Messages

Add another user that is having this issue.

[100723] <Error> -- Just ran out of space in the queue. Please file a bug report on this   

[Edit:]

Hello everyone,

I'm working on building out the configuration for our new Deciso DEC2752 that will be going into a remote office.

Between HQ and remote office, I would really want to use DHCP relay inside the IPSec VPN tunnel so that the workstations and users at the remote office get IP addressing from our DHCP servers at HQ.

I came across past posts about some issues with this type of configuration but I'm not clear if it was a configuration issue or a problem within FreeBSD/OPNsense.

As I have the business license with our unit, I'm sure we will be using ISC DHCP.

Does anybody have any recent experience with the latest versions of OPNsense and DHCP relay inside IPSec VPN?


Thanks


Edit:
From reading this post: https://forum.opnsense.org/index.php?topic=39555.0

"We're moving to OpenBSD's dhcrelay (the development version migration is done) which can theoretically handle layer 2 and layer 3 relay, but there are no plans to start dashing out layer 3 relay support in OPNsense. We did always require a layer 2 device to relay from."

My remote site would be:

OPNsense FW --> Aruba L2 2530 Switch.

The aruba switch allows me to set ip helper-addresses on each vlan.

So if I set my DHCP server IP for each VLAN ip helper-address entry per vlan on the switch, does this sound like it would work? This way I don't have to configure DHCP relay in OPNsense and use my L2 switch for that instead.

The remote site is about 2 hours away so I'm trying to understand how to make this work, test it and deploy it.

For anyone else looking for this uncheck the AUTOCOLLECT box and you will be able to set gateway and dns.

Thanks for posting this!

Hey intelliIT,

Did you get anywhere with this? I'm in a similar situation and came across your thread just now.

Now, nda1 (the new drive) may have been formatted and used in another random PC so I'm unsure if its an issue with formatting?

Can you try wiping the new drive first (sure you do it on the right device! Backup is always a good idea, of course):

As mentioned in OPNsense Forum: Formatting whole disk before installation, try destroy the disk and delete the first 1M of the drive:

Code Select Expand

gpart destroy -F nda1
dd if=/dev/zero of=/dev/nda1 bs=1M count=1

Thank you,

That doesn't seem to work.

Code Select Expand

root@OPNsense:~ # gpart destroy -F nda1
gpart: arg0 'nda1': Invalid argument


I did a bit more searching around and I came across a similar issue on a different system-forum:
https://www.truenas.com/community/threads/create-new-pool-ends-with-error-command-gpart-create-s-gpt-dev-ada0-returned-non-zero-exit-status-1.77775/

I did set

Code Select Expand

sysctl kern.geom.debugflags=16

and then I ran

Code Select Expand

gpart create -s gpt /dev/nda1
After that, I then was able to proceed with the instructions for adding the second NVME disk to Opnsense.

Now it looks like everything is complete.

When I go into zpool status, I can see both nda0p4 and nda1p4 listed.

Code Select Expand

root@OPNsense:~ # zpool status
  pool: zroot
 state: ONLINE
status: Some supported and requested features are not enabled on the pool.
        The pool can still be used, but some features are unavailable.
action: Enable all features using 'zpool upgrade'. Once this is done,
        the pool may no longer be accessible by software that does not support
        the features. See zpool-features(7) for details.
  scan: resilvered 2.33G in 00:00:04 with 0 errors on Sat Mar 22 10:59:11 2025
config:

        NAME        STATE     READ WRITE CKSUM
        zroot       ONLINE       0     0     0
          mirror-0  ONLINE       0     0     0
            nda0p4  ONLINE       0     0     0
            nda1p4  ONLINE       0     0     0

errors: No known data errors


Thank you,

Hello everyone,

I have the CWWK N100 and I'm looking to add another NVME drive into it just for redundancy as I have the spare drives.

I have been looking at these instructions (https://forum.opnsense.org/index.php?topic=32650.0) which seem simple enough but I'm getting hung up on the steps to copy the partition table.

Code Select Expand

"gpart backup ada0 | gpart restore -F ada1"
When I run geom list disk, I see both of my drives showing:

Code Select Expand

root@OPNsense:~ # geom disk list
Geom name: nda0
Providers:
1. Name: nda0
   Mediasize: 500107862016 (466G)
   Sectorsize: 512
   Mode: r3w3e6
   descr: KINGSTON SNV2S500G
   lunid: 00000000000000000026b76865cfcd85
   ident: 50026B76865CFCD8
   rotationrate: 0
   fwsectors: 0
   fwheads: 0

Geom name: nda1
Providers:
1. Name: nda1
   Mediasize: 500107862016 (466G)
   Sectorsize: 512
   Mode: r1w1e1
   descr: KINGSTON SNV2S500G
   lunid: 00000000000000000026b7686c0a0ee5
   ident: 50026B7686C0A0EE
   rotationrate: 0
   fwsectors: 0
   fwheads: 0

Code Select Expand

root@OPNsense:~ # gpart show
=>       40  976773088  nda0  GPT  (466G)
         40     532480     1  efi  (260M)
     532520       1024     2  freebsd-boot  (512K)
     533544        984        - free -  (492K)
     534528   16777216     3  freebsd-swap  (8.0G)
   17311744  959461376     4  freebsd-zfs  (458G)
  976773120          8        - free -  (4.0K)
My opnsense is installed on nda0 but when I run the command to start copying the partition table, I get an error stating:

Code Select Expand

root@OPNsense:~ # gpart backup nda0 | gpart restore -F nda1
gpart: geom 'nda1': Operation not permitted
Now, nda1 (the new drive) may have been formatted and used in another random PC so I'm unsure if its an issue with formatting?

I don't think that it is related to formatting but I'm not entirely sure.

Has anybody else ran into this issue?

Here is also a new tutorial section that explains the best practice way to connect the OPNsense to a managed switch: https://docs.opnsense.org/manual/how-tos/vlan_and_lagg.html

If anybody finds issues with this guide, feedback and PRs are welcome as always.

Thank you very much.
As basic as this was, it didn't click despite me doing this before but I must have been trying too many things at once and confused myself.

I set igc3 to be my recovery port (VLAN102) and once I was in there, I deleted the default igc1 LAN assignment and created the VLANS and assigned them to igc1.  Enabled the interfaces, created some basic rules and setup DHCP and I'm good now.


Thank you everyone for the help. I'm sorta slow with new things.

Easy: assign all your symbolic network names (LAN, OPT1, whatever you pick) to tagged VLAN interfaces only. This is in fact the recommended way. Don't use tagged and untagged frames on the same physical interface in FreeBSD/OPNsense.

Edit, I don't think you are speaking of QinQ. In my case, I don't want all clans to be trunked under a primary VLAN.
Thank you, I've been stuck on this for a bit.

What you are referring to, is that QinQ?

[aka Trunk]

Hello everyone,

My home network is planned to have the following VLANs:

VLAN 2 = Data
VLAN 3 = Wifi
VLAN 4 = Wifi-Guest
VLAN 101 = Management


Now, when I setup Opnsense on my CWWK N100 box, I set eth0 (igc0) to be my WAN and eth1 (igc1) to be my "lan" network. This network is assigned the 192.168.1.x/24 network.

The network switch I am using is a Ruckus-Brocade ICX7150 switch.

So, I know how to configure VLAN interfaces off of igc1 but what I am looking to do is only accept tagged traffic (aka Trunk)  between my Ruckus-Brocade switch and Opnsense.

Example, today I was trying to figure this out and I had had my brocade uplink port to Opnsense tagged in my vlans and untagged on the default vlan #1.

When I removed my switch port #1 (which goes to Opnsense igc1) from the default vlan, I lost connectivity.

In Opnsense, my VLANs are defined with VLAN tags, but what I think is that maybe the traffic is passed between Opnsense and my Brocade switch on default VLAN #1.

I am very familiar with L2 switching and the Brocade style configuration. I want all of my VLANs tagged on the uplink to Opnsense.

What I am not sure is how to only accept traffic on Opnsense, interface igc1 as only tagged traffic.

Thank you,