Messages

Man, finding a config guide for upnp is complicated. A lot of posts about upnp and some generic words are used but no explanation of how to do them.

So when the thread says

> 2) setup is "deny default" and I've added and "allow" for my statically assigned gaming computer

Deny Default is an obvious setting in the upnp settings page, so I got that. However, how do you go about allowing certain devices and ports? Is this a firewall rule or something else? Where would I put this rule. I already attempted NAT->PORT FORWARD to no avail.

No idea what I did but kept messing with settings and all the sudden it appeared. So this is no longer an issue but I can't provide how I fixed it :/

I'm not following what to do here. Attaching some more screenshots to help people understand my predicament.

I'm actively using the firewall - so i'm using regular ethernet (not the sfp+ ports) and they are assigned to WAN and LAN.

Still can't find a way to add a VLAN

Well I doxed myself in the images so I removed them.

1. On the Interfaces->Overview screen I have nothing.
2. On Assignments, I have LAN and WAN assigned to the respective regular ethernet port (not using SFP at the moment)
3. Still can't see any parent devices in VLAN screen

I picked up this guy to replace my Zimaboard that has run opnsense for the last 2 years. It was a great 2 years but needed a bit more power to run ZenArmor.

So I have the device installed and running opnsense and instead of restoring from backup, I decided to manually reconfigure it with all that I've learned in 2 years of opnsense.

However, when creating my cameras VLAN (tagged on Aruba InstantOn switch), I'm having an issue.

When I go to Interfaces->Other Types->VLAN and select "Add" there is nothing in the Parent interface dropdown. The help says it will only show compatible interfaces. Does anyone know why this device wouldn't have compatible interfaces? https://www.aliexpress.us/item/3256807092245353.html?gatewayAdapt=glo2usa4itemAdapt


"New 12th Gen Firewall Mini PC Intel i3 N305 N100 Soft Router 2x10G SFP+ 2xi226-V 2.5G NVMe 2xHD DDR5 MiniPC NAS Server Proxmox"

I've had a similar issue with Verizon and outgoing calls over "wifi calling." I have yet to find any setting I can change to make it work, but this has persisted for a very long time and isn't new in 24.7 for me. Responding to see what the resolution is here to see if it works for my issue as well!

Well, I ended up going down a quick rabbit hole to enable adguard and I think it resolved my issue above. I followed this guide:

https://forum.opnsense.org/index.php?topic=22162.msg146626#msg146626

The only thing I could NOT follow is leaving DNS blank on both GENERAL and the LAN interface. I had to put 192.168.1.1, not sure why these instrucitons say to leave it blank? I have Adguard running on 192.168.1.1:53; any idea why it says to leave all the DNS servers blank in OPNSENSE? Seems odd and I'd like to understand why my setup doesn't work wehn I follow this guide, but everyone else seems to have no issue.

I'm using it as a home DIY hobbiest and it's worked fine for a long time, but I've never been able to get mydomain to work.

Let's take an example and see if anyone can see where I'm going wrong:

1. I own myname.com and it's a registered domain name
2. Under Systems-Settings->General: I have the hostname set to OpnSense and domain is mydomain.com
3. I'm using OpnSense for DNS, so in this exact same screen I have DNS set to 1.1.1.1
4. Under Services->DHCPv4->[LAN] (base network): I have DNS currently set to 1.1.1.1 (when I tried this before, my internet went out and to force DNS to start resolving, I changed this from 192.168.1.1 (OPNSENSE) to 1.1.1.1 to keep the family from screaming too long. I'm assuming this should be set to 192.168.1.1?
5. In this same settings page, "Domain Name" is lan and "Domain Search List" is lan. Should this be mydomain.com? I don't know if I did this, or it came out of the box this way. Should these maybe be blank?
6. DNSMasq is enabled, set to DHCP Registration: True and Prefer DHCP: Resolve DHCP Mappings First
7. Unbound DNS is disabled

My long term goal is to get adguard home working but Im' trying to resolve one problem at a time. I had PiHole working but could never get this hostname issue resolved, so now I'm trying to go back to default and get the hostname issue resolved before moving forward with anything else.

Well I wrote a long post and somehow lost it on submission. While I was on vacation I was able to use the wizard to get the VPN working. It seemed to all be going decent and then all the sudden I noticed viscosity kept disconnecting and reconnecting.

I didn't think much of it and thought it was actually a Wi-Fi issue with the house I was in and not the actual VPN. But then while connected all the sudden my entire router went down and it took down the entire internet of my house. There was nothing I could do to bring it back up I had no way in or out until I returned home 3 days later.

So I just got home took a look at the logs and I'm assuming I can figure something wrong somewhere and caused some sort of crash.

So 2 questions:
1. I took these screenshots of what seems to be the most prevalent errors. https://imgur.com/a/fHL1EXr any idea what I did to cause this?
2. I have it loaded on a ZimaBoard using the onboard 16gb of storage and the dashboard is showing only 2gb of storage remaining. Can I do something to purge logs or something the keep it from running out of space? Could this be contributing to the issue?

I'm using this board and it has been pretty good so far. However I'm here because while on vacation it stopped responding and a simple reboot brought it back to life. I don't know why. The first thing I can see is the onboard memory is full and that might be causing it. Probably need a ssd or something configured differently.

Dang, wish the wizard was more clear from the outset, but I got it working with this! Thank you. Still have some kinks to work out but generally its connected on both my mobile phone and my laptop, so that's great!

I'm in vacation and trying to get my new OpnSense server configured for OpenVPN. I have acess via a server with TeamViewer install that's on my local  So I've gone through the guide twice fully and rebuilt everything after feeling more confident where I might've gone wrong.

Guide I'm referencing and happy to propose doc modifications, if I can figure out where I went wrong: https://docs.opnsense.org/manual/how-tos/sslvpn_client.html

I'm able to connect with my user ID using  MFA but then I can't access internet through the VPN or any of my LAN servers.

A few parts of the guide don't line up to the most recent interface but most of it did.

1. In the provided screenshots for the firewall rules on WAN and OpenVPN it isn't clear what order to put them in. I have a bunch of default rules in two folders. By default, it out both of the rules below the folders. I cannot figure out if that might be causing the issue? I'm using a vanilla install with almost no customization at the moment.
2. The page that seems to have the most variation to the guide is the OpenVPN server configuration.  Here is recommended configuration on that page above:
(Sorry for below formatting, in my cell but will fix when I can. Format is setting {line return} configuration recommendation.
Description

My SSL VPN Server

Server Mode

Remote Access (SSL/TLS + User Auth)

Backend for authentication

TOTP VPN Access Server

Protocol

UDP

Device Mode

tun

Interface

WAN

Local port

1194

TLS Authentication

Leave both on enabled (checked)

Peer Certificate Revocation List

N/A

Server Certificate

SSLVPN Server Certificate (CA: SSL VPN CA)

DH Parameters Length

4096 bit

Encryption algorithm

AES-256-CBC (256-bit key, 128-bit block)

Auth Digest Algorithm

SHA512 (512-bit)

Certificate Depth

One (Client+Server)

IPv4 Tunnel Network

10.10.0.0/24

IPv6 Tunnel Network

Leave Empty

Redirect Gateway

Leave Unchecked

IPv4 Local Network/s

192.168.1.0/24

IPv6 Local Network/s

Leave Empty

IPv4 Remote Network/s

Leave Empty

IPv6 Remote Network/s

Leave Empty

Concurrent connections

Leave Empty

Compression

Enabled with Adaptive Compression

Type-of-Service

Leave Unchecked

Duplicate Connections

Leave Unchecked

Disable IPv6

Checked

Dynamic IP

Leave Unchecked

Address Pool

Leave Checked

Topology

Leave Unchecked

DNS Default Domain

Leave Unchecked

DNS Servers

Leave Unchecked

Force DNS cache update

Leave Unchecked

NTP Servers

Leave Unchecked

NetBIOS Options

Leave Unchecked

Client Management Port

Leave Unchecked

Renegotiate time

0

1. No option to disable ipv6
2. Compression recommendation doesn't match directly any available setting