Messages

I'm trying to get netflow / insight reporting working and having an issue with data in the opnsense gui when viewing interface totals / bandwidth.

For testing I stream a UHD film and I can see the the correct/expected data in reporting / health (I think this data is not from netflow). It shows data rate of around 20Mb/s and this is what I expect from a this UHD stream.

I then use reporting / insight for interface totals and looks ok for a while then drops to zero while the film is still playing normally and reporting / health also looks normal.

I'm not sure if I am stupid or if this is a problem with my setup or a bug.

See screenshots attached.

How can I investigate further?

Thanks for the help. I did a bit more research and have found the solution.

The problem is that the data needs to be tagged when doing this with telegraf and influxdb. Records were being overridden in influxdb with default config.

The solution in telegraf is to add a processing step in the pipeline to convert some key fields to tags. Use with caution as this can create cardinality / performance issues due to the number of series that are created :-)

Information linked below to help other folks who are trying something similar.

https://github.com/influxdata/telegraf/blob/release-1.35/plugins/inputs/netflow/README.md#metrics-are-missing-at-the-output

Great. Then using netflow is something I should be able to get working and I am on the right track...

I am using defaults for netflow and everything else that i am pushing through telegraf and into influx is working fine so I think the setup fine.

My network is ipv4 only so I guess I can try switching from netflow v9 to netflow v5 in opnsense and telegraf and see if that helps.

Anything else you can share that might help?

I have been investigating and experimenting with this and I am stuck - appreciate any help.

I have netflow configured in opnsense and it is exporting to influxdb via telegraf - my understanding is that this will provide summary metrics and I should be able to visualise bandwidth etc overall and by client.

I am also using the opnsense telegraf plugin and using this with network input - this will give me total data by interface. This is working fine.


My issue is that the netflow metrics collected seem to only be a fraction of what I expect. Maybe it is due to sampling rate?

See charts attached. The first two are using the opnsense telegraf plugin reporting data total and data rate by hr and are working fine. The issue with this is that I can only report at interface level (not client)

The third chart is using netflow sum bytes_in by hr and I what I see is only a small amount of the data and the data does not seem to align in any way at all.

I think I am doing something really silly and would appreciate any assistance with this please.





 

I have netflow enabled and outputting to influx via telegraf. Seems to be working fine but...

I don't really capture the data i expected so I probably misunderstand and I was hoping to get some help here.

What I want to visualise is internet usage (data rate) for a single client - for testing I am using MB/hr.

To achieve this I am using bytes_in where dest = ip and bytes_out where source = ip (sum grouped by hour)

but I am only getting a fraction of the data rate I expect.

Has anyone set this up and can explain what I am doing wrong?

and I have tried many different combos of bytes_in bytes_out dest / source etc

Thanks. Will remove it from test. Not using it

Actually I see that the os-bind plugin is installed in my test opnsense.

Maybe I installed the package myself at some point for testing.

Should I have os-bind plugin on my prod system?

Hi all,

Just by coincidence I noticed that my prod (baremetal) opnsense 25.7.1 install does not have the bind920 (BIND DNS suite with updated DNSSEC and DNS64) while my testing opnsense setup (VM) has the package installed and the test system is very basic vanilla install without any plugins.

Thoughts?

Thanks.

Yes this all just for learning but I see that the setup WAN setup on the test network makes it tricky.

I thought it might be possible using an outbound NAT rule on the home network but I can't get it working.

Appreciate the help and thanks again.

I am a network / opnsense newbie and I am learning by using an isolated opnsense firewall/network using a VM environment.

I have this all working nicely - see architecture attached - don't laugh too much

I can easily access home network from test network (and i expected this as it is 'upstream).

What would I need to do to be able to access devices in test network from home?

Is a VPN the only way?

Using opnsense 25.7 with dnsmasq/unbound.

I have noticed that my wife's work laptop is spamming the dsnmasq log with a warning every 5 seconds.

I see this is related to the work laptop having a fqdn that is different to my home network. But why is this happening every 5 seconds?

Any way to turn off this type of log?

Warning    dnsmasq-dhcp    Ignoring domain au.xxxxx.net for DHCP host name xxxx

I think this is how I 'should' have set it up in the first place with ISC but I was a complete newbie then (still am haha).

Thanks again everyone who has chipped in to help.

I think I have now successfully migrated to 25.7 and dnsmasq.

thank you @cookiemonster!

That was it. I just needed to add the VLAN IP in the adguard config yaml - to the dns bind_hosts. See below

Code Select Expand

http:
  pprof:
    port: 6060
    enabled: false
  address: 0.0.0.0:8083
  session_ttl: 720h
users:
  - name: [redacted]
    password: [redacted]
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
theme: auto
dns:
  bind_hosts:
    - 127.0.0.1
    - 192.168.1.1
    - 192.168.20.1
    - 192.168.30.1
  port: 53


Thanks all for help.

For testing I have both main network (VLAN1 192.168.1.1/24) and guest network (VLAN20 192.168.20.1/24) fully open with one rule (allow all to all). See screenshot.

Adguard is installed on the main network in opnsense so it is listening on the following addresses.
127.0.0.1
192.168.1.1

It was setup this way and working when using ISC for DHCP. I think I was able to configure ISC for the guest VLAN to use 192.168.1.1 as the gateway and DNS. So maybe this is the key difference that made it work using ISC but I need to change my setup for dnsmasq.

I will try editing the adgauard config file to include 192.168.20.1 as a listening address.

OK thanks. I will remove the dhcp options as suggested.

Is it expected that when I connect a client to the VLAN20 the dhcp network settings are showing 192.168.20.1 as gateway and for dns? I expected them to be 192.168.1.1 VLAN01 - lan?

What should I be looking for to fix DNS? I followed the dnsmasq and config example precisely (and everything was working correctly with ISC dhcp).

The main difference now is that I have the DNS query forwarding to dnsmasq from unbound - see screenshot attached