Messages

I also have a LAGG interface on my machine and Zenarmor also crashes OPNsense randomly, if I go into Zenarmor dashboard.

If you're using Quad9, their main benefit is that they fully support DNS over TLS to give you encrypted DNS and also take advantage of their malware blocking. By default, just specifying their DNS server in general settings will not use any of this benefit.

Thank you, Worked like a charm.

I've tried to make a Port forward rule (see attached screenshot), but I'm not sure I'm doing it right.

It doesn't make a difference on my phone, the lan ip is still shown.

Change the destination to any

Firewall: NAT: Port Forward, Create new rule
Interface: Home (assume your wireless access point is in Home interface)
TCP/IP Version: IPv4
Protocol: UDP
Destination: any
Destination port range: DNS to DNS
Redirect target IP: 127.0.0.1
Redirect target port: 53

If that still doesn't work, your phone is probably using DNS over TLS or DNS over HTTP.
Which cannot be redirected.

Didn't work, must be something phone specific as you say.
Thank you for trying to help.

I've tried to make a Port forward rule (see attached screenshot), but I'm not sure I'm doing it right.

It doesn't make a difference on my phone, the lan ip is still shown.

2 options:

1) use Dnsmasq instead of unbound
2) unbound dns > query forwarding > check "use system nameservers"

Option 2 worked, but now I'm leaking my internal ip adresse in the WebRTC detection.

EDIT: Seems to only be on my android phone, so maybe not an OPNsense issue.

Hello everyone,

When I go to ipleak.net or similar site, it is always my ISP's DNS server that is shown, even though I have specified Quad9 (9.9.9.9) under system -> settings -> general. (see attached screenshot)

How do I get OPNsense to use 9.9.9.9?

ping google.com works?

What is in WAN? Connection up and running?

All works now.

Somehow I missed that my pc was connecting through an old network configuration that was not setup as automatic.  ::)

Also I have no internet on my laptop when connected directly to the LAN port on the DEC2750

But apparently you reach the GUI, so that should be your LAN port. Firewall rule for LAN in place? DNS working?

As far as I can see the automated rules are there for the LAN and I have put 8.8.8.8 as the DNS under general system settings.
Any idea as to where I should look next?

Hello REH,

maybe you had a business license for OPNsense according to the log (.../FILL-IN-YOUR-LICENSE-HERE/...).

Look into System -> Firmware -> Settings -> Type.

When you have the selection "Business", try to change that to "Community".
Then press "Save" and try to update.


Regards

Thomas

Thank you Thomas! You where correct, needed to change to Community. Tried my old license code, but i guess it was expired.

Hello everyone,

A few years ago I bough a DEC2750 from OPNsense, that I recently got to hook up to my homelab. I have reset the box to factory settings and can ping 8.8.8.8 from opnsense, but when I try to update the system I get the bellow message. Also I have no internet on my laptop when connected directly to the LAN port on the DEC2750

How can I get it to update?

Code Select Expand

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 21.7.1 (amd64/OpenSSL) at Tue Feb  7 13:37:26 UTC 2023
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
pkg: https://opnsense-update.deciso.com/FILL-IN-YOUR-LICENSE-HERE/FreeBSD:12:amd64/21.7/latest/meta.txz: Forbidden
repository OPNsense has no meta file, using default settings
pkg: https://opnsense-update.deciso.com/FILL-IN-YOUR-LICENSE-HERE/FreeBSD:12:amd64/21.7/latest/packagesite.txz: Forbidden
Unable to update repository OPNsense
Error updating repositories!
pkg: Repository OPNsense cannot be opened. 'pkg update' required
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***

Rune

Im no expert but from the screenshot memory ballooning might be being used? If that is the case then this behaviour is expected. I use OpnSense on unraid and the same thing happens for me.

That was it! With it turned off, the usage is down to 250mb.

Also as an aside just as another tip, for me to get best performance I had to use machine type i440fx (im using version 4.2) and Seabios so that I could pass the virtio network drivers. These nics provide the best performance in a VM, unless of course you are using pci passthrough on the nics which would be fine also.

Pete

Thanks for the tips, but I'm using an Intel NIC PCI card where i pass the ports through.

Can you share what services and plugins you have configured on the firewall itself.

Proxy, IDS etc. can lead to high memory consumption. Maybe this is a starting point to find what service is consuming all the memory.

You can use default tools like free and top to see what service is using all the memory.

As i stated in my first post it is a fresh install.
So I haven't touched any services or plugins yet.

Decidedly odd.
I just setup a new VM on my Proxmox cluster and with 8 GB RAM, OPNsense (20.1) showed only a usage of a bit under 300M.

Great! That probably means it was just me who did something silly in the creation of my VM.  ::)  :D

Can you share more information on the setup of the VM?

Hope the attached screenshots can answer your question, otherwise ask away!  :)

Where did you take the information from? About the RAM usage, I mean? From the VM status in Proxmox?

No, unfortunately it is the reading from the OPNsense dashboard.

Hello everyone!

I've recently got myself a Proxmox server and thought I would give OPNsense a go, but I'm wondering if there is a setting I'm missing somewhere in my install, because no matter how much RAM i throw at the OPNsense VM it always seems to use 85+% of RAM given. Is this normal on a fresh install of OPNsense?