Messages

1

24.1 Legacy Series / Re: IPv6 Prefix Alias

« on: September 05, 2024, 02:42:44 pm »

The existing/auto-generated aliases that start with double underline (

Code: [Select]

__an_interface_name) look like they could do what I need, but I haven't found a way to use them.

I tried this and it seems to work perfectly.

I created an ngroup_local_network network alias and added __lan_network and __optX_network as appropriate to it.


I then created a rule using destination invert to allow access.

This seems to be working exactly as I want it to

2

21.1 Legacy Series / Re: Moving config

« on: March 24, 2021, 04:31:03 pm »

Hi!

I haven't done that, but you could open config.xml with a text editor and add/change

Code: [Select]

<primaryconsole>video</primaryconsole>
...
<secondaryconsole>serial</secondaryconsole>
that's the original line from a config.xml with  primary video console...

Other option: try as long as you find the correct interface with your LAN settings and get an IP,  log into the box via ssh...

Changing to video worked !

Thank you.

3

21.1 Legacy Series / Moving config

« on: March 24, 2021, 02:26:03 pm »

I have recently had an upgrade to a gigabit network connection ( lucky me !) that is making my PC Engines APU2 creak at the seams.

Before I decide on new hardware I wanted to press an old quad-core server into service.

This should, I thought, be easy. Four hours later I've given up to have a lie down.

The APU2 has, only, as serial console. The PC doesn't have a serial console but does have VGA.

So when I restore the config at next boot everything goes wrong and I can't get it up to a menu again.
As I can't get to the menu I can't assign the interfaces.
As I can't assign the interfaces I can't get into the gui....

Does anyone know the correct procedure to restore a backup and change the console type at the same time?
Can I edit the backup file in some way?
Should I just start the config from scratch?

Thanks in advance

4

20.7 Legacy Series / Re: One issue after the next

« on: November 20, 2020, 01:38:59 pm »

A quick note to confirm the point about aliases.

If I use an alias for static port mapping rules, it just doesn't work.

If I change them to use hard coded IP addresses suddenly it is working correctly.

I will open a bug report if I can make a simple repeatable test.

5

General Discussion / Re: pkg.opnsense.org down

« on: July 08, 2019, 02:37:56 pm »

Thanks, it is all working again for me.

6

General Discussion / pkg.opnsense.org down

« on: July 07, 2019, 11:52:38 am »

Hi,
 I can't seem to connect to pkg.opnsense.org from anywhere, discovered trying to do a firmware check.

Code: [Select]

root@opnsense:~ # sh -x /usr/local/opnsense/scripts/firmware/changelog.sh fetch
+ set -e
+ DESTDIR=/usr/local/opnsense/changelog
+ WORKDIR=/tmp/changelog
+ FETCH='fetch -qT 5'
+ COMMAND=fetch
+ VERSION=''
+ [ fetch '=' fetch ]
+ changelog_fetch
+ opnsense-version -a
+ CORE_ABI=19.1
+ opnsense-verify -a
+ SYS_ABI=FreeBSD:11:amd64
+ URL=https://pkg.opnsense.org/FreeBSD:11:amd64/19.1/sets/changelog.txz
+ rm -rf /tmp/changelog
+ mkdir -p /tmp/changelog
+ fetch -qT 5 -o /tmp/changelog/changelog.txz.sig https://pkg.opnsense.org/FreeBSD:11:amd64/19.1/sets/changelog.txz.sig
fetch: https://pkg.opnsense.org/FreeBSD:11:amd64/19.1/sets/changelog.txz.sig: Network is unreachable

I thought this might have been a local issue but have checked from a VPS I have as well.

Code: [Select]

[root@vps:~] # nmap -sT pkg.opnsense.org

Starting Nmap 6.40 ( http://nmap.org ) at 2019-07-07 09:50 UTC
Nmap scan report for pkg.opnsense.org (212.32.245.132)
Host is up (0.028s latency).
Not shown: 996 filtered ports
PORT    STATE  SERVICE
22/tcp  open   ssh
80/tcp  closed http
443/tcp closed https
873/tcp open   rsync

Nmap done: 1 IP address (1 host up) scanned in 4.70 seconds

So host appears up but http and https are blocking.

Does anyone have any insight?

Thanks

7

General Discussion / Migrating from pfsense - problem

« on: February 14, 2018, 01:03:34 pm »

Up front I think I've done something stupid, so am really wanting to clarify that.

Having recently decided to make the switch to opnsense due to the 'dramas' I wanted a quick way to achieve this.

I run a PCEngines APU2 4gb, although doubt that will make any difference.

For some reason I had got it into my head I could just import a pfsense config to opnsense, and as it mainly worked off I went.

I probably wouldn't have done this were is not for my OpenVPN setups as I didn't want to have to reconfigure all my (and others) client devices.

That and I have quite a few firewall aliases defined that would be a pain to setup again.

I am now suffering from random UI lockups, firewalls behaving strangely and other issues.

I am assuming, and some quick forum reading supports this,  I should never have imported a full config.

Can someone confirm that I've gone down the wrong track?

My plan to rectify is to save current opnsense config, start again and make a basic NAT config, then import OpenVPN/letsencrypt/firewall aliases only from the backup. Then I'll setup firewall/NAT rules from scratch.

Does that sound reasonable, or do I have to go scorched earth?

Thanks in advance

Thanks

8

General Discussion / Re: [Feature request] radvd multiple subnets

« on: February 14, 2018, 12:55:46 pm »

I get a /48 from HE.net, and pass the first /64 through to the LAN, I do use some of the others for VPN, Lab network.

I then have a /64 from the fc00::/7 block for internal use.

To be honest if opnsense can't support this, I realise not a normal use case, I'm not going to loose too much sleep as I'm just advertising the fc00::/7 block from my raspberry pi at the moment and that is working fine.

9

General Discussion / [Feature request] radvd multiple subnets

« on: February 04, 2018, 06:56:11 pm »

I've recently made the switch from pfsense for 'reasons'.

This has in the main been a smooth process, running on a PCEngines APU2.

One small thing I'm missing is the ability to have multiple subnets advertised by radvd, but it is minor as I've just got my raspberry pi to advertise the second one.

Reason I do this is I have a HE.net for internet access, but as this could change, and hopefully will when Virgin media finally enable ipv6, I also use a block in fc00::/7 for local permanent addresses.

It would be nice if opnsense supported this as pfsense did.

Other than that I'm enjoying the interface a lot more and appreciate the ability to run libressl.

Apologies if this is the wrong area to post this.