Messages

Update on the situation, now the dhcp server does not work in either of the firewalls I use, both firewalls give the same errors in their logs, would this be a wider problem in the production version
So the firewalls are in a state of high availability and the backup firewall has copied its settings from the primary firewall, so I would think that the dhcp server stopped working in the backup firewall because of this

hi
I'm trying to return to nextcloud from opnsense to make a configuration backup, but it seems that it is encrypted by default with the nextcloud password, which in this case is the application password, when I try to restore the Backup and determine that the file is encrypted, I put the password in the field reserved for it, I get the following error, do I have to decrypt the file first or how do I backup the refund in this case goes
    Warning, could not read file /tmp/phprV1GC9
    The uploaded file could not be decrypted.

hi
I get the following error and dhcpcd won't start, on my other firewall it works fine, I don't see dhcpcd processes but one running, how can I solve the problem,
log
2024-09-23T19:21:29   Error   dhcpd       
2024-09-23T19:21:29   Error   dhcpd   There's already a DHCP server running.   
2024-09-23T19:21:06   Error   dhcpd   No pool found for IA_NA address 2001:14ba:6698:ca00::2000   
2024-09-23T19:18:31   Error   dhcpd   exiting.   
2024-09-23T19:18:31   Error   dhcpd       
2024-09-23T19:18:31   Error   dhcpd   process and the information we find helpful for debugging.   
2024-09-23T19:18:31   Error   dhcpd   before submitting a bug. These pages explain the proper   
2024-09-23T19:18:31   Error   dhcpd   bugs on either our web page at www.isc.org or in the README file   
2024-09-23T19:18:31   Error   dhcpd   than a configuration issue please read the section on submitting   
2024-09-23T19:18:31   Error   dhcpd   If you think you have received this message due to a bug rather   
2024-09-23T19:18:31   Error   dhcpd       
2024-09-23T19:18:31   Error   dhcpd   There's already a DHCP server running.
# ps ax | grep dhcpd
58720  -  Ss    0:00.03 /usr/local/sbin/dhcpd -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid lagg0
67251  -  Is    0:00.00 /usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid lagg0

In 80% of all scenarios where both firewalls are master on just one interface it's a missing VLAN in the switch. The 20% rest is igmp snooping on the switch which doesn't forward the multicast packets to the destination.

It's one of both ...

Thanks for this, the solution to the problem was very simple, I added vlan 20 to the switch port where the backup firewall
lan connection is and now everything works perfectly

2024-02-23T17:16:05   Notice   opnsense   /usr/local/etc/rc.syshook.d/carp/20-openvpn: Carp cluster member "virtuaalikoneet vip (192.168.3.1) (2@vlan02)" has resumed the state "BACKUP" for vhid 2   
2024-02-23T17:16:05   Notice   kernel   <6>carp: 2@vlan02: MASTER -> BACKUP (more frequent advertisement received)

We may have a similar problem. I was hoping an admin would jump in and help out.

We have it set up as documented, but trying to use a single WAN static IP. I think this is what you are doing and we have found that the script that is out there takes the WAN interface down, but then it disappears. When bringing the primary FW back up, since WAN no longer exists, it just grabs the next interface in line. So obviously things have changed. I found that even after the fail over and returning it back, nothing worked. Even reboot. What I discovered was I had to go to WAn interface save and apply, and the gateway. Nothing had changed, but doing this caused it to start working again. So something gets changed in the background that does not show in the GUI.
Is it possible to get the CARP stuff updated so we can use it? My son says if I go to a FW version that supports this, I'm on my own, so need Opnsense to work. :)

I have a backup firewall
wan connection and lan work correctly, only the third interface which is vlan does not work as expected, but is master in the backup firewall even though it should be backup, so I don't have the other status at any point. Do you know who maintains this script, could you report it directly to them

hi all
I just configured ha between two opsenses, it works really well except for one interface, this interface is a vlan, in both firewalls the interface numbering is the same opt3 and carp traffic is allowed in the firewall rules according to the opsense documentation, when I turn off the traffic of the other interfaces of the main firewall goes to the backup wall, but the traffic of this interface no, when I start the main firewall, the traffic returns to normal, but the status of the interface is the backup firewall is still master, it doesn't change anywhere
Because I don't use it
no static public ip addresses, I have had to solve the situation with a script that can be installed in opnsense, which turns off the wan port of the backup firewall, could this cause problems, on both firewalls the traffic on the lan interface works correctly
in phase., opsense logs say this

2024-02-19T16:07:26   Error   opnsense   /usr/local/etc/rc.syshook.d/carp/10-wancarp: enable interface 'wan' due CARP event 'MASTER'   
2024-02-19T16:07:26   Notice   kernel   <6>carp: 2@vlan02: BACKUP -> MASTER (master timed out)   

Here is the script I used, I thank everyone in advance for their help and the developers of opsense for being great
of the firewall system
https://gist.github.com/spali/2da4f23e488219504b2ada12ac59a7dc