Topics

1

24.1 Legacy Series / Webgui: Upgrade from 23.x to 24.1.10_3 : jquery error

« on: July 18, 2024, 09:33:50 am »

Upgrade steps taken:
1. Made backup of config before doing the upgrade.
2. Use Dashboard upgrade path from the last version of 23.7 to 24.1
3. After completion, logged back into web interface and the Dashboard loaded but with no widgets and just the side menu. None of the menu options in the side menu work when clicking on any menu heading.
4. Completed the upgrade to 24.1.10 via the console
5. After completion, logged back into web interface and Dashboard still loads the same as in step 3 above. The same happens on different PC's and with 3 different browsers: Chrome, Firefox & Brave
6. When opening Developer Tools to check for any errors, the following jquery errors appears and keeps on repeating itself:


Uncaught TypeError: Cannot read properties of undefined (reading 'split')
    at Object.<anonymous> (index.php:2429:73)
    at Function.each (jquery-3.5.1.min.js:2:2976)
    at index.php:2402:23
    at Object.complete (opnsense.js?v=172af3050155f626:298:21)
    at c (jquery-3.5.1.min.js:2:28294)
    at Object.fireWith (jquery-3.5.1.min.js:2:29039)
    at l (jquery-3.5.1.min.js:2:79928)
    at XMLHttpRequest.<anonymous> (jquery-3.5.1.min.js:2:82254)
(anonymous) @ index.php:2429
each @ jquery-3.5.1.min.js:2
(anonymous) @ index.php:2402
complete @ opnsense.js?v=172af3050155f626:298
c @ jquery-3.5.1.min.js:2
fireWith @ jquery-3.5.1.min.js:2
l @ jquery-3.5.1.min.js:2
(anonymous) @ jquery-3.5.1.min.js:2
load (async)
send @ jquery-3.5.1.min.js:2
ajax @ jquery-3.5.1.min.js:2
ajaxGet @ opnsense.js?v=172af3050155f626:290
fetch_services @ index.php:2394
setTimeout (async)
fetch_services @ index.php:2447

2

21.1 Legacy Series / Dynamic DNS not updating

« on: September 06, 2021, 08:54:55 am »

OPNsense: 21.1.9_1-amd64

Current setup before changes:
2x Wan Ports
1x Lan Port
2x VLANS
Rasberry Pi with Pihole, Freeradius & OpenLDAP
Wifi AP's validated Wifi connections against Freeradius & OpenLDAP
At this point Dynamic DNS were updating the WAN addresses

I have made the following changes on Saturday:
Added 2 more VLANS
Created a Group (LAN Group) with the LAN & VLANS and moved all the LAN rules to the LAN group
Moved all the wired LAN connections to a VLAN (VLAN ID2)
Moved all the Wifi connections to another VLAN (VLAN ID3)
Moved all Multi media connections (TV,etc) to another VLAN (VLAN ID4)
Moved IOT connections to another VLAN (VLAN ID5)

My PC is now sitting in VLAN ID2. Initially when I changed my PC to the VLAN, I did not have access to the OPNsense WEB GUI. Saturday evening, I have incorrectly (in hind sight) changed the LAN subnet from 24 to 16 trying to have access the firewall web GUI.

After the subnet change, I ran into Name Resolution errors and then did a configuration restore from an earlier saved config. This resolved the name resolution partially. It was only after a restart of the firewall that name resolution was working properly again. A rule to allow my PC access to the firewall resolved the access problem.

On Sunday, I have picked up that Dynamic DNS, using DuckDNS, is not updating, both WAN addresses remain RED and when I try to access Dynamic DNS in Services, it is taking for ages to open the page. After a reboot of the firewall, Dynamic DNS do update the WAN addresses, both showing GREEN, but after the next update of the addresses both turn RED. The System General Log file shows the following error for both WAN interfaces "/usr/local/etc/rc.dyndns: Dynamic DNS (xxxxx) There was an error trying to determine the public IP for interface - xxx(yyy). Probably interface is not a WAN interface"

I went to interfaces and saved and apply every interface again, but this did not helped.

Any assistance on how to resolve this will be highly appreciated

3

21.7 Legacy Series / Dynamic VLAN Setup on OPNsense 21.1.9-1-amd64

« on: August 18, 2021, 11:19:07 pm »

I'm trying to setup a dynamic VLAN on OPNsense

Network layout:
=>2x Routers with Failover (1xFibre as primary, 1xLTE as Failover) wired to OPNsense
=>OPNsense wired to an unmanaged (dumb) switch (Say Switch 1)
=>Switch 1 fork to 3 unmanaged switches (Say switches 2,3 &4)
=> Switches 2,3 & 4 have each a WiFi Access Point connected and some IOT devices, some wired and some are WiFi

My target is to isolate the IOT devices from the rest of my network.

I have added a VLAN interface link to the LAN interface called VLAN20
NAT Outbound rules created on each WAN interface for VLAN20
NAT Port Forward rule created on the VLAN interface to redirect to proxy (port 3128)
Firewall rules created on VLAN interface:
1. Pass All TCP/UDP to destination VLAN20 Address port 53
2. Block TCP/UDP on VLAN20 net to All Destination port 53
3. Pass TCP traffic on VLAN20 net to 127.0.0.1 port 3128
(I will later add more rules to isolate the VLAN, etc)

Services | DHCPv4 | VLAN20 | DHCP Enabled

LAN IP 192.168.10.0/24, VLAN20 IP 192.168.20.0/24

Questions and Issues:
1. To test, I have added two static IP addresses to VLAN20 and connected 2 devices. Both are setup to obtain IP address, but do not get their IP address from VLAN20, and after a while both revert to the alternate private IP address. Do I miss a setting or a rule?
2. Will OPNsense Dynamic VLAN work on a network with unmanaged switches?

I don't want to go the hardwired VLAN route, the IOT devices that I want to isolate from the the rest of the network are scattered through out my property, which means more cabling, switches and AP's.

4

21.1 Legacy Series / Error loading rules: /tmp/rules.debug:85: syntax error

« on: June 03, 2021, 08:51:39 am »

Opnsense Version 21.1.6-amd64

On the 1st of June the following message started to appear in System: Log Files: General

"/usr/local/etc/rc.filter_configure: There were error(s) loading the rules: /tmp/rules.debug:85: syntax error - The line in question reads [85]: 662256 = "<662256>" and on the immediate line before this the following message is listed with the same process id
"/usr/local/etc/rc.filter_configure: ROUTING: keeping current default gateway '192.168.1.1'"

Does anybody have an idea what this error means and how to resolve this?

Thank you

5

20.1 Legacy Series / [Solved] Multi-Wan Fail-Over & VOIP

« on: February 15, 2020, 06:13:55 pm »

We have daily power blackouts for 2&half hours in South Africa.
When the blackout happens our primary ISP is also going down after about 2 hours into the blackout.
Fail over works as intended for all services from WAN1 to WAN2 except for VOIP.
WAN2 is a pay as use LTE service

It seems that the Firewall is blocking VOIP services on WAN2. Nothing is shown in the Live View that the source IP address or SIP port is blocked. The Live View does show the following Allow Rule on WAN2
xxx.xxx.140.140:5060   udp   let out anything from firewall host itself (force gw)

Firewall/Settings/Advanced/Sticky Connections is off
Firewall/Settings/Advanced/Shared Forwarding is on
Firewall/Settings/Advanced/Bind States to interface is on
Firewall/Settings/Advanced/Dynamic States Reset is on

WAN1 is set as Tier 1 and WAN2 as Tier 2 on Member Down

Any advice how to get VOIP to switch over from WAN1 to WAN2 automatically when WAN1 is going will be highly appreciated.

6

19.7 Legacy Series / OPNsense 19.7.7-amd64 // Multi-Wan Fail-Over: UDP working, TCP not

« on: November 27, 2019, 09:37:52 pm »

Hallo everyone

I have setup Multi-wan according to the documents in Wiki.

WAN1 & WAN2, both priority 255, are identical except for IP & DNS addresses
WANGROUP have WAN1 as TIER1 and WAN2 as TIER2 with Packet Loss & High Latency
All Lan rules point to WANGROUP as gateway except for the proxy & DNS rules
Sticky Connections is ON, Shared forwarding & Disable force gateway is both OFF
WAN1 & WAN2 NIC's are TP-Link Gigabit PCIE TG-3468 & both routers are Huawei B618

When WAN1 goes down, UDP services like VOIP & VNC switch to WAN2 and continue to functioning, but TCP services like mail and web browsing stop to function. What I have found by accident is that when WAN1 is down and the WAN1 network cable is unplugged, all TCP services start to function via WAN2 and when the WAN1 network cable is plugged back, TCP services stop to function.

Is there a setting that I miss somewhere or a rule that I need to create?

Any pointers will be highly appreciated, thank you in advance

7

18.7 Legacy Series / Version 18.7.8 went down

« on: November 27, 2018, 08:15:14 pm »

I'm using v18.7.8 in a production environment and was running stable until about 2 hours ago.

From that time no internet access, no ip addresses from DHCP and neither can I access the system via the web interface from the WAN or LAN addresses. Both addresses time out.

Further am I unable to login via the terminal. Root user is disabled and I get "The account is not available"when I use my username with admin rights.

Rebooting the server does not help either.

Please assist, we are currently without a firewall connected directly to the internet

8

18.7 Legacy Series / Netflix - Need help on how to block Netflix in a work environment

« on: November 15, 2018, 10:50:51 am »

I'm using OpnSense 18.7.7 in a work environment and trying to block access to Netflix, but no success

Steps followed
1. Created an Alias for www.netflix.com (pfTables updated with addresses)
2. Created Block rule on LAN - Source : any; Destination : Netflix Alias
3. Created Block rule on WAN - Source : Netflix Alias; Destination : any
4. Both rules sit at the top of the rule list
5. Added *.netflix.* to Forward Proxy ACL Blacklist
6. Google is not listed in the SSL No Bump Sites

Despite these, Netflix is not blocked

Any ideas or comments will be appreciated on how to block Netflix or if there are errors in the rules.

Update I have created an alias for a website http://www.6mmbr.com as a test and then created the same rules upto point 4 as above and I can't get OpnSense to block the website, have switched the source and destinations around, still no luck.

9

18.7 Legacy Series / Access firewall from wan ip address

« on: August 19, 2018, 10:25:59 pm »

On version 18.1.13, I was able to access the firewall from the WAN side via the firewall's WAN IP address, but on version 18.7.1, I am not able to access the firewall from the WAN side via the WAN IP address.

I manage a network at a friend's home office also with OPNSense but still on version 18.1.13. This network setup is a copy of my setup. The only difference with my setup is that my setup is already upgraded to version 18.7.1.

I can still access the firewall on version 18.1.13 with port forwarding on the WAN port but I can not access the firewall with version 18.7.1 with port forwarding or from the router side. The logs don't show any deny messages on the WAN IP address of the firewall or the WAN IP address of the device which I try to access the 18.7.1 firewall. Only a blank browser page appear without the login screen. The System: Settings: Administration is HTTP on port 8080 and HTTP_REFERER enforcement is disable.

I think that I am missing a setting in 18.7.1, but I can't figure out what am I missing. Any ideas please?

10

18.7 Legacy Series / Version 18.7 - Setup of a Guest Network

« on: August 07, 2018, 11:01:36 pm »

I'm using Opnsense for a while and want to setup a guest network.

According to wiki the first step is to add an interface, but I cant find the option to add a new interface under Interfaces->Assignments on version18.7-amd64. Is it not available on 18.7 or is it moved to a new place?

11

18.7 Legacy Series / No Wan access after upgrade

« on: August 03, 2018, 12:32:29 am »

I have a small home office network with multiple lan points connecting to opnsense server, which connect to an dsl modem.

After upgrade from 18.1.13 to 18.7, all wan access is blocked. Prior to the upgrade everything worked 100% since December 2017

Current status:
Dashboard shows Wan & Lan interfaces are running, Gateway is online, Dynamic Dns service is Opendns & Cached IP is green. All services are green.

I have rebooted the opnsense server multiple times after the upgrade, but no success.

If I bypass the opnsense server and connect the lan directly to the dsl modem, wan access is working.

Am I missing some changes / settings in 18.7 that needs to be changed?

Thanks for an awesum product

12

17.7 Legacy Series / OPNsense 17.7.11 & MSSQL

« on: January 09, 2018, 12:53:48 pm »

I've have small network running 1xWin XP, 1xWin7 & 3xWin10 PC's and the one Win10 PC's is also a dedicated MSSQL server not used for anything else.

The current network without OPNsense worked without any problems for the past year and the were no changes to the network prior to or after the introduction of the OPNsense server. The only change is the introduction of the OPNsense server. With OPNsense connected to the network, all traffic goes the via OPNsense server, we can do web browsing, send and receive emails, map drives between the various PC's, print to the shared printer on the network (connected to one of the other Win10 PC's) except for the problem below.

When OPNsense is connected to the network we experience timeouts on the connections to MSSQL server and when OPNsense is disconnected from the network, there are no timeouts. Please note that the timeouts never occured in the past with the current setup prior to the introduction of OPNsense to the network.

-> Webproxy is configured as transparent on HTTP only, HTTPS is not yet configured
-> Lan rules: First rule redirect traffic to Webproxy, second rule is any to any on all settings

Any setting/(s) that I need to change or any ideas what can cause this?

Much appreciated in advance

13

17.7 Legacy Series / [SOLVED] OPNsense 17.7.11-amd64 New Installation

« on: January 01, 2018, 10:44:24 am »

Goodday,
I'm completely new to OPNsense and from the write-ups on the internet, I decided to go the OPNsense firewall route above other packages.

I need setup assistance as I can not connect to the internet when OPNsense is in control

My current setup is:

Router0 - 192.168.10.1 - 3G Failover Router
Router1 - 192.168.10.2 - DSL Rouer
Opnsense.localdomain - WAN - DHCP - 192.168.10.18 (Connected to Router1)
Opnsense.localdomain - LAN - Static - 192.168.10.4 (Connected to Switch)
Ethernet Switch

While the switch is connected to Router1, I can access Opnsense.localdomain via GUI and the internet. When the switch is disconnected from Router1, I can not access the internet or Opnsense.localdomain. Somewhere I'm missing a setting but can't figure out where.

I have attached screen shots of the Dashboard, interfaces, NAT, firewall rules and log files.

Assistance will be highly appreciated