Messages

After seeing that I seem to get access back after a reboot, I wondered is something starting up on my local machine could be causing this issue. As it turns out, yes!

When Tailscale started up, it was blocking access to local ports. As I run Tailscale on most of my machines with automatic start, this was affecting multiple machines a minute or so after startup. Only realised this was an issue when I suddenly had access to IPs after a Windows update and reboot (and noticed that an "Error - connection change" was booting me off again). Partly caused by the Tailscale connection on my server (which enables access to subnets) not starting automatically.

I've had this happen for the second time in a week or now. Runinng OPNSense 25.1.12 on a HP T620+, everything has been running fine, and then I suddenly lose access to all IP addresses on the network, including the OPNSense box. By losing IP access, I mean web access to web GUIs at IP addresses (e.g. the OPNSense web UI, web-access to my Proxmox server, various local-hosted apps that I normally access by IP address) - they all time out. Likewise SSH access to the same - all time out.

Weirdly, my internet is still up from all devices (and strangely - this time at least (I don't think I had this last time) - so are the external domains that are internet facing for my apps (Jellyfin for example).

The OPNSense box is still providing DHCP (I can release and renew IP on a Windows machine and get an IP address), and DNS (via Adguard Home on the OPNSense box).

But... I can't access any IP addresses!

At first I thought the OPNSense box wasn't booting properly, so I pulled it from the rack and started it up in the office with monitor and keyboard access. All seemed to boot fine, could log in on the console - no issues I could see.

The last time this happened (about a week ago), I "fixed" it by booting a live USB of OPNSense, running opnsense-importer from the console and running from there. I'm about to try something like that again, but really want to understand what is happening here. There were no changes to the OPNSense box to trigger an issues. I have shutdown my main server around the same time to do some hardware changes, but it's back up and running fine (I can't access it over the network, but it is serving up my apps and reverse proxy just fine - see above).

Any ideas from the brains trust, cos I'm tearing my hair out here?

Thanks for everyone's help, I managed to get this back by running opnsense-importer from the console of the live session (and the accessing the Web UI to allow console access, as suggested above). I have other issues not, but will make a new thread for that! Thanks again.

Unfortunately not... they're saved on my server which is, understandably, inaccessible. Lesson learned.

Thanks Patrick - I hate to sound like I know nothing at all, but I can't see a way to import the config of the current install from the live mode webUI. Do I need to export the config.xml from the console first (mount the existing zfs drive, export to an external USB, then load that into the web console)? or is there an easier way I'm missing?

Okay... after a few more attempts, using 24.7, 25.1 and 25.7 I find that if I import the existing config, it also stops at the welcome screen with no login prompt. If I let it run through without importing the config, I get a prompt. Everything loads the same each time (config seems to import fine), I just don't get a login prompt after the "Welcome..." message.

Any ideas for getting this thing back on its feet with my current config?

I have tried plugging a laptop (Windows 11) directly into the OPNsense box - while it seems to get an IP address, I just get a time out trying to connect to the IP address of the OPNsense box.

Is there a way to do this during the live boot etc (i.e. keyboard and monitor)? I can't have this hooked up to the network while I have it looked up to the monitor/keyboard.

HP T620+ with a dual NIC (Intel). Been running very solid for a few years now. Currently disconnected from the internet so I can have it in the office connected to a monitor (on which I'm watching the lack of a login prompt).

Hmmmm... Already running ZFS I'm pretty sure. Trying a reinstall now. Seems to run okay and import config, and I get the "Welcome! OPNsense is running in live mode..." with prompt to login as root to continue live or 'installer' to install...

But I don't get a prompt to do the log-in? I note that the welcome message come right after the same listing on ssh keys where boot stopped before.

Am I missing something here?

Opnsense was very slow so did a safe shutdown and start up, but wasn't coming online. Pulled the box from the "rack" to go start up with a monitor attached (can't get one to it on the server "rack"). When booting it seems to just stop a a little after invoking the beep script. The last thing it shows is a list of ssh keys, but it never gets to the console menu.

*facepalm*

All sorted... didn't scroll properly in the list of 'Effective Privileges'. Now found, added and all working.

Hi FingerlessGloves... thanks very much for your efforts on this.

I'm running into some issues getting this running... when I set up the user per your guide, there is no option to add 'Effective Privileges' (just edit, and only GUI based option available to select) [I'm running OPNSense 22.1.10]

I skipped ahead anyway... all good until I ran

Code Select Expand

/conf/PIAWireguard.py debug as which point i get the message

Code Select Expand

searchServer request failed non 200 status code - listing wireguard instances

I'm assuming this is why when I go to Interfaces: Assignments there is no wg0 option available.

I do note that I am successfully running Tailscale on my OPNSense (which is WireGuard based), I case this might cause issues.

Any suggestions?

Keep in mind that you can add block lists in AdGuard Home in the UI quite easily. So if you are missing anything that does not come with the default installation, you can still enable whatever list you have come to prefer.

Thanks - I was aware (have already added the Scott Black and OISD lists).

I'm back trying Adguard Home again (I had already added OISD when testing earlier)... I'm seeing it pick up on a lot of back-to-base calls (like Sensibo and Alexa), but not really anything much that looks like ads (and canyoublockit still displays ads).

Will keep playing!