Messages

Thank you.

Not out of space:

Code Select Expand

erik@firewall:~ % df -h
Filesystem                   Size    Used   Avail Capacity  Mounted on
zroot/ROOT/default           222G    1.7G    221G     1%    /
devfs                        1.0K      0B    1.0K     0%    /dev
/dev/gpt/efiboot0            260M    1.8M    258M     1%    /boot/efi
zroot/tmp                    221G    1.1M    221G     0%    /tmp
zroot/var/log                221G    458M    221G     0%    /var/log
zroot                        221G     96K    221G     0%    /zroot
zroot/var/audit              221G     96K    221G     0%    /var/audit
zroot/var/crash              221G     96K    221G     0%    /var/crash
zroot/usr/src                221G     96K    221G     0%    /usr/src
zroot/usr/ports              221G     96K    221G     0%    /usr/ports
zroot/var/tmp                221G     96K    221G     0%    /var/tmp
zroot/var/mail               221G     96K    221G     0%    /var/mail
zroot/usr/home               221G     96K    221G     0%    /usr/home
devfs                        1.0K      0B    1.0K     0%    /var/dhcpd/dev
devfs                        1.0K      0B    1.0K     0%    /var/unbound/dev
/usr/local/lib/python3.11    222G    1.7G    221G     1%    /var/unbound/usr/local/lib/python3.11
/lib                         222G    1.7G    221G     1%    /var/unbound/lib
erik@firewall:~ %

Crowdsec not running:

Code Select Expand

erik@firewall:~ % sudo ps -ef | grep -i crowdsec
erik@firewall:~ %
erik@firewall:~ % sudo killall crowdsec
No matching processes were found
erik@firewall:~ %

Widgets on dashboard fail to load.

Unusually high load averages:

Code Select Expand

root@firewall:/home/erik # uptime
 8:36PM  up 22 days, 14:27, 1 user, load averages: 11.89, 25.26, 15.59
root@firewall:/home/erik #

CPU usage:

Code Select Expand

root@firewall:/home/erik # ps aux -r
USER      PID  %CPU %MEM    VSZ    RSS TT  STAT STARTED         TIME COMMAND
root       11 651.3  0.0      0    128  -  RNL  14Mar25 225763:10.86 [idle]
root    44878 100.0  0.1  21772   9780  -  R    14Mar25  32526:19.36 /usr/local/bin/python3 /usr/local/opnsense/scripts/openvpn/ovp
root    17237   0.4  0.4  57692  31648  -  S    14Mar25      0:01.17 /usr/local/bin/php-cgi
root      259   0.3  2.7 837072 220640  -  S    14Mar25      9:29.30 /usr/local/bin/python3 /usr/local/opnsense/service/configd.py
root    79191   0.3  0.1  21772   9828  -  D    20:44        0:00.03 /usr/local/bin/python3 /usr/local/opnsense/scripts/system/sysc
root        9   0.2  0.0      0     48  -  DL   14Mar25      2:44.48 [pagedaemon]
root    76323   0.2  0.1  21772   9812  -  D    20:44        0:00.03 /usr/local/bin/python3 /usr/local/opnsense/scripts/system/sysc
root    77412   0.2  0.1  21772   9816  -  D    20:44        0:00.02 /usr/local/bin/python3 /usr/local/opnsense/scripts/system/sysc
root    78042   0.2  0.1  21772   9816  -  D    20:44        0:00.03 /usr/local/bin/python3 /usr/local/opnsense/scripts/system/sysc
root        2   0.1  0.0      0    128  -  WL   14Mar25    310:52.87 [clock]
root    26694   0.1  0.4  57692  31896  -  S    14Mar25      0:01.32 /usr/local/bin/php-cgi
root    27124   0.1  0.4  57756  32544  -  S    Sun22        0:01.45 /usr/local/bin/php-cgi
root    74083   0.1  0.1  21772   9820  -  D    20:44        0:00.03 /usr/local/bin/python3 /usr/local/opnsense/scripts/routes/show
root    75308   0.1  0.1  21772   9816  -  D    20:44        0:00.03 /usr/local/bin/python3 /usr/local/opnsense/scripts/system/sysc
root    75841   0.1  0.1  21772   9820  -  D    20:44        0:00.03 /usr/local/bin/python3 /usr/local/opnsense/scripts/routes/show
root        0   0.0  0.0      0   2144  -  DLs  14Mar25     99:58.95 [kernel]

Kind regards.

Good afternoon,

I tried to update from 25.1.3 to 25.1.4 but the update stall after"[6/48] Extracting py311-attrs-25.3.0:".

What is the best option? I'm a bit reluctant to reboot.

Kind regards.

Might I ask how you reset the netflow data?

EDIT: Sorry. Search first, than ask. Sorry.

Reporting --> Settings --> Reset Netflow Data.

Hi,

Has anyone experienced errors while installing the os-nut plugin on opnsense 20.1? Apparently the installer can not find the directory /usr/local/etc/syslog.d/nut.

Code Select Expand

***GOT REQUEST TO INSTALL: os-nut***
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
The following 4 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
os-nut: 1.7
nut: 2.7.4_13
neon: 0.30.2_4
net-snmp: 5.7.3_20,1

Number of packages to be installed: 4

The process will require 18 MiB more space.
3 MiB to be downloaded.
[1/4] Fetching os-nut-1.7.txz: . done
[2/4] Fetching nut-2.7.4_13.txz: .......... done
[3/4] Fetching neon-0.30.2_4.txz: .......... done
[4/4] Fetching net-snmp-5.7.3_20,1.txz: .......... done
Checking integrity... done (0 conflicting)
[1/4] Installing neon-0.30.2_4...
[1/4] Extracting neon-0.30.2_4: .......... done
[2/4] Installing net-snmp-5.7.3_20,1...
[2/4] Extracting net-snmp-5.7.3_20,1: .......... done
[3/4] Installing nut-2.7.4_13...
[b][3/4] Extracting nut-2.7.4_13: .......... done
cp: /usr/local/etc/syslog.d/nut: No such file or directory
pkg: POST-INSTALL script failed[/b]
[4/4] Installing os-nut-1.7...
[4/4] Extracting os-nut-1.7: .......... done
Stopping configd...done
Starting configd.
Migrated OPNsense\Nut\Nut from 0.0.0 to 1.0.3
Reloading plugin configuration
Configuring system logging...done.
Reloading template OPNsense/Nut: OK
=====
Message from net-snmp-5.7.3_20,1:

--
**** This port installs snmpd, header files and libraries but does not
     start snmpd by default.
     If you want to auto-start snmpd and snmptrapd:, add the following to
     /etc/rc.conf:

snmpd_enable="YES"
snmpd_flags="-a"
snmpd_conffile="/usr/local/share/snmp/snmpd.conf /etc/snmpd.conf"
snmptrapd_enable="YES"
snmptrapd_flags="-a -p /var/run/snmptrapd.pid"

**** You may also specify the following make variables:

NET_SNMP_SYS_CONTACT="zi@FreeBSD.org"
NET_SNMP_SYS_LOCATION="USA"
DEFAULT_SNMP_VERSION=3
NET_SNMP_MIB_MODULES="host smux mibII/mta_sendmail ucd-snmp/diskio"
NET_SNMP_LOGFILE=/var/log/snmpd.log
NET_SNMP_PERSISTENTDIR=/var/net-snmp

     to define default values (or to override the defaults).  To avoid being
     prompted during the configuration process, you should (minimally) define
     the first two variables. (NET_SNMP_SYS_*)

     You may also define the following to avoid all interactive configuration:

BATCH="yes"
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***

Thanks,

Erik

Can relaying be the solution for your problem?

Erik

I'm in the same boat  8)

I'm planning to move from pfSense on old 32bits Deciso hardware to the DEC2640 hardware with opnsense installed on it.

From what I understood the pfsense xml configuration file differs from the opnsense xml configuration file. So exporting the xml config from pfSense and import it to opnsense will not work or at least will give unwanted results.

Even granular import of the pfsense xml configuration file into pfsense seems a bit risky to me.

I think I will do it manually. That is, my old firewall keeps on running until the new is fully configured. After that I make the switch by shutting down the old firewall and change the new firewall's LAN ip address to the IP address of my old firewall.

I'm also trying the Virtualbox solution as you suggested. But I'm having trouble getting the WAN interface running with the same configuration as on my pfSense box.

At least in this way I know what happens.

Erik

I'm so sorry, the answer was already in my first post.  :-[

In Services: Monit: Settings: AlertSettings [recipient] -> Mail format I filled in the following

Code Select Expand

from: [opnsense@domain_that_I_own]
reply-to: [my e-mail address]
subject: Monit Alert --  $EVENT
message: $EVENT Service $SERVICE

Date: $DATE
Action: $ACTION
Host: $HOST
Description: $DESCRIPTION

Your faithful employee,

Monit

Now it is working and upon monit start or restart I recieve an email as specified in mail format.

I'm sorry,

Erik

Is it possible to test the SMTP settings entered in the Monit "Genral section"? In particular the settings entered in the section "Alert settings".

In pfSense there was a button "Test SMTP settings". Can something similar be done in OPNSense GUI or on the command line?

When I look in System -> Log files -> General I get the following message:

Code Select Expand

Mail: Mailserver response error -- 553 #5.1.8 Domain of sender address <monit@opnsense.mudcrawler.net> does not exist


Can I specify a sender address somewhere? monit@mudcrawler.net in stead of monit@opnsense.mudcrawler.net will do because the domain mudcrawler.net is existent.

In the monit documentation I can find:

Code Select Expand

set mail-format {
      from: Monit Support <monit@foo.bar>
  reply-to: support@domain.com
   subject: $SERVICE $EVENT at $DATE
   message: Monit $ACTION $SERVICE at $DATE on $HOST: $DESCRIPTION.
            Yours sincerely,
            monit
}

But in the file /usr/local/etc/monitrc I can not find this section. Moreover the header of this file says "DO NOT EDIT THIS FILE -- OPNsense auto-generated file"

Is it possible to change the from address somewhere?

Thanks,

Erik

Hi,

I installed OPNSense in another configuration on VirtualBox. The first adapter I configured as a bridged adaptor. The second one, which will be the WAN interface, I configured as NAT. In this configuration I don't have these problems as stated in my initial post.

I ask this because I want to make the move from pfSense to OPNSense. But the above configuration does not reflect the actual configuration of my pfSense box.

Does anyone know if it is possible to use a second dedicated network adapter to make the WAN connection by PPPoE? I really want to try out OPNSense using the same configuration as on my actual pfSense box before buying my new DEC2640.

Many thanks.

Erik

Ok, I tried another solution. I disconnected the ethernet interface that connects to my provider modem and activated the wireless interface on my laptop. Then I configured the second adapter in the configuration of my opnsense virtual machine as NAT. I started the opnsense virtual machine again and changed the IPv4 Configuration Type of the WAN interface from PPPoE to DHCP. I restarted the virtual machine.

When using this configuration "Check for updates" is working. I installed the proposed updates and I also installed the os-virtualbox plugin. Then after a reboot I reverted back to the configuration in my initial post.

But no luck. "Check for updates" is still not working and I get the same warning (WARNING: attempt to domain_add(netgraph) after domainfinalize()) on my WAN interface.

It looks like I'm missing something here, but I don't know what.

Any ideas?

Hi,

I'm coming from pfSense and I am trying to setup OPNSense on on Virtualbox (version 6.1.6) on my laptop (Linux Mint 19.3) for testing and trying out.

The hardware setup is as follows. The internal ethernet interface on my laptop (enx18dbf260f245) connects to my home network (192.168.1.0/24) providing access to my home network on my laptop. This interface will also be the LAN interface in my opnsense virtual machine. The interface is configured as bridged adapter in the network configuration of my opnsense virtual machine.

Then I have an USB3.0 to ethernet adapter (enx60634c83dbf0) connected to my laptop. On my laptop I configured this interface as "Link-Local Only". This interface is connected to my providers modem which is in bridged mode. My provider uses PPPoE to connect to the Internet and I want the WAN interface of my opnsense virtual machine to connect directly using PPPoE like my current pfsense firewall does. This interface is also configured as bridged adapter in the network configuration of my opnsense virtual machine.

Code Select Expand

erik@laptop-erik:~$ ifconfig
erik@laptop-erik:~$ ifconfig
enx18dbf260f245: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.95  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::1adb:f2ff:fe60:f245  prefixlen 64  scopeid 0x20<link>
        ether 18:db:f2:60:f2:45  txqueuelen 1000  (Ethernet)
        RX packets 210463  bytes 236417027 (236.4 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 76578  bytes 13579199 (13.5 MB)
        TX errors 0  dropped 9 overruns 0  carrier 0  collisions 0

enx60634c83dbf0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 169.254.216.52  netmask 255.255.0.0  broadcast 169.254.255.255
        ether 60:63:4c:83:db:f0  txqueuelen 1000  (Ethernet)
        RX packets 703  bytes 204576 (204.5 KB)
        RX errors 104002  dropped 6  overruns 0  frame 0
        TX packets 870  bytes 125098 (125.0 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 5936  bytes 2405880 (2.4 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5936  bytes 2405880 (2.4 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.178.0.78  netmask 255.255.255.255  destination 10.178.0.77
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 1354  bytes 474104 (474.1 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1328  bytes 206076 (206.0 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

erik@laptop-erik:~$

Next I performed the install of opnsense. When this is finished I can access OPNSense virtual machine by its LAN IP address 192.168.1.1 with my browser. Then I walk through the setup wizard. In this wizard I configured the WAN interface's IPv4 Configuration Type as PPPoE and I filled in my PPPoE username and password just as I did on my pfSense box.

My WAN interface comes up and it get's a valid IP address from my provider. I also have a WAN gateway (WAN_PPOE) with a valid IP address from my provider.

On the console of the opnsense virtual machine I can ping hosts by IP and FQDN on the internet so local DNS works and there is connection to the Internet. This is the default route on the opnsense virtual machine:

Code Select Expand

root@opnsense:~ # route -n show default
   route to: 0.0.0.0
destination: 0.0.0.0
       mask: 0.0.0.0
    gateway: 91.182.112.1
        fib: 0
  interface: pppoe0
      flags: <UP,GATEWAY,DONE,STATIC>
recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
       0         0         0         0      1492         1         0
root@opnsense:~ #

However when I click Check for Updates I get "Timeout while connecting to the selected mirror." Also "Update from console" does not work.

Also I get this error message in the console hen the WAN interface is activated and every time I make changes to the WAN interface:

Code Select Expand

WARNING: attempt to domain_add(netgraph) after domainfinalize()

What am I doing wrong here?

Thanks,

Erik