Messages

This is one of the reasons why it is generally recommended not to mix tagged and untagged traffic on a single interface.

Thanks for your answer! But when tagged traffic on the LAN interface is still counted towards the statistics, doing that (not mixing tagged/untagged) would make no difference in the statistics (for the fact that all tagged traffic is still crossing the interface)?

So when there's 100% tagged traffic and 0% untagged traffic on the LAN interface it would still report (excluding WAN) a total of 50% LAN traffic and 50% made up of all the VLANs over the LAN interface (which is basically what happens in my case)

My network is separated in severval VLANs on my vtnet1 (LAN) interface (almost no traffic goes from/to the LAN IP/subnet directly).

When looking at the interface statistics it seems that all traffic is  reported for the LAN + all VLAN interfaces, with the LAN interface seemingly the total of all VLAN traffic. This seems somewhat logical because obviously all VLAN traffic passes the LAN interface with a VLAN tag. But is this expected behavior? I presumed maybe LAN traffic would account only for the non-tagged traffic?

The unifi keystore is updated via acme.sh. Seeh https://github.com/acmesh-official/acme.sh/blob/master/deploy/unifi.sh (around line 120-123. The problem is that a new keystore is made by the user running the command (being root).


What could help is to change this line: https://github.com/opnsense/plugins/blob/80c2623bd581f4586b09eb54ae30b2e0965cf60c/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeAutomation/AcmeUnifi.php#L42

`$this->acme_env['DEPLOY_UNIFI_RELOAD'] = 'service unifi restart';` into something like `$this->acme_env['DEPLOY_UNIFI_RELOAD'] = 'chown unifi:wheel ' + (string)$this->config->acme_unifi_keystore + '; service unifi restart'

I've submitted a bug report and a suggested fix here: https://github.com/opnsense/plugins/issues/4417

I've got a similar issue with unbound not restarting and also running an OpenVPN server (where Unbound is set to listen to the LAN + OpenVPN interface). Were you able to solve this?

After looking through some code I found there's an undocumented command "/wireguard/service/reconfigure". Upon executing that command it does the trick.

Hi,

I'm using the API to change wireguard settings (/server/toggleserver). This is reflected fine in the GUI, but it's not effective until I hit "save" in the GUI. I can't get it to directly "activate" using API commands. I've tried /general/set and it gives back {"result":"saved"} but it still doesn't work until I manually hit "Save" in the GUI on wireguard settings.

Any tips?

Thanks for these steps. They didn't work for me from the start, but when I changed Allowed IPs to "1.2.3.4/32,0.0.0.0/0" it worked (note the /0 with 0.0.0.0!)