Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - fd0

#1
General Discussion / Re: update/upgrade question
February 24, 2025, 05:04:36 PM
Thanks for the headsup.
Time permitting i will do that

-- fd0

Quote from: Patrick M. Hausen on February 24, 2025, 04:41:47 PMCan depend on the plugins you have installed. Crowdsec infamously caused the reboots to hang during updates, for example. Third party repos are prone to lead to conflicts when updating particular libraries. Apart from that I never had a problem with updates via the UI.

But are you really considering

21.7.8 -> 22.1 -> 22.1.10 -> 22.7 -> 22.7.11 -> 23.1 -> 23.1.11 -> 23.7 -> 23.7.12 -> 24.1 -> 24.1.10 -> 24.7 -> 24.7.12 -> 25.1 -> 25.1.1?

That's 14 updates to come to a supported version again. I would seriously consider a clean reinstall with ZFS instead.

Kind regards,
Patrick
#2
General Discussion / Re: update/upgrade question
February 24, 2025, 04:29:49 PM
Upgrade to next version, 21.7.8, was successful.

QuoteOPNsense 21.7 "Noble Nightingale" has reached its end of life. As such it will not receive any more updates, but the upgrade to the new 22.1 series is seamless and can be performed right here from the web GUI.

How seamless is this upgrade?
f/w is still running on ufs


cheers..


#3
General Discussion / Re: update/upgrade question
February 18, 2025, 06:38:08 PM
That was a typo, my err
will try

Quote from: Patrick M. Hausen on February 18, 2025, 06:33:56 PMYou are running 21.7, not 17.1.

Reset the mirror to the default and try again.
#4
General Discussion / update/upgrade question
February 18, 2025, 05:53:10 PM
From the status page I get the following:

I know it is an old version, 17.1, but I like to start the upgrade process.
Is that possible as such, or do i need a complete reinstall?

Thank you

fd0


***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 21.7 (amd64/OpenSSL) at Tue Feb 18 17:36:01 CET 2025
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
pkg: http://mirror.wjcomms.co.uk/opnsense/FreeBSD:12:amd64/21.7/latest/meta.txz: No route to host
repository OPNsense has no meta file, using default settings
pkg: http://mirror.wjcomms.co.uk/opnsense/FreeBSD:12:amd64/21.7/latest/packagesite.txz: No route to host
Unable to update repository OPNsense
Error updating repositories!
pkg: Repository OPNsense cannot be opened. 'pkg update' required
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***
#5
I like to eliminate as many devices as possible between WAN side and (OPNsense) f/w
#6
I currently own a Nokia XS-010X-Q, see https://www.ebay.com/itm/364840903234 to connect my Delta fiberoptics WAN to my LAN. The XS-010X-Q is connected via utp to my OPNsense f/w

I am considering purchasing an OPNsense device as f/w.
Does anyone here have any experience connecting the fiberoptic directly into any of the OPNsense firewall devices. If so, what SFP+ module is required to do so?

Thanks

fd0
#7
Quote from: fd0 on October 20, 2023, 10:00:38 PM
Quote from: fd0 on October 05, 2023, 11:53:07 AM
Quote from: Maurice on October 05, 2023, 11:15:21 AM
You create a firewall rule on the LAN interface which matches the source address and sets the gateway.

Cheers
Maurice

tnx
works like a charm ;D

It worked like a charm for like 2 weeks, until today
Something has changed since the traffic from one specific device, the Ziggo box, that should go to the Ziggo internet interface, seems to not work anymnore.

How can i check the route of packets from that ip address through the firewall which gateway is chosen?

tnx

Things seem even funnier/worse  >:(

After changing default gateway to the (Ziggo) gateway all was working well.
Changing back to yesterday's status things continue to work properly.
I wonder if I will be in the same position in some 2-3 weeks time and things don't work again.

I like things to be deterministic and this just isn't


--
fd0
#8
Quote from: fd0 on October 05, 2023, 11:53:07 AM
Quote from: Maurice on October 05, 2023, 11:15:21 AM
You create a firewall rule on the LAN interface which matches the source address and sets the gateway.

Cheers
Maurice

tnx
works like a charm ;D

It worked like a charm for like 2 weeks, until today
Something has changed since the traffic from one specific device, the Ziggo box, that should go to the Ziggo internet interface, seems to not work anymnore.

How can i check the route of packets from that ip address through the firewall which gateway is chosen?

tnx
#9
Quote from: Maurice on October 05, 2023, 11:15:21 AM
You create a firewall rule on the LAN interface which matches the source address and sets the gateway.

Cheers
Maurice

tnx
works like a charm ;D
#10
Hi

I am looking for a way to get all traffic from one specific internal ip address routed through a specific gateway/wan.
Is such a functionality available? If so, how would i do that?

thank you
#11
Great HowTo

-fd0
#12
20.7 Legacy Series / Install and upgrade question
November 10, 2020, 10:48:18 PM
Experts,

I installed the download image for serial console amd64, which went perfectly fine.
I configured LAN interface to have a connection to the outside world with no issues so far.
Then I upgraded using the GUI, and now I am stuck...

root@OPNsense:/usr/local/opnsense/scripts/firmware # tail -30 /tmp/pkg_upgrade.progress
[43/54] Extracting php73-curl-7.3.23: ....... done
[44/54] Upgrading php73-ctype from 7.3.20 to 7.3.23...
[44/54] Extracting php73-ctype-7.3.23: ....... done
[45/54] Upgrading opnsense-update from 20.7 to 20.7.4...
[45/54] Extracting opnsense-update-20.7.4: .......... done
[46/54] Reinstalling ntp-4.2.8p15...
[46/54] Extracting ntp-4.2.8p15: .......... done
[47/54] Upgrading mpd5 from 5.8_10 to 5.9...
[47/54] Extracting mpd5-5.9: ......... done
[48/54] Upgrading isc-dhcp44-server from 4.4.2 to 4.4.2_1...
===> Creating groups.
Using existing group 'dhcpd'.
===> Creating users
Using existing user 'dhcpd'.
[48/54] Extracting isc-dhcp44-server-4.4.2_1: .......... done
[49/54] Upgrading isc-dhcp44-relay from 4.4.2 to 4.4.2_1...
[49/54] Extracting isc-dhcp44-relay-4.4.2_1: ....... done
[50/54] Upgrading json-c from 0.14 to 0.15_1...
[50/54] Extracting json-c-0.15_1: .......... done
[51/54] Deinstalling syslog-ng327-3.27.1_1...
You may need to manually remove /usr/local/etc/syslog-ng.conf if it is no longer needed.
[51/54] Deleting files for syslog-ng327-3.27.1_1: .......... done
[52/54] Installing syslog-ng329-3.29.1_2...
[52/54] Extracting syslog-ng329-3.29.1_2: .......... done
[53/54] Upgrading os-dyndns from 1.22 to 1.23...
[53/54] Extracting os-dyndns-1.23: .......... done
Stopping configd...done
Starting configd.
Reloading plugin configuration
Configuring system logging...done.
root@OPNsense:/usr/local/opnsense/scripts/firmware #


The next stel, according to the script, would be to restart the WebGUI, but that doesn't happen, as one can see in the log. The upgrade has come to a grinding halt, while the last modification date of the file that contains the upgrade log is changing every minute

Help is appreciated
#13
is there a short description how to use the standard freebsd ports/pkgs on opnsense?

tnx


Never mind, i found it
#14
experts,

is dnsdist, a dns loadbalancer available at https://dnsdist.org, going to be added to OPNsense in the forseeable future?
Or has someone already made it working?

I like to run dnsdist as my local dns 'resolver' on my OPNsense device and balance the requests over DoT to a few unbound resolvers under my control. This way availability  and security increase and my local ISPs can't peek into traffic.

Thanks