Messages

https://github.com/opnsense/plugins/issues/3719

Try adding "on-root-domain=yes" directly to the ddclient config (should be at: /usr/local/etc/ddclient.conf)

Thank you for the suggestion.

I noticed the problem is with the Firewall's "Plain View" logs. They keep on filling up the hard drive and I haven't found a way to turn them off or to configure its retention time.

Check your disk space. I have a similar issue in which my disk space runs full, which causes Unbound DNS to stop responding.

Anything that was resolved before Unbound crashed will keep working, but anything after that will not be able to resolve.

I haven't found out yet what causing my disk space to fill up, but it happens every few days.

I made a thread in the General forum about my issue:
https://forum.opnsense.org/index.php?topic=43140.0

Check your disk-space and if Unbound DNS service is still running.

I have a similar issue at the moment, that *something* is filling up my drive every couple of days causing DNS resolution to fail.

I created a topic for it in case it might help you:
https://forum.opnsense.org/index.php?topic=43140.0

Hey everyone,

I recently upgraded to the latest version of OpnSense (24.7). I started getting internet dropouts where DNS would not resolve but teh OpnSense UI would still work and it could still pull updates.

I have OpnSense in a Proxmox VM and switched to VirtIO network drivers because throughput was much higher. Initially I thought that was the issue, so I reverted them back to Intel drivers. Yet, the issue remained.

I recently discovered that the hard drive was full (disk usage showed 106% use). I added about 10 GB of storage space to the VM, yet a few days later the disk was full again. I also noticed that, when rebooting the machine, it would hang on the Netflow Backup script step.

I looked at the Netflow settings and cleared all the data from it. I also disabled logging for it. On the same page I could also clear and disable DNS request logging, which I did. And behold, my drive use went down with 40%. Awesome!

But... a few days later, the disk is full again. I checked the Netflow settings again, they are still disabled. Check other log setting to make sure nothing was verbose logging and check if retentions were set to a reasonable level. Clearing the Netflow data did nothing this time.

So something is filling up my disk space causing Unbound DNS to die and not start again, but I can't seem to find what it is. Anyone have any idea how I can troubleshoot this issue or what might be the cause?

Maybe a stupid question, but do you have enough disk space left? Unbound doesn't like it when there is no space left.

Thank you for the amazingly fast reply and patch!

At current it's indeed not possible to add a wildcard certificate and a root domain at the same time. I will try your patch, that would already solve a part of my problem.

Once the header feature is released I believe my other problem would be solved as well.

That being said: I don't know what the future plans for the plugin is, but I have a feature request. Where could I log this request?

Thanks in advance!

Hey everyone,

I was thrilled to find out that OpnSense now has a plugin for Caddy, so I started to migrate my configuration from HAProxy to Caddy. However, I seem to be running into some snags:

1. Wildcard certificates do not seem to include the domain root.

When using a wildcard certificate and browsing to myDomain.com, I get an invalid certificate error. However, when browsing to www.myDomain.com, everything is fine. So it seems that the wildcard certificate does not contain the domain root and I cannot find any way to include it.

2. I cannot replace headers for forwarding requests

In the documentation (https://docs.opnsense.org/manual/how-tos/caddy.html) it states you can manipulate the headers when sending to vhosts, however, the "headers" tab mentioned in the documentation seems to be missing. Since I cannot set the headers, my routing fails.

Is there a way to resolve these problems? And is there a way to see what config the caddy plugin generates?

Thanks!

And in 21.1 you still have the same issue?

I updated to 21.1 recently and since then the UI is not working anymore. So I should pull the WAN cable and then I should have access to the UI again?

That is kind of odd. WAN should be blocked, but not LAN.

Any update on this by any chance?

I can't get the UI to work at all...

In Firefox and Chrome I get error: SSL_ERROR_INTERNAL_ERROR_ALERT

In the console I see: Starting web UI .... Done

So it seems to start correctly, but it's not working.

Sadly enough I don't have enough Linux skills to try to fix this myself.

Keine Ahnung warum du deine Wordpress Seite auf Port 8080 belegst anstatt 80 oder 443, aber egal.

In deine Konfiguration steht folgendes "Listen Addresses: xyz.abc:8080" für die Public Einstellungen. Dies soltest du umschalten auf 0.0.0.0:8080. Dies ist nämlich der Adresse wo drauf HAProxy wartet für einkommende Verbindungen.

I finally got most of it resolved, but it has been a hassle. It seems to be a lot of issues coming together which made it very difficult to figure out what was going wrong. But at the moment everything seems to be working quite well.

So yes, not necessarily OpnSense issues, but at some places the help text could be updated to be more clear or give a more truthful example, this would have set me in the right direction to fix the problem. Now it was a lot of online searching and trial and error.

@deZillium

The Ip conflict, in retrospect, appeared to not be an IP conflict, but a problem with the Fritz!Box I am using. If I put the Fritz!Box in Client-IP mode (become part of the existing network) the issues appear. When I just set it to use the existing LAN connection (NAT the connection and provide own IP addresses) I do not have the disconnection problems anymore. I tried the same with another, newer, Fritz!Box model, this one does not seem to be suffering from that problem. So in that one Client-IP works fine. But those things are really sh*t to figure out.

Guess I'm not the only one with problems then...

Still having internet dropouts. Oddly enough only on wireless... or at least it seems that way, maybe wired recovers faster, I don't know. Either way, the internet connection is not stable. I read that this might be because of using VirtIO drivers for the virtual nics (my opnsense is running in proxmox), but as for now I see no improvements.

I also tried to block any DMZ connections coming into my LAN. Set blocking rules on the LAN as well as on DMZ interfaces and it's still coming through. Oddly enough, when I try to access LAN from DMZ, in the firewall, the rule gets listed under the LAN interface, which seems odd to me.

The path is:
DMZ > DMZ Gateway > LAN
=
192.168.10.4 > 192.168.10.1 > 192.168.20.7

And the resulting rule in the Live Log is:
LAN Source =192.168.10.1, Destination = 192.168.20.7

How is 192.168.10.1 LAN? It's the DMZ gateway...

Apparently you need to change the "LAN can go anywhere" rule in order to block the DMZ stuff... this makes no sense to me. So either something is wrong or my understanding of this stuff is worse than I thought.

I though DMZ firewall rules would apply to anything coming into DMZ, WAN firewall rules to anything coming into WAN and LAN firewall rules anything coming into LAN. So I had set my LAN firewall rule, that it should block anything coming from DMZ... doesn't work though.

It's really disheartening sometimes...

Added updates inline of original post