Messages

perhaps you can still use this https://forum.opnsense.org/index.php?topic=44839.msg223882#msg223882 . I wrote a while ago and is still in operation after a couple of OPN upgrades. I get a lot of hits.

I would start with System > Firmware > Status and do a health check. Run audit: health.
That will not tell you what happended but might help identify any lingering problem.

If you have a volume mounted for the scrutiny configuration directory you can create a file named scrutiny.yaml and configure notification like in this example file:

https://github.com/Starosdev/scrutiny/blob/master/example.scrutiny.yaml

I tried it with plain email - works.

E.g.

Code Select Expand

notify:
  urls:
    - "mattermost://[username@]mattermost-host/token[/channel]"


Thanks but all had failed (apologies to the OP for the noise, but wanted not to have a response unacknowledged).
Notice you are using the fork Patrick. I tried but haven't switched.
That said, I finally figured it out now. I haven't wanted to use configs but use only the compose for everything. The problem was the mattermost documentation is flawed for the integration with scrutiny and the errors are deceptive but I found a clue to pursue and have now succeeded. Can see here https://github.com/AnalogJ/scrutiny/discussions/943

If a scrub returns no error all data and metadata that is actually on the disk is guaranteed ok.

For possible device errors, end of lifetime notifications, etc. check out Scrutiny:

https://forum.opnsense.org/index.php?topic=48101.0


Honestly I am puzzled nobody ever commented on my HOWTO or came back with questions. Disk monitoring, like temperature and fans (if present) is essential, IMHO.

Since you mention it Patrick. I had a disk dying on me that prompted me to look back at your post. I have now implemented scrutiny as my first docker thingie. I've always disliked docker but for this which was a pretty useful tool without alternative, I had to bite the bullet and go docker.
Since then and that has been in the last couple of weeks, I have also tried to find a way to send notifications out fromm scrutiny. I came stuck and then surprising myself I was able to integrate this docker thinghie with another, called mattermost. I'm still struggling with the notifications, the reason for installing mattermost but making progress. Point being, thank you for sharing.

I'd suggest having a look at the ISP setup guides https://docs.opnsense.org/interfaces.html#setup-guides. They're only a few but might give an insight on what the ISP requires.

yes, $ifconfig will show all detected interfaces and their names will hint what drivers is in use for each.
Post the results in code brackets and we can guide on next steps if needed.
Note you need to assign the interface so that the assignment persists reboots. Can be done from the console or GUI. The docs are useful https://docs.opnsense.org/manual/install.html

I consider haproxy battle-tested and secure, with a lot of resources behind it as in people developing, using, reporting defects, etc. A lot more than more recent thingies like caddy and such likes. I see haproxy similar in security as nginx.
That said mostly for placebo maybe I am using crowdsec on haproxy to permaban those scanners types.
As for being a plugin it has pros and cons. You get a nice UI but not every functionality is exposed by it. For the basic reverse proxy is excellent, maybe webadmin can help if using it on a separate VM or LXC. I haven't looked. So if you need/wnat to do config changes it is easier more flexible without the plugin. See for instance https://github.com/opnsense/plugins/issues/4923

did you reboot OPN after changing tunables? It is needed for these.
Otherwise review the steps just in case. AP definitively not running its own dhcp server or any other service?
Next is to look at firewall live log to see if the traffic is arriving. Are you using IPV6 ?

yes there are some additional settings to add. Please look in the documentation. Actually it is here https://docs.opnsense.org/manual/how-tos/lan_bridge.html#lan-bridge

scratch that for now. Even I am not sure.

@buckey96 - I took the opportunty to change from maxm to ipinfo with this. I was meaning to look into anyway.
I had at of trouble getting the download but solved it and I think what is happening is that you get the error because like me at first, your download hasn't succeeded yet.
First, the ipinfo download url for OPN has to be like Patrick's i.e. https://ipinfo.io/data/ipinfo_lite.csv.gz?token=YOURTOKEN
Second, you need to get the download to work before you can use the alias. Otherwise the error. Here is where I noticed no errror but no update since last for me ie. yesterday's from maxmind.
To force it I had to, on the "Alias" page/tab untick it to disable & apply at the bottom. Tick to enable & apply again.
Try that and see but have a little patience. It download about what 20 or more MB file, uncompress it and save before it shows a new timestamp.

> Does this mean I need to download an image onto a bootable USB drive, adjust my BIOS to boot from USB, and perform a complete fresh install with the ZFS option?
Correct. As a new installation.

>Is "Import Configuration" referring to a configuration I've previously exported, or is this functionality now included in the installer?
Correct again. You save your current config to your PC/laptop, ready to use when re-installing.

> Will choosing the "Install (ZFS)" option reformat the disk and also download or install all of my packages, plugins, and configurations?
Correct once again. The installation will format the target disk with your choice of file system, ZFS or UFS, wiping it clean of previous data.
The config you then restore will include your packages and plugins and configurations, as long as those have been managed using the UI because that is what saves the states in the config file. Anything you add/change/remove via console will not.
What will happen after the restore is that the plugins will show as "orphaned" or "missing" or somesuch which then you need to go to "resolve plugin something" and that will re-install them.
Be aware that there are some plugins that despite this known flow, do not get re-configured as they were, an example from the ones I know because I use it is Crowdsec. That one needs reconfiguring completely.

Alternatively use AdGuardHome directly on OPNSense. It's a plugin, simple to setup and exposes a UI similar to PiHole. Also saves you a VM.
Here https://github.com/AdguardTeam/AdGuardHome for a view but do not install it from their instructions there, use the plugin instead.

Have you tried to re-assign interfaces after the reboot in OPNSense? All rules should move to the new assignments without the need to re-setup all again. Boot to console and then from the menu, option 1) Assign Interfaces.
Then after that reassignment you might need to use 11) Restart web interface - so you can login to the UI from the newly assigned LAN interface.
Possibly followed by a reboot maybe ?

thanks for the hints @malhal . I'll revisit the thread when ready to have another go. Had to abandon it for the time being.