Topics

Hi, I have the Mulllvad wireguard clients with wg0 and wg1 properly working with 22.1. In the dashboard, the wireguard-go service shows as red as opposed to green (see attached). Is this a mistake or anything I need to worry about?

Hi, In the firewall service (under rules) in the UI there is under Firewall/Rules an interface called WireGuard(Group), see also attachment. Under Firewall/Groups, I have not created any interface group. Why is it there and how (if at all) can I remove this WireGuard(Group) entry?

Hi, I cannot start the elasticsearch service after the most recent update. I tried to uninstall and install sensei multiple times but didn't succeed to make it work... pls advise..



2022-01-01T17:10:41   root[52744]   /usr/local/etc/rc.d/elasticsearch: WARNING: failed precmd routine for elasticsearch   
2022-01-01T17:10:41   root[88508]   /usr/local/etc/rc.d/elasticsearch: WARNING: /usr/local/etc/elasticsearch/elasticsearch.yml is not readable.   
2022-01-01T17:09:45   kernel   /usr/local/sensei/output/active/temp: optimization changed from TIME to SPACE   
2022-01-01T17:09:36   root[1288]   /usr/local/etc/rc.d/elasticsearch: WARNING: failed precmd routine for elasticsearch   
2022-01-01T17:09:36   root[64005]   /usr/local/etc/rc.d/elasticsearch: WARNING: /usr/local/etc/elasticsearch/elasticsearch.yml is not readable.   
2022-01-01T17:07:36   kernel   /usr/local/sensei/output/active/temp: optimization changed from SPACE to TIME   
2022-01-01T17:05:51   kernel   /usr/local/sensei/output/active/temp: optimization changed from TIME to SPACE   
2022-01-01T17:04:10   kernel   /usr/local/sensei/output/active/temp: optimization changed from SPACE to TIME

Hi, I try to kill states after enabling some filter rules to stop the (established) connections immediately. This is to turn-off the internet / TV for the kids immediately. I integrate this an on-off switch in HomeKit (via node-red)...

I use the below curl Post killStates command:

Code Select Expand

curl -k -u "$KEY":"$SECRET" -X POST "https://opnsenseIP/api/diagnostics/firewall/killStates" -d ""


Error message I get is as following:

Code Select Expand

{"result":"failed"}%     

The question is: How can I kill the states (via the API) for a specific destination or source ip/alias?

Hi, I couldn't find any 101 article or examples for setting up some simple standard setup of the firewall rules for opnsense. Beside the standard rules, I will need to allow all apple services (bonjour, airprint, homekit) and have some Siemens VOIP phones to connect to the outside world. Pls advise what basic rules need to be set up..

Hello, I have been implementing the Wireguard client (plug-in OS-wireguard 1.1) on Opnsense 20.1.1, succeeding the OVPN client. The idea is that the users connecting with WLAN (specific IP range) connect via VPN to the internet..

All went well with the WLAN endusers enjoying more speed and uptime with wireguard on opnsense..with one exception: on the Macs / iPhones I had the issue that the iCloud email didn't connect (via IMAP to p47-imap.mail.me.com resp. SMTP to p47-smtp.mail.me.com). All the other email accounts (i.e. google, hotmail, local ones) could establish the imap, smtp connection when connecting opnsense with Wireguard.

If I revert back to use the OVPN client, the iCloud email connection issue is gone (no change to the config other than switching the interface).

I checked with the VPN provider (IVPN) but they are not aware of any issues. The IP is not blocked by Apple.

Have you experienced the same and what could be possible root causes/fixes?

[Setup:]

The Opnsense configuration (on a new DEC4610) was running well since the installation two weeks ago until today when I rebooted the ISP Cablemodem + Mikrotik Router. Now after reboot of the modem there is no internet connection for Wireguard to connect, ping fails and also I get the timeout for the firmware update. When I ping (w/ssh)  I did notice that when I reboot opnsense, I get one(!) ping result connecting to the internet properly. Please advise what would need to be done to get this one back to work..

Setup: Latest Opnsense release 19.7.9, with Wireguard (ivpn), based on the latest Deciso DEC4610 Hardware.

Interfaces (all unchanged):

WAN: Internet > ISP Cablemodem (rebooted) > Mikrotik CCR Router > Opnsense DEC4610 WAN igb3
LAN: Opnsense DEC4610 (igb4) > Mikrotik CCR Router > Aruba LAN/WLAN
WG: wg0

On igb3 I only have ipv4 (ipv6 is set to none) and just one ipv4 gateway
I have two external DNS servers for the WAN (without any override)

I have only a minimum set of additional manual firewall / NAT rules (unchanged):

LAN Interface: ipv4 pass all source: LANnet
WG Interface: iPV4 pass all in
Wireguard Interface: iPV4 pass all in

NAT outbound: Wireguard interface, ipv4, pass, all, Interface address as NAT address
NAT outbound: WG interface, ipv4, pass, all, Interface address as NAT address

..I get after every reboot the "An error occurred while report is being loaded" message in Sensei.

Error
{
  "error": {
    "root_cause": [
      {
        "type": "index_not_found_exception",
        "reason": "no such index",
        "resource.type": "index_or_alias",
        "resource.id": "conn_all",
        "index_uuid": "_na_",
        "index": "conn_all"
      }
    ],
    "type": "index_not_found_exception",
    "reason": "no such index",
    "resource.type": "index_or_alias",
    "resource.id": "conn_all",
    "index_uuid": "_na_",
    "index": "conn_all"
  },
  "status": 404
}

Also the Live Sessions Explorer does not work then after the reboot. Not sure if Sensei is still operational or not. I can fix this by Reseting the Reporting (under Sensei : Configuration : Reporting & Data) but would expect that this functionality is there out of the box and Sensei survives a system reboot?

Sensei standard install (https://help.sunnyvalley.io/hc/en-us/articles/360024899634-Installing-Sensei-on-OPNsense) on Deciso Rack Xeon box with OPNsense 19.7.3.

Please advise & thanks in advance, Chris

I am on OPNsense 17.7.12-amd64, and I have one simple setup (1 LAN, 2 WAN) and connect all clients through the openvpn client. So three interfaces: 1 LAN, 2 WAN,  3 OpenVPN client. All works fine and I wanted to enable the web proxy as well. Hence I followed https://docs.opnsense.org/manual/how-tos/proxywebfilter.html to setup the web proxy.

In the last step 6 - when I block the port 80/443 to disable proxy bypass, the clients cannot browse in the internet anymore so somehow the clients are not routed to port 3128 http / 3129 https of the webproxy?

Please advise if you have a tip on the above with the correct firewall / NAT settings in conjunction with the ovpninterface/alias?

Hi, what is the most simple script/method with OPNsense to check every 3min if the ping to an IP is possible and if not, that the whole systems gets rebooted? This is for a remote router w/ovpn with not so reliable internet WAN connection.. Please advise.

I just loaded opnsense on my old hp microserver Gen8 and opnsense is exactly what I was looking for. I get around 100Mbs with the OVPN client so will then buy some 1U decisio appliance soon to get some more speed with ovpn. I like the approach of the company.

Two questions:

1) I would like to run a cron script to ping an address every minute or so. If 6 pings fail, I would like to restart the ovpn client to ensure the client really reconnects to the vpn server. Please advise how I can do this?

2) I would like to run a cron script to see if the WAN is still up. If the WAN is down for more than a minute, I would like to restart the opensense server. Please advise how I can do this?