Messages

1

24.1 Legacy Series / Ping monit does not work

« on: May 18, 2024, 09:53:42 pm »

I am trying to use Services \ Monit to monitor whether my two gateways are up.
So I created a Test setup which looks like this:

failed ping4 count 5 address 192.168.101.1
failed ping4 count 5 address 192.168.102.1

Unfortunately, they are failing for whatever reason ('ICMP failed').

When I put any router's (OPNsense's) IP, for example 192.168.131.1 (LAN), 192.168.101.2 (WAN),  192.168.102.2 (WAN2), 172.16.0.1 (firewall's virtual IP) - the status is 'OK' (pings are responding).

But when I change it to any IPs that is outside of the firewall machine (any internet host like 8.8.8.8 or 8.8.4.4), the gateways (192.168.101.1, 192.168.101.2) or any IPs inside my network (192.168.131.0/24)-- the status is always 'ICMP failed'

I don't understand why as all of those IPs are perfectly pingable from the OPNsense's SSH.
It does not seem to be blocked by the firewall rule either (I found nothing in the firewall logs).

The logs say something like this:

Code: [Select]

2024-05-18T21:37:49 Error monit 'Monitor_Mobile_Gateway' ping test failed
2024-05-18T21:37:49 Error monit Cannot bind to outgoing address -- Can't assign requested address
Any ideas what can be wrong there?

2

General Discussion / Re: How to delete an ACME certificate

« on: February 25, 2024, 03:45:51 pm »

click on the ... at the end and hit yes for delete

The only action behind ... is 'Reset certificate'. There is no such an item like "Delete".
Resetting does not remove it.

3

General Discussion / How to delete an ACME certificate

« on: February 24, 2024, 12:12:36 pm »

I would like to delete my obsolete certs from ACME, but I was unable to find a way to do so:


How can I do that?

4

24.1 Legacy Series / Re: acme not working anymore (since 21 Dec 2023)

« on: February 17, 2024, 05:23:56 pm »

Here is what I see in my syslog and what started in Dec 2023:



Any suggestion on how to troubleshoot would be greatly appreciated.
Marek

5

24.1 Legacy Series / Re: acme not working anymore (since 21 Dec 2023)

« on: February 17, 2024, 04:34:07 pm »

Same issue here
I can't even register any new certificate with the same challenge - I am getting the same errors.

Anybody?
Marek

6

General Discussion / Re: Problem with resolving names for internal hosts

« on: July 21, 2023, 05:44:35 pm »

I am sorry but just after posting the above question I enabled the following option:
Do not use the local DNS service as a nameserver for this system
and since then I was immediately able to ping the internal hosts from my OPNsense firewall!

Hopefully I did not break something else with it

Marek

7

General Discussion / Problem with resolving names for internal hosts

« on: July 21, 2023, 05:32:14 pm »

In my home network I have an internal DNS server hosted by Synology DSM. The latter is serving my internal DNS hosts names and is forwarding DNS queries for external hosts to Google DNS service. Simple and straightforward setup.

My DNS server IP was added to the System > Settings > General, DNS servers field in OPNsense, as well as the DHCP configuration for the LAN interface.

Everything is working great for all my devices, i.e. both internal and external host names are being resolved correctly. If the internal network names have their external equivalents (for example my www.wojtaszek.it) the name is being resolved to local IP (192.168...)

For some reason though the OPNsense server itself can't resolve my internal host names i.e. when pinging www.wojtaszek.it I am getting the public IP address (91.90.179.152), not the private one (192.168.... etc).

It worked fine for me before and at some point stopped. What do I do wrong? How can I troubleshoot that?

8

General Discussion / Re: Wireguard and local DNS lookup

« on: June 22, 2023, 10:33:43 pm »

Update: I found the fix. I had to go in my Unbound DNS settings and add an ACL to allow the Wireguard network to access DNS.  Now, I can point the client to my OPNsense system for DNS and it works. 

I have the same issue but I do not use Unbound DNS but instead I employed AdGuard to lookup for internal hosts by their dns names. I was unable to find anything like DNS in AdGuard so I am not sure how to let the WireGuard clients access the names. Any clue how to achieve that?

9

23.1 Legacy Series / Re: OPNsense memory usage

« on: May 11, 2023, 08:58:16 pm »

Do you have the QEMU Guest Agent installed? It's available as a plugin. That should enable Proxmox to communicate with the guest, iirc it will also help display correct memory usage stats.

Not really. I installed the agent on other Linux VMs but have not tried with OPNsense yet.

10

23.1 Legacy Series / Re: OPNsense memory usage

« on: May 11, 2023, 08:56:09 pm »

Code: [Select]

systat -vmstat
https://wiki.freebsd.org/Memory

https://papers.freebsd.org/2017/bsdtw/johnston-memory_management_in_freebsd_12.0/

Frankly, this is my first two weeks of my OPNsense journey, same for Proxmox, so I am still on the learning curve

The command confirmed what I see from the GUI.

Thanks buddy, that was helpful.

11

23.1 Legacy Series / OPNsense memory usage

« on: May 11, 2023, 06:20:44 pm »

I recently expanded memory for my OPNsense virtual machine hosted on Proxmox, from 2GB to 8GB. Here is what I can see in the system info:



Just about 6% of memory utilized.

And here is what Proxmox shows for the same virtual machine



Over 7GB of memory is being used!

Which one is telling me truth? Funny this is that before expanding memory the system showed less than half memory used in Proxmox for that VM.

Marek

12

General Discussion / Block list alias on internal web server

« on: May 08, 2023, 04:35:27 pm »

I created my own block list txt file and I put it on my web server hosted on my internal network (behind the NAT, but facing the internet). Then I created an alias entry in OPNsense where I entered the url to the txt file:



After saving it does not load any entries as you can see on the screenshot below:



even though there are several hundreds on the list:



The log shows that it was caused by a name resolve error:



When I ssh to opnsense and try to ping the host name it is indeed unable to resolve the name. It resolve it to the public IP not the internal private IP:



So my question is now: how to make OPNsense to resolve the name of the host to private IP/internal email address?
I tried to add it to the /etc/hosts name on OPNsense. It helps in terms of pinging the host from SSH, but the IP list is still not loaded in the alias entry...
I also tried to play with NAT reflection settings but honestly I do not feel comfortable with it yet...

Any idea how to fix that?

Marek