Messages

1

24.7 Production Series / PSA: Graylog now has built-in support for OPNsense log parsing

« on: November 09, 2024, 07:52:01 pm »

The latest version of Graylog now includes support for OPNsense log parsing. No need to maintain custom code for parsing and best of all it is available in the Open community version: https://go2docs.graylog.org/illuminate-current/what_is_illuminate/graylog_illuminate.html

The only downside I've found is that it is labeled as "pfsense" 

2

24.7 Production Series / Re: OK to Update from 23.7.12 to 24.1

« on: October 23, 2024, 07:53:07 pm »

AdGuardHome works fine under that version. Check Services->AdGuard Home->General and confirm whether you need to check "Primary DNS." You need to check it if AdGuardHome runs on port 53.

3

24.7 Production Series / Re: Charts Showing UTC

« on: October 13, 2024, 06:11:57 pm »

Reporting->Health shows local time for me (24.7.6.).

4

24.7 Production Series / Re: Set DNS server to use with Kea DHCP service

« on: October 12, 2024, 05:23:47 pm »

If it makes you feel any better, I ran into the same problem when I switched to Kea. I got lucky and read the solution in a long general thread about Kea. Kea has been working great for me.

5

24.7 Production Series / Re: Firewall Live View no longer tags Outbound NAT as rdr since 24.7.6

« on: October 12, 2024, 05:02:31 pm »

I think what is happening is that NAT redirects are no longer being tagged with an action of RDR. I see them in my logs but they have an action of Pass. I checked my logs and the last day I had an RDR action was on October 8, the day before 10.7.6 was released.

6

24.7 Production Series / Re: Set DNS server to use with Kea DHCP service

« on: October 11, 2024, 11:45:25 pm »

Kea->Subnets (select the one you want to edit)->uncheck the "Auto collect option data" field. You will now see the individual fields you can customize. I agree the label could be worded better.

7

24.7 Production Series / Re: Stuck at update 24.7.6 (no more)

« on: October 09, 2024, 07:07:52 pm »

The good news is that the Crowdsec issue is fixed going forward: https://github.com/opnsense/plugins/issues/4262

8

24.7 Production Series / Re: have you updated your os-cpu-microcode for your select processor?

« on: September 15, 2024, 06:38:23 pm »

Yes, on my Protectli FW4B with Intel Celeron J3160. No problems.

9

24.7 Production Series / Re: Health Reporting Broke Again with The 24.7.3 update

« on: August 29, 2024, 07:02:06 pm »

We've all been there 

10

24.7 Production Series / Re: Health Reporting Broke Again with The 24.7.3 update

« on: August 29, 2024, 06:15:07 pm »

The data points in the table screenshot are 0 and correspond to the first part of the graph which is also showing 0. Is the table showing 0s for the later timestamps that correspond to the time period with data in the graph?

11

24.7 Production Series / Re: NUT problem

« on: August 26, 2024, 05:16:58 pm »

Yes, but are you trying to run as a NUT client or a server? Did you select the right setting from the drop down under UPS Type? Look at the screenshot in the link I sent you. It's not an obvious dropdown field (it's a triangle next to the UPS Type text). If you are running as a NUT client, you have to select netclient. If you are running as a server, you have to pick the right driver. This will add the required configuration fields to the UPS Type tab.

12

24.7 Production Series / Re: NUT problem

« on: August 24, 2024, 04:13:39 am »

You need to pick the right setting from the dropdown menu. It’s really easy to miss but it is a triangle under the UPS tab. See the screenshot below step 2:
https://docs.opnsense.org/manual/how-tos/nut.html

13

24.7 Production Series / Re: KEA Not respecting reservations during lease time

« on: August 15, 2024, 09:41:05 pm »

That might explain why OPNsense doesn't generate an error message when a static reservation uses an IP address that is part of a pool. Perhaps the functionality to select how KEA should handle in-pool/out-of-pool reservations is coming to the OPNsense GUI. Though an error message would still be needed when an address is in conflict with the setting.

14

24.7 Production Series / Re: Setup Guest Network with Unifi APs

« on: August 14, 2024, 08:00:54 pm »

Thanks for the additional information. I didn't realize that everything was working correctly when you disable the captive portal in Unifi. Nice work getting it this far. It makes sense that you would not have access to the WAN from the guest network when you can't reach the captive portal. I've never used the captive portal but it would seem like a pre-authorization allowance is needed in the Unifi settings to access the OPNsense router/Unifi plugin itself. Otherwise the WAPs won't allow their clients to get an IP address/DNS/display the portal login. Assuming that works, you may want to remove the post-authorization restrictions and enforce them in the firewall (e.g., you may want to allow access to local printers or airplay/chromecast to local TVs, etc.). For example, if you want to restrict the guest VLAN to just WAN access, you can create a firewall alias that contains local subnets and then add an inverted firewall rule (i.e., allow if destination address is not your local subnet alias).

VLANs are super cool and open up a lot of possibilities. My core network VLAN uses AdGuard for DNS to block ads and WPA3 for security, my Guest VLAN uses Cloudflare DNS (shows ads) and uses WPA2 (compatible with older devices), and my IP cameras are on a VLAN with no Internet access.

This is a great guide to configuring OPNsense with VLANs (ignore the VPN steps if you don't need that): https://schnerring.net/blog/opnsense-baseline-guide-with-vpn-guest-and-vlan-support/#access

15

24.7 Production Series / Re: Setup Guest Network with Unifi APs

« on: August 14, 2024, 02:53:51 pm »

How did you confirm your DNS service is "reachable" on VLAN 20? Did you set a PVID on your switch for port 1 and 4 (I'm not sure how your switch handles native traffic)?