Messages

I'm having a major issue using the new "Interfaces" system... It seems that there is a shiny one pager that is supposed to do everything but what is now lacking is the wonderful little Wizard that guided you through creating all the SSL certs and things.

I also cannot seem to get it to work... I then discovered a whole lot of firewall entries that were there under previous versions (assuming created by the wizard) that just don't appear to be there under a fresh install of the new OPNSense...

Serious downgrade.

At least I can use Wireguard because otherwise I'd be in a tough spot... I cannot get this to work in any stable way because documentation and ease of setup have just gone down the toilet.

I'm trying to set up a reboot of the Wireguard service using Monit

So far, I've managed to start Monit and create a Service Test Setting for pinging from the Wireguard local address.

Now I'm setting up the Service Settings tab and I'm a bit stuck.

Type: Remote Host
Address: <Remote site Wireguard interface IP>
Start: ???
Stop: ???
Tests <ping test set up previously>

So what entries do I put into the Start and Stop section?
Would it be something like "/usr/local/etc/rc.d/wireguard start" and "/usr/local/etc/rc.d/wireguard stop"?? I saw somewhere in the dashboard that it mentions "wireguard-go"? Do I need a different name?

I ran it anyway and the system updated.

Now busy with the upgrade to 22.1 without issue.

Thanks for the help.

I did some hunting, and typed "man opnsense-bootstrap" and found an option listed.

opnsense-bootstrap -i

This doesn't stop on insecure certificates. Would that work?

Code Select Expand

root@SAICE-OPNS:~ # opnsense-bootstrap -V
+ uname -s
+ FBSDNAME=FreeBSD
+ [ FreeBSD '!=' FreeBSD ]
+ uname -p
+ FBSDARCH=amd64
+ [ amd64 '!=' amd64 ]
+ uname -r
+ colrm 4
+ FBSDVER=12.
+ [ 12. '!=' 12. ]
+ echo 'This utility will attempt to turn this installation into the latest'
This utility will attempt to turn this installation into the latest
+ echo 'OPNsense 21.7 release.  All packages will be deleted, the base'
OPNsense 21.7 release.  All packages will be deleted, the base
+ echo 'system and kernel will be replaced, and if all went well the system'
system and kernel will be replaced, and if all went well the system
+ echo 'will automatically reboot.'
will automatically reboot.
+ [ -z '' ]
+ echo

+ echo -n 'Proceed with this action? [y/N]: '
Proceed with this action? [y/N]: + read YN
Y
+ [ -n '' ]
+ [ -n '' ]
+ echo

+ [ -n '' ]
+ rm -rf /usr/local/etc/pkg
+ rm -rf '/tmp/opnsense-bootstrap/*'
+ mkdir -p /tmp/opnsense-bootstrap
+ export 'ASSUME_ALWAYS_YES=yes'
+ [ -n '' ]
+ pkg bootstrap -f
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:12:amd64/latest, please wait...
pkg: Error loading trusted certificates
root@SAICE-OPNS:~ #


This is the output

21.7

I connect to the console, load the shell, type "opnsense-bootstrap" and it asks to confirm, I say Y... And then it starts but then just throws out that line and stops.

I get

pkg: Error loading trusted certificates

Sorry, I'm a bit new to this... What?

I'm getting the following screen when I try process an upgrade.

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 21.7.1 (amd64/OpenSSL) at Fri Mar 18 12:38:08 UTC 2022
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.txz: .......... done
Processing entries: .......... done
OPNsense repository update completed. 777 packages processed.
All repositories are up to date.
pkg: pkg is not installed, therefore upgrade is impossible
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking for upgrades (0 candidates): . done
Processing candidates (0 candidates): . done
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***

So I'm not able to add certain modules (Like Wireguard) because I have the incorrect version. What can I do to fix it?

Hi

I'm having an issue installing 21.7.1 on a Server 2019 Hyper-V Gen 2 VM with SecureBoot switched off from the DVD ISO.

It launches the installer, goes through most of the process but at the Final Configuration stage, I cannot interact with the VM. I have tried Ctrl + C but it doesn't do anything.

Advice?

While hunting around online and trying a few things I found that if I enable "Topology" on the server config, add a Client Specific Override with the Common Name being set to to the user and add a line "ifconfig-push" into the Advanced with the IP and subnet... It then gives out the IP address.

I have two issues with this approach even though it works
1. I have no idea what it does or the implications of the setup
2. I see a notice that the Advanced option will be removed in the future

So what is the alternative or "correct" way to implement this?

I'm new to OpnSense and OpenVPN and having a small issue.

I have managed to get VPNs working for client machines.

What I cannot get is access to the client's local network when they are connected on VPN... I set "IPv4 Remote Network" but it doesn't seem to allow the servers access to the local network where the clients are connecting from.

Alternatively, how do I make sure a client gets the same tunnel IP whenever they connect?