Topics

1

23.7 Legacy Series / what populates /etc/hosts

« on: November 21, 2023, 10:49:02 pm »

On my opnsense install the /etc/hosts file has a single entry for the firewall but I can't work out how it selects which address to use.

Code: [Select]

root@firewall:~ # cat /etc/hosts
127.0.0.1       localhost       localhost.home
::1             localhost       localhost.home
192.168.2.254   firewall        firewall.home
My firewall has 8 vlans with IPs on and it appears to select one to put into the hosts file.
Is there a way to influence which IP address is used?

2

23.7 Legacy Series / Serial console com port change

« on: November 16, 2023, 03:22:59 pm »

It is possible to specify which serial port to use? e.g. /dev/ttyu1

My board has two serial ports and I can see the console on /dev/ttyu0 but not /dev/ttyu1.
I would like to use /dev/ttyu1 if possible.

3

20.7 Legacy Series / OpenVPN multiple server issues

« on: January 05, 2021, 09:26:50 pm »

I have found a strange issue on opnsense 20.7.7_1-amd64 when running multiple OpenVPN servers.

The first server seems to work fine but I am finding the second server (configured the same but with different tunnel subnet and port) users can connect to the VPN but none of their traffic is routed.

I have tested this on two separate opnsense instances and both had strange routing/firewall problems with the second OpenVPN server.

Any ideas why this might happen?

4

20.7 Legacy Series / unqualified DNS query unbound

« on: August 11, 2020, 08:03:31 pm »

Is it possible to set a default domain on unbound so if a DNS request comes in for a hostname (not fqdn) it appends a default domain to it.
e.g. DNS request for 'printer.' gets mapped to 'printer.home'

Currently I can't get these requests to resolve to anything even with static mappings.

5

19.7 Legacy Series / Gateway up/down email alerts

« on: November 03, 2019, 07:22:27 pm »

I am trying to get alerts for gateway status. e.g. I would like to receive an email saying gateway x went down at 12:34 03/11/19 and then another email when it came back again.
Unfortunately if the gateway goes down it can't send an email as their is no internet connection so the email would have to be cached until internet is restored. My old firewall used to do this perfectly but I can't find a way to do this on opnsense.
I have found the monit gateway_alert service but this doesn't seem to work for me, possibly because I am not using gateway groups or because the email notifications are failing to send due to no internet.

Is is possible to get opnsense to do what I want or am I better off using an external system to monitor the gateway?

6

Hardware and Performance / OpenVPN performance

« on: January 09, 2019, 06:04:02 pm »

I am running OPNSense on a Xeon X5550 box. We have a 1Gb link to a OpenVPN server which we have tested can provide 800Mb using a desktop PC.
When we use the OPNSense box to connect to the VPN it can only provide 200Mb of throughput through the VPN. I have ssh'd into OPNSense and it only ever appears to be using 45% of a single CPU core. I know OpenVPN is single threaded so I can't expect much, but is it possible to debug what is the bottleneck and why the openvpn process is not using more than 45%?

7

18.7 Legacy Series / Skip rules when gateway is down or gateway monitoring bug?

« on: January 02, 2019, 11:08:32 am »

I need to set the gateway that each interface can use and this needs to be failsafe so I have enabled "Skip rules when gateway is down".
However I find that none of my traffic is reaching the gateway, it appears that the firewall thinks the gateway is down as no rules are created and all my traffic hits the default block rule. If I disable "Skip rules when gateway is down" then all the traffic goes out the default firewall gateway instead of the one I have specified. When I check the gateway under system->gateways all the gateways are marked as online (although gateway monitoring is disabled).

My gateway is not a physical interface but a openvpn client with a virtual IP.
Any idea why this is happening or how to debug this problem?

Edit: I am running 18.7.9

8

18.7 Legacy Series / openvpn config - redirect gateway problem

« on: December 05, 2018, 10:27:42 am »

When I select 'redirect gateway' in the openvpn server settings it does not have any effect.
Is this pushed to the client when they connect or should it add a option to the client export config file?

 

9

17.7 Legacy Series / Unbound DNS problems

« on: September 16, 2017, 01:02:45 pm »

I am trying out OPNsense for the first time and I am having lots of problems with DNS.
DNS works fine if I set unbound up as a forwarder and put 8.8.8.8/8.8.4.4 in the system settings.

However if I disable forwarding, DNS does not work at all. I thought in this mode it should fetch DNS responses from the root DNS servers, however it does not appear to be working. If I use tcpdump I can see lots of responses from root servers as well as ServFail responses.

If I try and use DNSSEC DNS also stops working for all my clients and in the log file I see "unbound: [65437:0] info: failed to prime trust anchor -- could not fetch DNSKEY rrset . DNSKEY IN".

I have also noticed I am getting a lot of IPS alerts that are DNS related. With DNS forwarding disabled:
allowed   198.97.190.53   192.168.1.65   SURICATA DNS malformed response data

With DNS forwarding enabled:
allowed   8.8.8.8   192.168.1.65   SURICATA DNS malformed response data

Any idea what is wrong?

Here are my settings:

10

17.7 Legacy Series / 17.7 boot hangs using UEFI

« on: September 14, 2017, 09:27:15 pm »

I have created a USB stick using OPNsense-17.7-OpenSSL-vga-amd64.img but I can't get it to boot. It always hangs on EFI framebuffer information.



I have tried adding to the boot options  set kern.vty="vt" and set console="efi" but not had any success.
Is there anything else I can try?