Topics

1

24.1 Legacy Series / Setting DHCP gateway IP address is disabling NAT rules on interface?

« on: June 14, 2024, 01:02:13 pm »

Hi

I have fanced an issue: if I set the IP address of the DHCP gateway, NAT rules (checks through pfctl -sn) are not generated anymore.

Is it expected ?

2

24.1 Legacy Series / 24.1.8 - packages set not published ?

« on: May 30, 2024, 11:29:54 am »

Hi

Thanks for the last release 24.1.8

Unfortunately I cannot find the packages set for 24.1.8 on mirrors, only base and kernel sets are available.

  https://mirror.ams1.nl.leaseweb.net/opnsense/FreeBSD:13:amd64/24.1/sets/
  https://opnsense.c0urier.net/FreeBSD:13:amd64/24.1/sets/

BTW, does python 3.9 is still necessary on 24.1.7+ ? Currently updated system have both version (3.11 and 3.9)...

BR

Clément

3

General Discussion / Nano image UEFI

« on: December 11, 2023, 05:53:51 pm »

Hi !

Nano image is MBR only, is it planned to have a UEFI (or hybrid) one ?
Would be nice for situation where installer is not an option (we are evaluating protectli VP4630 hardware: unfortunely it is only supporting UEFI boot) :/

Regards

4

22.1 Legacy Series / Issue with static IP configuration - cannot define static gateway

« on: June 10, 2022, 11:32:49 am »

Hi

With the last version (22.1.8_1) we are facing a bug when trying to setup static IPv4 WAN.

We cannot add the gateway, the GUI always answer "The gateway address does not lie within one of the chosen interface's IPv4 subnets". Of course, it's not the case ! I tried with 192.168.1.1/24 and 192.168.1.254 as gateway.

I have noticed:
 - that an error 500 occurs on POST system_gateways_edit.php without any details (and no error repport)
 - the same bug occuring when IP has been saved and we try to setup gateway through System / Gateways
 - the only "workaround" is to enable "Far gateway"

Regards

5

22.1 Legacy Series / VxLAN does not going up on start

« on: April 15, 2022, 03:08:00 pm »

I have setup a VxLAN using Interfaces/Other Types/VxLAN on LAN IP: it works, but it does not going up on OPNsense startup. I have to go on the page and do "Apply" on every reboot.

How can I make the VxLAN automatically going up ?

6

21.1 Legacy Series / Mirror opnsense.c0urier.net : certificate expired

« on: July 15, 2021, 02:38:29 pm »

Hi

Let's encrypt certificate of opnsense.c0urier.net has expired on 13.07.2021...

Regards

7

General Discussion / Issue with opnsense.c0urier.net (Europe mirror / sweden)

« on: May 25, 2021, 12:45:00 pm »

Hi

The hostname cannot be resolved: https://dnschecker.org/#A/opnsense.c0urier.net

BR

8

21.1 Legacy Series / CloudFlare mirror issues

« on: April 22, 2021, 02:31:14 pm »

Hi

Since few days, a lot of package are broken when fetching them through CloudFlare:

Code: [Select]

[1/2] Fetching libsodium-1.0.18.txz: .......... done
pkg-static: cached package libsodium-1.0.18: size mismatch, fetching from remote
[2/2] Fetching libsodium-1.0.18.txz: .......... done
pkg-static: cached package libsodium-1.0.18: size mismatch, cannot continue
Consider running 'pkg update -f'
(wpa_supplicant.txz is also affected).

Changing mirror fix the issue, I just want to let you know about this.

Regards

Clement
SimpleRezo

9

General Discussion / IPSec: working, but...

« on: January 18, 2021, 11:13:50 pm »

Hi

I have setup a IPSec using StrongSWAN between an OPNSense and FreeBSD (using StrongSWAN on both side):
  - peer A : OPNSense, IP_PubA, 192.168.148.254
  - peer B : FreeBSD, IP_PubB, 192.168.1.10

It works: no issue for networks clients on both side.

But I cannot access remote network from peer A or B, except when I specify the source.

Code: [Select]

peerA# ping 192.168.1.10
PING 192.168.1.10 (192.168.1.10): 56 data bytes
^C
--- 192.168.1.10 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss

Using tcpdump, i can see that's because, by default, the packet is using IP_PubA as source... so the packet is not using the tunnel (since it does not match the rules). So I tried:

Code: [Select]

peerA# ping -S 192.168.148.254 192.168.1.10
~$ ping -S 192.168.148.254 192.168.1.10
PING 192.168.1.10 (192.168.1.10) from 192.168.148.254: 56 data bytes
64 bytes from 192.168.1.10: icmp_seq=0 ttl=64 time=123.841 ms
64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=120.246 ms
^C
--- 192.168.1.10 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 120.246/122.044/123.841/1.797 ms

And of course, this is working.

How can I configure OPNSense to use it's private IP address as source (by default) when trying to communicate with the remote LAN? Or maybe I'm doing something wrong?

10

20.7 Legacy Series / Update of zabbix-proxy package

« on: November 20, 2020, 03:50:28 pm »

Apparently there is an issue between Zabbix and Fping5:
https://www.zabbix.com/forum/zabbix-troubleshooting-and-problems/413476-simple-check-icmppingloss-is-always-0

Is it possible to upgrade Zabbix package to 5.0.5 (available on FreeBSD ports since 1 week) on OPNSense repo?

11

20.1 Legacy Series / Issue of Nano images (BAD MAGIC NUMBER) still present on 20.1

« on: February 13, 2020, 05:08:28 pm »

See:
https://forum.opnsense.org/index.php?topic=14618.msg67365#msg67365

Code: [Select]

# fetch https://opnsense-mirror.hiho.ch/releases/mirror/OPNsense-20.1-OpenSSL-nano-amd64.img.bz2 -v -o - | bunzip2 | dd bs=1M of=/dev/ada0
[...]
# fsck /dev/ada0a
** /dev/ada0a
** Last Mounted on
** Phase 1 - Check Blocks and Sizes
CYLINDER GROUP 0: BAD MAGIC NUMBER
REBUILD CYLINDER GROUP? [yn] ^C


12

19.7 Legacy Series / Mirror https://mirror.dns-root.de/opnsense issue ?

« on: January 06, 2020, 11:25:53 am »

Hi

Since last week, https://mirror.dns-root.de/opnsense is not usable anymore (very very slow... 1 minute to proceed each request!), tested from almost 20 differents locations in Europe/Africa.

Are you aware on an issue with that mirror ?

Regards

13

Development and Code Review / Plugin developpement - Question

« on: November 26, 2019, 01:47:45 am »

Hi

I working on an internal plugin for OPNSense (using MVC).

I have a small question: how can I run some code from my plugin everytime configd is started/restarted?

Thanks for your help!

14

19.7 Legacy Series / Nano image bug since 19.7 on APU

« on: October 10, 2019, 11:37:50 am »

Hi

I encoutered several times the same issue with OPNSense 19.7 on APU3D4 with a SSD 16GB.
 
It works but after some reboot (3/4), it does not boot anymore, because it cannot mount partition:

Code: [Select]

Trying to mount root from ufs:/dev/ufs/OPNsense_Nano [rw]...
WARNING: / was not properly dismounted
random: unblocking device.
Setting hostuuid: dd974d29-fee3-11e6-b15e-000db950feac.
Setting hostid: 0xc348cc7e.
Starting file system checks:
/dev/ufs/OPNsense_Nano: CYLINDER GROUP 0: BAD MAGIC NUMBER
/dev/ufs/OPNsense_Nano: UNEXPECTED SOFT UPDATE INCONSISTENCY; RUN fsck MANUALLY.
Automatic file sysuhub1: 4 ports with 4 removable, self powered
tem check failed; help!
ERROR: ABORTING BOOT (sending SIGTERM to parent)!

So I tried to boot on a FreeBSD Live system on USB and fix the issue, BUT it's not possible at all:

Code: [Select]

# fsck -y /dev/ada0a
** /dev/ada0a
** Last Mounted on /
** Phase 1 - Check Blocks and Sizes
CYLINDER GROUP 0: BAD MAGIC NUMBER
UNEXPECTED SOFT UPDATE INCONSISTENCY

REBUILD CYLINDER GROUP? yes
[ this error happens 32 times for cylinders 0 to 31... ]
** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
UNREF DIR  I=494302  OWNER=root MODE=40755
SIZE=512 MTIME=Sep 19 15:00 2019
RECONNECT? yes

NO lost+found DIRECTORY
CREATE? yes

CYLINDER GROUP 0: BAD MAGIC NUMBER
UNEXPECTED SOFT UPDATE INCONSISTENCY

REBUILD CYLINDER GROUP? yes

fsck_ffs: bad inode number 0 to ginode

If I re-run fsck, the 'BAD MAGIC NUMBER' are still there!

Any ideas why it's happening (and again on different harware!) and how to fix/prevent that issue ??

15

General Discussion / Static Routing issue

« on: July 02, 2019, 04:41:52 pm »

Hi !

I am facing with trying to set up a static route with OPNSense.

OPNSense has a WAN connected to a modem.
LAN is 192.168.9.0/24 and on the LAN i need to use 192.168.9.1 as gateway for network 192.168.254.0/24.

Here is that I have done:
  - add a "Single Gateway" / LAN / 192.168.9.1
  - add a route using that single gateway for 192.168.254.0/24
BUT if i enable the new gateway, LAN is loosing internet connectivity and OPNSense is using this gateway as default route (check by netstat -rn), despite is not marked "default" and the other gateway is of course still marked as Enabled AND Default (and setup for interface WAN).

So, if :
  - I boot with the new gateway disabled, the route is not present ;
  - If I enable the gateway, the route is added, BUT my LAN is loosing Internet connectivity ;
  - If I disable the gateway, the route is still present and working (and LAN has Internet connectivity) !

More (maybe) useful information:
  - Gateway switching is Enabled (System/Settings/General)
  - Interfaces / LAN / Upstream Gateway set to "auto-detect"
  - Interfaces / WAN / Upstream Gateway set to "GW_WAN"

Thanks for your help!