Messages

Eh sorry this looks like it's not a problem with OPNSense at all.
Anyway I restored from backups and i'm back up and running but I think this was some weird networking issue with OMR not OPNSense.

Please disregard.

Here's another oddity, from my laptop, on the LAN network

(10.0.0.1 = OPNSense)
(2.XXXX   = DSL)
(192.168.100.1 = OpenMPTCPRouter)


mf@ASH:~$ mtr www.google.com -r
Start: 2024-07-22T17:41:13+0100
HOST: ASH                         Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- ASH.mshome.net             0.0%    10    0.2   0.3   0.2   0.8   0.2
  2.|-- 10.0.0.1                   0.0%    10    0.6   0.5   0.4   0.7   0.1
  3.|-- 2.x.x.x                0.0%    10    2.7   2.7   2.6   3.0   0.1
  4.|-- ip-89-200-132-9.ov.easyne  0.0%    10    5.3   5.5   5.1   6.0   0.3
  5.|-- 2.120.13.239               0.0%    10    5.2   5.3   4.6   8.0   1.0
  6.|-- 209.85.249.187             0.0%    10    7.7   7.1   5.8   8.7   0.9
  7.|-- 192.178.46.81              0.0%    10    6.0   6.4   6.0   7.0   0.3
  8.|-- prg03s02-in-f100.1e100.ne  0.0%    10    6.8   7.0   6.1  10.4   1.2

mf@ASH:~$ tracepath www.google.com
1?: [LOCALHOST]                      pmtu 1500
1:  ASH.mshome.net                                        0.208ms
1:  ASH.mshome.net                                        0.116ms
2:  10.0.0.1                                              0.359ms
3:  192.168.100.1                                         0.786ms
4:  10.255.252.1                                         42.411ms


but going to whatismyip.com / whatismyipaddress.com / ipv4.canhazip.com  all give the DSL public IP.

Hi folks,

I'm scratching my head a lot so i'm reaching out for a little bit of help please. I've been running OPNSense for many years and while i'm nowhere near an expert at it, i'm pretty comfortable. I have a reasonably complex setup with multiple VLANs , multiple gateways etc.

Anyhow, I have a gateway group defined that i call "Secure failover". This means that this group sends all my traffic to my OpenMPTCPRouter setup, but if that gateway is down, then it sends all traffic via my wireguard to my VPS.

In the last 2 days, suddenly it ignores my firewall configuration for ALL my local networks and sends all data to my DSL connection instead of this gateway group. The gateway group is monitored, it's green, it's alive, but OPNSense is ignoring the rule that sends traffic to this group and is just sending it straight out via the DSL connection. If I turn off the DSL connection, it sends it out via my backup 5G connection.

Neither of these should be used by my LAN computers. They should as mentioned use either my OMR router as the gateway, or failing that, the Wireguard connection. But it's just ignoring it.

In my LAN network, the rule I have says

   IPv4 *   *   *   *   *   SECURE_FAILOVER   *

So that should route all traffic via that gateway, but it's just not doing it. This rule has been in place for months and has worked fine. Until recently. And, the only thing that has changed is that I had to turn off and back on my DSL connection. Which really shouldn't have made a difference.

As far as I can tell, there are no other rules that are overriding this, and nothing to tell my LAN to use the DSL connection as the gateway. OPNSense thinks the secure_failover gateway group is up and running, but it's just not using it.

I really don't know why. Does anyone have any suggestions please?

Hi

Quick question: Does anyone have a guide for OPNSense and NordVPN over multiple WAN links?
I have three WANs (Two cable links, one cable internet link) and a subscription to Nord.
I would also prefer to use Wireguard over OpenVPN if at all possible

Has anyone done this? and has a quick guide on how to do it ?

Thanks.

Hi @newsense

Thanks very much for your assistance.
I'm not sure what was different this time, but it appears to have worked  :)
The system is now reporting

OPNsense 23.7-amd64
FreeBSD 13.2-RELEASE-p1
OpenSSL 1.1.1u 30 May 2023

Thank you!!

Hello

The upgrade appears to be failing / not working for me.
I am running

OPNsense 23.1.11_1-amd64
FreeBSD 13.2-RELEASE-p1
OpenSSL 1.1.1u 30 May 2023

System is a Dell Wyze 5070 with a Mellanox Connect-X 3 card and i'm using a router on a stick approach. Multiple WAN links. The system appears to download and extract files, the says please reboot, so I reboot, but the system still reports itself as being on 23.1.11_1 and tells me an upgrade to 23.7 is available. I have also performed the upgrade via the CLI and I don't see any errors.

However when doing an audit I see tons of errors relating to PHP. The error log is too large for me to paste into pastebin or attach it. (It's 1.02MB) the only errors i see though are like this

Code Select Expand

opnsense has a missing dependency: php81-session
opnsense has a missing dependency: php81-phalcon
opnsense has a missing dependency: php81-xml
opnsense has a missing dependency: php81-simplexml
opnsense has a missing dependency: php81-dom
opnsense has a missing dependency: php81-ctype
opnsense has a missing dependency: php81-filter
opnsense has a missing dependency: php81-pear-Crypt_CHAP
opnsense has a missing dependency: php81-phpseclib
opnsense has a missing dependency: php81-google-api-php-client
opnsense has a missing dependency: php81-sockets
opnsense has a missing dependency: php81-ldap
opnsense has a missing dependency: php81-pecl-radius
opnsense has a missing dependency: php81-curl
opnsense has a missing dependency: php81-gettext
opnsense has a missing dependency: php81-sqlite3
opnsense has a missing dependency: php81-pdo
opnsense has a missing dependency: php81-zlib

there are dozens and dozens of errors about something "google" related too ?

e.g.

Code Select Expand

php82-google-api-php-client-2.4.0: missing file /usr/local/share/google-api-php-client/vendor/google/apiclient-services/src/Google/Service/DLP/Resource/InfoTypes.php
php82-google-api-php-client-2.4.0: missing file /usr/local/share/google-api-php-client/vendor/google/apiclient-services/src/Google/Service/DLP/Resource/Locations.php
php82-google-api-php-client-2.4.0: missing file /usr/local/share/google-api-php-client/vendor/google/apiclient-services/src/Google/Service/DLP/Resource/Organizations.php

Everything is working fine on 23.1.11 though.

Please be gently, I am a OPNsense noob , but I do have reasonable/good IT knowledge and networking knowledge. I would appreciate any suggestions on how to upgrade, I'd rather not have to wipe and re-install.
I've tried this four times now and each time it returns to 23.1.11_1 after downloading. However the audit DOES say that the kernel version is 23.7 ?

Code Select Expand

Currently running OPNsense 23.1.11_1 at Fri Aug  4 17:43:33 UTC 2023
>>> Check installed kernel version
Version 23.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 23.7 is correct

if anyone would like me to send / email the complete log file from the audit please let me know where to send it.

Thanks.