Messages

Thank you all for your replies.  Currently on 25.1.11 to see how things go.

Also updated my config to use more than one dns service.  Added Quad9 to my list.

Are you using cloudflare DNS?  I had the same issue and it turns out cloudflare had an outage.

Thank you for your post.  I am using Cloudfare over TLS; but, it doesn't explain why it works with 25.1.9_2 and not 25.1.10.

Been on 25.1.10 since release day with no issues.  Today, around 4:30-5PM ET, my internet connection just stopped working.  None of my devices (laptops, iPads, iPhones) could reach the outside internet.  I could reach internal devices (OPNSense dashboard, internal NAT) but nothing external.  Luckily, I did a snapshot of 25.1.9_2 before upgrading (HIGHLY RECOMMENDED, Y'ALL) so I reverted back to that snapshot.  Everything works fine.  Tell OPNSense to reuse the current snapshot and again no external internet. 

Now running 25.1.9_2 as this is my production box.  Just wondering if anyone else experienced the same thing today.  Thanks.

Before 25.1 we disabled the message, now it's back to standard rate-limit printing of FreeBSD.

Your packets are coming in too fast and the kernel/your system does not cope with sending them out in time.


Cheers,
Franco

Time to upgrade my router hardware, then? :)

Good afternoon all.  I've noticed after upgrading to 25.1.2 (and subsequently 25.1.3), I'm getting a number of messages about "netmap_transmit" (copy/paste from console picture).  Can anyone tell me what's going on and possibly what may be causing it? Also could use some guidance on how to fix. Thanks in advance.

790.234434 [4335] netmap_transmit
rel full hucur 200 hutail 200 qlen 1
790.234478 [4335] netmap_transmit
023

792.771969 [4335] netmap_transmit
rel full hucur 200 hutail 200 qlen 1
rel full hucur 807 hutail 724 qlen 8
792.772013 [4335] netmap_transmit
reb full hucur 807 hutail 724 qlen 8
800.253959 [4335] netmap_transmit
rel full hucur 559 hutail 629 qlen 9
800.253997 [4335] netmap_transmit
53
rel full hucur 559 hutail 629 qlen 9
804.181786 [4335] netnap_transmit
rel full hucur 657 hutail 428 qlen 2
804. 181823
28
[4335] netmap_transmit
rel full hucur 657 hutail 428 qlen 2
810.599802
[4335] netmap_transmit
rel full hucur 199 hutail 201 qlen 1
021
810.599845 [4335] netmap_transmit
rel full hucur 199 hutail 201 qlen 1
021

811.517804 [4335] netmap_transmit
811.517848 [4335] netmap_transmit
rel full hucur 79 hutail 82 qlen 102
rel full hucur 79 hutail 82 qlen 102
815.435800 [4335] netmap_transmit
rel full hucur 464 hutail 464 qlen 1
023
815.435828
023
red full hucur 464 hutail 464 qlen 1

Hello

I have a functionnal wireguard setting. I can ping everything over ipv4 (LAN or WAN)
But no access to ipv6 ping.

on server peers allowed IP: 0.0.0.0./0,::/64
on client : ::/0

Thanks for help

Hey @stanthewizard.

Would you be willing to share your IPV6 config (minus any private details)?  I'm trying to get WG to work for IPV6.  Thanks.

WAN Interface Configuration

WAN Firewall Rule

Wireguard Firewall Rule

Wireguard Instance Screenshot

Good day everyone.  I am successfully running Wireguard on my OPNSense installation.  I am wondering why I didn't use it sooner...fast connection, stays on even when my mobile devices lock, and I can access my home network.  It is an awesome solution.

I noticed that I can use my Wireguard VPN whenever I'm connected to a WiFi network.  However, it doesn't work on cellular.  Doing some research, I believe it's because cellular connections use IPV6.  (Please let me know if I am correct or not.)

So, looking at my config, I have some idea as to my next steps but could use some confirmation.  I am attaching screenshots on my current configuration.

Here's what I'm thinking:

• All of my Firewall rules only point to IPV4. I'm assuming I need to switch these rules to use both IPV4+IPV6.
• Do I need to modify my gateway interfaces settings?
• Currently, my DDNS settings are passing arguments for IPV4.  I'm assuming I'll need to have my DDNS pass an IPV6 address.  Is that correct?
• What changes do I need to do for my peers to use IPV6?

Thank you in advance.

Screenshot 1 - Wireguard Interface settings

Good day all.

I recently acquired a new UPS from Amazon and I was successful in setting up NUT via USB.  However, I noticed in the NUT account configuration, there are prompts for the Admin and Monitor password.  Are those passwords just for NUT to access the configuration items in the UPS?  I'm assuming that if a PW is not required we don't have to fill in those fields in the NUT configuration.

Thanks for your help.  :)

To make matters better using unforeseen directions we're likely going to add DHCP to Dnsmasq instead. To do this we will first move Dnsmasq to a MVC/API implementation for 25.1.

https://github.com/opnsense/core/issues/7905

I'm sorry to say that in this case the plan changed, in part due to Kea not delivering on its promise as much as it delivered on making DHCPD EoL a long time ago already.


Cheers,
Franco

Does that mean KEA DHCP will be deprecated in a future release of OPNSense?  Or just for IPv6?  Or not at all? I may be reading this wrong and wanted to make sure.

Hey schnipp.  Thanks for the reply.

I only have one roadwarrior definition setup in OpnSense following the guides from a few years ago when I set it up.  Being I'm new to IPSEC and strongswan, I couldn't tell you what the message means.  That's why I was wondering if my IPSEC definitions need to be updated based on the updated guide; or, to go the Wireguard route just for the Linux machine.

Good morning meyergru.

Last night, I downgraded back to 23.7.12_5 (tried to revert to 24.1.2 but it was a disaster) via a fresh install (thankfully, I keep point-in-time backups before major upgrades).  Even that didn't seem to work for the affected devices.

So, I'm thinking now that it's a device problem and I'm reaching out to the manufacturer to see if they pushed anything recently that could have affected their devices.

Thank you for all of your guidance on this issue.  I'll mark this thread as "Solved" since it's more of a device problem than it is an OPNSense problem.