Messages

1

22.7 Legacy Series / Re: ip-address not set after upgrading to 22.7.9

« on: January 29, 2023, 04:58:38 pm »

UPDATE

Because I got no reply and it seems I am the only one who is experiencing this issue ... it must be me ...

And it was me ...

I created a rc script in 2019 because I virtualized the fw and had issues with the interface name and some features (HA etc.).

Code: [Select]

ifconfig vtnet0 name igb0

It didn't make any trouble until now. I don't know what changes with 22.7 BUT after removing my rc script - it worked!

Just if somebody is expieriencing the same issue someday and for me as reminder: Do not customize outside of webinterface ...

2

22.7 Legacy Series / [SOLVED] ip-address not set after upgrading to 22.7.9

« on: December 11, 2022, 10:41:12 am »

Hello everybody,

I noticed a strange behavior when upgrading from 22.7.2 to 22.7.9.

Before the update, my interfaces are looking like that:

 P101_LAN (igb1) -> v4: 192.168.101.1/24
 P100_MGMT (igb0) -> v4: 192.168.100.1/24
 P102_DMZ (igb2_vlan102) -> v4: 192.168.102.1/24
 P103_SERVER (igb2_vlan103) -> v4: 192.168.103.1/24
 VLAN_PARENT_REQUIRED (igb2) ->

You can see, that there is a ip set on every interface but not on igb2, cause that is only used for vlans and I needed to set a blank interface in order to get vlan running after upgrading from version 21 to 22.

After the latest update from 22.7.2 to 22.7.9, I am in trouble. I am forced to setup ip-addresses manually after every reboot cause OPNsense is not able to set the ip for igb1 and igb0 anymore:

 P101_LAN (igb1) ->
 P100_MGMT (igb0) ->
 P102_DMZ (igb2_vlan102) -> v4: 192.168.102.1/24
 P103_SERVER (igb2_vlan103) -> v4: 192.168.103.1/24
 VLAN_PARENT_REQUIRED (igb2) ->

In the assignment menu I can see on both versions the same output:

igb0             xxxxxxx (I do not want to post my mac adresses here ...)
igb1             xxxxxxx
igb2             xxxxxxx
igb2_vlan102      00:00:00:00:00:00 VLAN tag 102, parent interface igb2
igb2_vlan103     00:00:00:00:00:00 VLAN tag 103, parent interface igb2

What I already tried:
- I checked the config.xml manually for stale interfaces - but looks good
- Removed a old openvpn configuration that was not longer in use
- Because OPNsense is running in a VM (proxmox), I am using virtio (paravirtualized). I changed for testing purpose to e1000 and vmxnet3 but that makes no difference.

Did you experience any similar behavior in virtual OPNsense installations and did you find a fix for that?

Cheers
Topasio

3

General Discussion / Re: Persistent proxy settings

« on: January 26, 2021, 05:16:33 pm »

Update:

File /usr/local/etc/pkg.conf is not modified after update but /root/.cshrc and configd.conf are overwritten.

The only idea I have is to make this files immutable (chmod +i) but I guess this could probably create nasty sideeffects if the file should get an update ...

Any other ideas?

4

General Discussion / Re: How to block all web proxy & VPN browser extensions?

« on: January 22, 2021, 10:52:01 am »

I guess with pure firewall rules this is difficult.

I would try with Suricata or Sensei!

5

General Discussion / Persistent proxy settings

« on: January 22, 2021, 10:27:39 am »

Hello everyone,

I found many topics about configuring a proxy for OPNsense to access update server, suricata update etc.

- https://forum.opnsense.org/index.php?topic=3833.msg17998#msg17998
- https://forum.opnsense.org/index.php?topic=12098.msg55401

To set a proxy server I needed to configure this files:

/root/.cshrc

Code: [Select]

setenv HTTP_PROXY http://proxy:8080
setenv HTTPS_PROXY http://proxy:8080
setenv http_proxy http://proxy:8080
setenv https_proxy http://proxy:8080
setenv FTP_PROXY http://proxy:8080
setenv ftp_proxy http://proxy:8080

/usr/local/opnsense/service/conf/configd.conf

Code: [Select]

[environment]
## at the end of this section
HTTP_PROXY=http://proxy:8080
HTTPS_PROXY=http://proxy:8080
http_proxy=http://proxy:8080
https_proxy=http://proxy:8080
FTP_PROXY=http://proxy:8080
ftp_proxy=http://proxy:8080

/usr/local/etc/pkg.conf

Code: [Select]

pkg_env : {
    http_proxy: "{http://proxy:8080}"
    https_proxy: "{http://proxy:8080}"
}

This works like a charme and even after a reboot BUT after an update, the settings above are gone (only pkg.conf is not affected) ...

Is there any better or offical method, to use a proxy server?

Or is there a way to keep the settings persistent?

Cheers

Topasio