Messages

Thank you,

I did try the tuneable (point 23) as you suggested previous - as indicated in post #3. Sorry, only just spotted Patrick's reply - this was installed before creating this post.

Thanks Meyergru,

I've looked and couldn't find any microcode updates AMD only deliver these for this CPU via bios updates and the bios update for this model is only delivered by HP.

I'm going to put Proxmox on it today and try and run OPNsense as a VM and see if it's stable. The goal here to was to get it running natively on separate hardware from my larger Proxmox servers, so although this would be a compromise, I can live with for now.

Microcode updates are applied via a BIOS update, there aren't any separate updates. It's running the lasted BIOS L43 1.16.

I would try the Realtek plugin but this requires to upgrade the opnsense fw first and I can't get the device to stay up long enough.

It's just strange that it seems to die under load.

Well, no closer to getting this working. I reimaged the T730 with Windows 11 IoT today and ran non-stop speed tests for 6 hours and it didn't skip a beat. Then I re-imaged with opnsnese and just left the LAN connection in ping a host. This worked for 2.5 hours and stayed up. I then connected the LAN and tried to run a bandwdidth speed test and bang it locks up. I thought it may have been the onboard Realtek nic so changed interfaces to just use the Intel pro/1000 but tis made no difference.
I can't even do an opnsense fw update before it dies, it gets about 10 secs in the locks up.

Could this be a compatibility issues with FreeBSD and an HP T730 think client? I'm sure I read other people using this device with opnsense.

Not sure where to go from here.

I believe the microcode update is in the latest BIOS update, which I have installed. I'll have a look at the other posts. Do you think this is an issue with the HP T730 or the PCIe NIC?

It stayed up for about 20 mins and then died again unfortunately.

Thanks Meyergru, I'll try that. I managed to get the Firmware > Report output before it crashed, I've attached in case that's helpful.

Hi Forum,

I need a some troubleshooting an unstable OPNSense installation. I've moved from a virtualised OPNSense instances to running of dedicated hardware:

HP T730 Mini PC 8GB RAM, 64GB NVMe, Intel Pro/1000 ET 82576 Quad NIC

I'm using the latest VGA image with no additional plugins. OPNSense will suddenly lock up, GUI/Shell become unresponsive and the NIC ports link lights stop. Rebooting the PC resolves the issue. Yesterday with just 1 LAN and WAN interface configured it would crash after about 20 mins. I installed Windows 11 IoT over the top, updated the BIOS, ran hardware diagnostics - all passed. With Windows it ran without issue. Confident that it was fixed I reinstalled OPNSense and it seemed to work - ran for over 90 mins without issue.

Today I have configured 3 additional LAN interfaces and the problem is back, except now it will stay on for about 2 mins before dying. Any had any experience of this or where I can check logs to see what is going on?

Thanks in advance,
Matt

I think I have found the issue. It seems that the interface address mask is defaulting to /32 when I shutdown and restart the OPNSense vm.

I have spun up another instance on a different host and it seems to retain the correct /24 mask. Not sure why this is doing this but I will continue to monitor. For now it appears to be working and I have my isolated network accessing the internet only.

Thanks for your help forum.

Matt

I block image hosting. Please attach directly to your post. Embedding image hosting URLs is a rude violation of other people's privacy, IMHO.

Hi Patrick,

I don't seem to have the option to attach/embed, only inserting an image or link with a URL.

Kind regards,
Matt

Hi Patrick,

Apologies not sure what happened then, image posting is always a bit hit and miss here for some reason.

https://ibb.co/RkHV2ShS

Please add a screen shot of the rule.

Hi Patrick, sure here is the rule (I have added another interface to block as well (LAN111):



Kind regards,
Matt

You need a rule on LAN2:

Source: any
Destination: LAN110 net
Action: deny

and place that before the rule allowing Internet access.

Nope that didn't work I'm afraid, I now I am not able to get to the internet from any interface - I can't even PING the upstream gateway from the diagnostics section.

Can you suggest anything?

That's one way to do it. There are more. ;-)

Thanks Patrick - I'll give that a go and test.

Hi BrandyWine. All three ports are virtual. I have an DSL ISP router connected to a L3 switch (switch1), which is also connected to the device on VLAN2. Switch1 si connected via LAG ports to a second L3 switch (switch2) on a different floor. Switch2 as two Proxmox hosts connected to it which is hosting 10 vlans and the OPNSense appliance. I am using the OPNSense appliance with the inline router to get multiple vlans out to the internet. This is just a PoC and now that I know it can work I will purchase a dedicated OPNSense box and move it to Switch1 to reduce network traffic and hops.

[LAN interface]

Hi Forum,

I've just started using OPNSense at home and I'm having some issues getting some basic firewall rules working. I've watched some YouTube tutorials, taken the basic OPNSense training but am still struggling and can't see why.

My virtualised OPNSense appliance has 3 interfaces:

WAN
LAN110 - 192.168.10.1/24 (VLAN110)
LAN2 - 192.168.2.1/24 (VLAN2)

I can get both LAN and LAN2 networks to access the internet, but I am trying to stop the LAN2 network from accessing any devices on the LAN network.
I can only seem to open everything or block everything?

These are my rules so far:

LAN interface
My understanding is that this allows traffic from the LAN network out to the internet:
https://ibb.co/21t64Zrt


LAN2 interface
My aim was to block any traffic coming in on the LAN2 interface, from a LAN2 network address that was destined for the LAN110 network. The second rule is intended to all LAN2 network traffic out the internet:
https://ibb.co/h11Z8p8h

I don't have any WAN rules other than the auto generated, I don't have any floating rules.

Can anyone give me some pointers on where I am going wrong?

Thanks,
Matt