1
24.7 Production Series / Re: 24.7.1: Traffic Graph Widget show only on the left-side data
« on: August 11, 2024, 03:27:52 pm »
Same problem for me with the Traffic Graph. Latest MS Edge on Windows 11 and macOS 14.6.1.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
24.1 Legacy Series / Re: Help Me Understand What's Going On With This Interface
« on: February 25, 2024, 02:03:28 pm »
All were/are fine, link lights and all. First thing I did when things went wrong, actually.
3
24.1 Legacy Series / Help Me Understand What's Going On With This Interface
« on: February 25, 2024, 12:13:20 am »
I've been using OpnSense for as long as I can remember. I have switched hardware a number of times. Today, I ran into something I've never seen and just can't figure out.
My current hardware has 3 interfaces: em0, em1, and em2. Only em0 (LAN) and em1 (WAN) are used.
My drive has been having some issues reported by SMART, but otherwise everything has been working. Today I decided to backup my configuration, put a new drive in and restore from backup. Nothing I have not done before.
No WAN internet. After 2 hours combing over my config, on a lark I decided to reassign em2 as WAN and unassign em1.
Everything works perfectly with that change. I did nothing else. I have not tried swapping them back yet.
My current hardware has 3 interfaces: em0, em1, and em2. Only em0 (LAN) and em1 (WAN) are used.
My drive has been having some issues reported by SMART, but otherwise everything has been working. Today I decided to backup my configuration, put a new drive in and restore from backup. Nothing I have not done before.
No WAN internet. After 2 hours combing over my config, on a lark I decided to reassign em2 as WAN and unassign em1.
Everything works perfectly with that change. I did nothing else. I have not tried swapping them back yet.
4
General Discussion / Unbound DNS, WAN Down and Local DNS Resolves
« on: November 03, 2022, 12:14:19 am »
I have Unbound DNS configured as my DNS. I do use DHCP also with some static IPs defined to hosts. I have some LAN hostnames defined and it all seems to work okay... except when the WAN goes down (like it is now, I'm on my phone's hot spot).
I'd think that local hosts should still be able to resolve to each other. I must be missing a setting or maybe a rule to allow this. Is this enough information to get a few suggestions?
I'd think that local hosts should still be able to resolve to each other. I must be missing a setting or maybe a rule to allow this. Is this enough information to get a few suggestions?
5
21.7 Legacy Series / Re: Input Error Detected: Certificate webConfigurator default...
« on: October 07, 2021, 08:28:03 pm »
Thank you! That seems to have done it.
6
21.7 Legacy Series / Input Error Detected: Certificate webConfigurator default...
« on: October 07, 2021, 05:45:40 pm »
I'm getting an error in System -> Settings -> Administration.
Even though I have only http selected, I'm getting an error when I save: "Certificate webConfigurator default is not intended for server use."
This cert does exist in the https dropdown, but I'm not using https.
I installed a fresh copy on a test machine and there appears to be a different default TLS cert on a clean install which is NOT in my production install. I have upgraded many, many times so perhaps that is part of it.
Obviously, with this error, I cannot Save any changes in that section.
Even though I have only http selected, I'm getting an error when I save: "Certificate webConfigurator default is not intended for server use."
This cert does exist in the https dropdown, but I'm not using https.
I installed a fresh copy on a test machine and there appears to be a different default TLS cert on a clean install which is NOT in my production install. I have upgraded many, many times so perhaps that is part of it.
Obviously, with this error, I cannot Save any changes in that section.
7
20.1 Legacy Series / Re: Split DNS & Rebind Attacks
« on: July 23, 2020, 02:55:24 am »
Well, I got things a bit better after I discovered the NAT Reflection options in Advanced.
Ticking the Reflection for Port Forwards and Automatic Outbound Reflection got me to the server.
Unfortunately, Apache's DNS site detection is broken because of this on the LAN. www.mysecretsite.com resolves as the "first" site, but www.myREALLYsecretsite.com resolves to the first.
What I really need to understand is why Unbound's overrides are not working for this but are for other items. If my LAN clients are hitting it, shouldn't its overrides be honored?
Ticking the Reflection for Port Forwards and Automatic Outbound Reflection got me to the server.
Unfortunately, Apache's DNS site detection is broken because of this on the LAN. www.mysecretsite.com resolves as the "first" site, but www.myREALLYsecretsite.com resolves to the first.
What I really need to understand is why Unbound's overrides are not working for this but are for other items. If my LAN clients are hitting it, shouldn't its overrides be honored?
8
20.1 Legacy Series / Split DNS & Rebind Attacks
« on: July 23, 2020, 12:20:51 am »
All, I have an internal DNS server that I want to retire in favor of using the built in UnboundDNS. Everything works except my web server behind NAT.
Externally www.mysecretdomain.com resolves and works perfectly.
Internally www.mysecretdomain.com throws a rebind error because it tries to go to the admin page of OpnSense instead of www which is on a different system.
Indeed, internally pinging www.mysecretdomain.com resolves to my PUBLIC IP when it should resolve to my INTERNAL IP.
Even going to the Overrides section of Unbound and making sure www.mysecretdomain.com resolves to 10.0.1.201 does nothing. It insists on resolving to my Public/Opnsense WAN IP.
What the heck am I doing wrong?
Externally www.mysecretdomain.com resolves and works perfectly.
Internally www.mysecretdomain.com throws a rebind error because it tries to go to the admin page of OpnSense instead of www which is on a different system.
Indeed, internally pinging www.mysecretdomain.com resolves to my PUBLIC IP when it should resolve to my INTERNAL IP.
Even going to the Overrides section of Unbound and making sure www.mysecretdomain.com resolves to 10.0.1.201 does nothing. It insists on resolving to my Public/Opnsense WAN IP.
What the heck am I doing wrong?
9
Hardware and Performance / What's the word with NVMe?
« on: March 19, 2020, 06:46:31 pm »
A long time ago when I started running OpnSense it was advised not to use SSDs.
Has this changed? I have a mini PC with an EVO Plus NVMe drive I can upgrade with.
Has this changed? I have a mini PC with an EVO Plus NVMe drive I can upgrade with.
10
19.7 Legacy Series / Re: Hanging at /boot/defaults/loader.conf
« on: December 10, 2019, 09:22:37 pm »
*solved*
Over in the FreeBSD bug tracker I found this link, and see comment #48.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=230172
I have to add this to /boot/loader.conf.local on my systems - I figured I try it on the Dell (which I am using) and the Apple which had the same issue. It fixed both systems.
kern.vty="vt"
hw.vga.acpi_ignore_no_vga="1"
Over in the FreeBSD bug tracker I found this link, and see comment #48.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=230172
I have to add this to /boot/loader.conf.local on my systems - I figured I try it on the Dell (which I am using) and the Apple which had the same issue. It fixed both systems.
kern.vty="vt"
hw.vga.acpi_ignore_no_vga="1"
11
19.7 Legacy Series / Re: Hanging at /boot/defaults/loader.conf
« on: December 10, 2019, 07:18:01 pm »
Thanks for responding. I did download vga. I've sense tried it on a Dell 3050 also with EFI firmware.... same thing.
Did I download the wrong image?
I was looking in Tuneables as someone in the FreeBSD forum thought disabling vesa would do it.
Did I download the wrong image?
I was looking in Tuneables as someone in the FreeBSD forum thought disabling vesa would do it.
12
19.7 Legacy Series / Re: Hanging at /boot/defaults/loader.conf
« on: December 08, 2019, 02:12:54 pm »
Okay, I went back to this with fresh eyes. Maybe someone has an idea about this:
Only the local console on the display is "hanging". OPNSense is alive and well both via the web and ssh ports. It works.
I was used to seeing information on my old setup after the loader, so it must be something in that loader.conf for video drivers?
I don't know how much I even need that since I run it headless, but it was nice to have a working monitor with it as a diagnostic tool as OPNsense loads/shutsdown if there is a problem.
Thoughts?
Only the local console on the display is "hanging". OPNSense is alive and well both via the web and ssh ports. It works.
I was used to seeing information on my old setup after the loader, so it must be something in that loader.conf for video drivers?
I don't know how much I even need that since I run it headless, but it was nice to have a working monitor with it as a diagnostic tool as OPNsense loads/shutsdown if there is a problem.
Thoughts?
13
19.7 Legacy Series / Hanging at /boot/defaults/loader.conf
« on: December 07, 2019, 06:34:35 pm »
This is a culmination of my two other posts. My simple morning project has turned into a nightmare. That's how it goes for me.
I decided to switch out my OpnSense hardware. I have a decent i5 Mac mini not doing much, so I download the image, got it installed and my configuration imported. The initial boot after the installer was successful and everything came up and I'm ready to swap. Awesome!
I shut down to move it into it's new home and it's hanging at /boot/defaults/loader.conf
I reloaded, was successful again, ...and again... shutdown and first cold boot, it hangs.
I don't get it and I don't know enough about FreeBSD to even begin to figure out why this seems to work fine then fails.
Um, help?
I decided to switch out my OpnSense hardware. I have a decent i5 Mac mini not doing much, so I download the image, got it installed and my configuration imported. The initial boot after the installer was successful and everything came up and I'm ready to swap. Awesome!
I shut down to move it into it's new home and it's hanging at /boot/defaults/loader.conf
I reloaded, was successful again, ...and again... shutdown and first cold boot, it hangs.
I don't get it and I don't know enough about FreeBSD to even begin to figure out why this seems to work fine then fails.
Um, help?
14
19.7 Legacy Series / Reinstall "Import Configuration" Drive Format
« on: December 07, 2019, 04:07:51 pm »
I've had OpnSense for years, but might move to new hardware. Over those years I've tried and failed many, many, times to get my configuration imported at install time.
Daily, I don't live in the *nix world. My desktops are Windows or Mac.
What format of, say, a USB flash drive is OpnSense expecting to find that contains my config? Is there a formatter for Mac/Windows that I can use as well as a tool to copy the config onto it?
Thanks for any advice!
Daily, I don't live in the *nix world. My desktops are Windows or Mac.
What format of, say, a USB flash drive is OpnSense expecting to find that contains my config? Is there a formatter for Mac/Windows that I can use as well as a tool to copy the config onto it?
Thanks for any advice!
15
19.7 Legacy Series / OpnSense WAN Speed Issues
« on: December 07, 2019, 12:56:39 am »
I had 100Mbps service and I would typically get from speedtest-cli that speed.
Today my provider doubled our speed to 200Mbps. Still, the most I can get with my OpnSense box is 104Mbps.
If I connect my laptop directly to my ISP's box, I'll get 220Mbps which is what I expect.
What should I look for on OpnSense to get the speed I expect? I'm running it on HP hardware that has GIG Ethernet to the ISP.
Today my provider doubled our speed to 200Mbps. Still, the most I can get with my OpnSense box is 104Mbps.
If I connect my laptop directly to my ISP's box, I'll get 220Mbps which is what I expect.
What should I look for on OpnSense to get the speed I expect? I'm running it on HP hardware that has GIG Ethernet to the ISP.