Messages

1

20.7 Legacy Series / Re: Force redirect DNS to pihole

« on: December 29, 2020, 06:14:24 pm »

I have this working with 20.1.9_1, followed the steps listed below:

https://www.reddit.com/r/OPNsenseFirewall/comments/97vikk/opnsense_and_pihole_a_guide_to_obscuring_your_dns/

I probably need to update this

2

20.7 Legacy Series / Re: radvd stops announcing IPv6 prefix after a while (radvd freeze?)

« on: December 28, 2020, 05:18:22 am »

I was looking through the old changes and from what I could tell from the comments, the reason pfsense moved from rtadvd to radvd, was they were having problems with CARP and VIPs in ipv6 at the time with rtadvd.  Maybe rtadvd has solved the issues from back then.

It is possible that from FreeBSD 11 to 12, something else in the network stack introduced a dependency on rtadvd.

I was just having issues in a lab set up with rtadvd and carp vip's. Not sure it isn't kvm and virtualized network related but it definitely seemed to be a contributing factor.

Sent from my Pixel 4 XL using Tapatalk

3

20.7 Legacy Series / Re: radvd stops announcing IPv6 prefix after a while (radvd freeze?)

« on: December 23, 2020, 06:21:31 pm »

For those just joining the party, see https://github.com/opnsense/core/issues/4338#issuecomment-732397405

we have a working fix and pull request. running

Code: [Select]

opnsense-patch 9a4a908 will replace radvd with rtadvd and seems to rectify the issue for everyone.

4

20.1 Legacy Series / Re: CARP with dual stack and different VHIDs

« on: December 09, 2020, 06:23:06 pm »

Late to the party but I'm having issues with this as well

5

20.7 Legacy Series / Re: High CPU Usage by flowd_aggregate.py running - Netflow Disable

« on: November 02, 2020, 02:38:19 pm »

unfortunately, the ipv6 implementation in opnsense seems to have various issues like this. I'm seeing much more attention brought to it however, so I'm hopeful it can be resolved by the next release.

6

20.7 Legacy Series / Re: radvd stops announcing IPv6 prefix after a while (radvd freeze?)

« on: November 02, 2020, 02:36:03 pm »

Without looking at the logs I can't say for sure but I'm definitely still having what I assume is this problem. adding the cron job and we'll see how it goes.

7

20.7 Legacy Series / Re: pfatt and 20.7 don't seem to work

« on: September 18, 2020, 04:59:55 am »

Has anyone that had their setup break with the update been able to confirm a workaround or cause for this?

8

20.7 Legacy Series / Re: pfatt and 20.7 don't seem to work

« on: August 20, 2020, 01:32:49 am »

Sorry about the delay.  Life kinda got in the way.  In any case, I meant traditional in the sense that I am not using the extracted certificates from the gateway, which I do have, to do a full bypass, ie., ont to opnsense.
The only other thing I might point to is that at some point within the last upgrade the devs stopped loading the netgraph modules by default, so you have to ensure that you are adding them to your loader.conf or loader.conf.local .

Are you using the original script by aus or the one from MonkWho or others? If you're using the original script and it is working for you = then it's just a matter of seeing why the newer ones aren't working (changed locations for files and binaries perhaps?)

I am using the original script, or rather the last one I downloaded directly from aus's github before it evaporated.

Could you possibly provide a copy of that script so I can compare the Monkwho opnatt script and see what might be different?

9

Development and Code Review / Re: UDP Broadcast Relay beta package

« on: July 13, 2020, 01:22:59 am »

I'd love to step in and say "Hell yes" lol

10

20.1 Legacy Series / Re: UPnP Issues

« on: June 29, 2020, 01:05:55 am »

The game will only open the port it needs. Allowing the range suggested won't open all of the ports listed in the range, it will allow those ports to be opened by the IP address in the source field if/when needed. You can view the currently opened connections in the status page of the UPnP plugin.

11

General Discussion / Re: UPnP issues?

« on: June 28, 2020, 05:58:41 pm »

Setting outbound nat with the static port setting for each device that needs to use upnp simply stops the firewall from overwriting the outbound port with a randomized one. You don't need to do any manual port forwarding. Setting the allow rule as I mentioned above in the upnp settings allows the device on a subnet or a specific device to use the ports that are allowed. By default upnp in OPNsense operates with a least access configuration and requires whitelisting whereas, in most consumer grade hardware, upnp is using "allow all".

12

General Discussion / Re: Help required with NGINX Reverse Proxy

« on: June 28, 2020, 05:46:00 pm »

Not a direct answer to your question but, would you be opposed to running these services in docker as containers and then utilizing something like traefik or nginx as a load-balancer/reverse proxy on the server itself? I'm currently running several wordpress sites and nextcloud in docker with traefik as my reverse proxy and it really simplifies the deployment of new sites and services. Nginx also has a large community for the docker version and can help configure everything. They have plenty of configs available that generally work out of the box.

13

General Discussion / Re: How Does OPNSense Implement VLANs

« on: June 28, 2020, 05:41:03 pm »

What I would be interested in knowing is if I can set priorities for each member of the LAG, so certain vlans use certain LAG interfaces, thus effectively spreading the traffic across all LAG members?

If you use the Round-Robin LAGG Protocol, you can accomplish the same goal albeit without each vlan on a specific physical interface. LACP would work too, but you may see more traffic on a specific interface in that case. 

14

General Discussion / Re: Pings Failing to Hosts Behind OPTx Interfaces

« on: June 28, 2020, 05:36:30 pm »

Look at your FW live logs in OPNsense and filter by "block" or by the device IP and see what rule is causing the issue, if any.

15

General Discussion / Re: Insight Aggregator not running anymore

« on: June 28, 2020, 05:34:45 pm »

I encountered a similar issue when my logs filled the disk drive I was writing them to. Check your used space and make sure the disk isn't full.