Messages

I have also ben seeing error since upgrade 2 days ago to 2.7.6.
"/usr/local/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api/TrafficController.php:74 - Invalid argument supplied for foreach() (errno=2)"
Reported it using the OPNSense Crash reporting

Hi all, need your help or any useful information.

Few days ago I decided to upgrade the distro on my mini-itx pc, made clean-install of 19.1 from USB flashdrive onto SSD. Clean system worked good.

Then I tried to restore settings from previously saved config.xml of 18.7.10_4.
The Web GUI became unresponsive right after config applied and mini pc rebooted. I can't reach or ping or SSH to the mini-pc interface.
But when I conneced monitor straight to the mini pc, all seemed okay, I could login as root, for example.

Same happened, when I tried to upgrade from GUI - clean 19.1 seems fine - tried to restore config - interface unreacheable.
Also when I clean-installed 18.7 and restored config to it - after reboot all is ok, GUI was reacheable.

mini pc config:
Gigabyte GA-H110TN MoBo (dual Intel nics),
4Gb 2133 RAM, 120 Gb SATA SSD,
Intel i350T2 v1 (tried to connect to its igb0).

If I need to do a little more RTFM - please provide a link.

Thanks in advance for your replies.

Not sure if you tried this (part of your description above is not clear), but if not then try.
It is possible that something in you 18.7 config file is not compatible with 19.1, doubt it but is possible.

1. Restore your system (or clean install) to 18.1.  Restore your config file and check all is working OK.  Save your config file (in case).
2. Through the GUI, upgrade to latest version of OPNSense (19.1.x, or soon a 19.7x).  Check ypur system is still functioning (at least better than your clean build).   Address any issues that might be thrown up a problems or warnings, if can't fix consider disabling that module (ie if open VPN reports a issue, note your settings and disable it, you can rebuild it after step 4.
3. Now save your configuration file but name so you recognise it as 19.x based, not your 18.7 based config.  Do not save it on your intended opnsense sever machine.
4. Now do your clean build of 19.x on your OPNsense server, and get into the GUI.  Load your 19.x config file through the GUI.  Check your system is still operating.
5. Rebuild your config of any modules you disabled at step 2.

Good luck

Sent from my SM-P585Y using Tapatalk

Not sure if my quick help there was needed. ;)

Franco, that did help....just though I would include the solution in this post as well for people getting to this thread if searching for a solution.

Yep Chemlab, I answered my own question.

Sent from my SM-P585Y using Tapatalk

Moved onto 19.1 and problem continues.
Removed 2FA  and used certificates, username and password and problem remains but easier to get information from it as it automatically reconnects.

Symptions are strange... and they may be two problems.

This is OpenVPN client on Android 8 tablet.
Can connect to Server and are able to connect to the Opnsense server ui with no problems in usage.  Can also connect through VPN to several simpler webservers (ie load quickly).
But looking at openvpn server log, it connects then immediately reports client disconnect over several log entries.  This then continues every 60 seconds ( happens to be keepalive timeout!)  The log entries are
Apr 11 16:31:27   openvpn[49773]: MANAGEMENT: Client disconnected
Apr 11 16:31:27   openvpn[49773]: MANAGEMENT: CMD 'quit'
Apr 11 16:31:26   openvpn[49773]: MANAGEMENT: CMD 'status 2'
Apr 11 16:31:26   openvpn[49773]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Apr 11 16:30:25   openvpn[49773]: MANAGEMENT: Client disconnected
Apr 11 16:30:25   openvpn[49773]: MANAGEMENT: CMD 'quit'
Apr 11 16:30:25   openvpn[49773]: MANAGEMENT: CMD 'status 2'
Apr 11 16:30:24   openvpn[49773]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Apr 11 16:29:56   openvpn[49773]: Ian-tablet/49.180.44.209:17857 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

The OpenVPN  client show data continues to flow over tunnel as would be expected and reports nothing after the initial link establishment.

Then I attempt to access some more complex ui (a QNAP NAS  and a server running Node-Red) through the tunnel and and data flows for about 20 secs, somtimes part of a page is downloaded.  Then Data flow is ceased and 60 seconds later the VPN link is closed and restarted.

Thanks for your suggestions, tried both but the problem still exist.
I have started another topic on this.

Had the same, you need to Reset RRDS (Round Robin Data Set).  It is under one of the menu items must below display item in menu (can't be precise as I do not have access to GUI, off base and again failed to properly set up port forwarding!)

Sent from my SM-P585Y using Tapatalk

I managed to get a openVPN road warior connection with 2FA working but the connection only lasts a minute (i just get logged into a LAN webserver and loose it) or so and then I have to reconnect which means get a new OTP from google authenticator.  Makes the VPN useless. 
Suspect t the cause may be the poor ADSL 2 connection to the Router (6MB/350kB, it is a 3km rural connection) which I cannot do much about.

Problem affects several different clients (android with openVPN app, W10 with Velocity and OpenVPN apps)

Is there anything in settings I can do to
1. reduce it's sensitivity to dropping out
2. Not have to get a new TOTP each time
3. Not use a TOTP at all, use a different authentication method

Or should I go over and use IPSec or is there another road warior VPN solution better suited to my scenario.

Was running OPNSense 18.7 on a gen4 i5 processor with loads of RAM (it is barely working above 10%) and 10 NICs (LAN switch and router)

Since the upgrade to 19.1, the quality graph under Reporting/health has shown no new data under Quality (for WAN) tab.  The data graphed stops on 6 Feb (suspect that is when I updated from 18.7) whilst all other tabs show graphs with data up to the present.

Any idea why...appears the delay and packet loss data is no longer logged, unfortunate as I found it useful for our poor quality Rural ADSL WAN connection.
Thanks

I have established a OpenVPN server on the OPNSense Router and successfully connected a client (OpenVPN on Android and Viscosity on W10) remotely through to the Router as evident by the client getting a VPN IP address (10.0.2.x).
But I cannot use that connection to connect to any of servers inside my Routers domain (10.0.0.x) for HTML traffic.
Is there something I am missing in the client, or the Router that allows a request from the VPN client be directed through to the servers on the routers Domain (10.0.0.x).

Once I have that basic connectivity working, is there some smart configuration I can set up to direct IP traffic depending on how I am connected to the internet, ie
If connected to my Domain (computer WiFi or Ethernet IP is 10.0.0.x) then requests to 10.0.0.x stay in the Domain, otherwise they are routed out through the gateway to the internet.  {this already works, using unbounded DNS), but
If connected to the internet (computer WiFi or Ethernet IP is not 10.0.0.x), all IP traffic is routed over internet connection except to 10.0.0.x which is routed over VPN connection (with IP of 10.0.2.*) into my Domain.
Thanks in advance

First, I cannot find a "HOWTO - Routing Traffic over Private VPN"  in the docs.opnsense.org site.  Thought it might help me with my VPN for which I will raise a new topic.

Also, I forgot to mention, router performance is not a issue, the Router is only using a fraction of CPU and Memory (old i5-2500 with 8GB of RAM, and 128GB SSD), so it is idling.

Thankyou all for your help above.  Switch vse hub differences was enlightening.   I have now got this OPNSense router working quite nicely, as a router/Switch/Gateway for a my network, and the whole system suddenly started to work more well once I set the bridge setting filters to the LAN in Tunables. 
Also got unbounded DNS working (can use names like BMS/ rather than IP addresses to access devices web interfaces) and configured OpenVPN which appears to work (just need to access it remotely check I can access the network). 
I then need to findout how to block access to the Router Web interface from WAN (as I should access remotely it through VPN), havent seen a immediate setting for that, maybe it is a router rule.
I will leave it as a Router/Switch (with 6 (7 when I enable the last NIC I used to initially set it up)) as it allows me to use some of the tools like Insight and PRTG to see what traffic is running between parts of the network as well as the WAN (albeit I can't see traffic that does not exit any of the attached switches/AP). This has been useful as I have finally found which computer currently stomps on the network. It looks like this PC, OneDrive keeps trying to upload .pst file over a limited uplink (usually only 300kB up, 6.5MB down), but there is other stuff uploading so it is about to be backed up and W10 clean installed.

Thanks again monstermania and Marjohn56.  Setting those two attributes in tunables did the trick and things are working nicely (until I changed my flow in Node-red and it stopped! 
I had been ignoring pfsense help and forums as opnsense was largely rewritten....but now realise menu structure is very similiar.

As for my hardware, it is a old PC, i5-2500, 8gb Ram, 120 gb ssd and a hdd, with 2 of HP NC364T quad port 4 NIC PCIe cards (and onboard realtek Ethernet and another very old fast ethernet card which I might activate).  I have seen the chipsets but currently can find it again (think it was the console when running zeroshell... abandon when PPPoE would not work which appears to be a Telstra tg797n problem in the end). The HP card is Intel chipsets.
Modem now is a netgear d7000 in modem only mode,  network is all on one subnet with static IP for most devices, physically the Router direct connects to a 8 port engenius switch, and a 24 port netgear switch (both have 50% PoE ports for IOT things), two engenius AP (one to router, one to Netgear switch), IP Camera  and lots of end devices mostly on the switches or AP.

Although I have bridge set up as a unmanaged switch now, I am interested if there is a more efficient way to set this up.  Not sure if the unmanage switches are smart enough i  that they only route traffic onto the port where the device is connected...or it 'broadcasts' it on all ports hoping one has the device with that IP is connected.   May i  the future need to make work smarter to reduce network loading (especially if I add a few more IP cameras).

Next will be to sort out openVPN port so I can access the LAN securely from the Ethernet (via droid tablet and laptop) when away from home.

Ian

Sent from my SM-P585Y using Tapatalk

Thanks Marjohn56,  that is what I did first (renamed LAN as LAN1, Then renamed LANBridge as LAN),  didnt work as there is some referencing in the background that got screwed.
So have got it working, with 6 LAN connections plus 1 for WAN.  Haven't tried to assign the original port (em0) back in to the bridge as first time I did that I lost all connectivity through the gui, easy recovered using backup on the console.  But a bit more stable now so will do that tomorrow.
But now I have a problem that I cannot communicate between LAN router NICs.  I can ping anything (that supports ping) from the OPNSense Console,  put if I want to connect, say with a browser to a server on another router bridge NIC there is no connection.  I can connect with other devices on the same NIC (router connects directly two switches and one AP) plus a few direct devices.   I also seem to have a very slow connection ( but that may be the WAN, as soon as I move a moderate bit of data over it, latency is 1 to 8 seconds and lost packets gets as high as 18%) between LAN devices.
A single DHCP is working (part of bridge), and devices connecting OK with it and setting up IP (most static, a few dynamic), DNC and Gateway and DHCP server ok.  All are connecting with internet albeit its latency issue is frustrating.
Router hardware capacity is idling so not a problem.
So is there a setting I am missing to allow all network communications between all NICs connected to the bridge.

Thanks
Ian

Sent from my SM-P585Y using Tapatalk

When you create the bridge, first assign the two unused NICs to the bridge, do not change the the physical NIC port your pc is connected to at that point. Next re-assign the LAN to the bridge interface, you'll appear to lose the connection, at this point you need to connect your physical  LAN cable to one of the two NICs assigned to the bridge, wait about 30 seconds, refresh your browser and you should be back in business, now add the third NIC to your bridge and you are done.

Thanks for this insight MARJOHN56, I am also setting up opnsense as router switch but have stumbled to get my LAN on more than one NIC.  I understand all of it except 're-assign the LAN to the bridge interface'?  Is this changing the name on LAN to something else (LAN1) AND bridge0 to LAN in the interfaces.  Also when to remove the fixed IP address off the old LAN, before or after moving computer to the bridge NIC.
I have had great difficulty in the opnsense gui seeing just how LAN was linked to WAN so I Could visualise what is connected to what and change it.
Sorry if this posts twice...having serious internet latency problems...need this router workig to see why and prove it is the telco not my lan.