Messages

[primary]

Hi,

Could you verify whether the hostnames appear in the Live Sessions - Connections report under the Source Hostname column?

I looked and the majority of them only show IP addresses.  For the ones that do show hostnames, I confirmed that they do not have an entry under Aliases in OPNsense, nor are they statically defined in Unbound DNS. 

I think I found the root cause of my issue:

• When I first reported my issue, I had 2 local DNS servers defined under DNS Enrichment.  I removed 1 of them. 
• The remaining DNS server is a domain controller, and it had its own primary DNS pointed at OPNsense under its NIC adapter settings.  I updated it so that it points to itself as the primary DNS. 
• Reading online, for domain controllers, the NIC adapter should not be used to specify which DNS to use for recursive DNS lookups.  Instead, a proper DNS forwarder should be configured via the DNS Manager.  I did this, and pointed the forwarder to OPNsense.

With how it was configured previously, I think it was causing a vicious loop of the DC and OPNsense querying each other and not going anywhere. 

Now with the changes I listed above, I see hostnames correctly populating in the Live Sessions view and Reports. 

Hope this helps others.   

I've already enabled real-tiome DNS enrichment in Zen Armor, under Settings > DNS Enrichment.  I've added DNS servers to the list as well.  However, when I look at the Recent Devices section, 99% of them show up as "Other Device" instead of showing its actual hostname.  In my Reports, I see MAC addresses for the vast majority of devices, instead of hostnames. 

To troubleshoot, I SSH'd to the server and performed an nslookup, specifying the DNS servers.  (nslookup <IP address of computer> <DNS server IP>) and it was able to resolve to hostname successfully, so this tells me opnsense can successfully reach the DNS server I had specified and process the lookup.  

Any ideas?

Thank you

I installed Observium and found the graph as you described.  I'm performing speedtests from a computer but Observium's graph do not reflect the same figures.

Here's my data path:
Workstation (LAN) using OPNSense as it's default gateway.
OPNsense using it's WAN interface to go to the internet.

On my workstation, I'm performing a Google speedtest which is reporting 765 Mbps download and 207 Mbps upload.

My expectation is that when I look at the traffic graph in Observium corresponding to the WAN port of the OPNSense firewall, I should see similar corresponding figures, since traffic has to leave the WAN port of OPNSense to actually perform the speedtest.  I should see a max of around 700 Mbps in, and a 200 Mbps out.  Instead, the graph shows only a max of 43 Mbps in, and 31 Mbps out.

Hi, is that feature part of the paid subscription of Observium?  Thank you

Hi Patrick, thanks for your response. 

Per your suggestion, I looked at both LibreNMS and Observium.  I appreciate how they both link to a live demo system for me to evaluate their software in action.  However, I don't see any report on min/max/avg. bandwidth speeds.  The closest I could find is the transfer graph in Observium which shows total bandwidth transferred, but no mention of speed.  In other words, I can see that on XYZ day, 5.3GB was transferred, but I don't know how fast it was, the peak, or avg, in Mbps.

Maybe this is due to my unfamiliarity with using either app?  I'm reluctant to invest the time and money to install a VM and learn the apps only to find out it still doesn't do what I need.

I found bandwidthd which may have what I need (minus the ability to select a start/end time to generate a report): https://bandwidthd.sourceforge.net/demo/.

Thank you again.

Hi everyone,

I work for an organization which is paying $$$$ for their WAN internet connection.  It would be beneficial to generate a report to show the org what their actual usage is.  My needs:

• Peak usage, in megabits/sec
• Avg usage, preferably with an interval that can be defined, eg: avg usage over 24 hours, avg over 5 days, etc
• Be able to specify a start/end date for report to evaluate historical figures
• Identify the src or dest. hostname, IP, or OPNSense interface, to categorize and include/exclude them from the report

This report would help us determine if we're overutilizing/underutilizing the WAN connection, on what dates, by which devices, and their use case. 

I've evaluated the following that's native to OPNSense:
Reporting > Traffic - This shows data only in real time.  There's no reporting option available to look at historical metrics. 
Reporting > Insight - This covers most of my asks, but the biggest downside is that the .csv reports it generates does not show speed in terms of bytes, but in packets.  The 'Details' tab in the web GUI shows bytes, but it's bandwidth usage, not bandwidth speed. 

VnStat plugin - This shows bandwidth speed.  I can see HH/DD/MM/YY stats, which is awesome.  I can't specify exact dates/times, which is fine.  The drawback is it doesn't list the hostname/IP of that traffic, so I don't know what is consuming the data. 

I *think* there's no perfect option that meets my needs, and I'm left to just take all the various reports and try to generate my own report manually.  I hope I'm wrong and someone here can suggest something that can answer my needs?

Thank you very much for your time.