1
24.7 Production Series / Kernel 24.7.8 Issues
« on: November 11, 2024, 08:13:00 pm »
Kernel 24.7.8 still has issues with live logging. Nat rules still aren't showing. I reverted back to 24.7.5 until fix.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
3
24.7 Production Series / Pinning the Kernel
« on: October 27, 2024, 04:16:16 am »
How do i go about pinning the kernel so it doesn't get upgraded? Since the issues with the firewall logs still persist i would like to pin the kernel to 24.7.5 until a new one is released. This way i can do other upgrades without worrying about my firewall logs being broken.
4
24.7 Production Series / Re: firewall live view borked since update to 24.7.6
« on: October 12, 2024, 05:21:27 am »
Just saw this post i also have this issue. I posted it as well.
5
24.7 Production Series / In firewall Live View i have a entry that is blank?
« on: October 12, 2024, 05:20:37 am »
Is this normal? I have rules set on the vlan that uses the vpn but no rules set on the actuall nordvpn interface. This is through opnvpn. Screen shot attached.
6
24.7 Production Series / Re: Wan Switching
« on: October 08, 2024, 05:18:33 am »
I added this script to /usr/local/etc/rc.syshook.d/start
#!/bin/sh
#Config
primary_wan_if="igc0"
backup_wan_if="igc1"
#check if an instance is already running
otherInstance=`ps auxf | grep autoStateKill.sh | grep -v 'grep' | wc -l | tr -d ' '`
if [ ${otherInstance} -gt 2 ]; then exit 0; fi
#Do a sleep of 30 seconds at the beginning, in case script autostarts with the system
sleep 30
#Setup variables
primary_wan_gw_ip=""
backup_wan_gw_ip=""
#Get default gateway
default_gw_if=`netstat -rn | grep default | awk '{print $4}'`
default_gw_if_old=${default_gw_if}
#Inform the logging system
logger "AutoStateKill-Script: Started, default gateway is ${default_gw_if}"
#Main loop
while true; do
#get current default gateway
default_gw_if=`netstat -rn | grep default | awk '{print $4}'`
default_gw_ip=`netstat -rn | grep default | awk '{print $2}'`
case ${default_gw_if} in
"${primary_wan_if}") #primary wan interface is default gateway
primary_wan_gw_ip=${default_gw_ip};
if [ "${default_gw_if_old}" == "${backup_wan_if}" ] && [ "${backup_wan_gw_ip}" != "" ]; then #primary is up again, kill the states of the backup wan
killedStates=`/sbin/pfctl -k gateway -k ${backup_wan_gw_ip} 2> /dev/stdout`
logger "AutoStateKill-Script: ${default_gw_if} is now the default gateway, killing states of old gateway ip ${backup_wan_gw_ip}... ${killedStates}"
fi
default_gw_if_old=${default_gw_if}
;;
"${backup_wan_if}") #backup wan interface is default gateway
backup_wan_gw_ip=${default_gw_ip};
if [ "${default_gw_if_old}" == "${primary_wan_if}" ] && [ "${primary_wan_gw_ip}" != "" ]; then #backup is up again, kill the states of the primary wan
killedStates=`/sbin/pfctl -k gateway -k ${primary_wan_gw_ip} 2> /dev/stdout`
logger "AutoStateKill-Script: ${default_gw_if} is now the default gateway, killing states of old gateway ip ${primary_wan_gw_ip}... ${killedStates}"
fi
default_gw_if_old=${default_gw_if}
;;
esac
#Sleep for 1minute and check again
sleep 60
done
What do you think about this method. It seems to work good as soon as i switch back to my main wan all states are wipped off the backup.
I use ntopng so i can see it happen in real time.
#!/bin/sh
#Config
primary_wan_if="igc0"
backup_wan_if="igc1"
#check if an instance is already running
otherInstance=`ps auxf | grep autoStateKill.sh | grep -v 'grep' | wc -l | tr -d ' '`
if [ ${otherInstance} -gt 2 ]; then exit 0; fi
#Do a sleep of 30 seconds at the beginning, in case script autostarts with the system
sleep 30
#Setup variables
primary_wan_gw_ip=""
backup_wan_gw_ip=""
#Get default gateway
default_gw_if=`netstat -rn | grep default | awk '{print $4}'`
default_gw_if_old=${default_gw_if}
#Inform the logging system
logger "AutoStateKill-Script: Started, default gateway is ${default_gw_if}"
#Main loop
while true; do
#get current default gateway
default_gw_if=`netstat -rn | grep default | awk '{print $4}'`
default_gw_ip=`netstat -rn | grep default | awk '{print $2}'`
case ${default_gw_if} in
"${primary_wan_if}") #primary wan interface is default gateway
primary_wan_gw_ip=${default_gw_ip};
if [ "${default_gw_if_old}" == "${backup_wan_if}" ] && [ "${backup_wan_gw_ip}" != "" ]; then #primary is up again, kill the states of the backup wan
killedStates=`/sbin/pfctl -k gateway -k ${backup_wan_gw_ip} 2> /dev/stdout`
logger "AutoStateKill-Script: ${default_gw_if} is now the default gateway, killing states of old gateway ip ${backup_wan_gw_ip}... ${killedStates}"
fi
default_gw_if_old=${default_gw_if}
;;
"${backup_wan_if}") #backup wan interface is default gateway
backup_wan_gw_ip=${default_gw_ip};
if [ "${default_gw_if_old}" == "${primary_wan_if}" ] && [ "${primary_wan_gw_ip}" != "" ]; then #backup is up again, kill the states of the primary wan
killedStates=`/sbin/pfctl -k gateway -k ${primary_wan_gw_ip} 2> /dev/stdout`
logger "AutoStateKill-Script: ${default_gw_if} is now the default gateway, killing states of old gateway ip ${primary_wan_gw_ip}... ${killedStates}"
fi
default_gw_if_old=${default_gw_if}
;;
esac
#Sleep for 1minute and check again
sleep 60
done
What do you think about this method. It seems to work good as soon as i switch back to my main wan all states are wipped off the backup.
I use ntopng so i can see it happen in real time.
7
24.7 Production Series / Wan Switching
« on: October 07, 2024, 08:25:38 am »
Right now when my main wan goes down the backup kicks in. This works great. I was wondering how to ensure all connections close on backup wan and move back to main wan. Right now some connections still stay active on backup wan. This normally wouldn't be an issue but since my backup wan is a cellular hotspot with a limited amount of data it is. I need all connections on backup to close as soon as the main wan comes back up so i dont waste data.
8
24.7 Production Series / AT&T Netgear Hotspot for backup WAN
« on: October 05, 2024, 08:24:54 am »
I have got this to work for the most part. The issue i'm having is the interface goes down if the hotspot is rebooted or ip changes on hotspot. The dhcp works fine on interface but the link shows it is down. I have to go to interface and apply to get it to reset and come back online. Is there a way that i can fix this? its very weird. The interface gets correct address but the gateway monitor doesn't come back up unless i restart opnsense or click save on interface and apply to force a reset.
9
Intrusion Detection and Prevention / Intrusion Detection and Prevention Exiting
« on: September 15, 2024, 08:47:44 am »
Randomly when i log into opnsense i see the service is stopped. no logs related to this. Running Versions
OPNsense 24.7.4_1-amd64
This happens randomly and i dont see any logs related to the failure at all.
OPNsense 24.7.4_1-amd64
This happens randomly and i dont see any logs related to the failure at all.
10
24.1 Legacy Series / NtopNG keeps exiting on error
« on: May 15, 2024, 03:13:44 am »
After ntopng runs for a little while maybe a few hours it exits with this error
<6>pid 90896 (ntopng), jid 0, uid 288: exited on signal 11
Can anyone help me with this? Seems like everytime i log in this is the only plugin that has stopped and given me problems.
<6>pid 90896 (ntopng), jid 0, uid 288: exited on signal 11
Can anyone help me with this? Seems like everytime i log in this is the only plugin that has stopped and given me problems.
11
24.1 Legacy Series / Re: Ntopng error too many interfaces
« on: May 14, 2024, 03:11:58 pm »
I went to there github with same post and they informed me its a licensing issue. 8 Interfaces is the limit for free version.
12
24.1 Legacy Series / Ntopng error too many interfaces
« on: May 14, 2024, 05:41:05 am »
Seems no matter what ntopng says there is too many interfaces and discards one. The only way i can stop this is to limit the interface amount to 8. Is this normal or a bug? I would think i would be able to monitor all interfaces.
13
24.1 Legacy Series / Configuration Reload
« on: May 13, 2024, 07:36:59 pm »
Every two hours i get this in my logs.
Configuration reload request received, reloading configuration;
Then
Configuration reload finished;
Is this normal? Should OPNsense be reloading config that often?
Configuration reload request received, reloading configuration;
Then
Configuration reload finished;
Is this normal? Should OPNsense be reloading config that often?
14
24.1 Legacy Series / Traffic Reporting
« on: February 10, 2024, 07:18:47 am »
Out and in on the traffic graphs and top talkers is backwards. When downloading a game it shows as wan out but its not uploads its downloads so shouldn't it be in WAN and out LAN instead of out WAN in LAN? or does it consider out wan as download speeds. Slightly confusing. Im guessing they are looging at it as the firewall being middle so out wan into firewall in lan from firewall.
15
24.1 Legacy Series / Re: 24.1 IDS breaks internet
« on: January 31, 2024, 06:41:55 am »
Same Here will be waiting for fix and checking on forum. Gonna do testing and make sure it is fixed with update then revert to snapshot before update and redo update when fixed to ensure everything goes smooth with updating to 24.
Pages: [1] 2