"
Poor speed or disconnects, usually MTU is wrong, set too high at either side of the tunnel
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
Zenarmor (Sensei) / Re: [SOLVED] 24.7.8 update failing
November 10, 2024, 10:45:15 AM
Was able to solve it,
System > Firmware > Packages
Reinstall os-sensei fixes the package
Was then able to update to update to 24.7.8
System > Firmware > Packages
Reinstall os-sensei fixes the package
Was then able to update to update to 24.7.8
#3
Zenarmor (Sensei) / [SOLVED] 24.7.8 update failing
November 09, 2024, 04:54:13 PM
Keep getting this issue when trying to update to 24.7.8
Currently running OPNsense 24.7.7
Tried all mirrors, anyone able to advise why it wont update?
Tried pkg clean -a and pkg update -f
Error here:
85 MiB to be downloaded.
[1/14] Fetching os-sensei-1.18.2.pkg: .......... done
pkg-static: cached package os-sensei-1.18.2: missing or size mismatch, fetching from remote
[2/14] Fetching os-sensei-1.18.2.pkg: ......... done
pkg-static: cached package os-sensei-1.18.2: missing or size mismatch, cannot continue
Consider running 'pkg update -f'
Currently running OPNsense 24.7.7
Tried all mirrors, anyone able to advise why it wont update?
Tried pkg clean -a and pkg update -f
Error here:
85 MiB to be downloaded.
[1/14] Fetching os-sensei-1.18.2.pkg: .......... done
pkg-static: cached package os-sensei-1.18.2: missing or size mismatch, fetching from remote
[2/14] Fetching os-sensei-1.18.2.pkg: ......... done
pkg-static: cached package os-sensei-1.18.2: missing or size mismatch, cannot continue
Consider running 'pkg update -f'
#4
General Discussion / Re: OPNSense in DMZ
December 02, 2023, 04:04:28 PM
Did you get anywhere with this?
I just been suppplied a ZTE MC888 and cannot get bridge mode to work at all.
It keeps assigning 192.168.0.x to the opnsense wan port even though DHCP and wifi are disabled on the ZTE
Tried eveything I know, had a similar issue with a differenytt router in bridge mode before and a factory reset sorted it out, but tried that with the ZTE several times, sam eissue and not getting anywhere
thanks
I just been suppplied a ZTE MC888 and cannot get bridge mode to work at all.
It keeps assigning 192.168.0.x to the opnsense wan port even though DHCP and wifi are disabled on the ZTE
Tried eveything I know, had a similar issue with a differenytt router in bridge mode before and a factory reset sorted it out, but tried that with the ZTE several times, sam eissue and not getting anywhere
thanks
#5
22.7 Legacy Series / nginx domain subfolder path configuration
November 22, 2022, 09:31:19 PM
Hi, if someone could help please, I have read the tutorial and successfully setup nginx with letsencrypt and the domain fqdn and base upstream server works perfectly on https://mydomain.com
I am trying to configure a second location which points to a second internal web service with a subfolder of the primary domain
https://mydomain.com/filemanger to point to another upstream server on https://192.168.1.5/
I have configured the second upstream location with (see screenshot)
URL pattern /filemanager/
path prefix /
so that when get https://mydomain.com/filemanager/ it directs to https://192.168.1.5/
It seems to start to load the page but then gets a 500 gateway timeout
Is this the correct way to configure for subfolders?
Thank you
I am trying to configure a second location which points to a second internal web service with a subfolder of the primary domain
https://mydomain.com/filemanger to point to another upstream server on https://192.168.1.5/
I have configured the second upstream location with (see screenshot)
URL pattern /filemanager/
path prefix /
so that when get https://mydomain.com/filemanager/ it directs to https://192.168.1.5/
It seems to start to load the page but then gets a 500 gateway timeout
Is this the correct way to configure for subfolders?
Thank you
#6
Hardware and Performance / Re: Possible hardware issue any suggestions?
August 08, 2022, 02:26:07 PM
Looking at the error message "vm_fault pager read error"
It is likely either an issue reading the hard disk or a kernel fault, i would start by eliminating any disk and config issue
Make sure you have a backup of your config
Did you install this with zfs_enable=YES ?
if so then test it with zfs_enable="NO" by editing /etc/rc.conf and reboot
Hope this helps
It is likely either an issue reading the hard disk or a kernel fault, i would start by eliminating any disk and config issue
Make sure you have a backup of your config
Did you install this with zfs_enable=YES ?
if so then test it with zfs_enable="NO" by editing /etc/rc.conf and reboot
Hope this helps
#7
22.1 Legacy Series / Re: Upgrade 22.1 to 22.1.10_4 breaks no internet and no web gui - Resolved
August 06, 2022, 09:34:20 PM
Flip me, one issue after another, but I've got there
After successfully getting to 22.7 with a working webgui and some internet access,
I started looking through the logs.
The next issue was half the websites were saying untrusted including https://forum.opensense.org of all sites
I figured this out that the firewall rules were not loading correctly due to an issue with some firewall aliases.
An article I read said there were alias issues with 22.1.8, so I assumed these issues were not patched and have been carried over to 22.1.10_4 and 22.7 ?
Anyway I disabled the aliases and rules mentioned in the error log, and hey presto the firewall rules then successfully loaded and all internet sites were accessible.
Then onto the next issue with a device with failing nat ports, again I figured this was alias related, as it was working perfectly fine in 22.1, so I changed the nat rules for the client with issue from using it's alias to using its ip address, and again Eureka! this is now working again!
Hope this helps some people out who may have been facing similar issues
After successfully getting to 22.7 with a working webgui and some internet access,
I started looking through the logs.
The next issue was half the websites were saying untrusted including https://forum.opensense.org of all sites
I figured this out that the firewall rules were not loading correctly due to an issue with some firewall aliases.
An article I read said there were alias issues with 22.1.8, so I assumed these issues were not patched and have been carried over to 22.1.10_4 and 22.7 ?
Anyway I disabled the aliases and rules mentioned in the error log, and hey presto the firewall rules then successfully loaded and all internet sites were accessible.
Then onto the next issue with a device with failing nat ports, again I figured this was alias related, as it was working perfectly fine in 22.1, so I changed the nat rules for the client with issue from using it's alias to using its ip address, and again Eureka! this is now working again!
Hope this helps some people out who may have been facing similar issues
#8
22.7 Legacy Series / Re: no internet from lan
August 06, 2022, 03:16:51 PM
Im trying to read between the lines here.
Two things I will suggest.
1. First you must be certain opnsense has connectivity, in opnsense console can it ping say 8.8.4.4
This proves the upstream is working and opnsense gateway can reach the internet. If no connection untick the allow dns override by dhcp and configure dns here as 8.8.4.4 to test again
Once this works goto step 2.
2.do ipconfig/all on the client
Confirm its gateway address is the ip of the lan interface.
Report back what dns resolvers are configured.
Run a tracert 8.8.4.4 and see how far it gets most likely not getting past the gateway
Two things I will suggest.
1. First you must be certain opnsense has connectivity, in opnsense console can it ping say 8.8.4.4
This proves the upstream is working and opnsense gateway can reach the internet. If no connection untick the allow dns override by dhcp and configure dns here as 8.8.4.4 to test again
Once this works goto step 2.
2.do ipconfig/all on the client
Confirm its gateway address is the ip of the lan interface.
Report back what dns resolvers are configured.
Run a tracert 8.8.4.4 and see how far it gets most likely not getting past the gateway
#9
22.1 Legacy Series / Re: Sudden reboot of system when using MS Teams
August 06, 2022, 02:52:06 PM
It certainly sounds like high temp system protection cutoff kicking in, if kernel is cutting power to save frying the cpu
92c does sound high, that chips normal operating range is between 50-70c, 50c when idle passively cooled.
Teams video uses high network bandwidth, so there maybe expected additional cpu load when there is increased traffic throughput, hence varying time for symptom to manifest. Its just a question of how long before temp rises before cutoff kicks in, ive seen this lots of times for various reasons.
1.Make sure plenty of space and airflow around unit
2.Check the cpu and heatsink
3.Check latest bios
4. Perhaps upgrade to 22.7 as there seems to have been a few issues with 22.1 to 22.1.10 with network hardware offloading changes
5.Try disable any on chip gpu and run headless may assist with temp
6. Disable in bios anything that is not absolutly nessesary such as audio, unused usb ports etc, i have seen sone posts where chipset feature were causing kernel issues
Hope these suggestions help you figure it out :-)
92c does sound high, that chips normal operating range is between 50-70c, 50c when idle passively cooled.
Teams video uses high network bandwidth, so there maybe expected additional cpu load when there is increased traffic throughput, hence varying time for symptom to manifest. Its just a question of how long before temp rises before cutoff kicks in, ive seen this lots of times for various reasons.
1.Make sure plenty of space and airflow around unit
2.Check the cpu and heatsink
3.Check latest bios
4. Perhaps upgrade to 22.7 as there seems to have been a few issues with 22.1 to 22.1.10 with network hardware offloading changes
5.Try disable any on chip gpu and run headless may assist with temp
6. Disable in bios anything that is not absolutly nessesary such as audio, unused usb ports etc, i have seen sone posts where chipset feature were causing kernel issues
Hope these suggestions help you figure it out :-)
#10
22.1 Legacy Series / Re: New OpnSense 22.1 install fails to boot from hard drive
August 06, 2022, 02:19:28 PM
What bios version on the acer?
First I would go into bios and switch boot mode from uefi to legacy and see if opnsense boots
Then its likely a partition issue that first partition is mbr/bios instead of gpt/uefi
I would also check for bios updates, and check the acer
forums
Hope you resolve it
First I would go into bios and switch boot mode from uefi to legacy and see if opnsense boots
Then its likely a partition issue that first partition is mbr/bios instead of gpt/uefi
I would also check for bios updates, and check the acer
forums
Hope you resolve it
#11
22.1 Legacy Series / Re: Upgrade 22.1 to 22.1.10_4 breaks no internet and no web gui
August 06, 2022, 01:59:02 PM
UPDATE - progress
After reading some of the forum articles again some of the symptoms reported pointed to issues upgrading from 22.1 to various itterations of problems from 22.1.3 thru to 22.1.10_4
The clues suggested issue with interface hardware offloading.
Ref https://github.com/opnsense/core/issues/5521
To resolve this upgrade issue, i have tested the following steps.
1. Enabled hardware offloading on interface for CRC, TSO, LRO
2. Rebooted, and checked status, the reason this was disabled before was due to throughput issues
3. Upgraded to 22.1.10
4. Tested and checked Wan access, and Lan Gui now accessible post upgrade
5. Upgraded to 22.7
6. Tested wan and Lan Gui still accessible
7. I have left the hardware offload settings unchecked, throughput seems fine
Clients are now able to access Gui and internet
I will log a seperate query for the next symptom, as now it seems some ios (safari) and android (chrome) browsers are saying no internet but are working fine, and also looks like there may now be some issues with some root CA certificates, as some websites now reporting not trusted
Will look at this when i get some spare time
After reading some of the forum articles again some of the symptoms reported pointed to issues upgrading from 22.1 to various itterations of problems from 22.1.3 thru to 22.1.10_4
The clues suggested issue with interface hardware offloading.
Ref https://github.com/opnsense/core/issues/5521
To resolve this upgrade issue, i have tested the following steps.
1. Enabled hardware offloading on interface for CRC, TSO, LRO
2. Rebooted, and checked status, the reason this was disabled before was due to throughput issues
3. Upgraded to 22.1.10
4. Tested and checked Wan access, and Lan Gui now accessible post upgrade
5. Upgraded to 22.7
6. Tested wan and Lan Gui still accessible
7. I have left the hardware offload settings unchecked, throughput seems fine
Clients are now able to access Gui and internet
I will log a seperate query for the next symptom, as now it seems some ios (safari) and android (chrome) browsers are saying no internet but are working fine, and also looks like there may now be some issues with some root CA certificates, as some websites now reporting not trusted
Will look at this when i get some spare time
#12
22.1 Legacy Series / Upgrade 22.1 to 22.1.10_4 breaks no internet and no web gui - Resolved
August 04, 2022, 09:42:48 PM
Hi,
I am stuck, I have to do an interim upgrade to 22.1.10_4 before it will allow upgrade to 22.7
I have a QEMU/KVM using virtio interface adapter with no vlans, there are no parent interfaces to add as I am not using vlans (per the solutions I have read).
I have also checked Hardware CRC, TSO, LRO is disabled, and VLAN hardware filtering is set to default as per forum articles I have read.
I have reverted to previous version on failure to reattempt. On one such attempt it successfully upgraded to 22.1.10_4 and I was able to logon to the web-gui, and internet worked for a few minutes then it stopped working.
Any help appreciated on which log files I need to check or how to determine what is happening?
I am stuck, I have to do an interim upgrade to 22.1.10_4 before it will allow upgrade to 22.7
I have a QEMU/KVM using virtio interface adapter with no vlans, there are no parent interfaces to add as I am not using vlans (per the solutions I have read).
I have also checked Hardware CRC, TSO, LRO is disabled, and VLAN hardware filtering is set to default as per forum articles I have read.
I have reverted to previous version on failure to reattempt. On one such attempt it successfully upgraded to 22.1.10_4 and I was able to logon to the web-gui, and internet worked for a few minutes then it stopped working.
Any help appreciated on which log files I need to check or how to determine what is happening?
#13
22.1 Legacy Series / Re: Wireguard Speed Issue
March 31, 2022, 03:17:11 PM
I recall I had similar symptom when I first setup
I recall reading about MTU for Wireguard peer, just checked my config and recall I found 1384 was optimal which resolved issues I was having
https://www.reddit.com/r/WireGuard/comments/plm8y7/finding_the_optimal_mtu_for_wg_server_and_wg_peer/
https://gist.github.com/nitred/f16850ca48c48c79bf422e90ee5b9d95
I recall reading about MTU for Wireguard peer, just checked my config and recall I found 1384 was optimal which resolved issues I was having
https://www.reddit.com/r/WireGuard/comments/plm8y7/finding_the_optimal_mtu_for_wg_server_and_wg_peer/
https://gist.github.com/nitred/f16850ca48c48c79bf422e90ee5b9d95
#14
22.1 Legacy Series / Re: DNScryptProxy not working? (Logs in GUI not working)
February 19, 2022, 02:26:04 PMQuote from: karlson2k on January 30, 2022, 09:08:16 AM
"Disabled Servers List" works only if it has a single item only.
The fix: https://github.com/opnsense/plugins/pull/2788
Many thanks, i was facing same question, now can see logs :-)
#15
Tutorials and FAQs / Re: Dynamic DNS when my WAN address is private and thus does not change
February 19, 2022, 01:56:07 PM
If you have recently updated Opnsense to 22.1 it advise that the dyndns plugin will be deprecated in the next release and in favour to install ddclient on opnsense
What you have not mentioned is how your opnsense WAN interface is setup with your ISP router, bridge mode or have you put the opnsense WAN interface into the DMZ of the ISP router?
Given the error message it sounds like bridge mode in which case the WAN interface of Opnsense can only talk to the ISP router and therefore does not know the external IP address and Dynamic DNS would have to be configured on the ISP router.
If the WAN interface of Opnsense has been exposed to the Internet by putting into the DMZ then it will know the external public IP address and you can use ddclient or DynDns on Opnsense and configure to make Dynamic updates of the public IP address to your chosen Dynamic IP provider DynDNs or whomever
What you have not mentioned is how your opnsense WAN interface is setup with your ISP router, bridge mode or have you put the opnsense WAN interface into the DMZ of the ISP router?
Given the error message it sounds like bridge mode in which case the WAN interface of Opnsense can only talk to the ISP router and therefore does not know the external IP address and Dynamic DNS would have to be configured on the ISP router.
If the WAN interface of Opnsense has been exposed to the Internet by putting into the DMZ then it will know the external public IP address and you can use ddclient or DynDns on Opnsense and configure to make Dynamic updates of the public IP address to your chosen Dynamic IP provider DynDNs or whomever
