Messages

Hallo zusammen,

ich teste mich gerade neu in Suricata ein und mein Setup läuft mittlerweile stabil.
Ich nutze den Divert-IPS-Modus, da netmap bei mir regelmäßig die VLANs abstürzen lässt.
Vermutlich liegt das an der Intel I226-V NIC (verbaut im Zimaboard v2, das als mein OPNsense-Router dient).

Aktuell geht es um die emerging-dns.rules, speziell die Regel 2027757, die auf *.to-Domains prüft. Die Regel soll aktiv bleiben, aber ich brauche eine Ausnahme für meinedomain.direct.quickconnect.to.

Wo und wie setze ich das am saubersten um?

Über die OPNsense-GUI als Custom Regel?
Oder manuell per SSH irgendwo in `/usr/local/etc/suricata...`?
Ich möchte die Regel nicht komplett deaktivieren, nur den Treffer für die genannte Domain unterdrücken.

Für Hilfe hierbei bin ich sehr dankbar.

Viele Grüsse,
Simon

Dear Patrick

Have many thanks for your kind help.
Oh no. As I have searched, I've stumbled alreade over a post which mentions to uncheck "Auto collect option data".
But I didn't realized that this applies also to my issue. I thought it's just for Gateway selection or so.

I have followed the suggestion now and it works perfect.

Again, thank you much.

Hi,

I'm running OPNsense 25.7.2 with KEA DHCPv4 and have set up a VLAN (VLAN30, 192.168.30.0/24). I want all clients in this VLAN to use my Pi-hole (192.168.1.3) as their DNS server.
The Pi-Hole has configured the Unbound from OPNsense as upstream DNS.

The problem:
KEA seens not to allow setting a global DNS server in the subnet configuration via the GUI.
Only clients with a DHCP reservation can be assigned a custom DNS server.
Without a reservation, clients receive 192.168.30.1 (the VLAN interface) as DNS.

This breaks my setup because:
I have a firewall rule that only allows Pi-hole (192.168.1.3) to query Unbound on 192.168.1.1.
So, if clients use 192.168.30.1 as DNS, the query is blocked → no DNS resolution
If I allow 192.168.30.1, clients bypass Pi-hole → no ad-blocking.

My goal:
Have all DHCP clients in VLAN30 automatically receive 192.168.1.3 as DNS without requiring individual reservations.

Question:
Is there a way to set a global DNS server in KEA?
Maybe I need to edit the configuration file manually?
Am I missing something, or is this a known limitation?

Thanks for any help.
Please let me know, if further information is required.

Best regards
Simon

Alright. I've figured all out.

The Nut Service is now enabled. Since then it works fine again like described one or two posts ago.

I have also figured out the command which I searched before. It was just checking the file "/var/log/system/latest.log". Have looked previously not in the system subfolder.

Therefore only the WARNING message is left.
I guess, I just ignore it, because everything is working fine?

Sure I understand and please apologize. I've made a mistake. I forgot to restart the nut service.
Now on the second test the OPNsense server didn't gracefully shut down anymore. So you were completely right regarding the 'puzzeling'.

Short question. I'm not yet so familiar with FreeBSD.
I forgot the command which displayed this messages and don't find the command anymore currently.
It produced this messages:

Code Select Expand

<13>1 2025-08-27T23:03:03+02:00 OPNsense.home configctl 32480 - [meta sequenceId="3"] event @ 1756328582.85 msg: Aug 27 23:03:02 OPNsense.home config[82791]: config-event: new_config /conf/backup/config-1756328582.8202.xml
<13>1 2025-08-27T23:03:03+02:00 OPNsense.home configctl 32480 - [meta sequenceId="4"] event @ 1756328582.85 exec: system event config_changed response: OK
<13>1 2025-08-27T23:03:03+02:00 OPNsense.home root 37789 - [meta sequenceId="5"] /usr/local/etc/rc.d/nut: WARNING: failed precmd routine for nut
Another question. Since FreeBSD doesn't use systemd. What would be the equivalent for this linux command?

Code Select Expand

journalctl -f -u nut-driver -u nut-monitor -u nut-serverTo observe the messages from nut-monitor.

p.s.
I have re-enabled the NUT service again and further testing.

Dear Patrick

Thanks for your reply. I had now time to test the setup.

It worked correctly with this setup:
Under 'General settings' the option 'Enable nut' is turned off.
And under 'UPS Type' -> 'Net Client', just the credentials are entered.

Regarding the WARNING message:
Since I don't need to enable this option, I no longer see the warning.

The UPS is connected via USB to my physical Proxmox server, which acts as the master,
and OPNsense is only monitoring it using the setup described above.

I then cut the power, and everything worked perfectly. I had configured the master to shut down after one hour on battery or when the battery was low.
After one hour, it shut down correctly, and OPNsense also received the shutdown signal and powered down gracefully.

I had not previously understood that the master sends a shutdown signal via the 'upssched-cmd' script and that OPNsense would shut down as well.
I had thought I needed to configure OPNsense separately to shut down just before the master.
Therefore my prior questions.

But as the master sends the signal for powering down, I don't need to alter the configuration on the OPNsense slave device.
This makes the setup much simpler.

Best regards,
Simon

Hi

I try to setup os-nut to enable a graceful shutdown in case of power loss.
Therefore I've installed the os-nut plugin.

The USV isn't connected to my OPNsense device.
Therefore I need only the upsmon service.

I have entered all my credentials in

Code Select Expand

Services -> Nut -> Configuration -> UPS Type -> Net ClientAnd enabled the

Code Select Expand

Enable the Netclient driver
But I'm not sure if I need also to enable this?

Code Select Expand

Services -> Nut -> Configuration -> General Settings
If I leave it disabled, then I get the message: "Nut is not started. Click to configure Nut." at the dasboard main site.
When I enable it, I set the service mode to

Code Select Expand

netclientgive a name and listen to address = 0.0.0.0.

If I apply the settings, then I get this error message:

Code Select Expand

<13>1 2025-08-27T23:03:03+02:00 OPNsense.home configctl 32480 - [meta sequenceId="3"] event @ 1756328582.85 msg: Aug 27 23:03:02 OPNsense.home config[82791]: config-event: new_config /conf/backup/config-1756328582.8202.xml
<13>1 2025-08-27T23:03:03+02:00 OPNsense.home configctl 32480 - [meta sequenceId="4"] event @ 1756328582.85 exec: system event config_changed response: OK
<13>1 2025-08-27T23:03:03+02:00 OPNsense.home root 37789 - [meta sequenceId="5"] /usr/local/etc/rc.d/nut: WARNING: failed precmd routine for nut
Now I'm not sure If I should enable under

Code Select Expand

General Settings or not, and if I should enable it. What can I change to get rid of this error?
I have already found: https://forum.opnsense.org/index.php?topic=32100.15 and tested applying the mentioned patch at post #21. But I'm already post this patch.
What I get isthis, if I try so:

Code Select Expand

opnsense-patch -c plugins 16cbe99ebf
Found local copy of 16cbe99ebf, skipping fetch.
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|From 16cbe99ebf0e776afa5deee349f9e0ff73fbe8aa Mon Sep 17 00:00:00 2001
|From: Franco Fichtner <franco@opnsense.org>
|Date: Fri, 27 Jan 2023 08:43:17 +0100
|Subject: [PATCH] sysutils/nut: try to address breakage
|
|See: https://github.com/opnsense/ports/commit/d02ff345816e9
|---
| sysutils/nut/Makefile                                  | 2 +-
| sysutils/nut/src/opnsense/scripts/OPNsense/Nut/setup.sh | 6 ++++--
| 2 files changed, 5 insertions(+), 3 deletions(-)
|
|diff --git a/sysutils/nut/src/opnsense/scripts/OPNsense/Nut/setup.sh b/sysutils/nut/src/opnsense/scripts/OPNsense/Nut/setup.sh
|index 582348f059..2776cc9793 100755
|--- a/sysutils/nut/src/opnsense/scripts/OPNsense/Nut/setup.sh
|+++ b/sysutils/nut/src/opnsense/scripts/OPNsense/Nut/setup.sh
--------------------------
Patching file opnsense/scripts/OPNsense/Nut/setup.sh using Plan A...
Hunk #1 succeeded at 1.
done
All patches have been applied successfully.  Have a nice day.

Another question is:
How can I change the behaviour of nut?
I'm asking, because all files in

Code Select Expand

/usr/local/etc/nut have the warning: "Please don't modify this file as your changes might be overwritten with the next update.".

Hi

Now, I have re-checked and the issue is gone. All widgets are loading well now. I didn't even need to restart OPN Sense.

Hi. I have just upgraded to Version 24.7_9 and found out, that the new dashboard cannot load the widgets correctly most of the time. I have tested the dashboard also with Microsoft Edge and Google Chrome. This two browsers have no problem. I have also deactivated the Brave browser shields for my OPN Sense web frontend, but it still doesn't load the widgets correcltly.

Maybe someone have the same issue?
I have also reported this issue to the Brave Browser devs. Maybe they can do improvements.

Best regards

Simon

Hi

I run OPN Sense on a proxmox Server. There is also a second VM for high availability.
HA works. On the slave system I have sometimes this error message: "miniupnpd 35888 - - could not find redirect rule to delete port=7480". But I'm not sure what I should check. The error message usually only appears on the second machine. Interesting is, I see this error message only at the shell. I have searched in the logfiles, but couldn't find further information.

If anyone could help me with this one. Would much apprechiated.

Best regards
Simon

Thank you very much.
Hmm, I tried out KEA only for a very short time. It didn't worked correctly for me.
My devices received correctly IP addresses from dhcp. But no internet connection was possible.
But I don't want to go offtopic. If the problem after the last updates persist, I dig deeper or raise a separate thread for this.

Ich habe mal die gleiche Regel erstellt, welche für's LAN Interface automatisch erstellt wurde auch für VLAN erstellt. Die Meldungen sind nun weg.

Hallo

Ich hätte hier eine Frage zur Dokumentation, bzw. zu den Firewall Regeln.
OPN Sense lasse ich unter Proxmox als VM laufen. Weiterhin habe ich auch diverse VLANs.
In meinem Fall heisst das Parent Interface für die VLANs = VMBR99.

Nun steht hier in der Dokumentation, dass das Parent Interface auch in den Hardware Einstellungen hinzugefügt werden soll. Also ich nehme an, dass gemeint ist. Interfaces -> Assignments.

Das habe ich so gemacht. Wenn ich aber in der Firewall nachsehe, dann sehe ich von diesem VMBR99 Interface jede Menge blockierter Meldungen. Die Firewall Definitionen für die VLANs habe ich ja auf dem VLAN Interface hinterlegt und das Parent Interface hat nur die automatisch hinzugefügten Firewall Regeln.

Die VLANs selbst funktionieren tadellos und erzeugen die korrekten Meldungen im Log. Nur die vielen blockierten Meldungen irritieren mich. Ist das normal, oder müsste ich hier etwas anders konfigurieren?

Screenshot der Firewall Live View habe ich angehängt

Hey cool. Thank you so much.
Sorry for my late answer. Was a few days off due to migraine.

Hi. Did you figured it out already?
I'm at the same point like you. Searching too for the config file, to avoid entering all reservations in the web gui.
I can give also an update, if I figured it out.