Messages

Hello,

I have a number or URL Table (IPs) aliases like Cloudflare and Google. When I view them I see the Last updated field is a long time ago even though the refresh intervals are 7 days at most. Is Last updated in this case the last time there was a change? Is there a column that would show last refreshed?

Thanks!

How about "restoring" a custom config.xml with serial console enabled and other parts of the .xmp reset to your favourite state and reboot?

I think this is the right idea. I'm going to put this old firewall together with a new firewall in a CARP cluster. If I backup the config from the new firewall, edit the IPs, restore on the old firewall, that should work, right?

I have remote serial access to a OPNsense firewall that I want to reset. I assume if I do a factory reset that it will nuke my serial console settings though? Is there any way to do the reset and maintain serial console access?

Thanks all!

What should be used for Redirect Target Port? The first port in the range? 1630? any?

In your case you would enter 1630, which is the base port number for the range.

Connections arriving within you port range of 1630-1641 will be redirected to ports 1630-1641 at the redirected address.

If you set your Redirect Target Port to 20630, the connections arriving within the port range of 1630-1641, will be redirected to 20630-20641.

If you wanted to use multiple but not sequential ports, you would set up a Port Alias with the port numbers and use the Port Alias in the Destination Port and Redirect Target Port fields.

[Edit] Using "any" simply redirects to the port numbers within the range.

Fantastic! This should be documented somewhere though. Is it written somewhere that I missed?

😁 Let me see if I can get my proverbial stuff together for a PR if not.

Hello,

I am trying to redirect ports TCP/UDP ports 1630-1641 to a host on my LAN. I can use the "Single port or range" drop-down for the Destination Port, but there is nothing similar for Redirect Target Port. I looked at the docs here, but I don't see anything.

What should be used for Redirect Target Port? The first port in the range? 1630? any?

Thank you!

Fantastic! Glad I finally figured it out.

Sounds like we should add something to the HowTo?

Thanks for the confirmation!

I'm following up on https://forum.opnsense.org/index.php?topic=27242.0 because I never got it working until now.

I have Multi WAN setup for some time now and mDNS Repeater has not been working right. Today I tried creating a rule like this:

Protocol   Source   Port   Destination   Port   Gateway   Schedule      Description
IPv4 UDP   IoT net   *   224.0.0.251   5353   *   *      Allow mDNS / Bonjour (no policy route)

Suddenly it works. This rule is above my "Default allow IoT to any rule" which uses my "multiwan" gateway.

Is this expected behavior? Is there a better way to do this? I think this may be an issue that others are experiencing.

Observium folks give you any guidance?

Thanks Patrick!

Unfortunately I don't know where that MIB should end up. I looked around a bit and various switches put it in different places.

I stuck it in .1.3.6.1.4.1.2021.7890.5 as it was just the next one in /usr/local/share/snmp/snmpd.conf.

Code Select Expand

extend .1.3.6.1.4.1.2021.7890.1 distro /usr/local/opnsense/scripts/OPNsense/Netsnmp/distro.sh
extend .1.3.6.1.4.1.2021.7890.2 hardware /bin/kenv smbios.planar.product
extend .1.3.6.1.4.1.2021.7890.3 vendor /bin/kenv smbios.planar.maker
extend .1.3.6.1.4.1.2021.7890.4 serial /bin/kenv smbios.planar.serial
extend .1.3.6.1.4.1.2021.7890.5 ixl3_temp /usr/local/bin/ixl3_temp.sh

/usr/local/bin/ixl3_temp.sh:

Code Select Expand

#!/bin/sh
# Extract the module temperature from ifconfig output
ifconfig -v ixl3 | awk '/module temperature/ {print $3}'

It "works," but obviously gets overwritten quickly.

That info is definitely available via my Intel NICs.

# ifconfig -v ixl3 | awk '/module temperature/'
   module temperature: 52.00 C voltage: 3.25 Volts

I assume this information is getting to ifconfig via DDM? https://community.fs.com/article/how-to-view-the-ddm-information-of-optical-transceiver-via-snmp.html

Looks like it is just an SNMP configuration, but there isn't a way to make customized configs anymore.

Is there a way to monitor transceiver temps with SNMP? It doesn't look like there is anything there without modifying the SNMP config files manually.

If there isn't I'll request it as a feature?

I would think that too, but it looks like as soon as OPNsense marks the gateway of the primary WAN down due to quality issues (like 10% packet loss) then traffic just stops getting routed to it for both the NAT on the LAN and the public IPs.

Is there another switch or tick somewhere I should be looking for?

Hello! I have two different WAN connections:

Primary WAN: Connected via a /30 transit network to a /29 network, similar to Comcast EDI. One IP from the /29 is assigned to an OPT interface on the main OPNsense router. Other routers behind this interface use that IP as their default gateway.

Backup WAN: Provides a DHCP-assigned public IP.

Goal:

LAN Traffic: I need the LAN connection behind these two WAN connections to be as bulletproof as possible. During work hours, I can't afford any latency or packet loss. Therefore, I want the LAN to fail over to the backup WAN immediately when there's any issue with the primary WAN.

OPT Interface Traffic: I want the public IPs in the /29 network (used by the OPT interface) to stay up as much as possible, even if there's some latency or packet loss on the primary connection. Essentially, I prefer that the gateways remain marked as up for the OPT interface, even when the primary WAN has minor issues.

Issue:

When I experience packet loss or latency on the primary network and OPNsense switches to the backup WAN for failover, the routers using the OPT interface's IP lose their connection completely until the primary WAN recovers. I believe this happens because OPNsense tries to route the /29 network traffic through the backup WAN, which doesn't support it.

Question:

Is there a way to configure OPNsense so that:

LAN Traffic: Fails over to the backup WAN when there's latency or packet loss on the primary WAN.

OPT Interface Traffic: Continues to use the primary WAN (via the /30 transit network) exclusively, regardless of the gateway's status, unless the primary WAN is completely down.

Current Configuration:

I've set up the EDI-like network similar to this guide: https://meh.roach.xxx/2024/04/26/comcast-edi-with-opnsense-route-public-ips-through-opnsense/

Summary:

I need the LAN to fail over to the backup WAN immediately during any latency or packet loss on the primary WAN to maintain reliable connectivity for work-related applications (like Zoom and VPNs).

I want the OPT interface (and the public IPs in the /29 network) to continue using the primary WAN even during minor issues, to maintain services that rely on those public IPs.

I'm looking for the best way to configure OPNsense to accommodate these requirements without adding another physical router.

Any advice or guidance would be greatly appreciated!

Hi all,

I updated to 24.7.5_3 today and HAProxy stopped being able to bind to my Virtual IP that is on my trusted interface.

It looks like the GUI is binding to the virtual IP and the trusted IP.

Has anyone else seen this?

Thanks

Thanks for the feedback Monviech! I appreciate your insight.