Messages

I'm working on only allowing what's needed out of my firewall and in the process I have seemingly prevented Sensei from working (dashboard won't load). I've created a Allow Any Any rule and that does indeed get Sensei back up and running.

So, what Ports/IP/Hosts do I need to allow to keep Sensei functioning so I can remove the Allow Any Any Rule?

Edit: Reinstalling the Sunnyvale Repo fixed this issue.

Hello,

After updating to OPNsense 21.1.1 I am unable to install Sensei. Keeps saying the repository can't be found.

OPNsense 21.1.1-amd64
FreeBSD 12.1-RELEASE-p13-HBSD
OpenSSL 1.1.1i 8 Dec 2020


***GOT REQUEST TO INSTALL: os-sensei***
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'os-sensei' have been found in the repositories
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***

Nevermind, I figure out my  error.

Did you see "Listen interfaces" is there two times. For WebGui and for SSH. Just to be sure you looked for the right one.

Yup. I can access the Web GUI when I disable pfblocker. I can confirm that my Firewall rules are Allow Any Any and that they are the only rules. I even added an Allow Any This Firewall Rule just incase.

For kicks and giggles I spinned up a pfSense and ran the same configuration and I can access the Web GUI just fine on this VLAN, not sure what I'm doing wrong on OPNsense.

Did you set it to "All"? Sometimes a reload of the GUI services is needed. Or do a reboot if it doesn't hurt your clients.

It was set to "All" by default. Let me try a reboot.

Edit: reboot didn't help.

System: Settings: Administration
Listen interfaces

It's currently set to "All".

Edit: Tried setting to LAN & IT Management VLAN and still can't access it from the VLAN.

Hi all,

I'm trying to move my Web GUI Access from the default LAN over to my IT Management VLAN where my equipment resides. Even when using a "Any Any" firewall rule for my VLAN (to rule out any Anti-lockout issues) I still cannot get access to the Web GUI unless I put my machine back onto the LAN Network.

Is their something I missing?

Just wanted to say thank you to the OPNsense team. I could never get OPNsense to install correctly on my Netgate SG-5100 but the 27.7 version installed flawlessly, fantastic job!

I have a common issue where IPSec is just slow, getting around 1 - 2 MB/s between (2) OPNsense VMs as a VPS.
.
I messed around with various MTU/MSS settings and that didn't help, I eventually turned of Interface Scrubbing on both OPNsense VMs and BOOM 15MB/s.

I then rebooted them to make sure it wasn't going to stick and....nope...back to 1 - 2 MB/s.

What's the trick to get ZeroTier to route traffic between LANs?

I've got (2) OPNsense firewalls setup each with their own LAN network and I'm trying to use ZeroTier to route between connect the two.

Every guide I've found says to setup static routes on ZT Central for the LANs - unfortunately those routes auto-update to OPNsense, which breaks the LAN interface since it now has a route for it's own LAN that points elsewhere.

So instead I've tried setting up Static Routes  with Upstream Gateways for the LANs  on OPNsense, and this works (both LANs can route to each other) but for some reason the Gateways go offline after while. I'm not sure what's causing this - perhaps the pathing ZT is taking is changing and the gateway probe isn't recovering?

Furthermore what's strange about this is after the gateway goes down SOMETIMES i can get a ping to go through from one OPNsense to the other and it brings the Gateways back up.

That's sort of what I figured since it didn't make sense to me to create a firewall rule and then apply to the IDS - I'll see what I can do with the Firewall. I was following these instructions on setting up GeoIP Blocking via IDS -

https://docs.huihoo.com/m0n0wall/opnsense/manual/how-tos/ips-geoip.html

I just wanted to give the OPNsense team a heads up. I tried to sign up for ET Telemetry using Google Chrome 81.0.4044.138, and I could not get the "I have read and accept the EULA as listed" check box to become active after scrolling to the bottom of the EULA, it worked perfectly fine in Firefox however.

Hi All,

I setup a Maxmind account, added the key to the MaxMind URL and then added it to the Firewall Alias GeoIP settings. As per OPNsense instructions, I should go to IDS "User Defined" rules and setup GeoIP blocking rule, however I am missing the GeoIP options completely from the "User Defined" rule settings.

Did I miss something?

[Problem:]

I'm coming from pfSense to test out OPNsense and I'm running into a weird firewall rule issue that I'm not sure is a bug or if this is how OPNsense operates.

So here's what's going on:

I'm testing firewall rules on a ZeroTier Interface by simply pinging the interface from my laptop whom is on the same ZeroTier network.

Here's a breakdown:

• Set a continuous ping to ZeroTier interface on OPNsense and replies are working fine
• Setup a Firewall rule on ZeroTier Interface to block all incoming ICMP requests
• Continuous Pings are Timing out as they should
• Turned the ICMP Firewall rule off to see if the pings start replying - and they do.
• Problem: Turned the ICMP Firewall rule back on - but pings continue to reply.

Edit: Removed Edits, realized the second WAN issue was. Ping where funneling through ZeroTier to the WAN Interface. Still need help on the issue above.