Messages

1

Zenarmor (Sensei) / Re: [SOLVED] 24.7.8 update failing

« on: November 10, 2024, 10:45:15 am »

Was able to solve it,

System > Firmware > Packages
Reinstall fixes os-sensei package

Was then able to update to update to 24.7.8

2

Zenarmor (Sensei) / [SOLVED] 24.7.8 update failing

« on: November 09, 2024, 04:54:13 pm »

Keep getting this issue when trying to update to 24.7.8
Currently running OPNsense 24.7.7

Tried all mirrors, anyone able to advise why it wont update?
Tried pkg clean -a and pkg update -f

Error here:
85 MiB to be downloaded.
[1/14] Fetching os-sensei-1.18.2.pkg: .......... done
pkg-static: cached package os-sensei-1.18.2: missing or size mismatch, fetching from remote
[2/14] Fetching os-sensei-1.18.2.pkg: ......... done
pkg-static: cached package os-sensei-1.18.2: missing or size mismatch, cannot continue
Consider running 'pkg update -f'

3

General Discussion / Re: OPNSense in DMZ

« on: December 02, 2023, 04:04:28 pm »

Did you get anywhere with this?
I just been suppplied a ZTE MC888 and cannot get bridge mode to work at all.
It keeps assigning 192.168.0.x to the opnsense wan port even though DHCP and wifi are disabled on the ZTE

Tried eveything I know, had a similar issue with a differenytt router in bridge mode before and a factory reset sorted it out, but tried that with the ZTE several times, sam eissue and not getting anywhere

thanks

4

22.7 Legacy Series / nginx domain subfolder path configuration

« on: November 22, 2022, 09:31:19 pm »

Hi, if someone could help please, I have read the tutorial and successfully setup nginx with letsencrypt and the domain fqdn and base upstream server works perfectly on https://mydomain.com

I am trying to configure a second location which points to a second internal web service with a subfolder of the primary domain
https://mydomain.com/filemanger to point to another upstream server on https://192.168.1.5/

I have configured the second upstream location with (see screenshot)
URL pattern /filemanager/
path prefix /

so that when get https://mydomain.com/filemanager/ it directs to https://192.168.1.5/
It seems to start to load the page but then gets a 500 gateway timeout

Is this the correct way to configure for subfolders?
Thank you

5

Hardware and Performance / Re: Possible hardware issue any suggestions?

« on: August 08, 2022, 02:26:07 pm »

Looking at the error message "vm_fault pager read error"
It is likely either an issue reading the hard disk or a kernel fault, i would start by eliminating any disk and config issue

Make sure you have a backup of your config

Did you install this with zfs_enable=YES ?
if so then test it with zfs_enable="NO" by editing /etc/rc.conf and reboot

Hope this helps

6

22.1 Legacy Series / Re: Upgrade 22.1 to 22.1.10_4 breaks no internet and no web gui - Resolved

« on: August 06, 2022, 09:34:20 pm »

Flip me, one issue after another, but I've got there
After successfully getting to 22.7 with a working webgui and some internet access,
I started looking through the logs.

The next issue was half the websites were saying untrusted including https://forum.opensense.org of all sites
I figured this out that the firewall rules were not loading correctly due to an issue with some firewall aliases.
An article I read said there were alias issues with 22.1.8, so I assumed these issues were not patched and have been carried over to 22.1.10_4 and 22.7 ?
Anyway I disabled the aliases and rules mentioned in the error log, and hey presto the firewall rules then successfully loaded and all internet sites were accessible.

Then onto the next issue with a device with failing nat ports, again I figured this was alias related,  as it was working perfectly fine in 22.1, so I changed the nat rules for the client with issue from using it's alias to using its ip address, and again Eureka! this is now working again!

Hope this helps some people out who may have been facing similar issues
 

7

22.7 Legacy Series / Re: no internet from lan

« on: August 06, 2022, 03:16:51 pm »

Im trying to read between the lines here.
Two things I will suggest.
1. First you must be certain opnsense has connectivity, in opnsense console can it ping say 8.8.4.4
This proves the upstream is working and opnsense gateway can reach the internet. If no connection untick the allow dns override by dhcp and configure dns here as 8.8.4.4 to test again

Once this works goto step 2.

2.do ipconfig/all on the client
Confirm its gateway address is the ip of the lan interface.
Report back what dns resolvers are configured.
Run a tracert 8.8.4.4 and see how far it gets most likely not getting past the gateway

8

22.1 Legacy Series / Re: Sudden reboot of system when using MS Teams

« on: August 06, 2022, 02:52:06 pm »

It certainly sounds like high temp system protection cutoff kicking in, if kernel is cutting power to save frying the cpu

92c does sound high, that chips normal operating range is between 50-70c, 50c when idle passively cooled.

Teams video uses high network bandwidth, so there maybe expected additional cpu load when there is increased traffic throughput, hence varying time for symptom to manifest. Its just a question of how long before temp rises before cutoff kicks in, ive seen this lots of times for various reasons.

1.Make sure plenty of space and airflow around unit
2.Check the cpu and heatsink
3.Check latest bios
4. Perhaps upgrade to 22.7 as there seems to have been a few issues with 22.1 to 22.1.10 with network hardware offloading changes
5.Try disable any on chip gpu and run headless may assist with temp
6. Disable in bios anything that is not absolutly nessesary such as audio, unused usb ports etc, i have seen sone posts where chipset feature were causing kernel issues

Hope these suggestions help you figure it out :-)

9

22.1 Legacy Series / Re: New OpnSense 22.1 install fails to boot from hard drive

« on: August 06, 2022, 02:19:28 pm »

What bios version on the acer?
First I would go into bios and switch boot mode from uefi to legacy and see if opnsense boots
Then its likely a partition issue that first partition is mbr/bios instead of gpt/uefi

I would also check for bios updates, and check the acer
forums

Hope you resolve it

10

22.1 Legacy Series / Re: Upgrade 22.1 to 22.1.10_4 breaks no internet and no web gui

« on: August 06, 2022, 01:59:02 pm »

UPDATE - progress
After reading some of the forum articles again some of the symptoms reported pointed to issues upgrading from 22.1 to various itterations of problems from 22.1.3 thru to 22.1.10_4

The clues suggested issue with interface hardware offloading.
Ref https://github.com/opnsense/core/issues/5521

To resolve this upgrade issue, i have tested the following steps.

1. Enabled hardware offloading on interface for CRC, TSO, LRO
2. Rebooted, and checked status, the reason this was disabled before was due to throughput issues
3. Upgraded to 22.1.10
4. Tested and checked Wan access, and Lan Gui now accessible post upgrade
5. Upgraded to 22.7
6. Tested wan and Lan Gui still accessible
7. I have left the hardware offload settings unchecked, throughput seems fine

Clients are now able to access Gui and internet

I will log a seperate query for the next symptom, as now it seems some ios (safari) and android (chrome) browsers are saying no internet but are working fine, and also looks like there may now be some issues with some root CA certificates, as some websites now reporting not trusted
Will look at this when i get some spare time

11

22.1 Legacy Series / Upgrade 22.1 to 22.1.10_4 breaks no internet and no web gui - Resolved

« on: August 04, 2022, 09:42:48 pm »

Hi,

I am stuck, I have to do an interim upgrade to 22.1.10_4 before it will allow upgrade to 22.7

I have a QEMU/KVM using virtio interface adapter with no vlans, there are no parent interfaces to add as I am not using vlans (per the solutions I have read).
I have also checked Hardware CRC, TSO, LRO is disabled, and VLAN hardware filtering is set to default as per forum articles I have read.

I have reverted to previous version on failure to reattempt. On one such attempt it successfully upgraded to 22.1.10_4 and I was able to logon to the web-gui, and internet worked for a few minutes then it stopped working.

Any help appreciated on which log files I need to check or how to determine what is happening?

12

22.1 Legacy Series / Re: Wireguard Speed Issue

« on: March 31, 2022, 03:17:11 pm »

I recall I had similar symptom when I first setup

I recall reading about MTU for Wireguard peer, just checked my config and recall I found 1384 was optimal which resolved issues I was having

https://www.reddit.com/r/WireGuard/comments/plm8y7/finding_the_optimal_mtu_for_wg_server_and_wg_peer/

https://gist.github.com/nitred/f16850ca48c48c79bf422e90ee5b9d95

13

22.1 Legacy Series / Re: DNScryptProxy not working? (Logs in GUI not working)

« on: February 19, 2022, 02:26:04 pm »

"Disabled Servers List" works only if it has a single item only.

The fix: https://github.com/opnsense/plugins/pull/2788

Many thanks, i was facing same question, now can see logs :-)

14

Tutorials and FAQs / Re: Dynamic DNS when my WAN address is private and thus does not change

« on: February 19, 2022, 01:56:07 pm »

If you have recently updated Opnsense to 22.1 it advise that the dyndns plugin will be deprecated in the next release and in favour to install ddclient on opnsense

What you have not mentioned is how your opnsense WAN interface is setup with your ISP router, bridge mode or have you put the opnsense WAN interface into the DMZ of the ISP router?
Given the error message it sounds like bridge mode in which case the WAN interface of Opnsense can only talk to the ISP router and therefore does not know the external IP address and Dynamic DNS would have to be configured on the ISP router.

If the WAN interface of Opnsense has been exposed to the Internet by putting into the DMZ then it will know the external public IP address and you can use ddclient or DynDns on Opnsense and configure to make Dynamic updates of the public IP address to your chosen Dynamic IP provider DynDNs or whomever

15

Tutorials and FAQs / Re: no access to internet from LAN network

« on: February 19, 2022, 01:42:48 pm »

Hi,

Without knowing the full details of your config its difficult to give proper guidance,

But at a basic level what you ideally need to achieve is communication between your ISP router and your Opnsense WAN interface. So your ISP router 192.168.1.1 can talk to Opnsense WAN interface 192.168.1.2 these talk in same network.

Then you want your clients to be in a separate network not the same network as your WAN to keep them separate and secure, achieved with physical networks or logical virtual networks called vlans.
So create a LAN interface on Opnsense with say a network of 192.168.2.1 and a dhcp range 192.168.2.51-100 or however many clients you need.

The clients gateway will be the LAN interface of Opnsense on 192.168.2.1 and the traffic is then routed through the opnsense WAN interface 192.168.1.2 which then talks to your router 192.168.1.1
There are two ways to set that up using bridged network or put the WAN interface of opnsense into the DMZ of the router.

Instructions are here
https://docs.opnsense.org/manual/install.html

Hope you get it working