Messages

Got everything up and running again after some funky side tracks along the way to complete reinstalling.
I managed to get it to upgrade all the way to 25.1.5 in the end - so the issues with GPT (which were the root cause of the upgrade fail) seem to have crept in somewhere over the last month or so of uptime. GPT is twitchy and any issues seem to proliferate across multiple HDD and even to the install USB.
In the end I reformatted the SSD I was installing to to FAT32, and reformatted and reinstalled the installer USB.

The issue is whats the best backup strategy since what I thought was adequate completely let me down (which was a Gzipped DD copy of the whole OS which obviously just copied the GPT corruption that had occurred).

Anyway alls good that ends well.

Thanks for the pointers.
Going to concentrate on getting the working install fully back up and running first. Would like to get it back to 25.1.4 where it was before but can't find clear instructions on how to update to a specific version.

Will then go back and see if I can get the other version working on a separate disk. Funny thing is that this just came out of the blue after successful update through from 24.7

I think I have got to the root of my issue. The latest update has an incompatible GPT partion for my Fujitsu S920.
I got a version of OPNsense 24.7 running on one disk drive and restored a backup config.xml, works with a few issues with my VPN on wire guard yet to be resolved, probably due to this been an effective rollback from the version I was previously running.

However I then decided to setup the latest version on a separate SSD to see if I could get it up to date. Will not boot at all from this disk complaining about GPT format, throws a hexadecimal table and freezes.
I had noticed some errors regarding GPT before but didn't pay it enough attention.

So unless I can work out why it doesn't like the GPT I am stuck.

It seems highly improbable that losing my bios and the issue with a failed upgrade are unrelated. The event that triggered a loss of bios was the factory reset. Before the factory reset the bios was accessable. It boots up to the point where it shows the bios for my Ethernet card which is itself accessable - but then as soon as it gets to what would be the normal bios and hand off to the OS it simply shuts down.

EDIT: Turned out that the factory reset re-enabled a case switch. Have bypassed it now and have been able to boot again.

So things just got considerably worse for me. It seems that the upgrade has somehow trashed my GPT partitions. I performed a factory reset and now my system won't boot and the bios is no longer accessible.
Going to see if I can get it to boot from a USB, but this has gotten mighty annoying.

@Shoog you seem to be in a better place. Something in config only not right, not the whole OS failing to boot.
Have you installed the latest hotfix?

I tried using the console upgraded but it seems to time out and then freeze.
I tried the captive portal fix which seemed to run but made no difference. Identifing the root cause is the tricky bit to resolving what's going on here.

Well my recovery image is corrupted in some way so that path is closed to me.

Going to try a factory reset and then a restore to see if it flushes out the errors. I. My case I definitely think it's the DHCP which is the root cause. The firewall itself is able to ping out and all interfaces are up and running - but no services on the LAN are getting IPs. A clue is that my Kodi boxes ran on for around half an hour before they died which sort of points to the DHCP dropping the connections at refresh. Cannot ping anything on the LAN.

Mighty pain in the hole since I have quite a few add-ons to reconfigure if I fresh install, will take the best part of a day but at least I have notes.

I never setup captive portal.

How would I go about disabling captive portal from the command line - just to be sure.

Hi,
Just a heads up that when I upgraded this evening to the latest 25.1.5 the system was broken on reboot. Don't exactly know how it is broken but Nothing on my home network is working. I suspect that somehow the DHCP is the issue, but don't know for certain. Cannot access the webportal but when I plug a monitor and keyboard into the router everything looks OK and the main WAN has an IP and my Wireguard tunnel is up.

Fortunately I have a full disk backup from Sunday so when I can remember how to uncompress it and dd it back to the main disk I should be somewhat OK, but that will have to wait for tomorrow.

Stephen

So I managed to get a Caddy reverse proxy to my Filebrowser server up and running in less than 10mins and am testing it now by downloading a large file.
Not finished yet since I still want to serve at least one other service from the same domain.

I have Nginx loaded and working with LetsEncrypt running with the ACME addon.
I have Nginx accepting requests on my duckdns.org domain and by appending a "/service" to the domain Nginx splits the traffic off to my three different local servers;

/filebrowser
/OMV
/homeassistant

I know this is working sofar because I get the bootstrap loading page for filebrowser, and error messages generated from the other two servers. The filebrowser is what I am focusing on so far and it never gets past the boostrap loader and onto the login page. It seems from the error logs that Nginx is asking for files from the Filerbrowser server webpage which are never delivered. Its not simply forwarding on the traffic as I would have expected. The OPNsense Nginx addon adds a whole load of parameters which without detailed knowledge of Nginx are simply confusing my understanding of basic Nginx functionality. Additionally I am able to use curl to access the raw html file on the servers via the domain + "/filebrowser" which further confirms that I am getting through to the servers.

All the tutorial for the OPNsense Nginx addon only seem to use a simple one to one proxy using "/" as the URL pattern and its seems that there is very little detailed information on the use of this addon since most people seem to opt for CADDY or HAproxy. I am tantilizingly close but my knowledge is simply to slight to crack the last hurdle.

UPDATE: Life is to short for this crap so I have abandoned all effort to get Nginx working and am going to try with CADDY.

[WAN]

Update on what got things working.
I setup the DUCKDNS domain and client on my OPNSENSE router, I entered all the details required for he client but it wasn't talking to the Duckdns server. I did a bit of digging and discovered the magic combination of settings which bypassed my PIA tunnel were, set interface to WAN on the client and set tracking by interface(IVP4). This still didn't work initially but after checking the setting I discovered that I needed to set the backend in general settings to ddclient rather than default. This instantly got things working.
Last thing will be to setup a NGINX reverse proxy and job is done.

Steep learning curve but ultimately very nice featureset in OPNSENSE.

Hi,
I have considered both zerotier and tailscale but want to try to get this working in the more conventional way if I can.
I managed to establish a port forward across my router by using the WAN_address alias to form a port forwarding NAT rule. I was able to access the current IP address from the OPNSENSE router and this allowed me to test and confirm that the port forwarding was working through my mobile phone network. Of course thats only a small step since eventually the ISP IP will change.
I worked on getting DuckDNS running but even though I setup the client on OPNSENSE with WAN as the target - it still only gets the PIA tunnel IP address. I will carry on researching if there is a way to enforce the WAN gateway for DuckDNS.

Stephen

Hi all,
I have managed to get my OPNSENSE router up and running. So far I have a flat LAN network and I have managed to route all my LAN traffic over the WAN via a PIA VPN tunnel. All is working and when I do a check on my IP address its shows my fixed PIA IP address rather than my ISP assigned variable IP address. Strangly enough it still shows my PIA address when I am nominally not using the tunnel just the plain ISP WAN.

I had hoped I would just be able to open a port on the router and access from outside using this - but PIA only offer a randomly assigned single port which is not generated by the standard PIA automation script. So simple port forwarding seems out of the question and my attempts to do this confirm that its not possible through the PIA tunnel. So I was thinking to setup a seperate OpenVPN server on the router and access through this. However since I don't seem to be able to get the plain variable ISP WAN address via DDNS I am at a bit of a dead end as i need this to create the OpenVPN tunnel.

Unfortunately my grasp of the fundamentals is slight and mixing the PIA tunnel along wityh a OpenVPN server on my router is complicating the setup. Anyone care to point me in the direction of some good technical guides which will broaden  my understanding, or suggest that I am on the right or wrong track with this strategy.

Stephen

Piholes are both coming off the same Mikrotic switch going to the OPNsense router. However the Mikrotic is segregated into two switches which are internally bridged, one side is Gbit and the other is just fast ethernet - the two piholes are on different sides of the switch so could be introducing latency.