Messages

Hello.
When updating to 25.7.2, access lost to the web interface. There is access to the SSH. Can I do something? Or just reinstall the system?

No, you don't have to do anything. ISC will stay and will be turned into a plugin which will auto install when you use it.

Okay. I understand.

Hello.
Did I understand correctly? To prevent ISC from deleting automatically, you need to block the lock?

I confirm. There was the same thing

1. Extracting the HDD from the server
2. Connect the HDD to the SATA connector of a regular PC
3. Install OPNsense from the ISO image on this HDD
4. Connect this HDD back to the server
5. Boot up
6. ...
7. Profit!
:D

Everything is blocked perfectly in AdGuard Home. You can set different locks for different clients.

I'm not blocking anything.

;D

Nothing is needed... the problem is that dynamic addresses are not supported and it would be better to leave it at that.

Ah, I understand. Now you will also specifically block this method ;D

What happens if you create multiple l2tp devices on the same interface with the same settings but different gateway IPs?

I tried this scheme and it doesn't work. What is needed is WAN-DHCP and on top of it OPT-L2TP

So there is no solution here? :-\

I had the same problem on PFsense. The guys from the neighboring forum made this patch. With this patch everything worked as it should. How can I adapt this patch for OPNsense?
I attach the patch in .diff format

Code Select Expand

diff --git a/src/etc/inc/interfaces.inc b/src/etc/inc/interfaces.inc
index c138566a1eeb0f0a1ce3f68178aeca2e9135fecb..cc0bca90808d20735364769b7d002b03ca757880 100644
--- a/src/etc/inc/interfaces.inc
+++ b/src/etc/inc/interfaces.inc
@@ -6478,6 +6478,27 @@ function link_interface_to_tunnelif($interface, $type, $remote = 'any') {
return $result;
}

+function link_interface_to_ppp_tunnelif($interface) {
+ global $config;
+
+ $result = array();
+
+ if (empty($interface)) {
+ return $result;
+ }
+
+ if (is_array($config['ppps']['ppp'])) {
+ $realif = get_real_interface($interface);
+ foreach ($config['ppps']['ppp'] as $ppp) {
+ if (($ppp['ports'] == $realif) && in_array($ppp['type'], array('l2tp', 'pptp'))) {
+ $result[] = $ppp;
+ }
+ }
+ }
+
+ return $result;
+}
+
/*
  * find_interface_ip($interface): return the interface ip (first found)
  */
diff --git a/src/etc/rc.newwanip b/src/etc/rc.newwanip
index ff4a75837c613ead7d66ec25ab2fae2db8cb6994..2b04a33db4a607cf08afbd6e01b803b791547ec7 100755
--- a/src/etc/rc.newwanip
+++ b/src/etc/rc.newwanip
@@ -128,6 +128,9 @@ array_walk($gre, 'interface_gre_configure');
$gif = link_interface_to_tunnelif($interface, 'gif', 'inet');
array_walk($gif, 'interface_gif_configure');

+/* reconfigure L2TP/PPTP tunnels, see https://redmine.pfsense.org/issues/12072 */
+$ppp = link_interface_to_ppp_tunnelif($interface);
+
$grouptmp = link_interface_to_group($interface);
if (!empty($grouptmp)) {
array_walk($grouptmp, 'interface_group_add_member');
@@ -181,6 +184,13 @@ foreach ($gre as $gretun) {
system_routing_configure($confif);
}
}
+foreach ($ppp as $ppptun) {
+ $confif = convert_real_interface_to_friendly_interface_name($ppptun['if']);
+ if (!empty($confif)) {
+ interface_configure($confif);
+ system_routing_configure($confif);
+ }
+}

if (platform_booting() && !in_array(substr($interface_real, 0, 3), array("ppp", "ppt", "l2t"))) {
// unlike dhcp interfaces which wait until they get an ip, a ppp connection lets the boot continue while


I'm using "russian vpn" scheme to connect with ISP - WAN interface with DHCP (actually internal ISP network) + L2TP interface to ISP server (as real WAN). If i'm using FQDN as L2TP server name - it couldn't be resolved during boot up.
If i use ip as server address - everything is ok and L2TP interface going up automatically during boot.
Could someone fix this problem, because ISP balancing load between L2tp servers and returns different ip for same FQDN..

Ok, thanks for the explanation

Вот ответ на наш вопрос:
https://forum.opnsense.org/index.php?topic=34058.0

If you find the old cron job in the source code you can bring it back on your own... ;-)

Oh... It's complicated. But anyway thanks for the advice. :)