Messages

1

24.1 Legacy Series / Setting DHCP gateway IP address is disabling NAT rules on interface?

« on: June 14, 2024, 01:02:13 pm »

Hi

I have fanced an issue: if I set the IP address of the DHCP gateway, NAT rules (checks through pfctl -sn) are not generated anymore.

Is it expected ?

2

24.1 Legacy Series / Re: 24.1.8 - packages set not published ?

« on: May 30, 2024, 02:32:50 pm »

@franco, OK thanks for the reply. I was asking because it has been published for 24.1.2 and 24.1.5.
About python3.9, good to know, we will delete it manually. Already tried on our test instance, it works.

@meyergru: no we don't, only official one and our private repo (with no python dependencies).

3

24.1 Legacy Series / 24.1.8 - packages set not published ?

« on: May 30, 2024, 11:29:54 am »

Hi

Thanks for the last release 24.1.8

Unfortunately I cannot find the packages set for 24.1.8 on mirrors, only base and kernel sets are available.

  https://mirror.ams1.nl.leaseweb.net/opnsense/FreeBSD:13:amd64/24.1/sets/
  https://opnsense.c0urier.net/FreeBSD:13:amd64/24.1/sets/

BTW, does python 3.9 is still necessary on 24.1.7+ ? Currently updated system have both version (3.11 and 3.9)...

BR

Clément

4

General Discussion / Nano image UEFI

« on: December 11, 2023, 05:53:51 pm »

Hi !

Nano image is MBR only, is it planned to have a UEFI (or hybrid) one ?
Would be nice for situation where installer is not an option (we are evaluating protectli VP4630 hardware: unfortunely it is only supporting UEFI boot) :/

Regards

5

22.1 Legacy Series / Re: Issue with static IP configuration - cannot define static gateway

« on: August 24, 2022, 04:50:27 pm »

If it's not in any attached network it's not "near" either. I'd call this "far" enough.

Frankly, I don't want to debate semantics for the configuration you chose to apply. You seem to have your reasons for not having a gateway that is locally reachable so you need to configure it as such.


Cheers,
Franco

The gateway of course is on the same network - actually can be closer since it's directly linked -, and locally reachable !

As mentionned in my initial message:
  IP static: 192.168.1.1/24
  IP gateway: 192.168.1.254

And as I explained in my second message: "We have also been able to create the gateway without using "far", but it requires to Apply configuration first: so my guess is now the check is made on the "current" IP address and not the new one."

6

22.1 Legacy Series / Re: Issue with static IP configuration - cannot define static gateway

« on: June 10, 2022, 11:53:14 am »

That's a weird solution since the gateway is not "far", and that's a regression bug.

We have also been able to create the gateway without using "far", but it requires to Apply configuration first: so my guess is now the check is made on the "current" IP address and not the new one.

7

22.1 Legacy Series / Issue with static IP configuration - cannot define static gateway

« on: June 10, 2022, 11:32:49 am »

Hi

With the last version (22.1.8_1) we are facing a bug when trying to setup static IPv4 WAN.

We cannot add the gateway, the GUI always answer "The gateway address does not lie within one of the chosen interface's IPv4 subnets". Of course, it's not the case ! I tried with 192.168.1.1/24 and 192.168.1.254 as gateway.

I have noticed:
 - that an error 500 occurs on POST system_gateways_edit.php without any details (and no error repport)
 - the same bug occuring when IP has been saved and we try to setup gateway through System / Gateways
 - the only "workaround" is to enable "Far gateway"

Regards

8

22.1 Legacy Series / Re: VxLAN does not going up on start

« on: May 10, 2022, 11:36:11 am »

OK I see, thank your answer!

9

22.1 Legacy Series / Re: VxLAN does not going up on start

« on: May 09, 2022, 03:43:32 pm »

Anyone ?

10

22.1 Legacy Series / VxLAN does not going up on start

« on: April 15, 2022, 03:08:00 pm »

I have setup a VxLAN using Interfaces/Other Types/VxLAN on LAN IP: it works, but it does not going up on OPNsense startup. I have to go on the page and do "Apply" on every reboot.

How can I make the VxLAN automatically going up ?

11

21.1 Legacy Series / Mirror opnsense.c0urier.net : certificate expired

« on: July 15, 2021, 02:38:29 pm »

Hi

Let's encrypt certificate of opnsense.c0urier.net has expired on 13.07.2021...

Regards

12

General Discussion / Issue with opnsense.c0urier.net (Europe mirror / sweden)

« on: May 25, 2021, 12:45:00 pm »

Hi

The hostname cannot be resolved: https://dnschecker.org/#A/opnsense.c0urier.net

BR

13

General Discussion / Re: Central management

« on: April 25, 2021, 02:20:37 am »

I have sent you a PM

I will answer you for your PM, but for everyone else interested, we have created a page describing our solution:
  https://srbox.simplerezo.com/

The solution is internally used for production, and we are just starting Early Access for third parties.

How will be the communication between the centralized administration opnsense and the other opnsenses when I place a centralized device to internet?
Is there e.g. a cyclic polling of configuration possible or do I need a direct reachability from the central device to satelites or can I use a VPN wich is started from the satelite to the central instance?

I need that information too.
Can central administration be done without a public ip at the clients?

Our solution works without a Public IP and any exposed ports

14

21.1 Legacy Series / CloudFlare mirror issues

« on: April 22, 2021, 02:31:14 pm »

Hi

Since few days, a lot of package are broken when fetching them through CloudFlare:

Code: [Select]

[1/2] Fetching libsodium-1.0.18.txz: .......... done
pkg-static: cached package libsodium-1.0.18: size mismatch, fetching from remote
[2/2] Fetching libsodium-1.0.18.txz: .......... done
pkg-static: cached package libsodium-1.0.18: size mismatch, cannot continue
Consider running 'pkg update -f'
(wpa_supplicant.txz is also affected).

Changing mirror fix the issue, I just want to let you know about this.

Regards

Clement
SimpleRezo

15

General Discussion / Re: Central management

« on: January 19, 2021, 11:18:55 am »

We are managing more than 50+ OPNsense here, all around the world

So we have developped:
  - a central management solution (cloud)
  - a plugin (with some API extensions)
  - a Zabbix template

So with this, OPNSense is provisionned from our CMS:
  - custom settings (hostname, dns, plugins...)
  - authentication
  - firewall rules
  - autossh service to an "hub" for dynamic IP/restricted WAN, and tunneling for GUI access
  - full supervision by Zabbix (including running services)
  - configuration/status (DHCP leases) access directly from our CMS
  - remote upgrade, with scheduling
  - alerts by email / slack : gateway status, services...
  - daily XML backuping

This solution is currently oriented for our usage, but we can easily extend it.
You can contact us if you are interested!