Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - RamSense

Pages1 2 3 ... 43
#1
General Discussion / Re: Monit - apply settings gateway cli command with reboot opnsense
June 19, 2025, 06:45:24 PM
I solved this, not by monit or cron job, but making a custom script in /usr/local/etc/rc.syshook.d/start

Code Select
#!/bin/sh

/usr/local/sbin/configctl interface routes alarm
Named it 99-gatewayboot and made the file executable.

(99 to get it started as late as possible)

Now it is working and I have a fix for my Wireguard problem for now at reboot of OPNsense.
#2
General Discussion / Re: Monit - apply settings gateway cli command with reboot opnsense
June 17, 2025, 06:56:13 PM
I have tested the command
Code Select
/bin/sh -c '/usr/local/sbin/configctl interface routes alarm'after a reboot manually from shell, and wireguard instantly started getting data and starts working with ipv4 and ipv6 showing.
So I am getting closer.

I am thus looking for a way for Monit to execute this command with a reboot of my OPNsense box.

Can someone help me how to manage that with monit?
#3
General Discussion / *SOLVED* Monit - apply settings gateway cli command with reboot opnsense
June 16, 2025, 01:55:13 PM
Hi,

I have my WireGuard not working after a reboot of opnsense ( looks a lot like this post: https://forum.opnsense.org/index.php?topic=41081.0 and this one https://forum.opnsense.org/index.php?topic=36688.0). When I just hit [apply] on the SYSTEM: GATEWAYS: CONFIGURATION page (without making changes) all starts working with WireGuard.

I'm trying to "fix" this by cloning the Monit alert settings [gateway alert] and in service test settings, execute and something like path:
/bin/sh -c '/usr/local/sbin/configctl interface routes alarm'

What is the cli command for "apply settings gateway, without changing configuration?"

Or is there another way to automate this after an Opnsense reboot?

Thank you for your help with this.
#4
Web Proxy Filtering and Caching / Re: NGNIX Upstream TLS Verification?
May 24, 2025, 09:46:16 PM
I'm not using Turnkey LXC Container, but docker. I think your container has no SSL certificate and gives nginx the error "SSL routines::wrong version number) while SSL handshaking to upstream"

when you set upstream - upstream Enable TLS (HTTPS) [to disable, not selected]

(and your https - http server - [your servername] - HTTPS Only [enabled] )

you should get nginx to handle the ssl and get an https connection to your container.
#5
25.1, 25.4 Production Series / Re: 26.1.6 - DNS/DHCP best practice
May 10, 2025, 02:55:35 PM
There is. I just converted my system from isc to kea.
For ipv4 this tool was VERY helpfull: https://github.com/EasyG0ing1/Migration/
For static ipv6 I had to enter them manually, but worked fine also.
Migration took only about 15 minutes because of this manual part for v6. I only use dynamic on the guest network.

I do not use DNSmasq, I only use BIND. (Opnsense - KEA DHCP4 and DHCP6 with Router Advertisements (radvd), and for DNS - Adguard Home -> bind on opnsense)
#6
25.1, 25.4 Production Series / update OPNsense 25.1.6-amd64 -> had to run it twice again for bind and postfix
May 08, 2025, 08:06:32 PM
Since a version of 3 back, I have the update to run twice. The first time OPNsense 25.1.6-amd64 completes, it restarts the opnsense box but I have to run update again to have the missing:
os-bind  installed

and with this time the update os-postfix was also missing and installed the second run.

Others having this also?
(n.b. I only use BIND for dns, no unbound or dnsmasq etc)
#7
Tutorials and FAQs / Re: Stop IP leaks on WAN (and secure modem UI) without touching NAT
May 08, 2025, 07:29:41 PM
thanks for sharing this. I have your WAN out rule reject IPv4_private_ranges added to firewall-rules-floating rules.
Is there a reason you have it at WAN instead floating?
And I have also added: 169.254.0.0/16
#8
25.1, 25.4 Production Series / Re: PPPoE Pfsense
May 05, 2025, 06:22:15 PM
sounds promising...
#9
General Discussion / Re: Force redirect DNS to AdGuard
May 05, 2025, 02:28:18 PM
I see you wrote Adguard, do you use this or Aguard Home? aka the plugin in - https://www.routerperformance.net/opnsense-repo/

With the latter, what installation guide did you follow? There is lots of info about it on the forum here, e.g. https://forum.opnsense.org/index.php?topic=22162.0
#10
General Discussion / Re: Force redirect DNS to AdGuard
May 05, 2025, 11:41:24 AM
maybe this can get you started:https://homenetworkguy.com/how-to/redirect-all-dns-requests-to-local-dns-resolver/
#11
Hardware and Performance / Re: DEC 700 and 2700 series - new BIOS - February 2025
May 02, 2025, 05:16:21 PM
N.B. Solved, I found the right boot menu and update completed. thnx

Hi, I have a DEC850v2, I than downloaded the new bios, put them on a newly formatted (fat32)usb.

I than connected my macbook with the com cable, in the bios I enabled USB boot, save & exit, but the DEC850v2 just boots and skips the usb/files.

What am I missing / doing wrong?
#12
Web Proxy Filtering and Caching / Re: Reverse Proxy Issue
April 30, 2025, 07:28:23 AM
You use upstream - TLS enabled: true
does your service use tls?

What happens when you uncheck that.

if that works and you want ssl/https, let nginx do that.
Set https location, force https on true
and https server, HTTPS Only on true
#13
25.1, 25.4 Production Series / Re: TCP MSS clamping issue on PPPoE link
April 24, 2025, 07:26:30 AM
I used this guide here https://forum.opnsense.org/index.php?topic=21207.0
That worked for me.
#14
General Discussion / Re: Adguardhome 0.107.57 does not update anymore
April 19, 2025, 04:54:13 PM
Great! Glad to hear you have it working again.
#15
General Discussion / Re: Adguardhome 0.107.57 does not update anymore
April 05, 2025, 06:42:14 PM
It seems this has been reported earlier, have you tried a restart of adguard home?

see here:
https://forum.opnsense.org/index.php?topic=44643.0
Pages1 2 3 ... 43