1
24.7 Production Series / Re: Minor UI Issue - cannot add widgets when using vicuna theme
« on: July 26, 2024, 05:40:38 pm »
After clearing cache, etc., in MS Edge, the drop-down issue with vicuna seems to be fixed.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
24.7 Production Series / Re: Minor UI Issue - cannot add widgets when using vicuna theme
« on: July 26, 2024, 05:32:57 pm »
Might be browser-related...I tend to use MS Edge/Chrome and only MS Edge appears to have this issue (vicuna works fine in Chrome). Can't select anything in the add-widget drop-down on MS Edge, when vicuna is used as the theme. I did recently update Vicuna, but the problem still persists within Edge. Other themes are working fine, as far as the Add-Widget drop-down is concerned.
3
24.7 Production Series / Minor UI Issue - cannot add widgets when using vicuna theme
« on: July 26, 2024, 03:45:24 pm »
When selecting "add widget" from the main dashboard with the vicuna theme, the widgets fall behind the "add widget" window so nothing can be selected. Changing the theme is a quick and easy workaround. Not sure if anyone else reported, definitely nitpicky.
4
General Discussion / Using 3 DNS servers in Services > DHCP
« on: May 22, 2024, 06:05:12 pm »
So the web GUI within OPNsense only has input for up to 2 DNS servers. I have a tertiary DNS that I'd like to send out to all clients on my LAN but am unsure of how to go about it.
I found an older post that mentioned using hexadecimal numbers in "Additional Options" using "6" as the number and type "String", using a concatenated hex string for the 3 DNS IP's in the Value field, then leaving the DNS servers "blank" in the GUI. I've found that this doesn't work...after an ipconfig /renew on one of my Windows clients, the OPNsense router's IP is given out as the DNS server instead of the 3 IP's converted over to hex. Any additional suggestions? Thanks.
I found an older post that mentioned using hexadecimal numbers in "Additional Options" using "6" as the number and type "String", using a concatenated hex string for the 3 DNS IP's in the Value field, then leaving the DNS servers "blank" in the GUI. I've found that this doesn't work...after an ipconfig /renew on one of my Windows clients, the OPNsense router's IP is given out as the DNS server instead of the 3 IP's converted over to hex. Any additional suggestions? Thanks.
5
24.1 Legacy Series / Re: 24.1 - Interface Statistics no longer updating in real-time in Web GUI
« on: February 01, 2024, 06:09:47 pm »
Thanks Franco. Can also confirm that patch works. Updated the interface_statistics.widget.php file.
6
24.1 Legacy Series / 24.1 - Interface Statistics no longer updating in real-time in Web GUI
« on: February 01, 2024, 03:26:47 pm »
Anyone else notice this issue? The Interface Statistics widget no longer updates in real-time unless the entire page is refreshed.
7
23.1 Legacy Series / Re: Multi WAN related issue possibly bug
« on: February 27, 2023, 05:09:56 am »
I've observed the same behavior with multi-WAN, which is what I currently have on my own setup. Occasionally I see the arpresolve messages on my console, but it's not frequent. All I know is that it seems to happen more often after an initial config, or following an update, then it settles down and becomes more intermittent/sparse after OPNsense has had a few days of uptime.
I was itching to resolve this as you are currently...but after researching the arpresolve "failed to allocate llinfo on <wan interface>" for days, I found overall that it probably wasn't worth any further concern. Seems that the arpresolve behavior has been around for several years (on pfSense as well) and it relates to anything from NIC driver issues to WAN flapping. In my case, it doesn't seem to coincide with connectivity or performance issues, it seems to be related to one WAN interface attempting to resolve something on the other WAN interface (something related to dpinger), and vice-versa. Also, what may resolve this issue for some users doesn't work for others.
I was itching to resolve this as you are currently...but after researching the arpresolve "failed to allocate llinfo on <wan interface>" for days, I found overall that it probably wasn't worth any further concern. Seems that the arpresolve behavior has been around for several years (on pfSense as well) and it relates to anything from NIC driver issues to WAN flapping. In my case, it doesn't seem to coincide with connectivity or performance issues, it seems to be related to one WAN interface attempting to resolve something on the other WAN interface (something related to dpinger), and vice-versa. Also, what may resolve this issue for some users doesn't work for others.
8
23.1 Legacy Series / Re: Multi WAN related issue possibly bug
« on: February 25, 2023, 05:55:26 pm »
What IP's are you using for gateway monitoring? Check Systems > Gateways > Single - generally it's recommended that you use a public DNS IP for monitoring, such as 1.1.1.1. Each gateway needs a different IP assigned, so your 2nd WAN could have 1.0.0.1 for example.
In System > Settings > General what are you using as your DNS servers assigned to each Gateway? The DNS IP's should match up with what you used for each gateway for gateway monitoring.
I see the arpresolve: can't allocate llinfo for <WAN IP> as well, but from my experience they're usually benign and WAN access is working fine from both gateways. The arpresolve messages will generally pop up if there are brief instances of packet loss on either gateway, which does happen occasionally.
Also try rebooting your OPNsense device to see if that helps cut down and/or eliminate the llinfo messages. Sometimes my OPNsense appliance will go a few days without any of those arpresolve messages, other times they seem to occur more frequently.
In System > Settings > General what are you using as your DNS servers assigned to each Gateway? The DNS IP's should match up with what you used for each gateway for gateway monitoring.
I see the arpresolve: can't allocate llinfo for <WAN IP> as well, but from my experience they're usually benign and WAN access is working fine from both gateways. The arpresolve messages will generally pop up if there are brief instances of packet loss on either gateway, which does happen occasionally.
Also try rebooting your OPNsense device to see if that helps cut down and/or eliminate the llinfo messages. Sometimes my OPNsense appliance will go a few days without any of those arpresolve messages, other times they seem to occur more frequently.
9
23.1 Legacy Series / Re: Migrating to a new OPNsense appliance
« on: February 21, 2023, 04:42:07 am »The instructions in this article worked perfectly for me. I moved to different hardware and switching from 1Gbps to 2.5Gbps interfaces with different names as well as locations for WAN, etc. This article lays out what to look for when making changes. Highly recommend reviewing it.
https://homenetworkguy.com/how-to/migrate-opnsense-to-new-hardware/
Great link! I ended up following some of it, some config I did from scratch. Fortunately my setup wasn't terribly complex. Once I physically swapped the appliances, I had to spend an hour or so finishing off the config when the new device was live and connected to the WANs. One thing that drove me nuts for awhile was a typo in one of my port forwarding rules that kept redirecting all web traffic on my LAN to an internal web server...turned out I was forwarding all port 80 and 443 traffic to an internal web server on the LAN/WAN, instead of just the WAN. I ended up figuring out the problem after disabling reflection for port forwards, then it quickly became obvious. Good thing I use a custom https port for OPNsense.
10
23.1 Legacy Series / Re: Migrating to a new OPNsense appliance
« on: February 17, 2023, 03:53:45 pm »
Appreciate the tips!
Since I have both appliances running side-by-side right now, with my new appliance having a temporary IP, I have been re-doing the config from scratch on the new device. Problem is certain things can't be done until I actually swap the appliances out, because I can't create Gateway groups, etc. until the new appliance is actually connected to the cable modem/network terminals in order to get WAN connections online. I have been able to reconfigure DHCP static entries and port forwarding rules however on the new appliance without problems, as well as creating aliases for certain devices that I force out through my primary WAN (I just use those devices' MAC addresses and alias them).
Another challenge will be the LAGG config...I have 3 LAGG'd ports used between the appliance/managed switch...won't be able to flip those over on the new device until I swap it out with the older one.
Since I have both appliances running side-by-side right now, with my new appliance having a temporary IP, I have been re-doing the config from scratch on the new device. Problem is certain things can't be done until I actually swap the appliances out, because I can't create Gateway groups, etc. until the new appliance is actually connected to the cable modem/network terminals in order to get WAN connections online. I have been able to reconfigure DHCP static entries and port forwarding rules however on the new appliance without problems, as well as creating aliases for certain devices that I force out through my primary WAN (I just use those devices' MAC addresses and alias them).
Another challenge will be the LAGG config...I have 3 LAGG'd ports used between the appliance/managed switch...won't be able to flip those over on the new device until I swap it out with the older one.
11
23.1 Legacy Series / Migrating to a new OPNsense appliance
« on: February 17, 2023, 02:14:42 am »
I plan on migrating to a new Mini PC appliance for running OPNsense as my primary firewall/router. I have a fairly simple setup overall, but do have quite a few static mappings, some port forwarding rules, as well as a multi-wan configuration on my current appliance. The new appliance has a couple of extra NICs, a better CPU, more RAM/NVMe SSD space, etc.
Current OPNsense appliance is running 23.1.1-amd64, new appliance will run the same version. Right now I have both devices up and running, but there's only so much I can configure on the new device without causing conflicts since the devices are both on the same network (can't enable DHCP on the new device yet for obvious reasons).
Short of taking screenshots from my current appliance and reconfiguring the new one from scratch, which obviously will involve a chunk of time, is there an easy way to pull some of the configuration over from the old appliance to the new once, so that I don't have to redo all of my static DHCP mappings, etc.? I understand certain configs can't be migrated over because interface names and assignments will vary from one to the other. If I could simply pull over static DHCP mappings, perhaps firewall aliases, and a few other bits of config (without doing the manual screenshot method), that would be quite helpful.
Any suggestions/recommendations appreciated as always.
Current OPNsense appliance is running 23.1.1-amd64, new appliance will run the same version. Right now I have both devices up and running, but there's only so much I can configure on the new device without causing conflicts since the devices are both on the same network (can't enable DHCP on the new device yet for obvious reasons).
Short of taking screenshots from my current appliance and reconfiguring the new one from scratch, which obviously will involve a chunk of time, is there an easy way to pull some of the configuration over from the old appliance to the new once, so that I don't have to redo all of my static DHCP mappings, etc.? I understand certain configs can't be migrated over because interface names and assignments will vary from one to the other. If I could simply pull over static DHCP mappings, perhaps firewall aliases, and a few other bits of config (without doing the manual screenshot method), that would be quite helpful.
Any suggestions/recommendations appreciated as always.
12
22.7 Legacy Series / Re: What is LAGG's impact on LAN performance - load balance protocol?
« on: January 15, 2023, 06:49:27 am »
Even though this scenario doesn't happen often, I wanted to test 2 independent speedtests running on 2 separate devices on my LAN (to the same speedtest server), forced out over a different WAN on each device, to find out if I could achieve > 1Gbps thanks to the LACP LAGG between the OPNsense router/switch. The 2 shades of red are the different WANs, downstream of nearly 1Gbps each.
Even though this isn't the best screenshot, it does demonstrate that LACP LAGG pushed the throughput out over the LAN interface to ~1.6Gbps (the tag on the screenshot was just before the crest of about 1.8Gbps), thanks to the LAGG between the router/1Gb managed switch.
Even though this isn't the best screenshot, it does demonstrate that LACP LAGG pushed the throughput out over the LAN interface to ~1.6Gbps (the tag on the screenshot was just before the crest of about 1.8Gbps), thanks to the LAGG between the router/1Gb managed switch.
13
22.7 Legacy Series / Re: Netflix - how to force over primary WAN
« on: January 07, 2023, 05:52:44 am »
Thanks @genesysguy - had a few other devices where I added this same rule on the LAN interface. Seems to do exactly what I was looking for it to do, appreciate the tip! Simple, yet effective, perfect solution!
14
22.7 Legacy Series / Netflix - how to force over primary WAN
« on: January 06, 2023, 12:15:49 am »
I've noticed occasionally Netflix hiccups over a mult-WAN connection. Streaming seems to stop on occasion, and it appears to do so when the stream switches from one WAN to another, often when starting new episodes or between shows. The Sticky connections option is enabled in the firewall, with a source tracking timeout of 3600 seconds.
What would be the best way to accomplish forcing Netflix over the primary WAN? High-level firewall suggestions appreciated. Thanks.
What would be the best way to accomplish forcing Netflix over the primary WAN? High-level firewall suggestions appreciated. Thanks.
15
22.7 Legacy Series / Re: What is LAGG's impact on LAN performance - load balance protocol?
« on: January 05, 2023, 01:03:47 am »
I dropped in the new managed switch this afternoon, finally configured the LAGG group using the LACP protocol. Things seem similar, performance-wise, to load balance mode. I hadn't experienced out-of-order packets when load balancing between OPNsense and the previous managed switch, but I'm sure load balancing is less robust compared to LACP. So far connectivity seems to be working well between the router and switch...I can run two 1Gbps downloads simultaneously over both 1Gb WANs downstream with full 1Gbps throughput to the LAN, whereas previously two large 1Gbps downloads flowing in from both WANs over one link would've undoubtedly been halved based on limitations of a single 1Gbps full duplex port (on the switch). The load balancing seems to work intelligently enough to fork those 1Gbps downloads across both WANs, then over to the switch using dedicated links. It's overkill for sure as that scenario rarely occurs on my network.