Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - RamSense

Pages1 2 3 ... 43
#1
25.7 Series / Re: Problem with NGINX
August 15, 2025, 06:50:42 PM
I just tried the opnsense-patch https://github.com/opnsense/core/commit/e18a9e9261146b16bf10d937df123681c3640a0d patch, but my nginx - services-nginx-configuration - Enable nginx still stays blank and after quite a while waiting it says enabled tag. Still very slow like it was(?)

N.B. It worked fine, just needed to restart nginx
#2
Hardware and Performance / Re: DEC 700 and 2700 series - new BIOS - February 2025
August 14, 2025, 03:18:24 PM
Thanks for the notification. I've just updated the bios (DEC850v2)
#3
25.7 Series / Re: Services: Kea DHCP: Leases DHCPv4 Not showing recent registered vendor
August 13, 2025, 01:28:48 PM
correct, although this depends on what version of OPNsense you are running. It is now python3.11
so you should change the location to : cd /usr/local/lib/python3.11/site-packages/netaddr/eui
#4
25.7 Series / Re: Services: Kea DHCP: Leases DHCPv4 Not showing recent registered vendor
August 13, 2025, 07:41:46 AM
Hi

This has been issued earlier also, see forum post here:
https://forum.opnsense.org/index.php?topic=10380.0

and github:
https://github.com/opnsense/core/issues/3883

hope that helps
#5
25.7 Series / Re: Upgrade OK
July 23, 2025, 05:38:11 PM
Upgrade went flawless here also. thnx! using Kea IPv4/IPv6 with Bind only, no unbound, Acme & Nginx.
#6
General Discussion / Re: Monit - apply settings gateway cli command with reboot opnsense
June 19, 2025, 06:45:24 PM
I solved this, not by monit or cron job, but making a custom script in /usr/local/etc/rc.syshook.d/start

Code Select
#!/bin/sh

/usr/local/sbin/configctl interface routes alarm
Named it 99-gatewayboot and made the file executable.

(99 to get it started as late as possible)

Now it is working and I have a fix for my Wireguard problem for now at reboot of OPNsense.
#7
General Discussion / Re: Monit - apply settings gateway cli command with reboot opnsense
June 17, 2025, 06:56:13 PM
I have tested the command
Code Select
/bin/sh -c '/usr/local/sbin/configctl interface routes alarm'after a reboot manually from shell, and wireguard instantly started getting data and starts working with ipv4 and ipv6 showing.
So I am getting closer.

I am thus looking for a way for Monit to execute this command with a reboot of my OPNsense box.

Can someone help me how to manage that with monit?
#8
General Discussion / *SOLVED* Monit - apply settings gateway cli command with reboot opnsense
June 16, 2025, 01:55:13 PM
Hi,

I have my WireGuard not working after a reboot of opnsense ( looks a lot like this post: https://forum.opnsense.org/index.php?topic=41081.0 and this one https://forum.opnsense.org/index.php?topic=36688.0). When I just hit [apply] on the SYSTEM: GATEWAYS: CONFIGURATION page (without making changes) all starts working with WireGuard.

I'm trying to "fix" this by cloning the Monit alert settings [gateway alert] and in service test settings, execute and something like path:
/bin/sh -c '/usr/local/sbin/configctl interface routes alarm'

What is the cli command for "apply settings gateway, without changing configuration?"

Or is there another way to automate this after an Opnsense reboot?

Thank you for your help with this.
#9
Web Proxy Filtering and Caching / Re: NGNIX Upstream TLS Verification?
May 24, 2025, 09:46:16 PM
I'm not using Turnkey LXC Container, but docker. I think your container has no SSL certificate and gives nginx the error "SSL routines::wrong version number) while SSL handshaking to upstream"

when you set upstream - upstream Enable TLS (HTTPS) [to disable, not selected]

(and your https - http server - [your servername] - HTTPS Only [enabled] )

you should get nginx to handle the ssl and get an https connection to your container.
#10
25.1, 25.4 Series / Re: 26.1.6 - DNS/DHCP best practice
May 10, 2025, 02:55:35 PM
There is. I just converted my system from isc to kea.
For ipv4 this tool was VERY helpfull: https://github.com/EasyG0ing1/Migration/
For static ipv6 I had to enter them manually, but worked fine also.
Migration took only about 15 minutes because of this manual part for v6. I only use dynamic on the guest network.

I do not use DNSmasq, I only use BIND. (Opnsense - KEA DHCP4 and DHCP6 with Router Advertisements (radvd), and for DNS - Adguard Home -> bind on opnsense)
#11
25.1, 25.4 Series / update OPNsense 25.1.6-amd64 -> had to run it twice again for bind and postfix
May 08, 2025, 08:06:32 PM
Since a version of 3 back, I have the update to run twice. The first time OPNsense 25.1.6-amd64 completes, it restarts the opnsense box but I have to run update again to have the missing:
os-bind  installed

and with this time the update os-postfix was also missing and installed the second run.

Others having this also?
(n.b. I only use BIND for dns, no unbound or dnsmasq etc)
#12
Tutorials and FAQs / Re: Stop IP leaks on WAN (and secure modem UI) without touching NAT
May 08, 2025, 07:29:41 PM
thanks for sharing this. I have your WAN out rule reject IPv4_private_ranges added to firewall-rules-floating rules.
Is there a reason you have it at WAN instead floating?
And I have also added: 169.254.0.0/16
#13
25.1, 25.4 Series / Re: PPPoE Pfsense
May 05, 2025, 06:22:15 PM
sounds promising...
#14
General Discussion / Re: Force redirect DNS to AdGuard
May 05, 2025, 02:28:18 PM
I see you wrote Adguard, do you use this or Aguard Home? aka the plugin in - https://www.routerperformance.net/opnsense-repo/

With the latter, what installation guide did you follow? There is lots of info about it on the forum here, e.g. https://forum.opnsense.org/index.php?topic=22162.0
#15
General Discussion / Re: Force redirect DNS to AdGuard
May 05, 2025, 11:41:24 AM
maybe this can get you started:https://homenetworkguy.com/how-to/redirect-all-dns-requests-to-local-dns-resolver/
Pages1 2 3 ... 43