Topics

Hello,
Opnsense 25.1.5_4-amd64

I got a warning about the disk space.
"Disk space on the root filesystem is critically full 42,00G or 91% used, 3,90G available).

This is the disk partitioning:
Filesystem                  Size    Used  Avail Capacity  Mounted on
/dev/gpt/rootfs              50G    42G    3.9G    91%    /
devfs                        1.0K      0B    1.0K    0%    /dev
devfs                        1.0K      0B    1.0K    0%    /var/dhcpd/dev
devfs                        1.0K      0B    1.0K    0%    /var/unbound/dev
/usr/local/lib/python3.11    50G    42G    3.9G    91%    /var/unbound/usr/local/lib/python3.11
/lib                          50G    42G    3.9G    91%    /var/unbound/lib

Can someone please assure me that I can simply delete the /var/log/flowd.log file? (it currently takes up about 40 GB)

Thank you.
Dario

I noticed that in 24.7.3_1 there is an inconsistency in System: Trust: Certificates.
Valid user certificates are indicated with "x" and revoked certificates are indicated with check mark.
Exactly the opposite of what happens for Web GUI SSL certificate and CA certificate.
Please take a look at the attached screenshot.
Greetings.
Dario
P.S. sorry for my broken English.

Hello,
my environment:

2 OPNsense 24.7.3_1 in High Availability (CARP and pfsync work fine)
1 Public ip shared byy the firewalls
OpenVPN server 2.6.12
OpenVPN client 2.5.9

OpenVPN server configured on each firewalls
With OpenVPN client I get connection to both firewalls

Issue:
When the master firewall goes down OpenVPN client doesn't reconnect automatically (I must force reconnection from the client)

I would like to have a client automatic reconnection.
I tried with "persist-tun persist-key keepalive 2 10" but doesn't work

Can please anyone help me to solve this issue?

Greetings
Dario

environment:
OPNsense 24.7.1-amd64
FreeBSD 14.1-RELEASE-p3
OpenSSL 3.0.14
Vicosity client 1.11.2 (1820)
PC Windows 11

target:
always assign the same IP to the VPN client

Hello folks,
until today for VPN road warrior I used the OpenVPN client and to always assign the same IP address to the clients I configured the file /var/etc/openvpn-csc/1/username with the directive
ifconfig-push <client IP> <netmask>.

Following https://docs.opnsense.org/manual/how-tos/sslvpn_client.html I tried using the Viscosity client and the solution (/var/etc/openvpn-csc/1/username) doesn't work so I ask for help to solve the issue.

Thanks so much for the kind help.
Greetings.
Dario

Hello,
is there a doc explaning how to configure VPN (better OpenVPN) road warrior on release 24.7_9?

Kind regards
Dario

Hello,
Opnsense rel 24.1-amd64

I configured two wan interfaces and one client interface:

WAN (active gateway)
192.168.1.2/24
gw: 192.168.1.1

WAN2
10.150.48.1/24
gw: 10.150.48.254

my goal is to have the automatic switch between the two wans when the active one falls

I followed this: https://docs.opnsense.org/manual/how-tos/multiwan.html
but when I disconnect the DSL connector from the router of the active connection (WAN) the second connection is not established.

If I manually change the priority of the gateways the connections correctly switch.

Can someone please help me?

Greetings
Dario

Hello folks,
Opnsense rel 24.1.3_1
Where is "web proxy" in rel. 24.1?
Thank you
Greetings
Dario

Hello folks,
I'm stuck on certificate revocation.

I always used username and cert to create VPN clients:
1) create user / password
2) create user-cert
3) bind user and user-cert
4) OpenVPN client export

I revoked a cert:
1) create CA Revocation List
2) revoke the cert

but the user still connetcs using VPN

This is embarazing.
Can someone please help me to solve this issue?

Greetings
Dario

Hello to all,
my environment:
- a LAN interface that hosts approximately 10 PCs
- two public interfaces connected to two different Internet accesses (A and B)
from all the PCs connected to the LAN I want to be able to direct a specific traffic (https) towards network B while all Internet browsing must go out through network A.
I guess this is fixable by configuring static routing in the firewall.
The problem is that to access the web app on network B Imust use a proxy made available by the manager of network B and I ask if there is the possibility to configure communication through the proxy on the firewall so I don't have to change the browser configuration every time that change Internet access.
Thank so much for your gracefull help.
Greetings
Dario

Hello folks,
Opnsense 21.7.8
Is there a way to remotely download the VPN client configuration?
Currently I have to connect to the firewall as root, go to VPN - OpenVPN - Client Export and choose the certificate to download in Archive format then pass the file to the user to insert it in the OpenVPN client.
I wish customers could download the certificate by connecting remotely to the firewall (Palo Alto Global Protect style).
Thanks for your help
Best regards
Dario

Hello folks,
in OPNsense 21.7.5 I'm not able to force a static IP address to a VPN client.
The Tunnel Network configured in the vpn server is 10.10.10.0/28
I tried configuring  VPN / OpenVPN / Client Specific Overrides as follow:
- Servers: name of the OpenVPN servers (or blank)
- Common name: the name of the user as created in System / Access / Users (in this case the name is sandro.d)
- Advanced: ifconfig-push 10.10.10.10 255.255.255.240
When I connect the vpn client I expect to receive the address 10.10.10.10 but I always receive 10.10.10.2 or 10.10.10.3
Any suggestion?
Best regards
Dario

Hello folks,
I just got a couple of firewall WatchGuard XTM 810 and my target is to install OpnSense on it.
Tooking a look on google i found a treat regarding Pfsense so I decided to ask you for a help:
Is there a way to install OpnSense on WathGuard?
Can someone explain me (better if step by step) how can I do?
Thanks so much for your precious help.
Kinds regards.
Dario

Hello,
OpnSense 20.7
I'm trying to block all communication for server 12.168.1.98 but in the logs I always get "get anything out of the firewall host itself".
Is there a way to block all inbound / outbound traffic for a specific IP?
Thank you
Dario

Hello to all,
I'm looking for a howto regarding the configuration of the captive portal expecially the traffic shaping.
I found an old release doc (https://docs.opnsense.org/manual/how-tos/guestnet.html   Step 6 - Limit Guests Bandwidth) unapplicable to the 20.1 release.
Can someone help me?
Thank so much
Best regards
Dario

Hello,
just a question: is possible to install OPNsense into a WatchGuard xtm530 ?
Thank so much
Best regards
Dario

Hello to all,
OpnSense 19.7
interface 1 clients
interface 2 servers
interface 3 WAN
I would like to use OpnSense as DNS to resolve the local IP for clients and servers, and use Google DNS (8.8.8.8 8.8.4.4) to resolve public IPs
I don't found solutions on google, can someone help me?
Thanks a lot
Best regards
Dario

Hello to all,
OpnSense 19.7
OpenVPN

I'm using OpenVPN road warrior and everything works fine but the prints are sent to remote printers while I would like to print on my local network printer.

The environment (image in attach):
I start the RDP connection from the "home PC" to the "remote PC"
From the "remote PC" I would like to send a print from the "remote LAN" to the "home printer" but it doesn't work, I can only print using the "remote printer".

Is there a way to solve this issue?
Best regards
Dario

Hello everibody,
OPNsense 19.7
looking at the OpenVPN log file in OPNsense 19.7 I find a continuous traffic as the following:

[...]
Mar 2 10:44:41   openvpn[91212]: MANAGEMENT: Client disconnected
Mar 2 10:44:41   openvpn[91212]: MANAGEMENT: CMD 'quit'
Mar 2 10:44:41   openvpn[91212]: MANAGEMENT: CMD 'status 2'
Mar 2 10:44:41   openvpn[91212]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Mar 2 10:43:39   openvpn[91212]: MANAGEMENT: Client disconnected
Mar 2 10:43:39   openvpn[91212]: MANAGEMENT: CMD 'quit'
Mar 2 10:43:39   openvpn[91212]: MANAGEMENT: CMD 'status 2'
Mar 2 10:43:39   openvpn[91212]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Mar 2 10:42:37   openvpn[91212]: MANAGEMENT: Client disconnected
Mar 2 10:42:37   openvpn[91212]: MANAGEMENT: CMD 'quit'
Mar 2 10:42:37   openvpn[91212]: MANAGEMENT: CMD 'status 2'
Mar 2 10:42:37   openvpn[91212]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
[...]

can someone explain me what's happening?
Best regards
Dario

Hello to all,
Opnsense 19
I'm experimenting an issue driving me nut:
I would like to send emails from a NAS behind the firewall
The NAS is correctly configured to use smtp.gmail.com:587 and works fine only if I put a rule on the server interface like this one:
- source addres: <NAS.IP.ADDR.ESS/32>
- source port: <ANY>
- destination address: <ANY>
- destination port: <ANY>
Now I would like to shrink the rule specifying "destination address" and "destination port" but the firewall doesn't accept "smtp.gmail.com".
I tried to use the ip address resolving smtp.gmail.com but it doesn't work
Is there a way to use the name instead of the IP in the field "destination address" of the rule?
Thanks so much for your kindly help
best regards
Dario

Hello,
opnsense 19.1.4
I would like to put the firewall under monitoring (Nagios core) via SNMP
I try to install the plugin os-net-snmp but I get an error:

***GOT REQUEST TO INSTALL: os-net-snmp***
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
   os-net-snmp: 1.3
   net-snmp: 5.7.3_19

Number of packages to be installed: 2

The process will require 12 MiB more space.
[1/2] Installing net-snmp-5.7.3_19...
[1/2] Extracting net-snmp-5.7.3_19: ......
pkg: Fail to create temporary file: /usr/local/man/man3/.snmp_sess_timeout.3.gz.vy7xpmoG9X6H:Input/output error
[1/2] Extracting net-snmp-5.7.3_19... done
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***

Please can some guru explain me where I'm wrong?
Best regards
Dario