Messages

Let me try it tomorrow when folks aren't using the internet but I recall it succeeding, telling me it needed to reboot, and then it just hung. It never rebooted but all services stopped, GUI stopped responding, and no internet. I'll get it tomorrow!

So I've never had this issue before, and google isn't helping much. Where in the GUI would I find the upgrade log? Would rather not have to dive into the terminal for this just yet, but I can if no other alternative.

Hey everyone, looking for some help with the upgrade. I have a Protectli VP4630 and I tried upgradeding from 24.7 to 25.1. It seemed to download everything. After about a half hour of nothing happening, I consoled in and it was totally blank, just to test, I unplugged the WAN and that showed a down message, so I knew it was responsive. After another twenty minutes, I forced it off and back on and it rebooted in 24.7. Looking for any recommendations or help.

Hello, I am trying to set up to allow a single user to have multiple concurrent sessions to the same server (reason being is user has multiple devices). When I try to sign in, it boots the other device off. From searching, I see PFSense can support this with a tweak with OpenVPN but I don't see a way to get it to work quickly with OPNSense. Any ideas?

I got it working by redoing the IP scheme,

However I still have an issue. I can connect, but only when I bind the IP to the WAN IP (which changes due to ISP) or leave it to bind all interfaces. I created a port forward that forwards the OpenVPN port from the WAN Address to a loopback virtual IP I created of 127.5.5.5, but for some reason it does not function when set up that way. Any ideas?

I increased the verbosity and got a new error inside it.

--local addresses must be distinct from --ifconfig

This doesn't make sense as my local address does not match any ifconfig address. Any ideas? I verified my IP makes sense. I tried 10.115.10.0/24 and 10.115.10.1/24

Hello everyone, I'm getting this error after creating an instance. I saw that someone with PFSense had this error when using custom options but I don't have any of those set. Not sure what's causing it. It happens right after enabling the instance. Any ideas? I basically followed the RoadWarrior VPN Config for client to site.

/usr/local/opnsense/scripts/openvpn/ovpn_service_control.php: The command '/usr/local/sbin/openvpn --config '/var/etc/openvpn/instance-f6bce83c-a5e4-43a4-ae84-ca5c84bda936.conf'' returned exit code '1', the output was ''

I wasn't getting any assistance in the main area so I thought I'd post this here. My Opnsense version is 23.7.7

Edit: Upgraded to 23.7.11 and I still have the same issue.

Hello everyone, I'm getting this error after creating an instance. I saw that someone with PFSense had this error when using custom options but I don't have any of those set. Not sure what's causing it. It happens right after enabling the instance. Any ideas? I basically followed the RoadWarrior VPN Config for client to site.

/usr/local/opnsense/scripts/openvpn/ovpn_service_control.php: The command '/usr/local/sbin/openvpn --config '/var/etc/openvpn/instance-f6bce83c-a5e4-43a4-ae84-ca5c84bda936.conf'' returned exit code '1', the output was ''

Hello, I am trying to block packets arriving on certain ports from coming in over my wireguard tunnel, and the firewall logs show blocked, but they're still making it through to the destination. Any ideas? It's the first time I've really seen firewall rules not being respected in a way that doesn't make sense.

Thank you! That fixed one issue, but sadly on to the next one that doesn't make sense

Hello everyone. I have a VPS that exists as a front end with public IPs and has wireguard installed on it. It connects to Opnsense via said wireguard. Packets arriving on the public IP are forwarded to a certain VM. This VM can access the internet over wireguard due to a firewall rule, but when trying to access the server from the outside via ping or HTTPS, Opnsense sends the reply out my WAN interface instead of back over wireguard. I've tried disabling force gateway and reply-to but I haven't had any luck with it, unless I'm not doing something else I need to be doing. Any ideas?

So this is a strange one to me. I have a VPS that I have multiple public IPs on. It's connected to my local opnsense with wireguard. It's used to expose certain VMs on a subnet to the internet and have a separate way out than my normal LAN. I have succeeded in routing outwards, such as updating the VMs on the network and traceroute shows it takes the correct way out, but things coming in aren't making sense. I've done tons of packet captures. My current situation is this: Pinging the front end VPS IP that is forwarded to a certain VM guest, shows with packet captures, that it makes it through the server and at the very least, to the wireguard interface on Opnsense. It shows in the firewall logs it passed the rule that allows it to come OUT of the proper interface that the VM sits on, however, the VM shows nothing ever reaching it in it's packet capture (tcpdump). Also, nothing shows on the VMs firewall denied log. The opnsense packet capture, however, only shows that the packets arrived on the WAN and Wireguard interface, but never exited the interface on which the VM sits (using HTTPS). When I ping out however, I see the reply come back on the WAN, Wireguard AND the interface on which the VM sits. Any ideas? I've beat my head against this for over 20 hours over the past few weeks and I feel like I'm really close, but not all the way there.

Is nslookup on a local PC returning the proper IPs?

Just a headsup for everyone posting here. The author updated the post with the following:

No More Free Support

Due to the increasing number of support requests I've been receiving, both directly in the topic and via DM, I regret to inform that I can no longer provide free assistance. Balancing my real job and personal life has become extremely challenging. While I genuinely want to help everyone resolve their issues to get things up and running smoothly, I find it difficult to allocate the necessary time without sacrificing my personal commitments.

In addition, it has come to my attention that some individuals seeking help are not thoroughly reading the provided tutorial or lack the fundamental knowledge of networking. This has been a recurring issue and has made the support process increasingly frustrating.

I sincerely appreciate your interest in my expertise and if you would like to receive my assistance, I am more than happy to provide you with the details via DM.

Thank you for your understanding in this matter,
TheHellSite

But perhaps someone else have a solution to my problem. I have HAProxy up and running for a few months, was working fine. In may i added local domains map file for a site. Now i deleted the map file and removed all the local domain map file rules etc. But now my public domains aren't available from my internal network anymore (they work from external access).

Ive gone through the setup and everything seems fine, and i havent changed anything in the domain override in Unbound.

https://ibb.co/vkGLPGF

Any suggestions where the confligt might be located? What else block internal access to my public domains?

I kept troubleshooting and if anyone sees this and doesn't want to beat their head against a wall as much as I have, go to System -> Settings ->  Administration and make sure Sudo isn't disallowed and set the allowed groups. I set mine to ask password and wheel. If anyone thinks this is against best practices, let me know!
su still doesn't work though, it just told me sorry, possibly because when I tried root was disabled but I was happy with it working with my user.

Hello,
Here's the long story: I'm working on my firewall and it's redlining almost 100% usage constantly. I'm trying to log into terminal and see what's going on. ps -a only shows two processes so I figured it's because I'm not running as root or SU. So I try sudo ps -a, it asks for my password, I enter and it says I'm not in the sudoers file. Don't know what's going on as I am a member of the admins and wheel group. I tried getting to the sudoers file by escalating with sudo root but my password for root doesn't work. I've reset it multiple times, made sure root is enabled (but root login in System > Adminstration > Root login is disabled, it says log in as another user and switch to root, which is what I'm trying to do). I'm not having any luck here working towards figuring out why my processor is maxing out almost all the time. Not sure if it makes a difference, but my normal user is using TOTP. OPNsense version is 23.17_3-amd64. Firewall is a Protectli F4WB