Messages

I've tried putting that in the tunables but it still goes through and says that the interface is disabled due to unsupported sftp module.  Evidently between 22.7 and the 21 series the Intel driver has changed and intel is now disabling the interface if it's not a supported sftp+. 
https://serveradminz.com/blog/unsupported-sfp-linux/

Here's where I was finding information on what to do to fix the issue but I've yet to get it to work with opnsense.

We were running 21 series with no issues but after upgrading to 22.7 we are receiving an error on one of the 10gb sfp+ ports saying that the interface is disabled due to unsupported sfp.  It looks like this is due to intel restricting the sfps with their driver.  I have found you can override it by adding and ixgbe.allow_unsupported_sfp=1 but the system tunables doesn't support this one.  Any suggestions for making this work?

Thanks,
Andy

We ran into a problem where on one of our interfaces last week the dhcp server was giving out the wrong dns servers.  We looked in the web interface and saved them again to what they should be, we stopped and restarted dhcp, then did a release/renew on a machine in that scope, again we got the wrong dns numbers from the server.  I downloaded the config, opened it in notepad++ and in the scope designation for that interface sure enough the dns numbers were wrong, not what was showing in the web interface.  I edited the config file, uploaded it and let it restore/reboot.  Everything worked past that point.  My question is do you have any idea why what the web interface was showing didn't match the config and what can we do to hopefully prevent that from happening again?

Andy

Got it, thanks!!!!

Is there a way to do data encapsulation so that we can do option 125?  Our phone vendor requires it in order for the phones to boot properly.

Thanks,
Andy

This is basically the same problem that I am experiencing.  What is strange in my case is ipsec works fine to other non-opnsense firewalls, but not to opnsense.  Although it is possible it's related to just one side of the vpn, both are running the same version of opnsense.

The master site I have has several vpn connections, all work flawless thus far except the one to another opnsense 19.7.2 remote.  The connect between them had been up several days until this morning and it went down.  I've restarted both units and still no connection.  Phase 1 appears to come up but phase 2 never seems to connect from what I see.  Below I have posted the log from the remote site to see if anyone has any suggestions.

Aug 12 15:31:36   charon: 14[CFG] ignoring acquire, connection attempt pending
Aug 12 15:31:36   charon: 11[KNL] creating acquire job for policy 50.202.0.0/32 === 173.160.0.0/32 with reqid {1}
Aug 12 15:31:36   charon: 11[KNL] SADB_EXT_PROPOSAL
Aug 12 15:31:36   charon: 11[KNL] SADB_X_EXT_POLICY
Aug 12 15:31:36   charon: 11[KNL] SADB_EXT_ADDRESS_DST
Aug 12 15:31:36   charon: 11[KNL] SADB_EXT_ADDRESS_SRC
Aug 12 15:31:36   charon: 11[KNL] received an SADB_ACQUIRE
Aug 12 15:31:31   charon: 11[MGR] <con1|1> checkin of IKE_SA successful
Aug 12 15:31:31   charon: 03[NET] sending packet: from 50.202.0.0[500] to 173.160.0.0[500]
Aug 12 15:31:31   charon: 11[MGR] <con1|1> checkin IKE_SA con1[1]
Aug 12 15:31:31   charon: 11[NET] <con1|1> sending packet: from 50.202.0.0[500] to 173.160.0.0[500] (176 bytes)
Aug 12 15:31:31   charon: 11[IKE] <con1|1> sending retransmit 3 of request message ID 0, seq 1
Aug 12 15:31:31   charon: 11[MGR] IKE_SA con1[1] successfully checked out
Aug 12 15:31:31   charon: 11[MGR] checkout IKEv1 SA with SPIs 741bd97ad3a7391b_i 0000000000000000_r
Aug 12 15:31:26   charon: 11[CFG] ignoring acquire, connection attempt pending
Aug 12 15:31:26   charon: 14[KNL] creating acquire job for policy 50.202.0.0/32 === 173.160.0.0/32 with reqid {1}
Aug 12 15:31:26   charon: 14[KNL] SADB_EXT_PROPOSAL
Aug 12 15:31:26   charon: 14[KNL] SADB_X_EXT_POLICY
Aug 12 15:31:26   charon: 14[KNL] SADB_EXT_ADDRESS_DST
Aug 12 15:31:26   charon: 14[KNL] SADB_EXT_ADDRESS_SRC
Aug 12 15:31:26   charon: 14[KNL] received an SADB_ACQUIRE
Aug 12 15:31:18   charon: 14[MGR] <con1|1> checkin of IKE_SA successful
Aug 12 15:31:18   charon: 03[NET] sending packet: from 50.202.0.0[500] to 173.160.0.0[500]
Aug 12 15:31:18   charon: 14[MGR] <con1|1> checkin IKE_SA con1[1]
Aug 12 15:31:18   charon: 14[NET] <con1|1> sending packet: from 50.202.0.0[500] to 173.160.0.0[500] (176 bytes)
Aug 12 15:31:18   charon: 14[IKE] <con1|1> sending retransmit 2 of request message ID 0, seq 1
Aug 12 15:31:18   charon: 14[MGR] IKE_SA con1[1] successfully checked out
Aug 12 15:31:18   charon: 14[MGR] checkout IKEv1 SA with SPIs 741bd97ad3a7391b_i 0000000000000000_r
Aug 12 15:31:11   charon: 14[MGR] <con1|1> checkin of IKE_SA successful
Aug 12 15:31:11   charon: 03[NET] sending packet: from 50.202.0.0[500] to 173.160.0.0[500]
Aug 12 15:31:11   charon: 14[MGR] <con1|1> checkin IKE_SA con1[1]
Aug 12 15:31:11   charon: 14[NET] <con1|1> sending packet: from 50.202.0.0[500] to 173.160.0.0[500] (176 bytes)
Aug 12 15:31:11   charon: 14[IKE] <con1|1> sending retransmit 1 of request message ID 0, seq 1
Aug 12 15:31:11   charon: 14[MGR] IKE_SA con1[1] successfully checked out
Aug 12 15:31:11   charon: 14[MGR] checkout IKEv1 SA with SPIs 741bd97ad3a7391b_i 0000000000000000_r
Aug 12 15:31:07   charon: 03[NET] sending packet: from 50.202.0.0[500] to 173.160.0.0[500]
Aug 12 15:31:07   charon: 14[ENC] <con1|1> 144: 07 03 58 45 5C 57 28 F2 0E 95 45 2F 00 00 00 14 ..XE\W(...E/....
Aug 12 15:31:07   charon: 14[ENC] <con1|1> 128: 00 D6 C2 D3 80 00 00 00 0D 00 00 14 4A 13 1C 81 ............J...
Aug 12 15:31:07   charon: 14[ENC] <con1|1> 96: AF CA D7 13 68 A1 F1 C9 6B 86 96 FC 77 57 01 00 ....h...k...wW..
Aug 12 15:31:07   charon: 14[ENC] <con1|1> 32: 00 00 00 01 00 00 00 01 00 00 00 28 00 01 00 01 ...........(....
Aug 12 15:31:07   charon: 14[ENC] <con1|1> 16: EC 42 7B 1F .B{.
Aug 12 15:31:07   charon: 14[ENC] <con1|1> 0: 00 00 00 14 90 CB 80 91 3E BB 69 6E 08 63 81 B5 ........>.in.c..
Aug 12 15:31:07   charon: 14[ENC] <con1|1> generated data for this payload => 20 bytes @ 0x00000303de24609c
Aug 12 15:31:07   charon: 14[ENC] <con1|1> generating VENDOR_ID_V1 payload finished
Aug 12 15:31:07   charon: 14[ENC] <con1|1> 0: 90 CB 80 91 3E BB 69 6E 08 63 81 B5 EC 42 7B 1F ....>.in.c...B{.
Aug 12 15:31:07   charon: 14[ENC] <con1|1> => 16 bytes @ 0x00000303de20d030
Aug 12 15:31:07   charon: 14[ENC] <con1|1> generating rule 10 CHUNK_DATA
Aug 12 15:31:07   charon: 14[ENC] <con1|1> 0: 00 14 ..
Aug 12 15:31:07   charon: 14[ENC] <con1|1> => 2 bytes @ 0x00000303dcfa5bf2
Aug 12 15:31:07   charon: 14[ENC] <con1|1> generating rule 9 PAYLOAD_LENGTH

Awesome, thank you!

So I have opnsense installed on the netgate SG-8860 hardware and working.  I would like to get the usb console working however.  I have enabled it in the web interface and I get initial boot via the console, however once opnsense starts to load the console output stops.   I edited the loader as per one of the other forum posts to initially install and after the install I edited the loader again and got most of the boot output.

ee loader.conf.local
#an put the required lines in (some special properties for the netgate usb-serial interface)
hint.uart.0.flags=0x0
hint.uart.1.flags=0x10
comconsole_speed="115200"
comconsole_port="0x2F8"
console="comconsole"
kern.cam.boot_delay="10000"

This is what I did, however at some point opnsense is overwriting the boot loader file each time.  Is there some way I can add these so that they don't get overwritten and allow the console to work?

Thanks,

Andy