Messages

I'm sure under the previous ISC DHCP server you could assign specific DNS servers to specific hosts.

I'm running OPNsense 26.1.8 and Dnsmasq as the DHCP server (Unbound and Technitium as my main DNS servers), but I'd like to assign a specific, separate DNS server to my Nintendo Switch 2 and there doesn't seem to be an easy way to do this under Dnsmasq (or KEA).

Am I missing something obvious?

Looks like OPNsense is in a transition phase between its old and icons and logos, with the new icon and logo here on the forums and in 25.1, but the old icons and logos still on the OPNsense website.

Now to find a nice, square icon of the new logo for my Homarr setup....

EDIT: seamless update to 25.1, BTW, thanks OPNsense team!

Do you have the paid version?

Nope - free version. I downloaded and installed the Zenarmor CA certificate and installed it on my Windows box, and then could download the file at the https address with the error.

Tried the same in my arch install and also importing the cert into TrueNAS, but still no luck on those machines.

It always helps

V. helpful - thanks for the insights!

Trying to install docker in a container today, I cam across this error when attempting a wget command.

Code Select Expand


Connecting to syd1lxdmirror01.do.letsbuildthe.cloud (syd1lxdmirror01.do.letsbuildthe.cloud)|170.64.160.91|:443... connected.
GnuTLS: The TLS connection was non-properly terminated.
Unable to establish SSL connection.


Same issue on a couple of machines, and trying to wget different files.

Being behind my OPNsense router, the first step I tried solved the issue - disabling Zenarmor's active protection on my LAN (netmap).

Thoughts?

Routine upgrade from GUI today took a while, so I checked what was going on, and the shutdown had hung at "All buffers synced". Left it for several minutes, and eventually pulled the power plug.

On reboot, upgrade proceeded and all is well.

Might want to open a Github issue for this in opnsense/plugins. None of the patches I've seen this week dealt with similar issues.

Before GH though, are you using a particular theme ? Can you try the stock OPNsense one if so ?

Thanks - will look into that.

And no - am just using the default / standard theme.

I'm an idiot...I forgot there are drop-down menus!  ;D

Just updated to 24.1 this morning, and in haproxy, under Settings, "Rules&Checks", "User Management", "Settings" and "Advanced" are all blank!

Despite this, my virtual servers are still working, so seems to be an error with GUI. Have tried a page refresh / private window / disabled ad blocker, but no dice.

EDIT: as below, I'm an idiot...I forgot there are drop-down menus!  ;D

On OPNsense 23-series and now 24 I have a problem where haproxy often won't come up when the system reboots.

Since I use haproxy to access a number of services via virtual servers (home assistant etc) it's a bit of a problem having to go into the dashboard and manually restart haproxy.

So - a couple of questions / requests for help:

1) Is there a reason for this behaviour?
2) Is there a way (cronjob, systemd service call) to automate ensuring haproxy is up, and if not, start / restart it?

In regards #2, under HAProxy > Maintenance, there is a 'Cron Jobs' tab, which can be used to reload or restart HAProxy. I'm wondering if one of the configurable parameters could be used to "restart HAProxy IF not running"?

Thanks!

EDIT: and I've just discovered on 24.1 under settings, Rules&Checks, User Management, Settings and Advanced are all blank! Despite this, my virtual servers are still working, so seems to be an error with GUI. Will open a separate thread.... - I'm an idiot...I forgot there are drop-down menus!  ;D

A bit of an intermittent one - but on some occasions i.e. after yesterday's updates, haproxy isn't restarting on reboot.

Had anyone else experienced this?

Fixed, thanks.

Good work tracking this one down, everyone!

Dare I say, it looks like it *should* be a straightforward fix for Zenarmor.

Surprised this wasn't picked up in beta though - it's not as though running a firewall behind a certificate and FQDN is a bleeding-edge use case.

Unfortunately, I'll have to wait for the actual fix, since using the internal management IP address isn't working for me.

After updating zenarmor or try to reinstall it, the network connection come from the issue that zenarmor web ui try to fetch the js/css/img/html component from my WAN ip address and not the 192.168.1.1/opnsense.localdomain url ... + issue with CORS policy because of the mismatch of the 2 domains/ips

I think there is something wrong with the setup and the WAN address must nor be used to serve the web ui of zenarmor

FWIW, I access my OPNsense on a FQDN.

EDIT: I just tried to access via the router IP address (https://192.x.x.x:port) - still the same error / lack of progress / 'Network error'.

Upgraded to 1.14 from 1.13 today via the GUI and get "network error" in the Zenarmor pages.

So - uninstalled using the OPNsense plugins page, and reinstalled as per web instructions ( https://www.zenarmor.com/free-edition-plan).

Now, I'm stuck on the wizard - I get a spinning wheel under 'Database Settings', then nothing happens, and I can't select 'Next' to get to 'Interface Settings'. I suspect this is a netmap driver issue, or similar - although 1.13.4 was running fine.

There are no errors under 'Notifications', and the Info says "Engine Started".

With 23.7 coming online in the next day or so, do I have to manually revert the repo to 23.7, or will the rest of the upgrade to 23.7 from rc3 take care of it?

EDIT: just got the upgrade done. And yes, I did have to manually change the name of the repo back to 23.7. All is working as expected now.