Messages

Had a look into it this afternoon, but unfortunately the igmpproxy service does not use a PID file. Not in /var/run or anywhere else on the system.

But I have got this to work by using a custom Service monitor & a shell script checking if the 'igmpproxy' service is running. The Service Test is a duplicate of 'NonZeroStatus' but then adapted to do a restart when there is a non-zero exit instead of just an alert.

Script file (/root/igmpproxy-checker.sh):

Code Select Expand


#!/bin/sh
if pgrep igmpproxy > /dev/null
then
  exit 0
else
  exit 1
fi


I have attached pictures of the Monit custom Service & Service Test settings.

One odd thing that I found is that I had to use 'onestart' instead of just 'start' to get the igmpproxy restarted. Don't exactly know whay that is, but at least it works for me now.

Thanks again Greelan for giving me a nudge in the right direction.

Thank you Greelan!

I found another reference on the forum on using PID for this but that did not include the same amount of info on how to exactly implement this. I will give this a spin and if I get it working I will post it here for future reference.

Hi everybody,

I would like to use monit to monitor the igmp-proxy service and if it is down, restart it (let's say 5 times to prevent a loop).

Have tried to follow some examples (but there is no example in OPNSense documentation for monitoring a service/process directly) and the monit documentation but haven't got it to work yet.

Somebody has some pointers for me?

Any help is appreciated. Thanks and regards,
Joris.

I think I may have discovered another reason why the GeoIP alias is not importing definitions after putting in a correct URL with a valid key from MaxMind.

During my setup I made another 'admin' user and disabled the 'root' user. As long as my root user was disabled I couldn't make the forced update through the shell and python3 working. I kept getting an error about permissions.

This made me think and enable the root user. Then switched to root user in shell and sure enough the forced update through python3 works like a charm.

Don't know if it will keep working (e.g. updating) when I disable the root user again.

But in my opinion this should also be possible with a disabled 'root' user, as long as the import/update can be done with another user in de admin group.

Best regards,
Joris.

Nobody here that might share his/her knowledge on this?

Still hoping that somebody can explain what I'm seeing...

Hi all,

first time poster here. Been using OPNSense for a couple of months now and I'm very happy with it.

I had my install setup with WAN and LAN assigned to different interfaces. Have been running OpenVPN since my start with OPNSense as well, but up until now that was not assigned to an interface. Only in the firewall section there appeared an OpenVPN subsection to setup required rules. Worked fine for me.

But recently I setup a DMZ with its own interface as well and that let me to the point where I started wondering if I could assign OpenVPN its own interface and what benefits that might give me.

I have since then assigned OpenVPN its own interface ('VPN'), firewall rules are switched over to that interface, all is still working. But then I tried to setup DHCP for the VPN interface just as I did for LAN and DMZ.

But when I login through VPN I still receive the same 'virtual IP' that I was getting before I assigned OpenVPN its own interface. I know this is not from the DHCP server since it is an IP that is outside of the range I assigned there.

When I go through the DHCP logs, there was an error there but I don't understand it.
"dhcpd: bad range, address XXX.XXX.0.2 not in subnet XXX.XXX.0.1 netmask 255.255.255.255"

In the DHCP for the VPN interface I have NOT setup a subnet XXX.XXX.0.1! Even more, that is not even possible, it will always be XXX.XXX.0.0 by default and it cannot be changed in the GUI.

The VPN client still gets the 'old' virtual IP, VPN still works so nothing is really 'broken'. But if DHCP is not working like I want it too, I don't see any benefit in assigning a specific interface to OpenVPN.

Did some Googling on my own, but still haven't been able to figure it out. So far I stumbled upon two areas where I might find a solution, but before I dive into either of them I would like to understand what's going on.
1) VPN > Servers > Edit server > Client settings > Topology
In the explanation it says: "Relevant when supplying a virtual adapter IP address to clients when using tun mode on IPv4." That indeed applies to me, but if I tick that box then DHCP gives an error: "dhcpd: Unsupported device type 23 for "ovpns1"".
2) Switch from TUN mode to TAP mode. But in my case I cannot see why that would be necessary. TUN mode should be fine.

Anyone here that can point me in the right direction as to why my setup isn't working and what could be a solution? I hope I have given enough information on my setup. If not, then please request what else is needed to answer and I will supply the info.

Any help is much appreciated, hoping to learn a thing or two in the process ;)
Thank you in advance, best regards,
Joris.