi connections to another VLAN (VLAN ID3)
Moved all Multi media connections (TV,etc) to another VLAN (VLAN ID4)
Moved IOT connections to another VLAN (VLAN ID5)

My PC is now sitting in VLAN ID2. Initially when I changed my PC to the VLAN, I did not have access to the OPNsense WEB GUI. Saturday evening, I have incorrectly (in hind sight) changed the LAN subnet from 24 to 16 trying to have access the firewall web GUI.

After the subnet change, I ran into Name Resolution errors and then did a configuration restore from an earlier saved config. This resolved the name resolution partially. It was only after a restart of the firewall that name resolution was working properly again. A rule to allow my PC access to the firewall resolved the access problem.

On Sunday, I have picked up that Dynamic DNS, using DuckDNS, is not updating, both WAN addresses remain RED and when I try to access Dynamic DNS in Services, it is taking for ages to open the page. After a reboot of the firewall, Dynamic DNS do update the WAN addresses, both showing GREEN, but after the next update of the addresses both turn RED. The System General Log file shows the following error for both WAN interfaces "/usr/local/etc/rc.dyndns: Dynamic DNS (xxxxx) There was an error trying to determine the public IP for interface - xxx(yyy). Probably interface is not a WAN interface"

I went to interfaces and saved and apply every interface again, but this did not helped.

Any assistance on how to resolve this will be highly appreciated

Thanks Bart

My house is built in a square, total 400m² floor space with 320m² under roof with an open court yard in the middle of the house. The switches are positioned near each of the 4 corners of the house with an AP attached to it. I've used a WiFi Mapper to position the AP's to get maximum coverage and signal strength.

I've installed the AP's and switches at the beginning of last year and don't plan to replace all of the switches and AP's now with Unify.  I've done the costing then and the cost of going the Unify route was to high.

I've had too much hassles with TP-link devices, after sale service and support in the past and prefer D-Link & Netgear devices above TP-Link. It is a personal preference based on bad experiences in the past, both on personal and on corporate levels.

With reference to MAC based VLAN issues, I'm using MAC filtering on OPNsense to allow devices on to my network and decline unknown MAC addresses. (I'm working from home since the beginning of last and store sensitive client information on my server). My office is running (wired only) via one of the switches which I'm planning to isolate with a port VLAN.  However an AP is also connected to this switch, therefor my thought of using MAC VLAN, but I'll test and play around with the various VLAN type options to get the best setup for my network and security requirements.

Bart, will the Netgear GS308T smart switch with Mac VLAN work with OPNsense? See https://www.netgear.com/business/wired/switches/smart/gs308t/ for the specs of the switch.

Thanks Bart

With 'dynamic', I'm referring to MAC based VLAN, but also software VLAN configuration, and not static port VLAN configuration.

[Questions and Issues:]

I'm trying to setup a dynamic VLAN on OPNsense

Network layout:
=>2x Routers with Failover (1xFibre as primary, 1xLTE as Failover) wired to OPNsense
=>OPNsense wired to an unmanaged (dumb) switch (Say Switch 1)
=>Switch 1 fork to 3 unmanaged switches (Say switches 2,3 &4)
=> Switches 2,3 & 4 have each a WiFi Access Point connected and some IOT devices, some wired and some are WiFi

My target is to isolate the IOT devices from the rest of my network.

I have added a VLAN interface link to the LAN interface called VLAN20
NAT Outbound rules created on each WAN interface for VLAN20
NAT Port Forward rule created on the VLAN interface to redirect to proxy (port 3128)
Firewall rules created on VLAN interface:
1. Pass All TCP/UDP to destination VLAN20 Address port 53
2. Block TCP/UDP on VLAN20 net to All Destination port 53
3. Pass TCP traffic on VLAN20 net to 127.0.0.1 port 3128
(I will later add more rules to isolate the VLAN, etc)

Services | DHCPv4 | VLAN20 | DHCP Enabled

LAN IP 192.168.10.0/24, VLAN20 IP 192.168.20.0/24

Questions and Issues:
1. To test, I have added two static IP addresses to VLAN20 and connected 2 devices. Both are setup to obtain IP address, but do not get their IP address from VLAN20, and after a while both revert to the alternate private IP address. Do I miss a setting or a rule?
2. Will OPNsense Dynamic VLAN work on a network with unmanaged switches?

I don't want to go the hardwired VLAN route, the IOT devices that I want to isolate from the the rest of the network are scattered through out my property, which means more cabling, switches and AP's.

Thanks, resolved

Yes, I have changed some rules and added new rules.

How can I determine which rule is linked to alias "662256"?

[System: Log Files: General]

Opnsense Version 21.1.6-amd64

On the 1st of June the following message started to appear in System: Log Files: General

"/usr/local/etc/rc.filter_configure: There were error(s) loading the rules: /tmp/rules.debug:85: syntax error - The line in question reads [85]: 662256 = "<662256>" and on the immediate line before this the following message is listed with the same process id
"/usr/local/etc/rc.filter_configure: ROUTING: keeping current default gateway '192.168.1.1'"

Does anybody have an idea what this error means and how to resolve this?

Thank you

Darkopnsense, thanks for pointing me in a new direction.

VoLTE on the router was ON, change to OFF and VOIP Fail-Over to WAN2 is successful

We have daily power blackouts for 2&half hours in South Africa.
When the blackout happens our primary ISP is also going down after about 2 hours into the blackout.
Fail over works as intended for all services from WAN1 to WAN2 except for VOIP.
WAN2 is a pay as use LTE service

It seems that the Firewall is blocking VOIP services on WAN2. Nothing is shown in the Live View that the source IP address or SIP port is blocked. The Live View does show the following Allow Rule on WAN2
xxx.xxx.140.140:5060   udp   let out anything from firewall host itself (force gw)

Firewall/Settings/Advanced/Sticky Connections is off
Firewall/Settings/Advanced/Shared Forwarding is on
Firewall/Settings/Advanced/Bind States to interface is on
Firewall/Settings/Advanced/Dynamic States Reset is on

WAN1 is set as Tier 1 and WAN2 as Tier 2 on Member Down

Any advice how to get VOIP to switch over from WAN1 to WAN2 automatically when WAN1 is going will be highly appreciated.

This issue resolved itself either with the upgrade to version 20 or with the re-run of the General Setup Wizard or the combination of both.

These are with the WAN cable disconnected

These screenshots are with WAN down and WAN cable connected

WAN1 is down for just over 13 hours now and when I connect the WAN1 cable, no web or email, when I disconnect the WAN1 cable, web & email is available. I have done a cold restart of the box about 8 hours ago with no effect.

Have connected the WAN1 cable and left for 35min without any effect, after disconnecting the cable, web and email are connecting again