"
How did you download the installer? It does not seem to be available on the website?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
25.1, 25.4 Series / Re: 25.1.10 and CPU Usage
July 04, 2025, 08:11:51 PM
Well well well....its the Zabbix proxy that is wiping out my CPUs. Once I stop it then it goes back to normal. Hmmm! Anyone else running Zabbix proxy and 25.1.10?
#3
25.1, 25.4 Series / 25.1.10 and CPU Usage
July 02, 2025, 05:16:10 PM
Hello all,
I upgraded to 25.1.10 last night and afterwards my CPUs are being pegged at 100%. My OPNsense firewall is virtualized under Proxmox, but was running just fine prior to 25.1.10. Anyone else seeing this?
Thanks,
Steve
I upgraded to 25.1.10 last night and afterwards my CPUs are being pegged at 100%. My OPNsense firewall is virtualized under Proxmox, but was running just fine prior to 25.1.10. Anyone else seeing this?
Thanks,
Steve
#4
Virtual private networks / Wireguard Logging
May 31, 2025, 06:30:10 PM
Hello all,
Is there a better log to be looking at, on the WG client or server side, to troubleshoot problem connections? The Log File in OPNsense tells me close to nothing when trying to understand why a client connection is not working.
Thanks,
Steve
Is there a better log to be looking at, on the WG client or server side, to troubleshoot problem connections? The Log File in OPNsense tells me close to nothing when trying to understand why a client connection is not working.
Thanks,
Steve
#5
Tutorials and FAQs / Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
May 26, 2025, 07:25:06 PM
So in my config I have as follows:
1) OPNsense firewall sits behind ISP router.
2) ISP router is configured for DDNS, going to NO-IP
3) Cloudflare is handling external DNS, and CNAMEs are setup in Cloudflare to point back to the NO-IP DNS name
This way everything looks like a static IP/DNS setup. With that said I would assume I do NOT need to configure Caddy for DDNS correct? I would just use the CNAMEs that are stup for the services I want Caddy to proxy correct?
1) OPNsense firewall sits behind ISP router.
2) ISP router is configured for DDNS, going to NO-IP
3) Cloudflare is handling external DNS, and CNAMEs are setup in Cloudflare to point back to the NO-IP DNS name
This way everything looks like a static IP/DNS setup. With that said I would assume I do NOT need to configure Caddy for DDNS correct? I would just use the CNAMEs that are stup for the services I want Caddy to proxy correct?
#6
25.1, 25.4 Series / Unbound to DNSMasq
May 12, 2025, 05:09:09 PM
Hello all,
I need some clarity. In reading the notes from 25.1.6 update it seems to give me the impression that DNSmasq is beginning to take over from Unbound. I run Unbound as my DNS server, and use ISC DHCP for DHCP purposes. If the move is to Kea DHCP does that mean I need to move from Unbound to DNSMasq for DNS purposes? Like I said I am trying to gain some clarity here.
Thanks,
Steve
I need some clarity. In reading the notes from 25.1.6 update it seems to give me the impression that DNSmasq is beginning to take over from Unbound. I run Unbound as my DNS server, and use ISC DHCP for DHCP purposes. If the move is to Kea DHCP does that mean I need to move from Unbound to DNSMasq for DNS purposes? Like I said I am trying to gain some clarity here.
Thanks,
Steve
#7
General Discussion / Caddy on OPNsense
May 05, 2025, 06:35:38 PM
Hello all,
I am trying to allow a personal website out via Caddy as my reverse proxy. With Caddy enabled I am able to connect to the website from my internal PC. If I try to hit on the Internet its not responding. When I look at the Caddy log I only see this:
2025-05-05T12:33:11-04:00 Informational caddy "info","ts":"2025-05-05T16:33:11Z","msg":"serving initial configuration"}
2025-05-05T12:33:11-04:00 Informational caddy "info","ts":"2025-05-05T16:33:11Z","msg":"autosaved config (load with --resume flag)","file":"/var/db/caddy/config/caddy/autosave.json"}
2025-05-05T12:33:11-04:00 Informational caddy "info","ts":"2025-05-05T16:33:11Z","logger":"admin","msg":"admin endpoint started","address":"unix//var/run/caddy/caddy.sock|0220","enforce_origin":false,"origins":["","//127.0.0.1","//::1"]}
I have attached the Caddyfile and JSON. I never see it talk outbound to get a certificate. Not sure what I missed.
Thanks,
Steve
I am trying to allow a personal website out via Caddy as my reverse proxy. With Caddy enabled I am able to connect to the website from my internal PC. If I try to hit on the Internet its not responding. When I look at the Caddy log I only see this:
2025-05-05T12:33:11-04:00 Informational caddy "info","ts":"2025-05-05T16:33:11Z","msg":"serving initial configuration"}
2025-05-05T12:33:11-04:00 Informational caddy "info","ts":"2025-05-05T16:33:11Z","msg":"autosaved config (load with --resume flag)","file":"/var/db/caddy/config/caddy/autosave.json"}
2025-05-05T12:33:11-04:00 Informational caddy "info","ts":"2025-05-05T16:33:11Z","logger":"admin","msg":"admin endpoint started","address":"unix//var/run/caddy/caddy.sock|0220","enforce_origin":false,"origins":["","//127.0.0.1","//::1"]}
I have attached the Caddyfile and JSON. I never see it talk outbound to get a certificate. Not sure what I missed.
Thanks,
Steve
#8
General Discussion / OPNsense - Zabbix Proxy
April 22, 2025, 06:47:15 PM
Hello all,
I installed the 7.2.5 Zabbix proxy and was reading more in the status log on OPNsense. It mentions the following:
Message from net-snmp-5.9.4_6,1:
--
**** This port installs snmpd, header files and libraries but does not
start snmpd by default.
If you want to auto-start snmpd and snmptrapd, add the following to
/etc/rc.conf:
snmpd_enable="YES"
snmpd_flags="-a"
snmpd_conffile="/usr/local/share/snmp/snmpd.conf /etc/snmpd.conf"
snmptrapd_enable="YES"
snmptrapd_flags="-a -p /var/run/snmptrapd.pid"
**** You may also specify the following make variables:
NET_SNMP_SYS_CONTACT="zi@FreeBSD.org"
NET_SNMP_SYS_LOCATION="USA"
DEFAULT_SNMP_VERSION=3
NET_SNMP_MIB_MODULES="host smux mibII/mta_sendmail ucd-snmp/diskio"
NET_SNMP_LOGFILE=/var/log/snmpd.log
NET_SNMP_PERSISTENTDIR=/var/net-snmp
to define default values (or to override the defaults). To avoid being
prompted during the configuration process, you should (minimally) define
the first two variables. (NET_SNMP_SYS_*)
You may also define the following to avoid all interactive configuration:
Does this mean I could use SNMP monitoring for OPNsense and get additional information, like the services that run on top of the firewall? Has anyone used this? Has anyone used Zabbix and defined an updated template to monitor services like DNS, DHCP, and others?
Thanks,
Steve
I installed the 7.2.5 Zabbix proxy and was reading more in the status log on OPNsense. It mentions the following:
Message from net-snmp-5.9.4_6,1:
--
**** This port installs snmpd, header files and libraries but does not
start snmpd by default.
If you want to auto-start snmpd and snmptrapd, add the following to
/etc/rc.conf:
snmpd_enable="YES"
snmpd_flags="-a"
snmpd_conffile="/usr/local/share/snmp/snmpd.conf /etc/snmpd.conf"
snmptrapd_enable="YES"
snmptrapd_flags="-a -p /var/run/snmptrapd.pid"
**** You may also specify the following make variables:
NET_SNMP_SYS_CONTACT="zi@FreeBSD.org"
NET_SNMP_SYS_LOCATION="USA"
DEFAULT_SNMP_VERSION=3
NET_SNMP_MIB_MODULES="host smux mibII/mta_sendmail ucd-snmp/diskio"
NET_SNMP_LOGFILE=/var/log/snmpd.log
NET_SNMP_PERSISTENTDIR=/var/net-snmp
to define default values (or to override the defaults). To avoid being
prompted during the configuration process, you should (minimally) define
the first two variables. (NET_SNMP_SYS_*)
You may also define the following to avoid all interactive configuration:
Does this mean I could use SNMP monitoring for OPNsense and get additional information, like the services that run on top of the firewall? Has anyone used this? Has anyone used Zabbix and defined an updated template to monitor services like DNS, DHCP, and others?
Thanks,
Steve
#9
General Discussion / Connect to OPNsense VM
March 31, 2025, 07:16:26 PM
Hello all,
I have built an OPNsense firewall vm on my Proxmox server. The vm was built using PCI passthrough for the Intel I350 network card. The first port on the Intel card is set with a vlan of 1, for my mgmt network. I connected an ethernet cable to that port and ran it to a USB network adapter on my laptop. I set the adapter on my laptop to vlan 1 and I can ping the new firewall's IP address on the LAN interface. I can also get IP from this firewall via DHCP, however I cannot connect to that IP via the browser on my laptop. Is there a trick to doing this? I would like to be able to configure the firewall vm before going live with it.
Thanks,
Steve
I have built an OPNsense firewall vm on my Proxmox server. The vm was built using PCI passthrough for the Intel I350 network card. The first port on the Intel card is set with a vlan of 1, for my mgmt network. I connected an ethernet cable to that port and ran it to a USB network adapter on my laptop. I set the adapter on my laptop to vlan 1 and I can ping the new firewall's IP address on the LAN interface. I can also get IP from this firewall via DHCP, however I cannot connect to that IP via the browser on my laptop. Is there a trick to doing this? I would like to be able to configure the firewall vm before going live with it.
Thanks,
Steve
#10
25.1, 25.4 Series / Re: Plugins Section
March 07, 2025, 04:31:48 PM
@mimugmail,
Does this mean its being added or has been added? Can I use your two conf files to generate my own plugin?
Thanks,
Steve
Does this mean its being added or has been added? Can I use your two conf files to generate my own plugin?
Thanks,
Steve
#11
25.1, 25.4 Series / Re: Plugins Section
March 07, 2025, 03:30:31 PM
I am not talking about the standard agent. I am talking about the proxy agent. Proxy agent 7.0.9 has limited functionality, when the main Zabbix server is 7.2.x.
#12
25.1, 25.4 Series / Plugins Section
March 06, 2025, 05:22:11 PM
Hello all,
Is it possible to update the plugins section independent of the the main monthly release? I am in need of the updated Zabbix proxy agent, as 7.0.9 does not support Zabbix 7.2.
Thanks,
Steve
Is it possible to update the plugins section independent of the the main monthly release? I am in need of the updated Zabbix proxy agent, as 7.0.9 does not support Zabbix 7.2.
Thanks,
Steve
#13
General Discussion / OPNsense - SNMP
March 01, 2025, 06:07:53 PM
Hi all,
Does OPNsense have SNMP capabilities out of the box or do I need to install the os-net-snmp plugin to get this? I cannot remember.
Thanks,
Steve
Does OPNsense have SNMP capabilities out of the box or do I need to install the os-net-snmp plugin to get this? I cannot remember.
Thanks,
Steve
#14
General Discussion / Can Ping but Cannot Connect via Web
February 25, 2025, 05:21:48 PM
Hello all,
I am building a Proxmox server for a client, with an OPNsense VM. The VM is up and operational on 25.1.1. I have directly connected my laptop to the LAN interface and can ping the IP of the LAN interface. What I cannot do is use a web browser to connect to the GUI. It comes back telling me it took too long to connect. Why would I be seeing this? I am using the Edge browser.
Thanks,
Steve
I am building a Proxmox server for a client, with an OPNsense VM. The VM is up and operational on 25.1.1. I have directly connected my laptop to the LAN interface and can ping the IP of the LAN interface. What I cannot do is use a web browser to connect to the GUI. It comes back telling me it took too long to connect. Why would I be seeing this? I am using the Edge browser.
Thanks,
Steve
#15
General Discussion / OPNsense on Proxmox
February 22, 2025, 08:37:50 PM
Hello all,
I am running my OPNsense firewall as a Proxmox VM. All my internal VLANs are Linux bridge vlans, with my WAN interface being a passthrough device. I am trying to get access to the OPNsense LAN, which is one of three vlans on one physical interface. I have connected my USB to ethernet dongle directly to the NIC with these three vlans and set the vlan on the dongle to vlan 1, which is the OPNsense LAN interface. I cannot ping nor can I gain access to the GUI. Am I doing something wrong? What am I missing?
Thanks,
Steve
I am running my OPNsense firewall as a Proxmox VM. All my internal VLANs are Linux bridge vlans, with my WAN interface being a passthrough device. I am trying to get access to the OPNsense LAN, which is one of three vlans on one physical interface. I have connected my USB to ethernet dongle directly to the NIC with these three vlans and set the vlan on the dongle to vlan 1, which is the OPNsense LAN interface. I cannot ping nor can I gain access to the GUI. Am I doing something wrong? What am I missing?
Thanks,
Steve
