Messages

On my MBP without USB-A ports, I use an USB-C to USB-A converter --> to serial cable and use command:

screen /dev/tty.usbmodemXXXXXXX 115200

(where XXXX is system dependent of course)

Same here, 24.10.1 on a DEC750 and at this moment 53 days uptime ...

+1

I did the upgrade (on a Deciso appliance) a couple of minutes ago and will report back if I have some issues. One warning though: Don't do the upgrade remote, I had to restart the fw via the console after the upgrade.

Some checks I have done:
- internet connectivity seems to be stable = OK
- OpenVPN S2S tunnel + C2S = OK
- health, connectivity and security audit check = OK
- upgrade check= "NO CRL was provided" error = EXPECTED according info on the forum (no impact)
- my plugins are still working = OK
- speedtest widget on dashboard (os-speedtest-community) is not available anymore = EXPECTED

Some anomalies / bugs detected (nothing major):
- dashboard widget "OpenVPN Client Connections" indicates no S2S clients available, but I do have a S2S tunnel active (and this was working fine pre-upgrade) - assume that I don't need to expect something here, but it is not working in the widget "OpenVPN Server Connections" neither
- dashboard widget "thermal sensors": Different cores are showed (all the same in my case), widget cannot be modified to show only the main temperature (pre-upgrade this was possible)

For changes that will persist after reboot, you need to edit:
/usr/local/opnsense/service/templates/OPNsense/Vnstat/vnstat.conf

I have the following setting to get dd/mm/yyyy:

# locale (LC_ALL) ("-" = use system locale)
Locale "-"

# date output formats for -d, -m, -t and -w
# see 'man date' for control codes
DayFormat    "%d/%m/%Y"
MonthFormat  "%m/%Y"
TopFormat    "%d/%m/%Y"

Hope this helps?

I find the vnstat plugin very useful to follow-up the traffic on my firewall. The plugin itself is working for 95%, but is very outdated. It seems that the plugin maintainer abandoned the project a couple of years ago. I don't know if the maintainer or someone else (at Deciso?) would like to bring an update of the plugin? I would do it myself, but my development knowledge is very limited.

Github:
https://github.com/opnsense/plugins/blame/2705ed92931e79732a947a293edcf147888d20a6/net/vnstat/pkg-descr

For instance, the "new" graphics of vnstat would add some visual value to the plugin in OpnSense.

Thanks a lot, that's indeed easier.
Wasn't aware of this template.

Will try to solve it by copying the saved config over the default config after boot (not tested yet), created the following file. I will not expect issues?

/usr/local/etc/rc.syshook.d/start/93-vnstat


#!/bin/sh

echo -n "Restoring vnstat config"
cp /usr/local/etc/vnstat.conf.restore /usr/local/etc/vnstat.conf

Had a similar issue, solved with some help and thought to let you know as well (even if it's an older topic):
Solution at https://forum.opnsense.org/index.php?topic=41141.0

And some info for anyone else:

1) create /usr/local/opnsense/service/conf/actions.d/actions_enableshaper.conf

[enableshaper]
command:/sbin/ipfw set enable 0
parameters:
type:script
message:Enable Shaper
description: Enable Shaper

2) create /usr/local/opnsense/service/conf/actions.d/actions_disableshaper.conf
[disableshaper]
command:/sbin/ipfw set disable 0
parameters:
type:script
message:Disable Shaper
description: Disable Shaper

3) activate with:
service configd restart

4) test with:
configctl disableshaper disableshaper
and
configctl enableshaper enableshaper

5) if tests are fine (you should get an "OK"), you can create 2 cronjobs in the OpnSense WebGUI Cron/System to enable and disable the packet shaper when you'd like. Disadvantage of this method: it's all or nothing (not rule per rule)

(again, thanks Patrick for pointing me in the good direction!)

update: after doing some tests, it seemed to work (and the pipes are in the config as well)
thanks a lot Patrick!

Thanks for the feedback Patrick:
when enabled (via GUI):

root@opnjg29:/home/backup # ipfw -S list
00100 set 0 allow pfsync from any to any
00110 set 0 allow carp from any to any
00120 set 0 allow layer2 mac-type 0x0806,0x8035
00130 set 0 allow layer2 mac-type 0x888e,0x88c7
00140 set 0 allow layer2 mac-type 0x8863,0x8864
00150 set 0 deny layer2 not mac-type 0x0800,0x86dd
00200 set 0 skipto 60000 ip6 from ::1 to any
00201 set 0 skipto 60000 ip4 from 127.0.0.0/8 to any
00202 set 0 skipto 60000 ip6 from any to ::1
00203 set 0 skipto 60000 ip4 from any to 127.0.0.0/8
06000 set 0 skipto 60000 tcp from any to any out
06199 set 0 skipto 60000 ip from any to any
60000 set 0 return
60001 set 0 pipe 10000 ip from 192.168.60.100 to any via igc1 // a3b39633-a293-4c97-a7d6-f533666706e1 wan: Limit to 20 mbps upload
60002 set 0 pipe 10001 ip from any to 192.168.60.100 via igc1 // 706561f7-1d0e-45a5-8d94-c6e11c95daaa wan: Limit to 3 mbps download
65533 set 0 allow ip from any to any
65534 set 0 deny ip from any to any
65535 set 31 allow ip from any to any

when disabled (via GUI):

root@opnjg29:/home/backup # ipfw -S list
00100 set 0 allow pfsync from any to any
00110 set 0 allow carp from any to any
00120 set 0 allow layer2 mac-type 0x0806,0x8035
00130 set 0 allow layer2 mac-type 0x888e,0x88c7
00140 set 0 allow layer2 mac-type 0x8863,0x8864
00150 set 0 deny layer2 not mac-type 0x0800,0x86dd
00200 set 0 skipto 60000 ip6 from ::1 to any
00201 set 0 skipto 60000 ip4 from 127.0.0.0/8 to any
00202 set 0 skipto 60000 ip6 from any to ::1
00203 set 0 skipto 60000 ip4 from any to 127.0.0.0/8
06000 set 0 skipto 60000 tcp from any to any out
06199 set 0 skipto 60000 ip from any to any
60000 set 0 return
65533 set 0 allow ip from any to any
65534 set 0 deny ip from any to any
65535 set 31 allow ip from any to any


but not working when changing via the set enable/disable 0 commands:
the shaper rules are not in the config ... see below
The only difference with your config is that you are using queues and I'm using pipes.

root@opnjg29:/home/backup # ipfw set enable 0
root@opnjg29:/home/backup # ipfw -S list
00100 set 0 allow pfsync from any to any
00110 set 0 allow carp from any to any
00120 set 0 allow layer2 mac-type 0x0806,0x8035
00130 set 0 allow layer2 mac-type 0x888e,0x88c7
00140 set 0 allow layer2 mac-type 0x8863,0x8864
00150 set 0 deny layer2 not mac-type 0x0800,0x86dd
00200 set 0 skipto 60000 ip6 from ::1 to any
00201 set 0 skipto 60000 ip4 from 127.0.0.0/8 to any
00202 set 0 skipto 60000 ip6 from any to ::1
00203 set 0 skipto 60000 ip4 from any to 127.0.0.0/8
06000 set 0 skipto 60000 tcp from any to any out
06199 set 0 skipto 60000 ip from any to any
60000 set 0 return
65533 set 0 allow ip from any to any
65534 set 0 deny ip from any to any
65535 set 31 allow ip from any to any
root@opnjg29:/home/backup # ipfw set disable 0
root@opnjg29:/home/backup # ipfw -S list
# DISABLED 00100 set 0 allow pfsync from any to any
# DISABLED 00110 set 0 allow carp from any to any
# DISABLED 00120 set 0 allow layer2 mac-type 0x0806,0x8035
# DISABLED 00130 set 0 allow layer2 mac-type 0x888e,0x88c7
# DISABLED 00140 set 0 allow layer2 mac-type 0x8863,0x8864
# DISABLED 00150 set 0 deny layer2 not mac-type 0x0800,0x86dd
# DISABLED 00200 set 0 skipto 60000 ip6 from ::1 to any
# DISABLED 00201 set 0 skipto 60000 ip4 from 127.0.0.0/8 to any
# DISABLED 00202 set 0 skipto 60000 ip6 from any to ::1
# DISABLED 00203 set 0 skipto 60000 ip4 from any to 127.0.0.0/8
# DISABLED 06000 set 0 skipto 60000 tcp from any to any out
# DISABLED 06199 set 0 skipto 60000 ip from any to any
# DISABLED 60000 set 0 return
# DISABLED 65533 set 0 allow ip from any to any
# DISABLED 65534 set 0 deny ip from any to any
65535 set 31 allow ip from any to any

Hello,

the vnstat configfile located in /usr/local/etc/vnstat.conf is overwritten after every reboot (or restart of the service). Since the plugin in OpnSense is not using our default date notation (YY-MM-DD and not DD-MM-YY) etc ... I have modified the config file, but how can I keep the modified config after reboot? Changing the .sample file as well didn't help.

If not possible, maybe make the parameters available in the OpnSense GUI?

Nobody an idea or a point in the good direction?

I had an issue where the shaper was not working either.

At the end, the reason (for me at least) was the "Sequence number" in the shaper rules. For one reason or another, it took previous (deleted in meantime) rule numbers into account.

Chances are smll that you'll face the same issue, but maybe try to put a sequence number in your rules that is high enough / never been used previously.