Topics

1

24.7 Production Series / With our new Dashboard, how many columns are you using?

« on: August 15, 2024, 07:59:25 pm »

 I still do not quite know what to make of the new dashboard so I am feeling it out whether I want to or not. How many columns wide seems to work best for all of you? I have 5 but..... something still doesn't look right.

Edit, I attached an AVIF with three columns.

2

24.1 Legacy Series / [SOLVED] 24.1.5_3 broke one of my Intel nics. Good NICs, poor download speed

« on: April 15, 2024, 04:59:21 am »

After applying the 24.1.5_3 and subsequent reboot, my Intel 82574L nic no longer works. The second intel nic uses a different chip and works fine.

root@thor:~ # dmesg | grep em1
em1: <Intel(R) Gigabit CT 82574L> port 0x2000-0x201f mem 0xc1a00000-0xc1a1ffff,0xc1a20000-0xc1a23fff irq 16 at device 0.0 on pci2
em1: EEPROM V2.1-0
em1: Using 1024 TX descriptors and 1024 RX descriptors
em1: Using 2 RX queues 2 TX queues
em1: Using MSI-X interrupts with 3 vectors
em1: Ethernet address: 00:1e:67:19:4d:3c
em1: netmap queues/slots: TX 2/1024, RX 2/1024
em1: link state changed to UP
em1: link state changed to DOWN
em1: Disabling TSO for 10/100 Ethernet.
em1: link state changed to UP
em1: link state changed to DOWN
em1: Disabling TSO for 10/100 Ethernet.
em1: link state changed to UP
em1: link state changed to DOWN

It repeats from there.

3

23.7 Legacy Series / Just a heads up on updating headless devices.

« on: August 06, 2023, 09:56:30 pm »

 This update takes a while so if it seems like it's taking a long time, it is but there is nothing wrong. Don't reset or anything, just wait.

4

22.7 Legacy Series / CRON Not Starting due to phpmailer error. (SOLVED)

« on: July 28, 2022, 07:02:29 pm »

 I get this:
PHP Fatal error:  __autoload() is no longer supported, use spl_autoload_register() instead in /usr/local/share/phpmailer/PHPMailerAutoload.php on line 45

Is this a residual from when I used to have my config files mailed every night? That plugin was deprecated and there was no way to remove it within the gui so I hand edited it out of the config and reloaded it so I would not keep seeing it in the plugins as unavailable yet no way to remove it once updated.

EDIT SOLVED:
 I simply uninstalled PHPmailer from the command line and it also uninstalled os-mail-backup. Now the Cron starts with no errors.

5

22.1 Legacy Series / Devices on my lan have hardcoded google dns in them.

« on: June 15, 2022, 07:06:49 am »

 Hello all, of course google's dns came up in a wan flapping thread and now that I am not using google's dns for anything, I still noticed that there are things on my lan that are using 8.8.8.8 so they must be hardcoded because I never put them there. As far as DNS, I am using one of two authoritative dns servers at the datacenter where I have a few VPSs running and then the backup DNS servers come from level 3. For my gateway monitoring I don't use DNS servers at all anynmore but rather have each of the two gateways ping one of my servers running on VPS instances and only I can tell these servers not to accept the. Each gateway pinging once every second only uses 6MB per gateway in 24 hours so let it roll. Before I was using Google dns servers in monitoring and dns and then started flapping so now no two ip addresses are used twice in anything related to dns or monitoring. Franco mentioned that some ISPs force their users through Google which as he said is Mean and I agree.

 Now I discover that smart TVs, smartphones and other things have 8.8.8.8 hardcoded in them. Has anyone ever blocked these and if so, does it force those devices to use the DHCP server in OPNsense thus using the DNS servers WE chose or does the device lose it's ability to resolve dns?

6

19.1 Legacy Series / OPNsense hangs on to dynamic IP like superglue.

« on: February 06, 2019, 06:04:33 am »

OK I have a situation where I need to get opnsense to release the ip and get the adsl provider to give a new one. It would appear that OPNsense retains the last one used, shutting it down for minutes and even rebooting the bridged modem does no good. It would appear that OPNsense does too well of a job getting the same IP as before even with DHCP to the ISP. Any ideas?

7

18.7 Legacy Series / Fresh RC1 Install Observations.

« on: July 18, 2018, 03:33:22 am »

I did a fresh install of RC1 on my second firewall that uses Cellular Internet and it would appear that when the image is first booting, it looks for a ZFS to import but when the installer gui is invoked I saw no way to create a ZFS pool so I just reformatted the mirror it used previously.

As far as importing a config from a usb stick, it didn't, it complained of not being able to mount the device which uses the Fat32 filesystem which should be normal for removable storage of that type.

It should be noted that the only way OPNsense has been able to import a config from a previous install is if it is a single disk install, not Geom Mirror etc.

Other than the above, it seems to work fine.

EDIT: If one simply switches to development rather than do a fresh install, the notes mention that the ZFS installer is not ready yet.

8

Tutorials and FAQs / [Tutorial] Bridged Modem Access with Balanced Multi-Wan.

« on: May 05, 2018, 08:26:22 pm »

At current I am running OPNSense 18.7_1 with dual wans and the gateway group set up as balanced (yes streaming movies and other downloads DOES aggregate the speed to double in balanced mode) with two DSL modems each running in bridge mode.

First, you need to find out what the modem's fixed IP for maintenance is. I deliberately set my second modem's permanent LAN ip to a different subnet, eg my first modem uses 192.168.2.1 and my second I set at 192.168.1.1. Now keep track of which modem is on which wan and create a virtual IP for each wan in the same subnet as THAT wan port's modem, I used 192.168.2.2 on wan1 and 192.168.1.2 on wan2 as virtual IP addresses. I set two firewall rules in Floating Rules that allow lan net (I don't want wlan to access the modem) to go to 192.168.2.1/32 and a second rule to 192.168.1.1/32. The subnet only allows access through the wans to that IP only irrespective of the actual wan ip to access the internet.

Then I set my NAT outbound to hybrid and added two rules, one for each wan that sets the destination address to single host using the network rather than a specific ip eg 192.168.2.0/30 and 192.168.1.0/30 for the second rule. In the Translation Target you will see the virtual WAN IP you created for that WAN in the dropdown menu for that wan. Select it, save them and you're done!

I should note that with a single wan, I was able to access the modem with only a virtual IP and through the proxy. The proxy is useless in a multiwan balanced gateway group and I really have no need otherwise.

9

18.1 Legacy Series / 18.1.4 and 18.1.5 updates overwrite patch 7a823c56a

« on: March 21, 2018, 11:02:32 pm »

Patch 7a823c56a which is here github.com/opnsense/core/commit/7a823c56a and manually applied by invoking # opnsense-patch 7a823c56a which fixed a huge problem gets  removed with each update that replaces SNatRule.php. This is 18.1.5 is the second update that replaces SNatRule.php with the pre-patch version. Why isn't this fix permanently in SNatRule.php?

Edit: On a previous thread where the patch was introduced by Franco for me to try, Franco DID state that it will not be integrated until 18.1.6. The last two updates 18.1.4 and now 18.1.5 undid it by overwriting the patched file. I may reverse the patch just prior to 18.1.6 but should not matter at that point.

10

18.1 Legacy Series / [SOLVED]18.1 will not route to some sites and services, 17.x works fine.

« on: February 12, 2018, 12:44:22 am »

 I noticed after I upgraded to the 18.1 series, that I could no longer stream video reliably from Amazon Prime, Vudu and others over my Roku. Cell phones also would not reliably work while connecting via wifi. I tried the Roku with WLAN and LAN with the same result. Netflix would work but it took a slight while to find it's way but was at least usable.

I tried switching ADSL modems and even using a second ADSL line that I have to no avail. I tried doing a clean install with the same result. Subsequent updates did not improve anything. I then resinstalled IPCop which is at the end of it's life and everything worked again. I then installed OPNSense 17.5 and imported the same config I had been using in 18.2, well now everything works again.

It should be noted that I noticed the degradation as soon as I updated to 18.1 ands second guessed myself as surely 18.1 could not be that much different but there is something inherent.

It should be noted that when I had my cellphone connected to 18.1 via wifi, Android updates were a struggle and woud often fail. The search function of of Roku itself would not work and if I could get into Amazon and others at all after many tries the images were spotty loading. What could have changed? I'm afraid to update to the 18.1 series at this point.

Although minor, with 18.1 clicking on updates from the lobby, it would go to the updates page and time out, it would work when I click on Check For Updates once on the Firmware page after it failed the first time.

I just upgraded again, yes, the upgrade to the 18 series messed it up so it is not my ISP. Now as to why?

11

Tutorials and FAQs / Easy Way to Access modem while in bridge mode.

« on: January 16, 2018, 08:56:48 am »

Hello folks! After reading various methods of people trying to access their modem while the modem is bridged as a dumb modem (You DO want to let OPNsense do it's job after all) I came up with quite a simple way that involves only one addition, adding an alias to the wan using the same subnet as the modem's ip, I used a mask of 30 since only the first three ip addresses in the subnet are needed.

Note that I am going through the proxy via browser as this is a secondary machine. I have not moved my primary edge appliance to OPNsense yet but will soon. This holds up after reboots and works every time.

12

15.1 Legacy Series / [SOLVED] Web Gui does not show 15.1.7.1 update as being available.

« on: March 08, 2015, 12:09:27 am »

No matter how many times I tell it to check, I get: At Sat Mar 7 14:45:55 PST 2015 no updates found.

I am using a fresh install of 15.1.7-78bdb9aef (amd64) .

No, I did not get ahead of myself and do the command line update as I know that comes after. My guess is that the gui update is supposed to change the file names and checksums so that the command line program knows what to grab and install.

This is baffling me.

13

15.1 Legacy Series / Why formatted ramdisk instead of TMPFS?

« on: March 02, 2015, 11:41:51 pm »

I use flash devices as storage so I opted to put /var and /tmp in ramdisk. I was surprised when I recently installed PFSENSE and now Opensense that they end up using the old ramdisk filesystem which requires formatting. TMPFS is superior on several counts:

TMPFS requires no formatting, just mount it and give it a size if you wish but not required.

TMPFS can be resized and remounted on the fly with NO data loss.

TMPFS by default if no size is given, will size at 50% of system ram.

Any amount of Ram allocated by TMPFS but not yet used can still be used by the system as normal ram if need be.

If a swap file exists (the best swap is unused swap) TMPFS will use it as well if the need ever arises. 

TMPFS of course can have multiple mounts as the formatted ramdisk can, however, only the amount of actually used TMPFS mounts regardless of how large they are alloted for, deduct actual system ram. An example is that you have 1GB of ram, have three TMPFS mounts which no size is specified so all three default to 50% and are sized at 500MB each but only 20MB total is actually used by all three TMPFS mounts combined, the result is that full system ram minus that 20MB is still able to be used by the system.

Anytime you mount a ramdisk and format it with a filesystem, that amount of ram is completely unavailable and usable ONLY by that particular mount and it's gone for good until it is unmounted. If you resize ramdisk, you have to unmount it, resize it and reformat. TMPFS as I already mentioned can simple be re-mounted at a different size with NO data loss. This would come in handly if you specified a TMPFS size for a mount but it is too small, remount it at a larger size and go about your business. Even as unused TMPFS space is available to be used by the system's ram, a TMPFS mount can never exceed it's size.