Messages

i have just installed Graylog and its able to process netflow data, but setting up visualizations looks like much work

in that case it looks to me like unoptimized logic on OPNsense side. i think this could be solved by defining data retention periods, downsampling older data, etc. but unfortunately it doesn't look like netflow got any significant development during the past years

I have repeated issues with netflow, ever since I have first installed OPNsense like 4 year ago.
Usually i am noticing it by system alerts that my ssd temperatures went off the charts. Trying to troubleshoot it, i see netflow (flowd_aggregate.py) producing a disk i/o of around 200 MB/s, also accompanied by high CPU usage.

Restarting the netflow service doesnot help. Restarting OPNsense also does not, disk and CPU usage is the same afterwards. Also for long time I had the feeling that rebooting OPNsense takes ages - not i know its because tar is apparently archiving the netflow files, running for almost 10 minutes.

The only thing that helps is reseting netflow data altogether - i have to do it once a few months. But looking at the contents of /var/netflow the sqlite database is not that big.

Code Select Expand

--- /var/netflow -------------------------------------------------------------------------------------------------------                                /..
    4.4 GiB [#################]  src_addr_details_086400.sqlite
    1.4 GiB [#####            ]  dst_port_086400.sqlite
    1.2 GiB [####             ]  dst_port_086400.sqlite-journal
  419.1 MiB [#                ]  src_addr_086400.sqlite
  121.8 MiB [                 ]  interface_000030.sqlite
   36.5 MiB [                 ]  src_addr_000300.sqlite
   17.3 MiB [                 ]  dst_port_003600.sqlite
   15.0 MiB [                 ]  dst_port_000300.sqlite
   13.1 MiB [                 ]  interface_000300.sqlite
   13.0 MiB [                 ]  src_addr_003600.sqlite
    1.5 MiB [                 ]  interface_003600.sqlite
  136.0 KiB [                 ]  interface_086400.sqlite
   12.0 KiB [                 ]  metadata.sqlite


I have stumbled upon this thread https://forum.opnsense.org/index.php?topic=19786.0 claiming its caused by IPv6 but that one is disabled in my config.

Is there any longterm solution for this? Like moving netflow data to an external database or something?

I have a remote client connected via wireguard to my OPNsense router that serves for off-site backups. Now I added a camera on that location that I would like to access from my main network as well.

My main network is on 192.168.50.1/24, the remote network is 192.168.8.1/24 with the WG client sitting on 192.168.8.10 and the camera on 192.168.8.89. The WG network is 10.0.9.0/24

From what I read up i understood that i need to add the ip of the camera under alllowed networks of WG client config under Peer. Also I have added the camera IP to the Allowed IPs of the peer in OPNSense

Code Select Expand


[Interface]
PrivateKey = xxxxxxxxxxxxxxxxxx
Address = 10.0.9.80/32
DNS = 192.168.50.1
MTU = 1400
[Peer]
Endpoint = mydomain.com:51820
PublicKey = xxxxxxxxxxxxxxxxxxxxxxx
AllowedIPs = 192.168.50.1/24, 192.168.8.89/32
PersistentKeepalive = 25


Now i understand i need to create a static route in Opnsense so i can access the device, but I am not sure what to put in there. I did the following:
- created a new gateway on the wireguard interface with the ip address 10.0.9.80 (WG IP address of the remote client with the local address 192.168.8.10)
- a route between the newly created WG gateway and the local address of the WG client (192.168.8.10/24)

I tried here different IP addresses, but none of them worked.

Any idea how to proceed with this?

Thanks a lot

This is exactly what I have experienced and it was solved after checking "Topology" of the Server configuration. See my post https://forum.opnsense.org/index.php?topic=35447.0

thanks, that did it !!

Yes, but you need to put the correct subnet size.


Cheers,
Franco

If on version 23.1.11 we used the line

ifconfig-push 192.168.yyy.xxx 255.255.255.0

Now in the IPv4 Tunnel Network field, you need to set the value

192.168.yyyy.xxx/24 ?

Did I understand correctly?

i did various tries with IPv4 Tunnel network settings, but none of them were satisfactory:
- VPN server subnet is set to 10.0.8.0/24
- Client Specific override Tunnel IPv4 set to 10.0.8.10/32 -> resulting client IP is 10.0.8.12
- Client Specific override Tunnel IPv4 set to 10.0.8.10/24 -> resulting client IP is 10.0.8.2

Don't know what I am doiing wrong

i see.

this change is kinda stupid, because for firewall i don't need to log anything older than 5 minutes, as these logs are mostly for troubleshooting purposes to adjust firewall rules. now i have either have logged everything for days or nothing. (i know i can set the days to keep the logs, but it applies to every log, not just firewall)

what was the previous limit set for the log file? today's log has already 7 MB in 22 minutes. i need to find a way how to limit its size, as my opnsense instance is running off a 8 Gig drive.

i have noticed that since upgrading to 22.1 my disk is getting filled with log files, what was not happening in previous releases. or something happened to my system causing the logs to getting clogged. is there a way to limit these log file sizes?

Code Select Expand

root@OPNsense:~ # ls -S -l -h /var/log/filter
total 1286944
-rw-------  1 root  wheel   343M Feb  3 00:00 filter_20220202.log
-rw-------  1 root  wheel   324M Feb  2 00:00 filter_20220201.log
-rw-------  1 root  wheel   313M Feb  5 00:01 filter_20220204.log
-rw-------  1 root  wheel   269M Feb  5 18:47 filter_20220205.log
-rw-------  1 root  wheel   7.5M Jan 29 00:00 filter_20220128.log
lrwxr-x---  1 root  wheel    35B Feb  5 18:01 latest.log -> /var/log/filter/filter_20220205.log

everything works now after rolling back to 20.1.7. was afraid to upgrade back to 20.1.8 as at the moment I have a little time playing around with it, in case it goes wrong again.

however some advice on how to fix the "Configuring firewall... failed" startup message would be nice for future reference

update: tried restarting OPNsense, internet stopped working altogether.

during boot I got repeated "Configuring firewall.... failed" messages. only thing that helped was to restore to previous OPNsense backup (version 20.1.7) and now my initial problem with VLAN has been resolved as well.

seems like there's some issue introduced in 20.1.8...

I have a VLAN set up for smart devices that has normally blocked internet access, except enabling it occasionally for update & maintenance purposes. I am quite positive that in the past i several times enabled the firewall rule for WAN access and it worked, but now it does not.

these are my fireall rules: (normally the last two rules are disabled/enabled in the opposite way as on the picture)
https://imgur.com/gLdsLqZ

yet OPNsense keeps blocking the internet access for some reason:
https://imgur.com/4ISFrtV

any idea why is this happening?

Interesting  issue, but potentially dead simple here:

hostname resolving across and on VLANs is working only partially. hostname of devices where IP address is assigned via DHCP works, but static IP does does not work (nslookup fails)

my firewall rules for the VLAN allow port 53 to OPNsense firewall and 5353 to 224.0.0.251. mDNS repeater plugin is installed and enabled.

what did i miss here?

Edit: as i assumed it was dead simple: had to enable Register DHCP static mappings in Unbound

I want to set up separate VLANs for my home network.

I did set up the new interface, assigned it to my LAN port, define subnet range, configured DHCP, changed switch settings, set up a separate SSID for the VLAN and connected few devices for testing. Everything seemd to work, when suddenly all devices connected droppped from the network and i wasn't able to reconnect them anymore.

So I have decided to start from scratch. Removed the VLAN interface, created a new one from scratch and in order to rule out switch malconfiguration i started to try the VLAN first via a Proxmox VM that is hosting my OPNsense instance as well.

So the current state is:
- VLAN interface configured, DHCP set up
- switch config untouched
- Proxmox VM hooked up to the Proxmox internal LAN port, interface is set as VLAN aware and tagged with the VLAN id.
- Firewall rules copied over from the LAN interface, so VLAN should be able to reach full internal network and internet as well (for testing purposes)

The problem is the following:
- the virtual machine does not get an IP address assigned in DHCP mode
- when setting static IP within the VLAN subnet, VM cannot ping gateway or anything else

Any idea how to troubleshoot this/what to look for in the logs?

Thanks

Why is the Default deny rule blocking traffic between two hosts on my local network? I have no VLANs configured.

see screenshot below:
https://pasteboard.co/JnTcw6g.png

I pretty much suck at basic networking, but i don't see a reason why an unremovable firewall rule blocking LAN traffic should even exist...

Can please anyone explain it to me?

Not sure if this is relevant, but the host on x.20 is my working desktop computer and x.11 is an LXC container running on Proxmox.