Topics

Hi,

I have not upgraded to 20.7 yet as I noticed that this version jumps to zabbix proxy 5.
Will I still be able to run zabbix proxy 4 after the upgrade? The rest of my infrastructure is still running on 4.

Regards,
Andrea

Hi,

Can I please just spend one minute telling you how great OPNsense is?
No point as if you are reading this, you already know!

You've been my introduction to BSD, and since then a lot of more Unix based systems came my way.

Anyway, the other day I was reading this article on the right software for setting up a homelab and could not help mentioning the amazing OPNsense in the comments: https://opensource.com/article/19/3/home-lab

I keep mentioning OPNsense at work too but it's hard to steer/convince CISCO/Windows engineers that Unix and open source can be a valid alternative. None the less, I keep talking about it! lol

Thanks to all the developers, and keep up the good work,
Andrea

Hi,

I like my systems to be setup all in UTC, so that it's easier to debug issues across timezones.
Apparently I'm not the only one: http://yellerapp.com/posts/2015-01-12-the-worst-server-setup-you-can-make.html :-D

Anyway, the problem is that if I set OPNsense to UTC then the FW schedule (eg to limit the Internet for the kids VLAN) goes off by one hour.

In summary, is there a way to have the OS (HBSD) and the application (OPNsense) to use two different timezones?
Any other workaround/suggestion for the problem above mentioned is welcome too.

Regards,
Andrea

Hi,

I want my pc (10.55.56.77) to manage/access resources on a different subnet (10.55.55.0/24).

With tools like "mtr" I pinged a server (10.55.55.34), setting the interval to 0.1 seconds and not losing a single ping for however long...

Sometimes though, some packages are getting dropped (as shown in the Opnsense UI screenshots attached), and I get kicked out of SSH sessions and web UIs etc.
The SSH sessions I'd say last 20/30 seconds, while web UI look slow at times, and some other times I get logged out too...

I obviously try adding rules which should have allow my management network to access everything, but some packages always end up getting caught.


Can anyone advice on how I should be debugging an issue like that please?


Thanks in advance for any tip.

Regards,
Andrea

[Background story]

Hi,

Background story
I'm half way through setting up an OpenVPN multi site setup.
Site1 is running the OpenVPN server (on OPNsense), while site2 and site3 are running some linux/openVPN clients.

The key to make this setup to work, is to add the openVPN "iroute" config for each client (site2 & site3), so that the openVPN server knows the subnets those clients/sites are providing.

OpenVPN settings
This setting is added in a client specific config file (defined by client-config-dir) which, in a normal linux environment, is normally somewhere like "/etc/openvpn/ccd/".
It took me a little while to find where OPNsense stores this (maybe just because I'm not used to freeBSD), and I found it to be in "/var/etc/openvpn-csc/3/" for some reason.
The number "3" is because this is the third openVPN I setup.

The config files for site2 would be "/var/etc/openvpn-csc/3/site2":
iroute 192.168.100.0 255.255.255.0

and for site3 would be /var/etc/openvpn-csc/3/site3:
iroute 192.168.110.0 255.255.255.0


Issue
I noticed that these configs/files do not get backed up by the standard OPNsense backup utility.

I've also noticed that when I cloned the VPN (as I changed listening port for some reason), these client specific config files were left behind.

Can someone please suggest the best practice here for either:
- including these client specific settings in the OPNsense web UI, so that they get backed up automatically with everything else;
- suggest a way to make sure these files/directories are backed up with the rest of the configs in some other ways.

Any advice would be much appreciated.

Regards,
Andrea

PS: of course I understand I could rsync the configs/directory at the same time I take the OPNsense backup, but I'm looking for the best practice/OPNsense way

Hi,

I'm debugging some routing issues between different sites, is there a way to install MTR (or similar)?

MTR is an improvement over ping/traceroute.
Feel free to suggest a different/better tool to achieve the same results.

Regards,
Andrea

Hi,

I run Opnsense 17.7, I've just enabled the HAProxy plugin but I can't seem to find a way to add servers to get started.
See image attached.

According to the documentation (https://docs.opnsense.org/manual/how-tos/haproxy.html) there should be a '+' sign to use in order to add servers.
Could anyone kindly point out what I am missing?

Regards,
Andrea