Messages

Hi Patrick,

Some constructors provide a more details stencils ( where you can pin-point to the exact port), example here on a neatgear switch :


Most of them are available on this github repo btw: https://github.com/girlpunk/VisioStencils

Dear Community,

The Deciso team confirmed me that there is no Microsoft Visio Stencil available for the OPNsense appliances.

I'm then asking the community is there is anything out there that I'm not aware of which I could use for my Visio diagram ? I guess anything with the same amount of port would do the job, (more specifically for my DEC4610 but I guess people would be happy to have the other model covered too).

Please let me (us?) know !

Hi,

I'm on 23.10.2 (business edition) and I have a strange behavior.
I was using for few weeks, a OpenVPN client on my OPNSense firewall.
Since then, I've remove all the configuration related to it (nothing left except few logs) but I still have the firewall rules for a (ghost?) "OpenVPN" interface ?!

It kinda weird as I don't have any "OpenVPN" interface anymore... Out of "safety" (more for my peace of mind) I've removed all the rules, but I still have the 15 Automatically generated rules ?!

I tried to restart the appliance, but it still there. Is there anything do to to correct this as I shouldn't see this rules/interface at all, right ?

My bad .... I paste the wrong public key to my user access  :-[

[ed25519-sk]

Hi Everyone,

I recently bought a security key (Yubikey/Nitrokey type) and create a new pair of ed25519-sk type.
I'm a bit surprised that I'm not able to use on a:

OPNsense 23.4.2-amd64
FreeBSD 13.1-RELEASE-p8
OpenSSL 1.1.1v 1 Aug 2023

When my "normal" ed25519 works perfectly.

Is there something I can do to allow such ssh key type ?

I really appreciate the answer you all gave me.

But I tried to setup a test instance, on :
Virtualbox 6.X (Windows 10)
Virtualbox 7.X (Windows 11)
ESXi (7.X)
Vagrant (on windows 11 with Vbox 7.X)

All of those, finally end-up failling.

I know my request is unusual, but still quite simple. Could any of you, if the repo & the plugin install, send me the content of the configuration file ?
Then, it could also help someone else directly who also may need it ?

Thanks in advance !

Yeah, unfortunately, I have to use Windows (11, but I tried on 10 with Virtualbox 6.X, same result)

[Edit]

I actually tried to run OPNSense 22.7 (the version I have in production) on Virtualbox 6.x & 7.x, I got a panic kernel on both case ..

I don't want to use the repo, because the author clearly stated that :

Don't use it in production environments, I only test a couple of them from time to time

Edit: I'm quite new with Vagrant but still give a try and end-up having this error about NFS :

vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
It appears your machine doesn't support NFS, or there is not an
adapter to enable NFS on this machine for Vagrant. Please verify
that `nfsd` is installed on your machine, and try again. If you're
on Windows, NFS isn't supported. If the problem persists, please
contact Vagrant support.

Thanks @mimugmail, but it's the "Elsewhere" which bother me currently, any chance to get your/the default values ?

I was looking for an alternative of ARPWatch from PFSense and I found out OPN-ARP from the community repo here https://www.routerperformance.net/opnsense-repo/ from @mimugmail.

I would like to run this script on stand-alone mode without using the REPO (as I'm productive environment), but I can't seems to find the configuration file aside the script posted here : https://gist.github.com/mimugmail/6cee79cdf97d49b1d6fc130e79dc3fa9

Is there a chance that someone using the repo can send me the content of the following file: 

Code Select Expand

/usr/local/etc/opn-arp.conf

Thanks, I'll mark the topic solved

Ok, so we made some test and indeed, using the IP is faster.

I then noticed that a "nslookup" return all the interface IP for the hostname, including the WAN (public IP) one.

I then check unbound DNS service which was listening on all interfaces, and decided to remove WAN from it.
The Public IP wasn't resolved anymore, which fix the slowness issue but still make me wonder :

Even if unbound isn't listening to WAN interface, it shoulds still resolve the IP of all interfaces, right ?

How could it be that I "remove" the WAN ip, simply by asking unbound to not listen on WAN interface ?

I'll check with them and revert, but I switch to my mobile connection (providing both v4 and v6) and I can't reproduce the issue so far.
I assume it can still be a cache issue, even though I used incognito mode.

Hi Fright,

We're still experiencing the same issue, with 3 users now.
Me : no issue
Two colleagues : Having same issue and same "Initial Connection" time at ~20sec.

We all use : Same OS, Same Browser (and tested other, without plugins installed), all using the same VPN / Client and same AV version as well.

The difference would be for them to have both IPv4/IPv6 provided by their ISP when I only have IPv4. Could this be somehow a culprit ?

I found the solution in here : https://forum.opnsense.org/index.php?topic=19327.0
I had to ONLY have a Port Forwarding rules like follow :
Interface : WAN
Protocol: UDP
Destination: 45.2.2.2 (public ip)
Destination port: 51820
Redirect target IP: 100.127.0.10 (WAN IP)
Redirect target port: 51820