Messages

After several months of using opnsense and a couple of firmware updates to it, I still get this issue:

https://forum.opnsense.org/index.php?topic=41676.msg204737#msg204737

I just experienced it today. Is this not yet fixed?

Here are some logs that triggered today:

https://gist.github.com/kevindd992002/bd55652b9847ca0af03e0d3c24f45957

The WAN gateway never went online until either I restarted the VM or manually renewed the WAN connection in the opnsense GUI.

I had this problem when I lost internet connectivity before, and it was dpinger not coming back up, so the service had to be started and it worked.  It was later a non-issue for me, as I believe it was corrected after an update, but was back in maybe version 23 into 24?

What are you using as DNS?

Are you country blocking?

Odd... so all of a sudden they reappeared out of thin air in the Overview.

The only thing I did was unplug my ONT transceiver to add a fan housing to it and plugged it back in.

¯\_(ツ)_/¯

At least you still have your Interfaces, mine all disappeared, lol.

Sounds like https://forum.opnsense.org/index.php?topic=45194.0

Accessing the area in that post gives me no errors, no pop-ups and my two Gateways are present, as is on the Dashboard widget, so I am not experiencing this issue.
I am also online (as i am typing these), but it's just the Interfaces, not the Gateways that have gone missing completely.

As I already stated, I removed and re-added it, and nothing showed up.

The interfaces on the overview may need the table expanded as well or including downed interfaces

There was nothing changed, and all of my interfaces were there showing by default.  I've already put it to show All, there is nothing there anymore.

Updated this morning, and the Interfaces are gone, which also is not theme specific.  Also tried removing/re-adding it back to the dashboard, and the interfaces are no longer listed  Gateways are still there and visible.

Edit:  Just also noticed that the 'Overview' tab (Interfaces > Overview) is also missing all the interfaces listed, which is probably why the dashboard isn't showing as well?

Did you inquire about this on the 8311 Discord server?  They are pretty helpful over there too.

I run my own mail server at my house, and utilize Proxmox Mail Gateway in an LXC container, and Axigen mail server in another LXC.

I use aliases for this to help keep this clean and organized.  I have one inbound rule (Firewall / Rules / WAN) for port 25 that says from Any - to the mail gateway, and a linked NAT rule for it. You shouldn't need anything setup for outbound unless you modified your any rule outbound, which nothing is blocked by default outbound.

My outbound mail port 25 is blocked by my ISP.  So, I use an SMTP relay host (SMTP2GO) that allows 1000/mo for free.  I have a template in the mail gateway that allows me to utilize outbound mail through the mail gateway using an authenticated smarthost. This also helps with your mail reputation for your domain. My mail server is setup to send all mail through the mail gateway. Inbound, everything is sent to the mail gateway first, then it passes it along to the mail server once it has been scored.

None of this kind of hosting is as hard as everyone makes it out to be - if you have the free time to set it up and monitor it, I encourage anyone to at least try it. I think a lot of people just don't have the time to stay on top of people trying to relay, but using things like a mail gateway that utilizes spamhaus and other checks can help out a lot, along with using things like Crowdsec and such on OPN.

Other alias rules I have in place that you are going to want at the top of your list (they are applied in an order from top to bottom) are blocking ASNs and blocking IPs, because you will have bad actors trying to relay off you.  OPN allows you to block by ASN number, which can be fantastic to use, but it may also block some services you want to access and cannot. This takes just a few seconds of adding an ASN number or an IP to the alias list and applying.  I only bother with the morons that are trying to ping my mail every minute - the small few checks every now and then I don't worry about and are already listed in an RBL 99.9% of the time.

Did you check the server list under System / Settings /General?

Modify or remove these servers and see what happens. It sounds like you might have some old entries there that it's trying to reach and creating the error.

As far as the traffic graph goes, that might be more of a browser issue I suspect.  I have a friend who can log in as root and has the same issue with not seeing any graphs, but the values are changing.

Did you try to change the theme to see if it's related or a different browser? (Saw you did that, lol)

In order to get to the WebUI for the PON, you have to create a Virtual IP address.  From their discord:

-----------------------------
Firewall -> Virtual IPs -> Add.
Select the "IP Alias" type
Select interface
Select single address
Address(es): 192.168.11.100 / 24 (Or whatever IP range you used)
Description: Management
Save

Firewall -> NAT -> Outbound
Select "Hybrid Outbound NAT"
Select "Add (down/up, depending on what you want)"
Ensure "disable this rule" is NOT selected"
Select the same interface as above
Select IPv4
Protocol: Any, Source: Any
Destination: Network or Alias: 192.168.11.0 / 24
Translation
Address: 192.168.11.100 (Management)
Misc
Description: Management NAT
Save (edited)
-----------------------------
Works for me, even if I disable the NAT rule, I can still get to the interface.

I believe I found the issue, and it was Unifi Controller software monitoring the OPN IP address. 

The software wants to monitor an IP address to be able to say that there's connectivity... kind of silly, but I get it.  I had that pointed at my OPN LAN IP, so anytime I'd reboot, the controller believed connectivity was down, so I'd lose ALL connectivity. 

Just switched it over to a server IP that I have on all the time, solved this issue.

Thats the Idea. I don't want make external fiber to copper sind use it directly as WAN in opnsense.

My setup is a little different, as I have the ONT transceiver connected into my OPN box.  Works great, but I can't reach the IP you assign it to access the web GUI.  It doesn't do like it does with the BGW modem connected, as you get an internal address from the modem to access it.  The ONT doesn't give you the one assigned and only the WAN IP.

The only way I've found so far to get access, is unplug it, change the IP on my fiber card in my windows server to something in the same subnet, and update it that way accessing the GUI.  Then unplugging it and putting it back into my OPN box.  I've tried creating SNAT, and had no luck accessing

If this is even the issue you are having - gaining access to thhe GUI.

IMO, this is dangerous to open your firewall GUI to this exposure.  But, if you want to keep this, then I would consider changing your GUI port to something like 9443, because what's most likely happening is your 443 traffic that should just be pointed to NGINX is interfering with your same port as the GUI.

You can change the firewall admin GUI port in your interface, but on NGINX, you would identify the port in your destination address.
So, if you want to go to badidea.myfirewall.com:443, your destination address in NGINX would read: badidea.firewall.local:9443.