Messages

Hello!

I have a "small" issue... I'm not exactly sure what's happening. I don't remember whether this issue was occurring before as well, but I know 100% that it has been happening very frequently for several weeks now.

I have a WireGuard VPN on my OPNsense router, and I have my phone connected to the VPN. I leave a continuous ping running to the router, and I often get timeouts to the router. I don't understand why... When ping gives me only timeout without recover by itself, I need to restart the VPN connection from the phone, in order to work again... This applies for any other devices, not only phone...

The configuration is standard; I don't have anything fancy set up. On top of that, I even tried a "fix" from GitHub where they suggested switching outbound NAT to hybrid mode and manually setting the VPN rules, but it didn't help at all...

What other details are needed, or maybe someone already know a good fix for this?

Take a look at the ping session Click Image



Thanks!

Try:

curl -k --cacert /ssl/opnsense.pem \
  -u "key:secret" \
  -X POST \
  "https://192.168.0.1/api/interfaces/overview/reload_interface/wan"

You are the man! Thank you so much !!!

My mistake, I wrote it incorrectly. It was indeed with a capital "I", as "reloadInterface", but I still got this problem using this:

curl --cacert /ssl/opnsense.pem -k -u \
    "key:key" \
    "https://192.168.0.1/api/interfaces/overview/reload_interface/wan"

Gives me {"message":"failed"}

Any idea or how can I debug it to find out the issue?

Thanks!

Hi!

In the past, I was using this to reload my WAN interface:

Code Select Expand

curl --cacert /ssl/opnsense.pem -k -u \
    "key:key" \
    "https://192.168.0.1/api/interfaces/overview/reloadinterface/wan"
Now, in the most recend Opnsense version, I see that `reloadinterface` has been changed to `reload_interface`, but it doesn't work. I have tried this:

Code Select Expand

curl --cacert /ssl/opnsense.pem -k -u \
    "key:key" \
    "https://192.168.0.1/api/interfaces/overview/reload_interface/wan"
I only get message: "failed".

Does anyone know a solution for this?

This API used to help me change my external IP very VERY quickly using PPPoE as wan. Other API calls also change the external IP, but they are much slower.

That said, I would prefer to keep using the same API call if possible, but working correctly. Does anyone know how to achieve this?

Thanks

Ahhh... :-(

Hi!

Anyone knows how to do this in the latest OPNsense version?
I have tried so many things but none worked...

First of all, I need to get the uuid of that port forwarding rule, which I don't know how to get it. I found something in two places, but both were different...
Then, trying with togglerule or toggle_rule, with both of the uuid's found, stil not working.

Any idea?

Thanks!

Hi!

I have this OPNsense router, configured with two WANs, one with PPPOE (WAN1) and another with LAN DHCP (WAN2) (WAN2 takes internet from another router, which have DMZ rule created directed to OPNsense). Till now, I didn't had the second WAN, OpenVPN was working ok with only one WAN, it is still working ok now, but not when I try to connect through WAN2... WAN1 and WAN2 have different gateways, of course, and I created a FailOver rule (Tier1 WAN1, Tier WAN2)... When there is no internet on WAN1, I get internet from WAN2, but I cannot connect to OpenVPN Server...

I idea how to achieve this?

Please, keep the idea of a noob user here...

Thanks!

Hi!

Anyone knows how to achieve this?
I want to call the API for reloading the wan interface, using "reloadinterface". Or just a command to use in shell, but still, using the same "reloadinterface" function.

Thank you!

Nobody? :-(

I have exactly the same issue... Using a Quectel EP06-E

Code Select Expand

2024-07-30T18:37:39 Informational ppp [opt1_link0] Link: reconnection attempt 4
2024-07-30T18:37:38 Informational ppp [opt1_link0] Link: reconnection attempt 4 in 1 seconds
2024-07-30T18:37:38 Informational ppp [opt1_link0] LCP: Down event
2024-07-30T18:37:38 Informational ppp [opt1_link0] Link: DOWN event
2024-07-30T18:37:38 Informational ppp [opt1_link0] MODEM: chat script failed
2024-07-30T18:37:38 Informational ppp [opt1_link0] CHAT: The modem is not responding to "AT" at MomCmd: labeell.

Through SSH, I get this

Code Select Expand

root@OPNsense:~ # cu -l /dev/cuaU0.2
Connected
AT
OK
AT+CPIN
ERROR


But if I connect the modem to my pc, the internet is ok...

EDIT: I have connected the modem to another OPNSense, with the old version, the modem works... So, it is 100% something from the new update...

Correct. Though the described loopback approach is much safer if you require explicit single point access.


Cheers,
Franco

Hi! I'm very new to opnsense and I read everything about the new "issue". I made it work again, but I would really love to only have access to the web gui from the local IPs - 192.168.0.0/24 (LAN interface). I read something about loopback address, but I don't understand nothing. Can you please explain step by step, what and where to click, in order to achieve this? Maybe there are more like me and it will help us more. Thank you in advance!

Nobody? Split DNS and some DDNS service? :-(

Hi!

I am trying to automate OPNsense, in order to get important notifications into my Home Assistant.

For this, I thought that 'devd' will be great, because it can run scripts when something is happening (like the link down event).

So, till now, I done these:

- I added a new file to devd (homeassistant.conf), which have the following lines:

Code Select Expand

notify 101 {
        match "system"          "IFNET";
        match "type"            "LINK_DOWN";
        media-type              "ethernet";
action "/usr/local/bin/homeassistant/wan1_down.sh";
};

- After that, I created the script 'wan1_down.sh' to '/usr/local/bin/homeassistant/' with +x chmod

The script is working very fine if I run it manually, but when you wait for 'devd' to do its job, it is not working.
I tested more and I have stopped the devd service, then I run the 'devd -d', in order to see what is happening into the console, and I had a very big surprise, 'devd' was working flowless, the script have been loaded, the notification to home assistant was there, all good.

Now, the problem is that 'devd' won't run the script if is loaded as service, only if I run it manually 'devd -d', will work. Why? And how can I made it work as service as well?

Another problem which I had even when devd was loaded manually, if I use 'notify'  less than 101, the script won't run. But I understood that it is not running because another 'devd' config file, have an action with priority 101 and won't let anything else to take action. Still, how can I run the script with any priority? Or how can I add two actions into the same action?

Edit: Ok, I have found a temporary solution to run multiple actions, but I don't know that this is the proper way. I just added a secondary 'action" line, to the same notify. Is this ok? I thought that devd can run multiple actions for a similar notify...

Edit2: Seems that 'devd' it is working as service too, but it won't take action if I use 'ifconfig pppoe0 down', instead of this, it is working if I take out the cable or I use this 'ifconfig igc1 down/up'

>>Edit2: In this moment, everything works well, I just need some explication about the 'notify' from devd.conf. Why devd is not loading two similar notify, but with different actions? It is only loading one, and it is always the one with higher priority. Ok, I can understand that higher priority is the real deal, but I thought that the 'nofity' codes are loaded secvential, regarding the priority, not only the one with higher priority...

If I can figure out more, I will write it here, maybe someone else like and need this.

Thank you!

Hi, all!

I am trying to access my ftp server from inside the local network, but through the external ip. I already made the port forwarding, but it is not working. I manage to achieve this through NAT Reflection, but I want to do it through SPLIT DNS.
Anyone know how to achieve this, step by step?
The duckdns url is bywhonowho.duckdns.org. I added an override to unbound DNS, writing "bywhonowho" to the host and "duckdns.org" to the domain, then the IP of the computer which have the FTP open, but it is not working.

Any idea?

Thank you in advance!

I don't know why, but now, I can access the other IP from the other subnet... And I have changed the subnet mask back to 192.168.0.0/24

All I done more, just activated 4 settings, but I don't think that these have something to do with...

The Reflection NAT on my port forwarding for my local server (port 80) and another three in advanced settings of the firewall: "Reflection for port forwards, Reflection for 1:1, Automatic outbound NAT for Reflection".

So... I don't need to change the subnet mask to 192.168.0.0/23 or create virtual IPs. Still, I don't understand how now it is working and till now, didnt...

Edit: After doing some tests of changing the subnet back and forward, I see that on 192.168.0.0/24 I can only ping that ip, in order to access the services, I need to be on 192.168.0.0/23 :-(