Messages

1

Hardware and Performance / Re: About performance

« on: October 31, 2024, 11:34:15 pm »

Hi @opnfwb

Question on threads vs cores.

netstat -Q displays Thread count and the documentation refers to cores, I have a 4 core 8 thread system so I set the net.inet.rss.bits = 3 is that correct?

Normally the OS sees a thread as a core/vcore, but I wanted to make sure.

Results from my netstat -Q show Thread count as 8 so I presume it's correct?

thanks

2

Documentation and Translation / Re: AdGuard Home setup guide

« on: October 23, 2024, 01:33:04 pm »

I use unbound for reverse DNS and if ADGuard fails it's a quick change to get it working as the primary until I can fix ADGuard.  Tbh though that's only happened once.

3

24.7 Production Series / User with read only or monitor capabilities

« on: October 18, 2024, 07:16:40 am »

Hi Everyone

I've been unable to locate any info on this, so I'm hoping someone can assist.

I'm trying to create a read only / Monitor user for the OpnSense Console and I'm unable to determine the permissions required with the new dashboard.
Currently I've created a new group and assigned the following permissions:
GUI   Lobby: Dashboard
GUI   Dashboard: ET Pro Telemetry widget
GUI   Diagnostics: Logs: Firewall: Live View
GUI   Reporting: Traffic
GUI   Status: Interfaces
GUI   Status: Services
GUI   System: Status
GUI   VPN: WireGuard

The problem is that the traffic graph isn't displaying any graph although the values do keep changing and the user is able to stop and start services, which I don't want.
changing Theme's also hasn't helped.

Any suggestions / guidance would be appreciated

thanks

4

24.7 Production Series / Re: 24.7.5 Running about 10 degrees hotter

« on: September 28, 2024, 01:02:45 pm »

thanks

5

24.7 Production Series / 24.7.5 Running about 10 degrees hotter

« on: September 28, 2024, 12:07:39 pm »

Hi Team

Not sure if anyone else is experiening this, but 24.7.5 is running about 10 degrees C hotter than the previous version which was already up on version 23.

Is there any fix for this on the horizon?

I'm running on bare metal hardware.

thanks for your continued efforts.

6

24.7 Production Series / WAN Connection Drop on renew or new DHCP IP address

« on: September 28, 2024, 03:00:46 am »

Hello Everyone,

I hope someone can assist me here as I am out of idea's.

Last week I moved from 1 ISP to another, both have GCNAT, which I opted out of as I need to use wireguard and a public IP occassionally.  During the migration I did not change any config's only disconnected and reconnected the WAN port.

What I am finding now is that occassionally, when the public IP renews (sometimes they give me a new one and sometimes I keep the same one) the internet connection drops and I have to reset the WAN port to enable internet access again, unless I wait more than 5 minutes. 
ISP says simple DHCP is required, no special settings required. 

My WAN config is Default config, block private networks and Bogon networks are enabled, Dynamic gateway policy is enabled, Override MTU is enabled.  Everything else is Default on the interface.

I am seeing some strange entries in the logs during the renewal period, if anyone has any idea's how to fix this I'd be grateful.  I"m inclined to believe it's the ISP's issue, but I know they will probably blame the firewall, so if there is anything I can do to fix the issue, I'd appreciate some ideas.

Here are the logs (I've removed the 1st 2 octets of the IP addresses for obvious reasons but they are identical):

10am

2024-09-27T10:55:53   Critical   dhclient   exiting.   
2024-09-27T10:55:53   Error   dhclient   connection closed   
2024-09-27T10:55:52   Notice   configctl   event @ 1727398552.10 exec: system event config_changed response: OK   
2024-09-27T10:55:52   Notice   configctl   event @ 1727398552.10 msg: Sep 27 10:55:52 OPNsense.home.arpa config[72880]: config-event: new_config /conf/backup/config-1727398552.0829.xml   
2024-09-27T10:49:54   Notice   kernel   [fib_algo] inet.0 (radix4_lockless#18232) rebuild_fd_flm: table rebuild failed   
2024-09-27T10:49:54   Notice   kernel   [fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=38   
2024-09-27T10:49:07   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip_map (execute task : vxlan_configure_do())   
2024-09-27T10:49:07   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip_map (execute task : openssh_configure_do(,wan))   
2024-09-27T10:49:07   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip_map (execute task : dhcrelay_configure_map(,wan,inet))   
2024-09-27T10:49:07   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip_map (,wan,inet)   
2024-09-27T10:49:07   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : wireguard_sync(,wan))   
2024-09-27T10:49:07   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : webgui_configure_do(,wan))   
2024-09-27T10:49:05   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : unbound_configure_do(,wan))   
2024-09-27T10:49:05   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : opendns_configure_do())   
2024-09-27T10:49:05   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : ntpd_configure_do())   
2024-09-27T10:49:05   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : dnsmasq_configure_do())   
2024-09-27T10:49:05   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip (,wan)   
2024-09-27T10:49:05   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure vpn (execute task : wireguard_configure_do(,wan))   
2024-09-27T10:49:05   Notice   opnsense   /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN.   
2024-09-27T10:49:05   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure vpn (execute task : openvpn_configure_do(,wan))   
2024-09-27T10:49:05   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure vpn (execute task : ipsec_configure_do(,wan))   
2024-09-27T10:49:05   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure vpn (,wan)   
2024-09-27T10:49:05   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure vpn_map (,wan,inet)   
2024-09-27T10:49:05   Notice   opnsense   /usr/local/etc/rc.newwanip: IP address change detected, killing states of old ip xxx.xxx.130.83   
2024-09-27T10:49:04   Notice   kernel   [fib_algo] inet.0 (radix4_lockless#18232) rebuild_fd: sync rebuild failed   
2024-09-27T10:49:04   Notice   kernel   [fib_algo] inet.0 (radix4_lockless#18232) rebuild_fd_flm: table rebuild failed   
2024-09-27T10:49:04   Notice   kernel   [fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=37   
2024-09-27T10:49:04   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure monitor (execute task : dpinger_configure_do(,WAN_DHCP))   
2024-09-27T10:49:04   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure monitor (,WAN_DHCP)   
2024-09-27T10:49:04   Notice   opnsense   /usr/local/etc/rc.newwanip: ROUTING: setting inet default route to xxx.xxx.128.1   
2024-09-27T10:49:04   Notice   opnsense   /usr/local/etc/rc.newwanip: ROUTING: configuring inet default gateway on wan   
2024-09-27T10:49:04   Notice   opnsense   /usr/local/etc/rc.newwanip: ROUTING: entering configure using 'wan'   
2024-09-27T10:49:04   Notice   opnsense   /usr/local/etc/rc.newwanip: IP renewal starting (new: xxx.xxx.129.35, old: xxx.xxx.130.83, interface: wan, device: igc0, force: yes)

11:57
2024-09-27T23:57:31   Notice   opnsense   /interfaces.php: ROUTING: entering configure using defaults   
2024-09-27T23:57:31   Critical   dhclient   exiting.   
2024-09-27T23:57:31   Error   dhclient   connection closed   
2024-09-27T23:57:30   Notice   configctl   event @ 1727445449.77 exec: system event config_changed response: OK   
2024-09-27T23:57:30   Notice   configctl   event @ 1727445449.77 msg: Sep 27 23:57:29 OPNsense.home.arpa config[86860]: config-event: new_config /conf/backup/config-1727445449.7582.xml   
2024-09-27T23:49:26   Notice   kernel   [fib_algo] inet.0 (radix4_lockless#20762) rebuild_fd_flm: table rebuild failed   
2024-09-27T23:49:26   Notice   kernel   [fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=31   
2024-09-27T23:48:41   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip_map (execute task : vxlan_configure_do())   
2024-09-27T23:48:41   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip_map (execute task : openssh_configure_do(,wan))   
2024-09-27T23:48:41   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip_map (execute task : dhcrelay_configure_map(,wan,inet))   
2024-09-27T23:48:41   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip_map (,wan,inet)   
2024-09-27T23:48:41   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : wireguard_sync(,wan))   
2024-09-27T23:48:41   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : webgui_configure_do(,wan))   
2024-09-27T23:48:39   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : unbound_configure_do(,wan))   
2024-09-27T23:48:39   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : opendns_configure_do())   
2024-09-27T23:48:39   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : ntpd_configure_do())   
2024-09-27T23:48:39   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip (execute task : dnsmasq_configure_do())   
2024-09-27T23:48:39   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure newwanip (,wan)   
2024-09-27T23:48:39   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure vpn (execute task : wireguard_configure_do(,wan))   
2024-09-27T23:48:39   Notice   opnsense   /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN.   
2024-09-27T23:48:39   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure vpn (execute task : openvpn_configure_do(,wan))   
2024-09-27T23:48:39   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure vpn (execute task : ipsec_configure_do(,wan))   
2024-09-27T23:48:39   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure vpn (,wan)   
2024-09-27T23:48:39   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure vpn_map (,wan,inet)   
2024-09-27T23:48:39   Notice   opnsense   /usr/local/etc/rc.newwanip: IP address change detected, killing states of old ip xxx.xxx.129.35   
2024-09-27T23:48:38   Notice   kernel   [fib_algo] inet.0 (radix4_lockless#20762) rebuild_fd: sync rebuild failed   
2024-09-27T23:48:38   Notice   kernel   [fib_algo] inet.0 (radix4_lockless#20762) rebuild_fd_flm: table rebuild failed   
2024-09-27T23:48:38   Notice   kernel   [fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=30   
2024-09-27T23:48:38   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure monitor (execute task : dpinger_configure_do(,WAN_DHCP))   
2024-09-27T23:48:38   Notice   opnsense   /usr/local/etc/rc.newwanip: plugins_configure monitor (,WAN_DHCP)   
2024-09-27T23:48:38   Notice   opnsense   /usr/local/etc/rc.newwanip: ROUTING: setting inet default route to xxx.xxx.128.1   
2024-09-27T23:48:38   Notice   opnsense   /usr/local/etc/rc.newwanip: ROUTING: configuring inet default gateway on wan   
2024-09-27T23:48:38   Notice   opnsense   /usr/local/etc/rc.newwanip: ROUTING: entering configure using 'wan'   
2024-09-27T23:48:38   Notice   opnsense   /usr/local/etc/rc.newwanip: IP renewal starting (new: xxx.xxx.128.138, old: xxx.xxx.129.35, interface: wan, device: igc0, force: yes)   
2024-09-27T23:48:37   Notice   kernel   [fib_algo] inet.0 (radix4_lockless#20762) rebuild_fd: sync rebuild failed   
2024-09-27T23:48:37   Notice   kernel   [fib_algo] inet.0 (radix4_lockless#20762) rebuild_fd_flm: table rebuild failed

Thanks for your time

7

General Discussion / Re: Connection Drops - how to monitor

« on: September 24, 2024, 11:23:26 am »

thanks for your reply,

I am connected directly the physical connection

Will I find this information under diagnistics for the WAN interface?

thanks

8

General Discussion / Connection Drops - how to monitor

« on: September 24, 2024, 10:31:03 am »

Hi everyone

I hope someone can help me, I'm pretty sure my provider is dropping my connection every so often, but I don't know how to find proof that it's happening. 
Does anyone know where Opnsense would log a connection loss/drop?

thanks so much

9

24.7 Production Series / upgrade to 24.7.4 worked perfectly

« on: September 13, 2024, 08:00:35 am »

thanks team, the upgrade to 24.7.4 went smoothly no issues on barebones hardware.
Having a snapshot to fall back to made it less stressful.

Great work.

10

24.7 Production Series / Re: 24.7.2 Dashboard Memory Usage causing a crash

« on: August 27, 2024, 01:41:39 am »

thanks for the feedback Franco, you guys are doing an excellent job

11

24.7 Production Series / Re: 24.7.2 Dashboard Memory Usage causing a crash

« on: August 25, 2024, 12:16:37 pm »

Hi, I have tried Firefox, but it won't display anything, not sure why, this wasn't a problem on 24.1 so thought I'd report it.

12

24.7 Production Series / 24.7.2 Dashboard Memory Usage causing a crash

« on: August 25, 2024, 11:46:16 am »

Hi

Not sure if anyone else has had this problem, I've been using a RaspberryPi 4 with 4GB Ram for more than a year to run a console for Opnsense on an old monitor.  What I've been finding with the new release, 24.7 is that the chrome browser crashes every so often and when investigating, I've found that the memory usage keeps climbing until the browser crashes.  It takes about 6-7 hours.

Has anyone else had this or found a possible solution?

thanks

13

24.7 Production Series / Firewall Live Log Flashing

« on: August 20, 2024, 08:55:37 am »

HI

I wonder if anyone can help me?  I've updated to 24.7.1 and configured the console as much as possible how I used to like it in 24.1.  The problem I'm having is that I have a spare pc monitoring the firewall and unfortunately the firewall log flashes white every few seconds when refreshing on all themes except for the OpnSense theme.
I use a dark theme so it isn't too intrusive, but the constant flashing is disturbing.

Has anyone found a way to change the flashing colour or is there some other fix that can be applied?

thanks in advance.

14

24.7 Production Series / Re: DNS/Adguard Home broken in 24.7 (release candidate)

« on: August 20, 2024, 05:43:58 am »

Thanks, I had the same issue this morning after a subsequent reboot and the solution below worked for me

OP here.

Here we go again: One reboot later, Adguard fails to start (and thus does CrowdSec). 

I can't seem to find proper logs, but trying to start Adguard manually (via sudo) throws the following "fatal" error:

Code: [Select]

% sudo ./AdGuardHome
2024/08/01 23:44:03.973473 [info] AdGuard Home, version v0.107.45
2024/08/01 23:44:03.977454 [info] tls: using default ciphers
2024/08/01 23:44:03.978383 [info] safesearch default: disabled
2024/08/01 23:44:03.981912 [info] Initializing auth module: /usr/local/AdGuardHome/data/sessions.db
2024/08/01 23:44:03.981975 [info] auth: initialized.  users:1  sessions:0
2024/08/01 23:44:03.982085 [info] tls: number of certs: 2
2024/08/01 23:44:03.982098 [info] tls: got an intermediate cert
2024/08/01 23:44:04.004956 [info] web: initializing
2024/08/01 23:44:04.005215 [fatal] filtering: filtering: unknown blocked-service "yy"
Also, the "opnsense-revert" patch to bring back the telemetry widget did not survice the reboot. (!)

Looks very much like a repeat of this 2023 problem: https://forum.opnsense.org/index.php?topic=35251.0

Yep.

SOLUTION: edit your AdGuardHome.yaml and remove the offensive service - in my case "yy", see above.

Location: /usr/local/AdGuardHome/AdGuardHome.yaml

Code: [Select]

% sudo nano /usr/local/AdGuardHome/AdGuardHome.yaml


15

Virtual private networks / Re: Wireguard won't work unless reset of Bogon network

« on: August 09, 2024, 08:19:29 am »

OK, I eventually discovered the cause of this, my bad.

I didn't have a local fw policy rule allowing access to the local subnet address for DNS. 
I had a rule excluding access to all subnets except the Wireguard subnet

I've since fixed this and it's working.

P.S. if it isn't working check DNS