Messages

I have placed an IP from my public IP pool in a virtual IP (xx.xx.xx.108).  I created a 1:1 NAT rule:

Interface -> WAN
External IP -> xx.xx.xx.108
Internal IP -> 10.0.0.144 listed under source with a /32 subnet
Destination -> any
Type -> BINAT

WAN Firewall rules allow all traffic to 10.0.0.144

VLAN is setup through the switches correctly as well. 

What am I missing?

Thanks in advance for the assistance.

You have to set virtual IPs (interfaces->virtual IP) and then use 1:1 nat rule for each.  I would assign a static IP for each apartment and simply 1:1 the assigned public ip to the local IP.  Don't forget to add full allow rules in the WAN portion of the firewall.

I'm trying to setup zerotier and a new interface and I can't add an interface.  There is no + option anymore on the interface assignment page.

Any ideas?  Thanks in advance for any assistance.

Thanks man.  Saved my @$$ today.

Count me in too!  Thank you for organizing this.

Does anyone know if I can place a VLAN in another VLAN?

Example:  Our APs have a 32 VLAN cap.  I have 50 VLANs in use.  I need the to create a VLAN (VLAN2) and then assign (VLAN 200, VLAN 201, VLAN 202) to that VLAN so that I can ride up the stack to the end points on fewer VLANs.  I have done this with Mikrotik in the past.  I can't seem to find a way to make opnsense do it though. 

Thanks in advance for any help!

Does anyone know if I can place a VLAN in another VLAN?

Example:  Our APs have a 32 VLAN cap.  I have 50 VLANs in use.  I need the to create a VLAN (VLAN2) and then assign (VLAN 200, VLAN 201, VLAN 202) to that VLAN so that I can ride up the stack to the end points on fewer VLANs.  I have done this with Mikrotik in the past.  I can't seem to find a way to make opnsense do it though. 

Thanks in advance for any help!

I keep seeing this in the general log:

/interfaces.php: The command '/usr/local/sbin/dhcpd -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid ix1 ix1_vlan350 ix1_vlan352 ix1_vlan340 ix1_vlan355 ix1_vlan362 ix1_vlan2001 ix1_vlan2208 ix1_vlan2209 ix1_vlan2210 ix1_vlan2211 ix1_vlan2049 ix1_vlan2064 ix1_vlan2079 ix1_vlan2618 ix1_vlan2626 ix1_vlan2628 ix1_vlan2149 ix1_vlan2230 ix1_vlan2267 ix1_vlan2612 ix1_vlan2278 ix1_vlan2289 ix1_vlan2054 ix1_vlan2068 ix1_vlan2147 ix1_vlan2235 ix1_vlan2233 ix1_vlan2240 ix1_vlan2076 ix1_vlan2005 ix1_vlan1000 ix1_vlan354 ix1_vlan2228 ix1_vlan2038 ix1_vlan2039 ix1_vlan2055 ix1_vlan2242 ix1_vlan2248 ix1_vlan2264 ix1_vlan2084 ix1_vlan2224 ix1_vlan2333 ix1_vlan2335 ix1_vlan2265 ix1_vlan2339 ix1_vlan2250 ix1_vlan2085 ix1_vlan2067 ix1_vlan2239 ix1_vlan2146 ix1_vlan2080 ix1_vlan2303 ix1_vlan2140 ix1_vlan2003 ix1_vlan2287 ix1_vlan2229 ix1_vlan2256 ix1_vlan2234 ix1_vlan2152 ix1_vlan2255 ix1_vlan2227 ix1_vlan2223 ix1_vlan357 ix1_vlan358 ix1_vlan359 ix1_vlan361 i

Any ideas on what could keep crashing the DHCP service?  Thank so much in advance for any assistance.

Thanks for letting me know.

Sorry for kicking up an old thread, but I was wondering if the ISP told you what the problem was?  I'm having these same symptoms and I can't seem to pin them down.

Thanks,

Hi Franco,

Thanks for your help the other day, however, I'm seeing huge loads again without flowd running.  Here is my top -S-P output:

last pid: 66540;  load averages:  6.13,  6.45,  6.95    up 3+12:34:06  01:09:26
78 processes:  9 running, 68 sleeping, 1 waiting
CPU 0: 26.3% user,  0.0% nice, 37.3% system,  4.7% interrupt, 31.8% idle
CPU 1: 20.8% user,  0.0% nice, 32.2% system, 15.7% interrupt, 31.4% idle
CPU 2: 30.6% user,  0.0% nice, 36.9% system,  3.9% interrupt, 28.6% idle
CPU 3: 21.2% user,  0.0% nice, 40.0% system,  7.5% interrupt, 31.4% idle
CPU 4: 25.9% user,  0.0% nice, 36.1% system,  9.4% interrupt, 28.6% idle
CPU 5: 30.6% user,  0.0% nice, 29.8% system, 12.2% interrupt, 27.5% idle
CPU 6: 32.9% user,  0.0% nice, 38.4% system,  4.3% interrupt, 24.3% idle
CPU 7: 36.1% user,  0.0% nice, 45.1% system,  0.4% interrupt, 18.4% idle
Mem: 239M Active, 6172M Inact, 76M Laundry, 1203M Wired, 774M Buf, 107M Free
Swap: 8192M Total, 8192M Free

  PID USERNAME       THR PRI NICE   SIZE    RES STATE   C   TIME    WCPU COMMAN
   11 root             8 155 ki31     0K   128K RUN     0 458.9H 214.94% idle
21586 root             1 102    0 52952K 45364K CPU0    0  80.8H  96.92% python
5261 root             1  85    0  1043M 13244K CPU5    5   0:06  92.42% pfctl
47030 root             1  52    0  1045M 16488K RUN     6   0:05  86.74% pfctl
   12 root            92 -56    -     0K  1472K WAIT   -1  46.1H  59.14% intr
64375 root             1  21    0 64492K 46044K piperd  5   0:30   8.67% php-cg
7108 root             1  21    0 60780K 42820K piperd  0   0:20   8.14% php-cg
30628 root             1  52    0 53608K 41528K select  3   0:19   4.65% php-cg
76753 root             1  52    0 58732K 40972K piperd  5   0:01   3.89% php-cg
   17 root             1 -16    -     0K    16K -       3  33:11   2.69% ran

Any other ideas?  We are running a lot of VLANs and see about 1000 concurrent users.  This has been the case for a while, but just seeing these processors load and slowness in the gui for the last couple of weeks.  DHCP service is continuing to crash and won't always restart.  I'm stumped.  Any further ideas from you are greatly appreciated. 

Thanks again for all you do for us.

I'm having issues with the DHCP services turning itself off, and then will not restart.  I'm not sure where to start to fix.  Here is my backend log:

Date   Message
Jun 28 18:24:17   configd.py: [0e0befb6-f77a-4abb-b751-60a9bede0ad6] request filter log output
Jun 28 18:24:13   configd.py: [3dca0a34-d57f-4116-a1c0-a0f4dd262e99] request pfctl byte/packet counters
Jun 28 18:24:10   configd.py: [2cc350ae-a555-46e5-b083-4d9588a885b5] request filter log output
Jun 28 18:24:03   configd.py: [abb8d7fc-dc41-4035-9b83-f981a152c767] request filter log output
Jun 28 18:24:02   configd.py: [686aed41-e081-48eb-82ad-329bbd9cd625] request pfctl byte/packet counters
Jun 28 18:23:55   configd.py: [b88f6ad6-22a9-42d4-a3be-32c93881b8f8] request filter log output
Jun 28 18:23:53   configd.py: [2f944253-9a6d-4418-a7a2-0607b042d1ba] IPsec list status
Jun 28 18:23:52   configd.py: [ef2da84e-0fb8-4df5-b7dc-b3977f6f2636] IPsec list ip address pools
Jun 28 18:22:14   configd.py: [0a373db4-94bc-4bc6-ab52-a61033ee60fe] Reloading filter
Jun 28 18:07:53   configd.py: message 3beb9e94-9e87-4f21-978b-91aef97ed20c [filter.refresh_aliases] returned {"status": "ok"}
Jun 28 18:07:52   configd.py: unable to sendback response [OK ] for [filter][reload][None] {b4c8c0e1-b287-4f6a-a6f6-91702f07c940}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 203, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe
Jun 28 18:07:52   configd.py: [3beb9e94-9e87-4f21-978b-91aef97ed20c] refresh url table aliases
Jun 28 18:07:52   configd.py: OPNsense/Filter generated //usr/local/etc/filter_tables.conf
Jun 28 18:07:51   configd.py: generate template container OPNsense/Filter
Jun 28 18:07:50   configd.py: [6fc9bbbc-3632-4d5c-a9cb-4f2d168f45c1] generate template OPNsense/Filter
Jun 28 18:03:15   configd.py: [b4c8c0e1-b287-4f6a-a6f6-91702f07c940] Reloading filter
Jun 28 18:03:14   configd.py: OPNsense/WebGui generated //usr/local/etc/php.ini
Jun 28 18:03:14   configd.py: OPNsense/WebGui generated //usr/local/lib/php.ini
Jun 28 18:03:13   configd.py: generate template container OPNsense/WebGui
Jun 28 18:03:12   configd.py: [c0afd8f8-4214-4444-ae9a-c6c2684543b6] generate template OPNsense/WebGui
Jun 28 18:02:18   configd.py: [7eb697ed-ce0b-413c-aebd-0a59e8c95506] updating dyndns opt224
Jun 28 17:42:07   configd.py: message f01b3c0a-8785-48c8-8950-32b150134810 [filter.refresh_aliases] returned {"status": "ok"}
Jun 28 17:42:06   configd.py: unable to sendback response [OK ] for [filter][reload][None] {54ad4008-3ca9-4eb7-a430-df2baa3bf378}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 203, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe
Jun 28 17:42:06   configd.py: [f01b3c0a-8785-48c8-8950-32b150134810] refresh url table aliases
Jun 28 17:42:06   configd.py: OPNsense/Filter generated //usr/local/etc/filter_tables.conf
Jun 28 17:42:06   configd.py: generate template container OPNsense/Filter
Jun 28 17:42:05   configd.py: [03ca638c-1e78-492b-beee-b1960815a87e] generate template OPNsense/Filter
Jun 28 17:39:56   configd.py: [13af0d61-44a4-4384-9ac5-3e4adfb90c1c] updating dyndns opt223
Jun 28 17:36:27   configd.py: [54ad4008-3ca9-4eb7-a430-df2baa3bf378] Reloading filter
Jun 28 17:25:42   configd.py: [4dc2c1ff-69d1-4cba-b237-3f7dfacabe9c] updating dyndns opt222
Jun 28 17:13:16   configd.py: message f170ab46-25df-4f8a-8e5b-1d285c722d8e [filter.refresh_aliases] returned {"status": "ok"}
Jun 28 17:13:16   configd.py: unable to sendback response [OK ] for [filter][reload][None] {2809bea7-d36c-4e08-989e-a210cf07d674}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 203, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe
Jun 28 17:13:16   configd.py: [f170ab46-25df-4f8a-8e5b-1d285c722d8e] refresh url table aliases
Jun 28 17:13:16   configd.py: OPNsense/Filter generated //usr/local/etc/filter_tables.conf
Jun 28 17:13:15   configd.py: generate template container OPNsense/Filter
Jun 28 17:13:14   configd.py: [2999e7d7-f2a6-4613-8e5a-af4c7cfa6281] generate template OPNsense/Filter
Jun 28 17:12:08   configd.py: [02dfc847-217b-4df8-8d68-d3a64ebf5cb7] updating dyndns opt221
Jun 28 17:08:00   configd.py: [2809bea7-d36c-4e08-989e-a210cf07d674] Reloading filter
Jun 28 17:08:00   configd.py: [577242e0-91bf-49f9-88a6-a2a4a2f4c81a] restarting cron
Jun 28 17:07:53   configd.py: [5d57876d-b0bf-4692-8fd1-064ef2aa23e0] request osfp
Jun 28 17:07:45   configd.py: [ad89ed3e-3197-4206-b3ce-e32691181bf5] request osfp
Jun 28 17:07:28   configd.py: [1a2d88d3-8901-4e8e-bf46-4f00ab9be3bd] request osfp
Jun 28 17:07:19   configd.py: [11a8c66f-ad01-4160-b3e9-367e39c02dee] request osfp
Jun 28 17:07:01   configd.py: [8a890129-d59a-4eae-8b42-baeea69c8bf6] request osfp
Jun 28 17:06:51   configd.py: [608bcb08-2653-4eef-9f37-f3278a10a590] request osfp
Jun 28 17:06:26   configd.py: [81bd38c9-a5a4-4f12-9f10-0c861ac718f0] request osfp
Jun 28 17:06:17   configd.py: [9d9e4cd3-1fa0-44be-aa06-19037fa0574e] request osfp
Jun 28 17:06:08   configd.py: [d09a7072-67cb-41a1-b3b9-165833959ddc] request pfctl byte/packet counters
Jun 28 17:06:06   configd.py: [ab10efa3-6d36-45b8-9a94-b896b0945c6f] request filter log output
Jun 28 17:05:57   configd.py: [e4fc0753-e255-4e9e-8b20-18aea142f276] request pfctl byte/packet counters

I keep seeing this: configd.py: unable to sendback response [OK ] for [filter][reload][None] {2809bea7-d36c-4e08-989e-a210cf07d674}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 203, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe

Not sure what this means or if it is the issue.

Thanks in advance for your help.

I'm having issues with the DHCP services turning itself off, and then will not restart.  I'm not sure where to start to fix.  Here is my backend log:

Date   Message
Jun 28 18:24:17   configd.py: [0e0befb6-f77a-4abb-b751-60a9bede0ad6] request filter log output
Jun 28 18:24:13   configd.py: [3dca0a34-d57f-4116-a1c0-a0f4dd262e99] request pfctl byte/packet counters
Jun 28 18:24:10   configd.py: [2cc350ae-a555-46e5-b083-4d9588a885b5] request filter log output
Jun 28 18:24:03   configd.py: [abb8d7fc-dc41-4035-9b83-f981a152c767] request filter log output
Jun 28 18:24:02   configd.py: [686aed41-e081-48eb-82ad-329bbd9cd625] request pfctl byte/packet counters
Jun 28 18:23:55   configd.py: [b88f6ad6-22a9-42d4-a3be-32c93881b8f8] request filter log output
Jun 28 18:23:53   configd.py: [2f944253-9a6d-4418-a7a2-0607b042d1ba] IPsec list status
Jun 28 18:23:52   configd.py: [ef2da84e-0fb8-4df5-b7dc-b3977f6f2636] IPsec list ip address pools
Jun 28 18:22:14   configd.py: [0a373db4-94bc-4bc6-ab52-a61033ee60fe] Reloading filter
Jun 28 18:07:53   configd.py: message 3beb9e94-9e87-4f21-978b-91aef97ed20c [filter.refresh_aliases] returned {"status": "ok"}
Jun 28 18:07:52   configd.py: unable to sendback response [OK ] for [filter][reload][None] {b4c8c0e1-b287-4f6a-a6f6-91702f07c940}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 203, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe
Jun 28 18:07:52   configd.py: [3beb9e94-9e87-4f21-978b-91aef97ed20c] refresh url table aliases
Jun 28 18:07:52   configd.py: OPNsense/Filter generated //usr/local/etc/filter_tables.conf
Jun 28 18:07:51   configd.py: generate template container OPNsense/Filter
Jun 28 18:07:50   configd.py: [6fc9bbbc-3632-4d5c-a9cb-4f2d168f45c1] generate template OPNsense/Filter
Jun 28 18:03:15   configd.py: [b4c8c0e1-b287-4f6a-a6f6-91702f07c940] Reloading filter
Jun 28 18:03:14   configd.py: OPNsense/WebGui generated //usr/local/etc/php.ini
Jun 28 18:03:14   configd.py: OPNsense/WebGui generated //usr/local/lib/php.ini
Jun 28 18:03:13   configd.py: generate template container OPNsense/WebGui
Jun 28 18:03:12   configd.py: [c0afd8f8-4214-4444-ae9a-c6c2684543b6] generate template OPNsense/WebGui
Jun 28 18:02:18   configd.py: [7eb697ed-ce0b-413c-aebd-0a59e8c95506] updating dyndns opt224
Jun 28 17:42:07   configd.py: message f01b3c0a-8785-48c8-8950-32b150134810 [filter.refresh_aliases] returned {"status": "ok"}
Jun 28 17:42:06   configd.py: unable to sendback response [OK ] for [filter][reload][None] {54ad4008-3ca9-4eb7-a430-df2baa3bf378}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 203, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe
Jun 28 17:42:06   configd.py: [f01b3c0a-8785-48c8-8950-32b150134810] refresh url table aliases
Jun 28 17:42:06   configd.py: OPNsense/Filter generated //usr/local/etc/filter_tables.conf
Jun 28 17:42:06   configd.py: generate template container OPNsense/Filter
Jun 28 17:42:05   configd.py: [03ca638c-1e78-492b-beee-b1960815a87e] generate template OPNsense/Filter
Jun 28 17:39:56   configd.py: [13af0d61-44a4-4384-9ac5-3e4adfb90c1c] updating dyndns opt223
Jun 28 17:36:27   configd.py: [54ad4008-3ca9-4eb7-a430-df2baa3bf378] Reloading filter
Jun 28 17:25:42   configd.py: [4dc2c1ff-69d1-4cba-b237-3f7dfacabe9c] updating dyndns opt222
Jun 28 17:13:16   configd.py: message f170ab46-25df-4f8a-8e5b-1d285c722d8e [filter.refresh_aliases] returned {"status": "ok"}
Jun 28 17:13:16   configd.py: unable to sendback response [OK ] for [filter][reload][None] {2809bea7-d36c-4e08-989e-a210cf07d674}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 203, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe
Jun 28 17:13:16   configd.py: [f170ab46-25df-4f8a-8e5b-1d285c722d8e] refresh url table aliases
Jun 28 17:13:16   configd.py: OPNsense/Filter generated //usr/local/etc/filter_tables.conf
Jun 28 17:13:15   configd.py: generate template container OPNsense/Filter
Jun 28 17:13:14   configd.py: [2999e7d7-f2a6-4613-8e5a-af4c7cfa6281] generate template OPNsense/Filter
Jun 28 17:12:08   configd.py: [02dfc847-217b-4df8-8d68-d3a64ebf5cb7] updating dyndns opt221
Jun 28 17:08:00   configd.py: [2809bea7-d36c-4e08-989e-a210cf07d674] Reloading filter
Jun 28 17:08:00   configd.py: [577242e0-91bf-49f9-88a6-a2a4a2f4c81a] restarting cron
Jun 28 17:07:53   configd.py: [5d57876d-b0bf-4692-8fd1-064ef2aa23e0] request osfp
Jun 28 17:07:45   configd.py: [ad89ed3e-3197-4206-b3ce-e32691181bf5] request osfp
Jun 28 17:07:28   configd.py: [1a2d88d3-8901-4e8e-bf46-4f00ab9be3bd] request osfp
Jun 28 17:07:19   configd.py: [11a8c66f-ad01-4160-b3e9-367e39c02dee] request osfp
Jun 28 17:07:01   configd.py: [8a890129-d59a-4eae-8b42-baeea69c8bf6] request osfp
Jun 28 17:06:51   configd.py: [608bcb08-2653-4eef-9f37-f3278a10a590] request osfp
Jun 28 17:06:26   configd.py: [81bd38c9-a5a4-4f12-9f10-0c861ac718f0] request osfp
Jun 28 17:06:17   configd.py: [9d9e4cd3-1fa0-44be-aa06-19037fa0574e] request osfp
Jun 28 17:06:08   configd.py: [d09a7072-67cb-41a1-b3b9-165833959ddc] request pfctl byte/packet counters
Jun 28 17:06:06   configd.py: [ab10efa3-6d36-45b8-9a94-b896b0945c6f] request filter log output
Jun 28 17:05:57   configd.py: [e4fc0753-e255-4e9e-8b20-18aea142f276] request pfctl byte/packet counters

I keep seeing this: configd.py: unable to sendback response [OK ] for [filter][reload][None] {2809bea7-d36c-4e08-989e-a210cf07d674}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 203, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe

Not sure what this means or if it is the issue.

Thanks in advance for your help.

Is there a way to add dhcp to an interface from the command line?  I have created interface VLAN111 and want to add DHCP to it?  The GUI is so slow in this, so I thought I would try to add from the terminal.

Thanks,

We have a 5gig pipe, with 10gig coming in next week. 300APs, we're averaging about 1000 users. 

I've ordered two more servers to put out there with CARP for some redundancy.  I've not set this up before, so working on it my lab.