1
24.1 Legacy Series / Re: Wrong IP for opnsense host
« on: April 24, 2024, 09:02:44 pm »
Thanks, that worked.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
24.1 Legacy Series / Re: Wrong IP for opnsense host
« on: April 24, 2024, 06:59:35 pm »as a starter: what givesCode: [Select]ip a
on your laptop? Is the laptop configured for wireguard?
This is a Mac, it doesn't work.
Code: [Select]
ifconfig gives a whole lot of interfaces, none of which are for wireguard.I connect to wireguard using the wireguard app.
By default a DNS lookup of "opnsense.my.do.main" returns all IP addresses of all interfaces local to OPNsense.Do I need both settings, or just one of them?
You can change this by
* Services > Unbound > General > Do not register system A/AAAA records
* Services > Unbound > Overrides - create an entry with the single IP address you prefer
3
24.1 Legacy Series / Wrong IP for opnsense host
« on: April 23, 2024, 11:48:12 pm »
I've got a weird issue.
My laptop is connected to my main VLAN 10.25.9.x.
The opnsense router IP is 10.25.9.1.
Yet when I traceroute opnsense.home.example.com (redacted), I see a warning about multiple addresses and I see it uses 10.25.10.1.
Why isn't opnsense.home.example.com resolving to the normal 10.25.9.1?
Which setting should I be looking at, unbound?
My laptop is connected to my main VLAN 10.25.9.x.
The opnsense router IP is 10.25.9.1.
Yet when I traceroute opnsense.home.example.com (redacted), I see a warning about multiple addresses and I see it uses 10.25.10.1.
Code: [Select]
niek@3cz4n3 ~ % traceroute opnsense.home.example.com
traceroute: Warning: opnsense.home.example.com has multiple addresses; using 10.25.10.1
traceroute to opnsense.home.example.com (10.25.10.1), 64 hops max, 40 byte packets
1 *That subnet is used by the wireguard wg0 interface.Why isn't opnsense.home.example.com resolving to the normal 10.25.9.1?
Which setting should I be looking at, unbound?
4
22.1 Legacy Series / ACME automation to upload certificates via SFTP fails on setting file permission
« on: April 22, 2022, 02:49:59 pm »
I have an automation to upload the certificates from ACME to my NUC running Proxmox.
The first file arrives on the NUC (ca.pem) but then the automation fails when trying to set permissions:
I have the same type of automation distributing these certificates to two other devices without a problem.
I would like to post the problem on a Proxmox forum as well, but the problem is I don't know which command it is failing on exactly. Is it chmod, umask,...? Google doesn't seem to know setstat of fsetstat.
Any idea what might be going wrong here?
The first file arrives on the NUC (ca.pem) but then the automation fails when trying to set permissions:
Code: [Select]
2022-04-22T14:27:41 Error opnsense /usr/local/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php: Command execution failed, exit code 2. Last input was: {"host":"10.25.9.7","host-key":"10.25.9.7 ssh-rsa AAAAB...<redacted>","port":"22","identity-type":"rsa","user":"root","remote-path":"/etc/pve/nodes/nuc","chgrp":"","chmod":"","chmod-key":"","cert-name":"ACME/cert.pem","key-name":"pveproxy-ssl.key","ca-name":"ACME/ca.pem","fullchain-name":"pveproxy-ssl.pem","certificates":"60e233ae8317f2.49433155","automation-id":"6261bfbeab2f64.84589426"}
2022-04-22T14:27:41 Error opnsense /usr/local/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php: Failed on {"source":"/tmp/sftp-upload-prMeUP","target":"ACME/ca.pem","mode":"0440","group":false,"delete_source":true}
2022-04-22T14:27:41 Error opnsense /usr/local/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php: Failed uploading file (with adjusted permissions) '/tmp/sftp-upload-prMeUP' to 'ACME/ca.pem' ; Cause: {"permission_denied":true,"error":"remote fsetstat: Permission denied"}
2022-04-22T14:27:41 Error opnsense /usr/local/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php: Failed changing permission to '0600' for 'ACME/ca.pem'. ; Cause: {"permission_denied":true,"error":"remote setstat \"/etc/pve/nodes/nuc/ACME/ca.pem\": Permission denied"}
2022-04-22T14:27:36 Notice opnsense AcmeClient: running automation (configd): NUCI have the same type of automation distributing these certificates to two other devices without a problem.
I would like to post the problem on a Proxmox forum as well, but the problem is I don't know which command it is failing on exactly. Is it chmod, umask,...? Google doesn't seem to know setstat of fsetstat.
Any idea what might be going wrong here?
5
General Discussion / Re: Upgrade ssd
« on: January 06, 2022, 12:39:23 am »
I managed to do it, using the discussion here!
I booted and opened a shell, then did:
I just rebooted and it worked!
I booted and opened a shell, then did:
- gpart show and took note of the index of the partition I wanted to extend, 3 in my case.
- Then I did gpart resize -i 3 ada0 to assign the unallocated space to the rootfs partition.
- df -h to find the filesystem name for rootfs, which is /dev/gpt/rootfs in my case.
- Now grow that filesystem with growfs /dev/gpt/rootfs and finally check if it worked with df -h
I just rebooted and it worked!
6
General Discussion / Re: Upgrade ssd
« on: January 06, 2022, 12:18:39 am »
So cloning went smoothly with Clonezilla.
I now have the new SSD in the machine and written the clone back.
This all works, Opnsense boots but still sees just 16 GB.
The problem now is that Gparted doesn't want to extend the rootfs partition to include the unallocated space, whatever I try...
I suspect Gparted can't work with UFS partitions.
Luckily I still have the old SSD, the clone on a separate drive and even a backup of the config, so I can experiment a bit on the new SSD.
But in the meantime the wife is back home, so I need to hurry up
I now have the new SSD in the machine and written the clone back.
This all works, Opnsense boots but still sees just 16 GB.
The problem now is that Gparted doesn't want to extend the rootfs partition to include the unallocated space, whatever I try...
I suspect Gparted can't work with UFS partitions.
Luckily I still have the old SSD, the clone on a separate drive and even a backup of the config, so I can experiment a bit on the new SSD.
But in the meantime the wife is back home, so I need to hurry up
7
General Discussion / Re: Upgrade ssd
« on: January 05, 2022, 12:13:17 pm »
Ok, I've prepared two bootable drives, one external HD for Clonezilla, with enough space left to save the cloned drive, and a small thumbdrive with gparted.
After the wife leaves tonight, I'll bring down the Opnsense machine and perform the surgery
Fingers crossed!
After the wife leaves tonight, I'll bring down the Opnsense machine and perform the surgery
Fingers crossed!
8
General Discussion / Re: Upgrade ssd
« on: January 04, 2022, 10:29:09 pm »
Hmm, so burn an iso of clonezilla to backup the ssd to my nas. Then switch the ssd and clone it back. Finally burn an iso for gparted to extend the partition?
9
General Discussion / [solved] Upgrade ssd
« on: January 04, 2022, 02:07:04 pm »
I have been running Opnsense on an HP T620 plus for about 8 months now and have been adding/activating features.
Especially Sensei has been pushing the hardware to the limit, more specifically the 16 GB SSD.
Last week I noticed the dashboard was reporting 104% disk usage.
This happened the day after I had been adding a number of wifi devices (Shelly smart switches etc) and had been playing with VLANs.
Anyway, even with Sensei reporting data retention set to 1 day (instead of the default 2), disk usage is currently at 89%.
So I bought a new 250 GB SSD.
Overkill, but it came down to the GB/€ ratio.
My question is, how do I best upgrade the SSD?
I've read that I could export the settings, install Opnsense on the new SSD and then import the settings, but I have a few questions before I do that:
Especially Sensei has been pushing the hardware to the limit, more specifically the 16 GB SSD.
Last week I noticed the dashboard was reporting 104% disk usage.
This happened the day after I had been adding a number of wifi devices (Shelly smart switches etc) and had been playing with VLANs.
Anyway, even with Sensei reporting data retention set to 1 day (instead of the default 2), disk usage is currently at 89%.
So I bought a new 250 GB SSD.
Overkill, but it came down to the GB/€ ratio.
My question is, how do I best upgrade the SSD?
I've read that I could export the settings, install Opnsense on the new SSD and then import the settings, but I have a few questions before I do that:
- Are all settings being exported, also those for plugins like Sensei or Suricata? Sensei for example has its own option to export the configuration.
- Does it automatically reinstall the plugins you had, or just restore the previous settings after you manually add those plugins?
- Will I run into issues with my ACME certificates? Will they continue to refresh, or do I need to set this up again, because perhaps the secret key changes?
- The installation documentation talks about the Opnsense Importer. If you are installing Opnsense using a USB memory stick, does this mean you need a separate memory stick with the config files you exported, or can it be the same as the installation stick?
10
21.7 Legacy Series / Have VLAN directly linked to WAN
« on: December 29, 2021, 10:25:01 pm »
I have a device in my local network that needs to have direct access to WAN, so without NAT (it's an iptv box from my internet/TV provider).
If I put that device in a separate VLAN, should I then bridge this VLAN with the WAN interface?
I can't connect the device straight to my provider's router, because of the location, and there are other devices at that location that go via the same cable.
I come from Openwrt and there it was really simple: https://www.niek.be/2016/03/17/interactive-television-with-openwrt-telenet-digicorder-behind-your-own-router/
But I'm unsure how to do the same in opnsense.
If I put that device in a separate VLAN, should I then bridge this VLAN with the WAN interface?
I can't connect the device straight to my provider's router, because of the location, and there are other devices at that location that go via the same cable.
I come from Openwrt and there it was really simple: https://www.niek.be/2016/03/17/interactive-television-with-openwrt-telenet-digicorder-behind-your-own-router/
But I'm unsure how to do the same in opnsense.
11
21.7 Legacy Series / Re: Remove Sensei swap
« on: November 05, 2021, 05:46:17 pm »
So I did, and got some answers here: https://forum.opnsense.org/index.php?topic=25424
12
Zenarmor (Sensei) / Re: Remove Sensei swap
« on: November 05, 2021, 03:21:30 pm »
Oh ok, I really thought it wasn't there until I made that mistake.
Must not have noticed it then before.
Must not have noticed it then before.
13
Zenarmor (Sensei) / Re: Remove Sensei swap
« on: November 04, 2021, 01:24:51 pm »
Hi @sy,
Temporary, but persistent after a reboot.
I know it doesn't harm that it's there, just... nice if it were gone
Temporary, but persistent after a reboot.
I know it doesn't harm that it's there, just... nice if it were gone
14
Zenarmor (Sensei) / Remove Sensei swap
« on: November 03, 2021, 01:52:04 pm »
Does anyone know how to remove the swap that Sensei created?
I had a situation last week where it used up all my RAM.
Now that I've fixed that issue, how do I remove the swap?
Should I remove these files, or the whole folder?
I had a situation last week where it used up all my RAM.
Now that I've fixed that issue, how do I remove the swap?
Should I remove these files, or the whole folder?
Code: [Select]
root@opnsense:~ # df -h
Filesystem Size Used Avail Capacity Mounted on
/dev/gpt/rootfs 13G 6.9G 5.5G 56% /
devfs 1.0K 1.0K 0B 100% /dev
fdescfs 1.0K 1.0K 0B 100% /dev/fd
procfs 4.0K 4.0K 0B 100% /proc
devfs 1.0K 1.0K 0B 100% /var/dhcpd/dev
devfs 1.0K 1.0K 0B 100% /var/unbound/dev
/dev/md43 48M 56K 44M 0% /usr/local/sensei/output/active/temp
15
21.7 Legacy Series / Re: Remove Sensei swap
« on: November 03, 2021, 01:48:49 pm »
Oh I didn't know that existed. I will post it there as well.