Messages

Ah my bad, I included the wrong screenshot. The settings are correct because I also received an email.
Thank you for your feedback.

[Script:]

OPNsense 25.1.5_5-amd64
os-apcupsd (installed) 1.2_3

I am using monit to restart apcupsd when the process fails (pasted_image.png)

I would also like to receive an email alert upon status changes. I came across the following post.
https://forum.opnsense.org/index.php?topic=23071.0

(pasted_image002.png, pasted_image003.png)

Script:

Code Select Expand

#!/bin/sh

STATUS=$(/usr/local/sbin/apcaccess -p STATUS)
OK='ONLINE'
if [ "$STATUS" != $OK ]; then
echo "$STATUS"
exit 1
else
exit 0
fi
Email alert message content:

Status failed Service UPSStatusCheck

   Date:        Mon, 21 Apr 2025 13:00:54
   Action:      alert
   Host:        CPUUsage
   Description: status failed (1) -- ONLINE

Your faithful employee,
Monit

When I enable the service check I get the email (see above) reporting a failed status. Does anyone have a suggestion what I am doing wrong here?

Thank you

I previously had NUT set up as service mode netclient. It connected to my NUT master server simply fine and the diagnostics page on OPSsense pulled the correct configuration settings.
Now I want to change my service mode to standalone. I had uninstalled NUT from my master server. I changed my NUT settings on the OPNsense end. This should be straightforward based on examples I've googled, such as this

https://schnerring.net/blog/configure-nut-for-opnsense-and-truenas-with-the-cyberpower-pr750ert2u-ups/

Unfortunately, no matter how hard I've tried, I can't get it to work. My setup is as follows (see attached).

Yet, OPNsense is not able to establish a connection to the UPS and it pulls some old configuration that points to my defunct NUT master server. Also, the the diagnostics page on OPSsense is blank, which makes sense since it's not working correctly. This is what I get on the terminal.

Broadcast Message from root@opnsense                               
        (no tty) at 10:25 PDT...                                               
                                                                               
UPS cyberpower@192.x.x.x:3493 is unavailable

I have uninstalled the plug-in, rebooted, disconnected the UPS, and deleted the NUT folder at /usr/local/etc/nut several times.
After the lates plug-in reinstall (again) the settings still point to my defunct NUT master server.

/usr/local/etc/nut $ less upsmon.conf
# Please don't modify this file as your changes might be overwritten with
# the next update.
#
MONITOR cyberpower 1 monuser PWD master
SHUTDOWNCMD "/usr/local/etc/rc.halt"
POWERDOWNFLAG /etc/killpower
MONITOR cyberpower@192.x.x.x:3493 1 nutslave slave slave
SHUTDOWNCMD "/usr/local/etc/rc.halt"
POWERDOWNFLAG /etc/killpower

Where are these settings coming from? Why are they not being overwritten after I made my configuration changes?

Thank you

OPNsense 23.7.12_5-amd64

I have several interfaces but only WLAN WAN is selected in vnstat for usage reporting. It's consistently off by hundreds of GBs. My ISP enforces a data cap of ~1200GB, last month vnstat reported ~1790GB usage. I did not exceed my ISP's data cap.
Any suggestions? Thank you

I am attempting to export my ntopng configuration settings.

Web Gui
Settings > Configurations > Manage Configurations > Configurations
> select: Entire ntopng configuration (includes users, preferences, and all configurations below)
> select 'Export'

Browser download manager error (independent of browser type/version):
couldn't download - network issue

I've also noticed that no backups of configuration settings are being generated under
Settings > Configurations > Manage Configurations > Nightly Backups

Thank you

@rkubes
Thanks for this.
I did some more research and found the following at https://forum.opnsense.org/index.php?topic=21898.msg103540#msg103540

Solution:

Code Select Expand

tunefs -t disable /

I ran this command a week ago and the CAM and TRIM errors disappeared.
The SSD in question is a Lexar NQ100 which was the least expensive SSD I could find on Amazon at the time.

OPNsense 23.7.7_1-amd64
FreeBSD 13.2-RELEASE-p3
OpenSSL 1.1.1w 11 Sep 2023

I've just recently deployed a new instance of opnsense. SYSTEM: LOG FILES: GENERAL log shows the following errors:

Code Select Expand

2023-10-27T11:15:55-07:00 Notice kernel (ada0:ahcich0:0:0:0): DSM TRIM. ACB: 06 01 00 00 00 40 00 00 00 00 01 00
2023-10-27T11:10:17-07:00 Notice kernel (ada0:ahcich0:0:0:0): DSM TRIM. ACB: 06 01 00 00 00 40 00 00 00 00 01 00
2023-10-27T10:06:04-07:00 Notice kernel (ada0:ahcich0:0:0:0): DSM TRIM. ACB: 06 01 00 00 00 40 00 00 00 00 01 00

2023-10-27T11:15:55-07:00 Notice kernel (ada0:ahcich0:0:0:0): CAM status: Command timeout
2023-10-27T11:10:17-07:00 Notice kernel (ada0:ahcich0:0:0:0): CAM status: Command timeout
2023-10-27T10:06:04-07:00 Notice kernel (ada0:ahcich0:0:0:0): CAM status: Command timeout
2023-10-27T09:37:45-07:00 Notice kernel (ada0:ahcich0:0:0:0): CAM status: Command timeout

There are more entries, but for brevity I've just included a sample.
Some searches indicate that this could relate to a hardware problem (SSD drive, SATA cable, or like) or a FreeBSD bug.
My SSD is brand new and SMART reports no errors. BIOS is set to AHCI vs. SATA.
Does anyone have some initial impressions before I explore any other potential hardware issues?

Thank you

Thanks for clarifying, Franco. 👍

I ran a security audit and got the following.

***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 23.1.9 at Mon Jun  5 19:21:32 PDT 2023
vulnxml file up-to-date
openssl-1.1.1t_2,1 is vulnerable:
  OpenSSL -- Possible DoS translating ASN.1 identifiers
  CVE: CVE-2023-2650
  WWW: https://vuxml.freebsd.org/freebsd/eb9a3c57-ff9e-11ed-a0d1-84a93843eb75.html

py39-setuptools-63.1.0 is vulnerable:
  py39-setuptools -- denial of service vulnerability
  CVE: CVE-2022-40897
  WWW: https://vuxml.freebsd.org/freebsd/1b38aec4-4149-4c7d-851c-3c4de3a1fbd0.html

2 problem(s) in 2 installed package(s) found.
***DONE***

I've seen posts dating back to 2021/2022 that talk about similar or possibly the same issue. Is there any concern?

Thank you

After upgrading to 23.1 my Wireguard service broke. I noticed that the WG interface (wg0) was down. After rebooting multiple times I tried

root:~ # service netif restart wg0
/etc/rc.d/netif: WARNING: wg0 does not exist.  Skipped.
Starting Network: wg0.
ifconfig: interface wg0 does not exist

Any idea what might be going on? Otherwise the upgrade went fine.

Thank you

Not sure about this but once you set the WAN back to dhcp, that probably enabled the firewall again.
You can check by running pfctl -e, it'll probably say it's already enabled. Again, not sure if that enables it but any change in rules does so that may also.

That would make sense as a best practice security measure. Also, after I switched back to DHCP I didn't power cycle the modem I only re-seated it back into port 2 and it picked up an IP immediately.

You didn't say what type of internet, if you have a cable modem you will have to power cycle it anytime you change the directly connected device.

It's a cable modem. Generally speaking I found this to be true, but not always, e.g. after I disconnected the modem from the switch I re-seated it back into my production OPNsense box and it picked up an IP without the need to power cycle.

I wonder if your dhcp lease expired before you plugged the laptop back in and that's why it worked now. If you get a public IP there shouldn't be anything blocking that in the firewall.
Obviously, if it isn't already, reenable pf and see what happens.

Possibly, I should have taken note of the IP. First I thought it was maybe related to a firewall rule as well, but I went over my WAN rules and they're identical to the rules of my production machine.
The next thing I'll try is to power cycle the modem and this time I will wait longer to see if it picks up an IP. Maybe I just didn't wait long enough.

Thanks!

Plug a pc into port 2 on the switch with a static address in the same subnet as the wan and see if you can ping it.

I was able to ping it.
Then I switched WAN back to DHCP, left the the firewall disabled, and plugged my modem in. It instantly picked up a public IP address from my ISP.

Are you sure you should get a public address?

The way I am currently set up in production is modem > NIC on desktop which is my WAN. WAN interface is set up with DHCP and it picks up a public address.

On the laptop WAN (vlan01) doesn't pick up any address 0.0.0.0/8 although it's configured for DHCP as well (see screenshots). I will do the testing as you suggested sometime tomorrow.

Thanks for all your help

Yes, set vlan ID1 as not a member of any ports in the switch.
Just like the pic I posted.

Ok, that's what I figured.

I am close but still no cigar.
WAN, vlan01 (switch port 2) doesn't pick up an IP address.
I've temporarily set LAN, vlan02 to DHCP and connected switch port 3 to my internal network. The laptop ethernet port is connected to TRUNK (switch port 1). I am able to access the OPNsense web GUI so I know that this bit is working, presumably LAN02, vlan03 as well.
Maybe I need to make some changes to the WAN interface configuration? I've attached a screenshot of my interface assignments and the WAN config page.
Almost there I hope  :)

[Don't use vlan1 on any ports.]

Don't use vlan1 on any ports.

Ok, I think I got it.
What do you mean by 'Don't user vlan1 on any ports'. Do you mean vlan ID 1?

Thanks much, Demusman