Messages

@mg85 - do you really have the *legacy* options visible in your UI?

IPsec and OpenVPN in general will remain in OPNsense core, of course, as already explained by @franco.

Refer to the screenshots for what is meant with "legacy options". These should be gone if you did not install the plugin(s).

HTH,
Patrick

Apologies for the ignorance, after verifying your screenshots Patrick, it became clear to me. I was wrong, as I thought the full menu items would be removed and only return after you install relevant plugins, not that "a part of the menu items which are considered legacy" were removed in this version :).

Thanks Patrick and Franco for clarifying!

Ok, thanks!
This is a bit odd then, as I did not have any of both actively configured on my 25.1 system. In fact, no VPN at all was ever configured.
It must have been the import of the 25.1 configuration then. This I assume would be the same for others that are executing the same steps?
Can I somehow adjust the config.xml in any way or is this not advised?

Thank you Franco.
If you say "Their "[legacy]" menu entries, however, are now in the plugins.", does this mean they will only be visible once you decide to install the plugins?
Both menu options are visible next to Wireguard, and configurable on my system even without installing the plugins.
Apologies for asking again in a different way, I just want to understand whether I am mistaken in the interpretation of the explanation or whether this could maybe be a "bug" :)

Hello,

Thanks first of all for the hard work put into 25.7 - it's much appreciated and it feels rock solid!

I have a clarifying question on moving the IPSec and OpenVPN options to plug-ins.
After a fresh install of 25.7 and restoring my 25.1 configuration, I see both options still visible in the VPN menu, and can even configure them if I want to. Both options are visible also in the plugins section. I thought they would be removed from the menu unless you install them as a plugin. Or is this part of a next step?

Or... funnelling the info through JSON encode/decode makes it harder for PHP to guess if it should return an object or string... :) So you were on 23.1.4 then.


Cheers,
Franco

Yep - I was on 23.1.4 :)
I'm glad that you have found a solution so quickly. I guess this somehow will roll up into 23.1.6?

Hi Franco, thanks a lot for your swift response! Here's the output of the command:

Code Select Expand

[
    {
        "description": {},
        "id": {},
        "pidfile": "/var/run/udpbroadcastrelay_1.pid",
        "configd": {
            "restart": [
                "udpbroadcastrelay restart 1"
            ],
            "start": [
                "udpbroadcastrelay start 1"
            ],
            "stop": [
                "udpbroadcastrelay stop 1"
            ]
        },
        "name": "udpbroadcastrelay",
        "status": "udpbroadcastrelay[1] is running as pid 21360."
    },
    {
        "description": {},
        "id": {},
        "pidfile": "/var/run/udpbroadcastrelay_2.pid",
        "configd": {
            "restart": [
                "udpbroadcastrelay restart 2"
            ],
            "start": [
                "udpbroadcastrelay start 2"
            ],
            "stop": [
                "udpbroadcastrelay stop 2"
            ]
        },
        "name": "udpbroadcastrelay",
        "status": "udpbroadcastrelay[2] is running as pid 22969."
    }
]


The patch fixed it :) - thanks for your hard work!

Hi,

I have just updated to 23.1.5, and found out that the dashboard is no longer populating the daemon names for udpbroadcastrelay. On my firewall, I have two configured: One for mDNS and one for SSDP.
They are listed under the Services panel on the dashboard.
I now notice that:

- The name for the SSDP daemon is blank
- The mDNS daemon is not at all visible (but is started and does work, since I can connect to devices over mdns)

See screenshots for some more details.
I expect this to be a bug in the latest release. Hopefully someone can jump on this at a convenient time.
Functionality is working, this is just a visual glitch.
@Franco let me know in case you need some further logs to troubleshoot :)

Hello all,

My ISP provides me with IPv6, which I have configured on the firewall (DHCPv6 on WAN and 'Track Interface' on the LAN interfaces I want to use IPv6 on). All works well.

I am using NAT redirect to forward all DNS requests to the firewall.
On the interfaces I have configured pass rules for DNS.
Under NAT settings, I have created two rules:
- one that intercepts all IPv4 traffic and forwards to 127.0.0.1
- one that does the same for IPv6 and forwards to ::1

What I do notice however is that some sites are displaying ads.
In an IPv4-only configuration, the same site is free of ads.

I am suspecting something in my configuration (my hunch is the NAT v6 rule..) is allowing some ads to bypass DNSBL.
Hopefully someone is able to think along in troubleshooting this.

The quick solution was to disable IPv6, although that's not my ultimate goal :)

When performing a clean install of OPNsense, selecting ZFS as partition layout I receive a message indicating the pool name is in use. It asks me to go ahead using the existing one (zroot), but instead it refers to 'xzroot'. I want to clean out the whole partition table and start from scratch (basically formatting as if it was a new disk).

Is there any way I can do this during the installation process?

Hi all,

I managed to fix this by upgrading to 22.7.3.

Spoke a little too soon. Issue still there.
I have installed 22.7 fresh and restored my backup. Rebooted the firewall, then the modem, gateway comes up as well as connectivity (Unbound is auto-restarting as well I see on the dashboard).

This would confirm a bug slipped into 22.7.1 or .2, causing what I notice.
In case anyone else has a setup with cable modem in bridge mode, serving DHCP WAN, would you mind giving this a try to see if you're facing the same?

I will raise a bug on GitHub in the meantime. First have to set myself up there.

Ok, so I have found the solution after doing some tests.
I have installed 22.7 and restored my configuration. I was able to replicate the behavior.
This made me think, as this did not occur when I initially did a fresh 22.7 install with a restore of the configuration.
I compared an older 22.1 backup with this one, and what I found out, is that the "gateway" section was completely empty (I did not go into that section in the GUI after all, so quite strange?). I copied over the entry from the 22.1 backup, restored and tested. Now the problem is gone :).

Perhaps this was just a coincidence, and not a bug as such.
Happy to report this as "solved" now.

Many thanks to the OPNsense team for their great and hard work :)

No. It looks to be happening since the 22.7 update. Will have to test with 22.1 and a backup to confirm.

I'm wonder if your issue is related to another problem I've seen.  When it happens again, go into SYSTEM:GATEWAYS:SINGLE.

Press Edit on your WAN, make NO changes, and then press save.

Thank you for the tip. I've just tried that, and this does not work (this fixed an issue I had while running pfSense before though and restoring from scratch using the xml approach).

When pulling the cable from the WAN interface I can replay the situation.
- After reconnecting, the gateway shows as online again.
- Restarting Unbound does not have any positive effect.
- I do reject leases from 192.168.100.1 on the wan interface to prevent the cable modem from temporarily handing out an own dhcp lease.
- I have also disabled gateway monitoring

Here's the log from System > Log Files > General (if that is of help):

2022-08-27T09:05:07    Error    opnsense     /usr/local/etc/rc.routing_configure: The WAN_DHCP monitor address is empty   skipping.
2022-08-27T09:05:07    Error    opnsense     /usr/local/etc/rc.routing_configure: ROUTING: keeping current default gateway 'x.x.x.x'   
2022-08-27T09:05:07    Error    opnsense     /usr/local/etc/rc.routing_configure: ROUTING: setting IPv4 default route to x.x.x.x   
2022-08-27T09:05:07    Error    opnsense     /usr/local/etc/rc.routing_configure: ROUTING: IPv4 default gateway set to wan   
2022-08-27T09:05:07    Error    opnsense     /usr/local/etc/rc.routing_configure: ROUTING: entering configure using defaults   
2022-08-27T09:05:07    Error    opnsense     /usr/local/etc/rc.newwanip: The WAN_DHCP monitor address is empty   skipping.
2022-08-27T09:05:07    Error    opnsense     /usr/local/etc/rc.newwanip: ROUTING: keeping current default gateway 'x.x.x.x'   
2022-08-27T09:05:07    Error    opnsense     /usr/local/etc/rc.newwanip: ROUTING: setting IPv4 default route to x.x.x.x   
2022-08-27T09:05:07    Error    opnsense     /usr/local/etc/rc.newwanip: ROUTING: IPv4 default gateway set to wan   
2022-08-27T09:05:07    Error    opnsense     /usr/local/etc/rc.newwanip: ROUTING: entering configure using 'wan'   
2022-08-27T09:05:06    Error    opnsense     /usr/local/etc/rc.newwanip: On (IP address: x.x.x.x) (interface: WAN[wan]) (real interface: igb1).   
2022-08-27T09:05:06    Error    opnsense     /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'igb1'   
2022-08-27T09:05:04    Error    php     /usr/local/etc/rc.bootup: Resyncing OpenVPN instances.   
2022-08-27T09:05:01    Error    php     /usr/local/etc/rc.bootup: The WAN_DHCP monitor address is empty   skipping.
2022-08-27T09:04:58    Error    php     /usr/local/etc/rc.bootup: ROUTING: keeping current default gateway 'x.x.x.x'   
2022-08-27T09:04:58    Error    php     /usr/local/etc/rc.bootup: ROUTING: setting IPv4 default route to x.x.x.x   
2022-08-27T09:04:58    Error    php     /usr/local/etc/rc.bootup: ROUTING: IPv4 default gateway set to wan   
2022-08-27T09:04:58    Error    php     /usr/local/etc/rc.bootup: ROUTING: entering configure using defaults   
2022-08-27T09:04:57    Error    opnsense     /usr/local/etc/rc.newwanip: IP renewal deferred during boot on 'igb1'   
2022-08-27T09:03:16    Error    opnsense     /usr/local/etc/rc.newwanip: On (IP address: x.x.x.x) (interface: WAN[wan]) (real interface: igb1).   
2022-08-27T09:03:16    Error    opnsense     /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'igb1'   
2022-08-27T09:03:16    Error    opnsense     /usr/local/etc/rc.configure_interface: ROUTING: keeping current default gateway 'x.x.x.x'   
2022-08-27T09:03:16    Error    opnsense     /usr/local/etc/rc.configure_interface: ROUTING: setting IPv4 default route to x.x.x.x   
2022-08-27T09:03:16    Error    opnsense     /usr/local/etc/rc.configure_interface: ROUTING: IPv4 default gateway set to wan   
2022-08-27T09:03:16    Error    opnsense     /usr/local/etc/rc.configure_interface: ROUTING: entering configure using 'wan'   
2022-08-27T09:03:09    Error    opnsense     /status_interfaces.php: Clearing states for stale wan route on igb1   
2022-08-27T09:03:08    Critical    dhclient     exiting.   
2022-08-27T09:03:08    Error    dhclient     connection closed   
2022-08-27T09:00:16    Error    opnsense     /system_gateways.php: The WAN_DHCP monitor address is empty   skipping.
2022-08-27T09:00:16    Error    opnsense     /system_gateways.php: ROUTING: keeping current default gateway 'x.x.x.x'   
2022-08-27T09:00:16    Error    opnsense     /system_gateways.php: ROUTING: setting IPv4 default route to x.x.x.x   
2022-08-27T09:00:16    Error    opnsense     /system_gateways.php: ROUTING: IPv4 default gateway set to wan   
2022-08-27T09:00:16    Error    opnsense     /system_gateways.php: ROUTING: entering configure using defaults   
2022-08-27T08:59:31    Error    opnsense     /usr/local/etc/rc.newwanip: On (IP address: x.x.x.x) (interface: WAN[wan]) (real interface: igb1).   
2022-08-27T08:59:31    Error    opnsense     /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'igb1'   
2022-08-27T08:59:30    Error    opnsense     /usr/local/etc/rc.linkup: ROUTING: keeping current default gateway 'x.x.x.x'   
2022-08-27T08:59:30    Error    opnsense     /usr/local/etc/rc.linkup: ROUTING: setting IPv4 default route to x.x.x.x   
2022-08-27T08:59:30    Error    opnsense     /usr/local/etc/rc.linkup: ROUTING: IPv4 default gateway set to wan   
2022-08-27T08:59:30    Error    opnsense     /usr/local/etc/rc.linkup: ROUTING: entering configure using 'wan'   
2022-08-27T08:59:30    Error    opnsense     /usr/local/etc/rc.linkup: DEVD: Ethernet attached event for dynamic wan(igb1)   
2022-08-27T08:58:54    Error    opnsense     /usr/local/etc/rc.linkup: Clearing states for stale wan route on igb1   
2022-08-27T08:58:54    Critical    dhclient     exiting.   
2022-08-27T08:58:54    Error    dhclient     connection closed   
2022-08-27T08:58:54    Error    opnsense     /usr/local/etc/rc.linkup: DEVD: Ethernet detached event for dynamic wan(igb1)   

Hi!

I used the search function to find possible related topics, but was not able to find any.
I'm noticing quite a strange behaviour after updating to 22.7. Maybe others can guide me in the right direction of solving this.
Whenever I reboot my cable modem (in bridge mode), the firewall loses connectivity once the modem comes up again.
This wasn't a problem before, so I am expecting this to possibly be software related. No cables are changed, neither the public WAN IP or the configuration.

The interfaces (WAN) and gateways are showing as 'online' and 'green'.
After rebooting the firewall as well, everything is fine again.

I am looking for pointers on where to start troubleshooting to fix this (our cable modem is quirky every now and then and requires a reboot to be revived :))