Messages

Ideas:

* Submit improvements to the code.
* Submit feature requests to the issue tracker.
* Use the NUT package without the GUI for full customization.


Cheers,
Franco

I went for point 3 only because I have no idea how to contribute to the code
I tried expressing myself in the point 2 but I am not sure I did it properly

ultimatelly I changed the IP
since I have plenty of VMs and physical hosts that are dependent on OPNsense I did it in few steps:
1- created virtual IP: 192.168.1.254/24 pointing to interface, where my initial 192.168.1.1 was
2- changed on every host (with manual IP settings) IP of DNS from hardcoded 192.168.1.1 to hardcoded: 192.168.VLAN.1 - this way hosts that are on VLAN 10 don't use directly IP of DNS on the 1.x interface but according to their VLAN so i.e.:
192.168.10.1 for vlan 10
192.168.30.1 for vlan 30
etc
and:
192.168.1.254 for hosts that have no vlan - also for these hosts I had to change default gw from 192.168.1.1 to 192.168.1.254
3- in the Services/DHCP I removed IP of DNS so every interface announces its own IP ad DNS IP
4- rebooted everything all was working, changed the IP of interface from 1.1 to 1.254 and removed virtual IP.

So far no issues.
But truth be told it was not 1 minute job. Maybe because my configuration was like that or maybe because I am not an expert.
Anyway, thanks all for encouragement.

it looks like I succeeded - thank you again
with small caviat: to get disks temperature I, the command:

Code Select Expand

smartctl -a /dev/ada1 | grep Temperat | awk '{ print $10 }'
requires root priviledges so I did not get it yet how to. But for CPU/ACPI the user telegraf is enough to get the data (without and with fan installed):

thank you @cookiemonster, I shall try, I think I know how to ;-)

i know i know...i could use vlan or openvpn to avoid all this but i don't want my cell phone being a part of the network even temporarily to check the ip camera feeds. thx

while others help you with port forwarding (which is btw quite easy on OPNsense) I will tell you what I did with my cameras:
1- (of course) for all my IoT devices I have separate VLAN: 30
2- LAN ports on managed switch and SSID for IoT connect them directly to this VLAN
3- and now some rules on this VLAN:
- allow DNS
- allow all to reach my Home Assistant IP on another VLAN
- block everything else
4- this way all IoTs are exposed to Home Assistant that includes cameras - if I want to see what is going on I use remote access to my HA and while I am at home I can connect to the camera as well
5- checking the firwall logs, the IoT devices are SCREAMING all the time: LET ME CONNECT TO MY HOME SERVER!!! usually it is in China. And cameras are top 3 with that screem.

I hope you got what I wanted to say ;-)

I am using Tailscale on OPNsense for some time I did not notice such issue - strange

hi there,

I am trying to figure out if I need a fan or not but one thing that does not help me is: the cpu temperatures shown in the report on GUI are not showing trends - only the status at this particular moment:



Is there any way to have it exported on regular basis?
I tried Monit and Telegraf but it seems this information is not there.
Any other way?

thx

I have done this for an internal Opnsense router, assigning its management LAN port 10.a.b.1 rather than 192.168.1.1. I found the least error path was to plan the assignments then do it in initial setup.

that is obviously true - if you start properly then the rest is easier

Me too. In theory you can also edit the backed up config file with the changes needed, then load this from VGA or SSH.

I have checked where in config is the current IP of the router

Code Select Expand

grep 192.168.1.1 opnsense-config-20240411_011301.xml  and it seems the only places are:
1- LAN settings (obviously) for VLAN 1:

Code Select Expand

    <lan>
      <if>igc1</if>
      <descr>Servers_1</descr>
      <enable>1</enable>
      <lock>1</lock>
      <spoofmac/>
      <ipaddr>192.168.1.1</ipaddr>
      <subnet>24</subnet>
    </lan>

2- DNS settings for all interfaces:

Code Select Expand

    <dnsserver>192.168.1.1</dnsserver>
      <dnsserver>192.168.1.1</dnsserver>
      <dnsserver>192.168.1.1</dnsserver>
      <dnsserver>192.168.1.1</dnsserver>
      <dnsserver>192.168.1.1</dnsserver>
      <dnsserver>192.168.1.1</dnsserver>

3- some rules allowing to connect to DNS for all VLANs:

Code Select Expand

            <content>192.168.1.1</content>
            <content>192.168.1.1</content>


So, in theory, if I just edited this backup file - changing the IP fro current to new -  load it and pray a bit, I should have it restarted with new IP address of the router and all interfaces (DNS) and rules also updated.
Then, on each host that is NOT using DHCP I shall change the DNS only - default gateway for every host is its interface IP so for VLAN 10 it is 192.168.10.1 etc.

I might give a try this way ;-)

right, to go further I use even another machine where my UPS is connected to, that works as nut server
all other machines work as clients
but even client (each client) requires some customisation
and on TrueNAS the customisation option is a bit higher than on OPNsense
good example is: if one of the clients is a Proxmox machine, I will give this machine much more time to shutdown than the other machine that is pure firewall or so

hi Patrick,

I spent some time and described everything last month here:

https://github.com/opnsense/plugins/issues/3855

thank you Patrick
but the GUI for the pluging is very limitted with the configuration

ok, thank you, I hear you both
when I mentioned "many" I meant: openwrt and dd-wrt default settings of their firmware
but also of the ISP routers
I have few r7800 and other WAPs that I repurposed to be only dumb wireless access points
but whenever I play with them and as consequence I need to... reset them to the default (as of course playing is playing) I need to disconnect them from the switch, bring close to my laptop, login, change IP to the proper one and reconnect again

but we moved to the less important part of my post - why to change the IP
my main question was: is my procedure mentioned in my post proper to change the OPNsense IP or anything missing there?

thank you both

Hi there,

As probably lots of OPNsense users I set up the IP to be 192.168.1.1/24
Consecutively all VLANs I set to be 192.168.VLAN.1/24 (so 10,30,100, etc)
As of now I don't have any device in subnet 192.168.1.0/24 except the OPNsense itself - not sure if this is good or bad but that is how it is.

Now, the issue: lots of network devices come with default IP being 192.168.1.1
That means I cannot attach them to my network - I need to first reconfigure them offline and only once I gave them proper address I can attach them to my network.

So I am thinking loudly: let me change IP of OPNsense to i.e. 192.168.1.254/24 or even less obvious address: 192.168.1.199/24

Now, questions:
1- where do I have to change the IP:
- System/Settings/General/DNS (from GUI)  or
- Set Interface IP address from CLI
2- once this is done, OPNsense will be accessible for routing with new IP - I understand that all machines that are connected to this OPNsense (actually my entire network) have to have new DNS IP (I am using Unbound on OPNsense) and that would be all - all use the default gateway as per their segment so i.e. 192.168.VLAN.1

Is my thinking correct?
Is the sequence correct?
Am I missing anything?

thx

hi,

I started using UPS and enabled the plugin on Opnsense
I am able to configure it to my needs (/usr/local/etc/nut/...) but the changes in any file don't survire neither reboot nor even disable/enable the Service

example is:

Code Select Expand

POWERDOWNFLAG /etc/killpower
- with this statement Opnsense sends signal to UPS to turn it off - that behaviour migth not be desired
the config files are taken from templates that are here:
/usr/local/opnsense/service/templates/OPNsense/Nut/
but modifying these files does not help as per description:

Code Select Expand

cat /usr/local/opnsense/service/templates/OPNsense/Nut/upsmon.conf
# Please don't modify this file as your changes might be overwritten with
# the next update.

is there any mean to change this behaviour?
as a workaround I added a script that runs on restart and it changes the conf file but that is dirty solution

thank you

Thank you for the script
I just realised that the path changed while backup plugin got incorporated