1
24.7 Production Series / FR: Bring Back Photo Widget on Dashboard
« on: August 16, 2024, 12:05:54 am »
Minor feature request, however I really would like the ability to add the photo/picture widget back onto the new dashboard please. 
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
2
Web Proxy Filtering and Caching / Setting Up LANCache + Unbound
« on: August 30, 2023, 03:56:22 pm »
I currently have OPNsense setup with Unbound, and all devices on the network use it. I want all the devices to connect directly to the firewall IP for DNS. I have a few VLANs, and port 53 is forwarded locally for all so they can reach DNS (correct me if there is a more secure way of doing that).
Now I want to setup LANCache, likely in Promox.
I do not want to have to have the computers connect to LANcache as their DNS. I want them to connect to opnsense as they currently are. But have LANcache work in the background alongside Unbound if that makes sense.
Basically I want all devices to point to 192.168.1.1 (firewall) for DNS, but if they are downloading something LANcache supports, LANcache feeds them that data.
How would I set this up ideally?
Now I want to setup LANCache, likely in Promox.
I do not want to have to have the computers connect to LANcache as their DNS. I want them to connect to opnsense as they currently are. But have LANcache work in the background alongside Unbound if that makes sense.
Basically I want all devices to point to 192.168.1.1 (firewall) for DNS, but if they are downloading something LANcache supports, LANcache feeds them that data.
How would I set this up ideally?
3
Web Proxy Filtering and Caching / Is Squid Needed If Using Unbound?
« on: August 15, 2023, 11:51:53 pm »
My network is basically a few VLANs (family VLAN, my vlan, guest vlan)
And I run Unbound on OPNsense. That acts as the DNS server, all devices point to it. (Which I do have a question, is this type of DNS considered an "Authoritative DNS Server?" The 2 confuse me still.
Anyways, I read about Squid, and how it can cache stuff and speed up things.
I am curious, my drive in my system is about 500gb. So OPNsense is using barely anything of it. Should I install Squid? Or does Unbound have these capabilities?
I see there are some settings about Caching in Unbound > Advance. Not sure if changing these numbers would be beneficial.
Not that stuff is slow, but more speed is always better lol
And I run Unbound on OPNsense. That acts as the DNS server, all devices point to it. (Which I do have a question, is this type of DNS considered an "Authoritative DNS Server?" The 2 confuse me still.
Anyways, I read about Squid, and how it can cache stuff and speed up things.
I am curious, my drive in my system is about 500gb. So OPNsense is using barely anything of it. Should I install Squid? Or does Unbound have these capabilities?
I see there are some settings about Caching in Unbound > Advance. Not sure if changing these numbers would be beneficial.
Not that stuff is slow, but more speed is always better lol
4
23.1 Legacy Series / Re: how To Add Secondary SSD
« on: March 07, 2023, 11:40:38 pm »
..also for clarification I will never come close to even using 100gb (nevermind the 250-512gb which the drives are) so size should not be an issue.
I think I'm only using 2.2GB/452 on my current drive haha
I think I'm only using 2.2GB/452 on my current drive haha
5
23.1 Legacy Series / Re: how To Add Secondary SSD
« on: March 07, 2023, 11:38:03 pm »
Hey so just getting around to trying this.
Sounds good, my new drive is also going to be ada0.
However when running
Can you please help clarify how to safely proceed. Thanks.
Here is the disk layout
Sounds good, my new drive is also going to be ada0.
However when running
Code: [Select]
gpart backup ada1 | gpart restore -F ada0I run into a Code: [Select]
gpart: size '983025664' invalid argument error. I assume this is because the new drive is smaller in size, so the partition sizes won't match.Can you please help clarify how to safely proceed. Thanks.
Here is the disk layout
Code: [Select]
# geom disk list
Geom name: ada0 (new second disk adding in)
Providers:
1. Name: ada0
Mediasize: 250059350016 (233G)
Sectorsize: 512
Mode: r0w0e0
descr: SanDisk SDSSDH3 250G
lunid: 5001b448b243e95c
ident: 230206A0004C
rotationrate: 0
fwsectors: 63
fwheads: 16
Geom name: ada1 (original disk)
Providers:
1. Name: ada1
Mediasize: 512110190592 (477G)
Sectorsize: 512
Mode: r1w1e2
descr: SanDisk SDSSDH3 512G
lunid: 5001b448ba4679ef
ident: 21120U801225
rotationrate: 0
fwsectors: 63
fwheads: 16
6
23.1 Legacy Series / how To Add Secondary SSD
« on: February 23, 2023, 07:26:39 pm »
I am looking to add a second SSD.
Upon first install, I installed using ZFS on a single SSD.
I recently acquired another SSD and I wanted to mirror it. I know it's an option on first install.
I am looking to avoid needing to backup, and fresh install.
How can I add it in, without fresh installing?
Upon first install, I installed using ZFS on a single SSD.
I recently acquired another SSD and I wanted to mirror it. I know it's an option on first install.
I am looking to avoid needing to backup, and fresh install.
How can I add it in, without fresh installing?
7
23.1 Legacy Series / Re: Unbound DNSBL Not Working? Fatal Python Error?
« on: February 23, 2023, 07:24:52 pm »
Ok so I believe I got this working.
I had to uncheck all my lists in blocklist, and then apply. Then re-enable the lists I want and apply.
Nslookup now shows they are resolving to 0.0.0.0 as expected (before they were actually resolving, not being blocked).
It also now shows rhe count in the new Unbound stats page.
However, after my last update it broke again, and I had to disable each list ,apply, then reenable them.
Not sure why but its working again.
Seems like some bug.
I had to uncheck all my lists in blocklist, and then apply. Then re-enable the lists I want and apply.
Nslookup now shows they are resolving to 0.0.0.0 as expected (before they were actually resolving, not being blocked).
It also now shows rhe count in the new Unbound stats page.
However, after my last update it broke again, and I had to disable each list ,apply, then reenable them.
Not sure why but its working again.
Seems like some bug.
8
23.1 Legacy Series / Unbound DNSBL Not Working? Fatal Python Error?
« on: February 08, 2023, 02:39:32 pm »
So I want to preface this with the note that I cannot confirm this is a result of upgrading to 23.1. I did not test this beforehand. However it is not major enough of an issue to make me want to deal with flashing back. But it is major enough where I really want to try to fix it.
I do say I feel like I have always had issues with unbound blocklist in the past not working, and I remember I've tried doing resolves with some of the domains in the lists, and I think they always resolved depsite forcing unbound as my dns on all my devices, and even trying resolving directly from the opnsense shell. Nothing is using DoT/DoH. So I'm questioning now if it ever really even worked.
Anyways the issue is, it seems like the blocklists are just not working. I first noticed this with the new statistics, where it shows "Size of Blocklist" as "0". Despite having multiple blocklists selected in Unbound > Blocklists (and yes it's enabled and I've tried rebooting the service and firewall).
For example: https://blocklistproject.github.io/Lists/tracking.txt
Tried resolving from my computer:
And then also tried it directly in firewall shell:
So I looked a bit further and ran
Not sure if that is a major or related issue. Also not sure where to go from here.
I want to avoid breaking my config, and I'd like to avoid a fresh install.
Figured I'd try the forums with people who are significantly more experience with opnsense and this stuff in general than me.
I do say I feel like I have always had issues with unbound blocklist in the past not working, and I remember I've tried doing resolves with some of the domains in the lists, and I think they always resolved depsite forcing unbound as my dns on all my devices, and even trying resolving directly from the opnsense shell. Nothing is using DoT/DoH. So I'm questioning now if it ever really even worked.
Anyways the issue is, it seems like the blocklists are just not working. I first noticed this with the new statistics, where it shows "Size of Blocklist" as "0". Despite having multiple blocklists selected in Unbound > Blocklists (and yes it's enabled and I've tried rebooting the service and firewall).
For example: https://blocklistproject.github.io/Lists/tracking.txt
Tried resolving from my computer:
Code: [Select]
nslookup 1000mercis.com
Server: firewallhostname
Address: myfirewallip
Non-authoritative answer:
Name: 1000mercis.com
Addresses: 64:ff9b::5396:f484
83.150.244.132And then also tried it directly in firewall shell:
Code: [Select]
nslookup 1000mercis.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: 1000mercis.com
Address: 83.150.244.132
Name: 1000mercis.com
Address: 64:ff9b::5396:f484So I looked a bit further and ran
Code: [Select]
unbound -d -vv -c unbound.confand it prints the following: Code: [Select]
[1675862429] unbound[40886:0] debug: setup SSL certificates
[1675862429] unbound[40886:0] debug: switching log to syslog
Could not find platform independent libraries <prefix>
Could not find platform dependent libraries <exec_prefix>
Consider setting $PYTHONHOME to <prefix>[:<exec_prefix>]
Python path configuration:
PYTHONHOME = (not set)
PYTHONPATH = (not set)
program name = 'unbound'
isolated = 0
environment = 1
user site = 1
import site = 0
sys._base_executable = ''
sys.base_prefix = '/usr/local'
sys.base_exec_prefix = '/usr/local'
sys.platlibdir = 'lib'
sys.executable = ''
sys.prefix = '/usr/local'
sys.exec_prefix = '/usr/local'
sys.path = [
'/usr/local/lib/python39.zip',
'/usr/local/lib/python3.9',
'/usr/local/lib/lib-dynload',
]
Fatal Python error: init_fs_encoding: failed to get the Python codec of the filesystem encoding
Python runtime state: core initialized
ModuleNotFoundError: No module named 'encodings'
Current thread 0x0000000801412000 (most recent call first):
<no Python frame>
Not sure if that is a major or related issue. Also not sure where to go from here.
I want to avoid breaking my config, and I'd like to avoid a fresh install.
Figured I'd try the forums with people who are significantly more experience with opnsense and this stuff in general than me.
9
22.7 Legacy Series / Re: Installing (Not Enabling) Keeps Crashing Server and I Have No Internet Now
« on: August 28, 2022, 08:14:25 pm »
Ok final revelation because I am completely unsure of where to go from here on out with diagnosis.
So i just tested the internet on my family vlan on my brothers computer, and it seems to be working without issue.
it seems to be potentially vlan related. I cannot ping my desktop rom even the firewall, despite being on the same vlan.
I can however ping google from the firewall.
i can't ping the firewall from my desktop.
Usually it says in the shell "web interface can be reached at X ip"
I noticed it doesn't say that.
I do see sums for HTTPS.
Also It looks like all the interface ips are set correctly.
I know I have the web ui set to only listen on my vlan not my families, so it probably is something relating to that. It partially makes sense why I can't ping around my vlan, and also can't reach the web ui if it's a vlan issue.
But I fail to see why this issue occured, and I fail to see what the actual issue is.
I don't understand why the restore didn't resolve the issue either, seeing that was a period where the firewall was working without issue.
I don't know how to further diagnose this issue and really need to get this internet back up.
So i just tested the internet on my family vlan on my brothers computer, and it seems to be working without issue.
it seems to be potentially vlan related. I cannot ping my desktop rom even the firewall, despite being on the same vlan.
I can however ping google from the firewall.
i can't ping the firewall from my desktop.
Usually it says in the shell "web interface can be reached at X ip"
I noticed it doesn't say that.
I do see sums for HTTPS.
Also It looks like all the interface ips are set correctly.
I know I have the web ui set to only listen on my vlan not my families, so it probably is something relating to that. It partially makes sense why I can't ping around my vlan, and also can't reach the web ui if it's a vlan issue.
But I fail to see why this issue occured, and I fail to see what the actual issue is.
I don't understand why the restore didn't resolve the issue either, seeing that was a period where the firewall was working without issue.
I don't know how to further diagnose this issue and really need to get this internet back up.
10
22.7 Legacy Series / Re: Installing (Not Enabling) Keeps Crashing Server and I Have No Internet Now
« on: August 28, 2022, 07:33:14 pm »
Ok so, I was able to delete it with os-sunnyvalley.
Also I didn't realize it made automatic backups. So I restored a backup from the 14th when the system was working no issues.
I hit yes to reboot for clean config, and then when finished it was STILL giving the same issue. So I rebooted once more, I could access the web gui and ping the server for a few seconds and then it went responsive again!
This makes no sense to me, all I did was install a package. And even after reverting to a backup created in a working period, it is still giving the same exact issue.
Also I didn't realize it made automatic backups. So I restored a backup from the 14th when the system was working no issues.
I hit yes to reboot for clean config, and then when finished it was STILL giving the same issue. So I rebooted once more, I could access the web gui and ping the server for a few seconds and then it went responsive again!
This makes no sense to me, all I did was install a package. And even after reverting to a backup created in a working period, it is still giving the same exact issue.
11
22.7 Legacy Series / Re: Installing (Not Enabling) Keeps Crashing Server and I Have No Internet Now
« on: August 28, 2022, 06:26:04 pm »
I see it under pkg info, I can search it with pkg search sunny
but I can't pkg delete or pkg install it without it saying it can't find it. I don't understand.
It still doesn't make sense to me that just installing the package would cause this issue.
but I can't pkg delete or pkg install it without it saying it can't find it. I don't understand.
It still doesn't make sense to me that just installing the package would cause this issue.
12
22.7 Legacy Series / Re: Installing (Not Enabling) Keeps Crashing Server and I Have No Internet Now
« on: August 28, 2022, 06:15:38 pm »
Ok I was able to login to the web ui fast enough to enable the root user, before it crashed again but I can login to shell via root now!
I tried pkg delete sunnyvalley-1.2_2 and it just says packages requested for removal: 0 locked, 1 missing.
I looked in pkg info and I see it there, but the beginning part of my screen is cutoff on the monitor so maybe I'm missing something before it?
I tried pkg delete sunnyvalley-1.2_2 and it just says packages requested for removal: 0 locked, 1 missing.
I looked in pkg info and I see it there, but the beginning part of my screen is cutoff on the monitor so maybe I'm missing something before it?
13
22.7 Legacy Series / Installing (Not Enabling) Keeps Crashing Server and I Have No Internet Now
« on: August 28, 2022, 06:00:48 pm »
So, I was in the webgui under plugins and went to install Sensei. It installed, I didn't see it in the services list, so I logged out and back in. Still didn't see it, as I was clicking through menus the web ui just crashed. Internet stopped working, can't ping anything from my client, not even the server.
If I reboot the server, everything works for about a 20seconds and then all crashes again and becomes unresponsive.
I didn't even enable it yet, I doubt it starts in an enabled state so Idk what is going on but I have zero internet and limited time.
Stupid me didn't make a recent backup, I was wondering if anyone had any ideas, and yes I learned my lesson.
I CAN get in via shell, not ssh. In shell I login to my user, and try to delete the package and hope that fixes. I get a user is not in the sudoers file error. Well I disabled root user via web interface, and this user has no issues managing stuff in the web ui. I gave it wheel/root access when I did it so idk wtf to do.
Not sure if deleting it will even fix it so idk. I'm not sure why this even happened but I'm so lost and can't find anything when searching.
If I reboot the server, everything works for about a 20seconds and then all crashes again and becomes unresponsive.
I didn't even enable it yet, I doubt it starts in an enabled state so Idk what is going on but I have zero internet and limited time.
Stupid me didn't make a recent backup, I was wondering if anyone had any ideas, and yes I learned my lesson.
I CAN get in via shell, not ssh. In shell I login to my user, and try to delete the package and hope that fixes. I get a user is not in the sudoers file error. Well I disabled root user via web interface, and this user has no issues managing stuff in the web ui. I gave it wheel/root access when I did it so idk wtf to do.
Not sure if deleting it will even fix it so idk. I'm not sure why this even happened but I'm so lost and can't find anything when searching.
14
Tutorials and FAQs / Redirection Page For Unbound Blocklist?
« on: August 10, 2022, 04:06:02 pm »
Is there a way to setup a simple custom HTML+CSS page to display, when clients visit a website that is blocked by Unbound's Blocklist? And ideally have it display which blocklist it is blocked from.
15
Tutorials and FAQs / How to Read and Unblock/Block With Unbound?
« on: August 10, 2022, 04:03:57 pm »
How do you properly read the Unbound logs to determine sites that are blocked, and are passed?
It looks like there is no way to filter between the two which sucks.
And as for the syntax for whitelisting/blacklisting, how do I make a catch all for a domain?
For example if I wanted to whitelist all of facebook would facebook.com/* not work?
Or all of a website with domains like 1.amazon.com 2.amazon.com something like *.amazon.com/* ?
Not exactly familiar with regex, so a simple cheatsheet would be nice. I don't plan on doing anything crazy but I can not seem to figure it out.
It looks like there is no way to filter between the two which sucks.
And as for the syntax for whitelisting/blacklisting, how do I make a catch all for a domain?
For example if I wanted to whitelist all of facebook would facebook.com/* not work?
Or all of a website with domains like 1.amazon.com 2.amazon.com something like *.amazon.com/* ?
Not exactly familiar with regex, so a simple cheatsheet would be nice. I don't plan on doing anything crazy but I can not seem to figure it out.
Pages: [1] 2