OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Mayo132 »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - Mayo132

Pages: [1] 2
1
24.7 Production Series / Best practise DNS server
« on: October 20, 2024, 12:33:54 pm »
Hey everyone,

sorry for asking this question. But at the moment iam trying to figure out, how i should deploy a DNS solution. So at the moment, everything is working, but i would like to ask for some best practises of you.

We got 2 ISP connections for about 80 People.

At the moment iam Using as the primary DNS  Unbound + Zenarmor free (hosted on my Hostsystem) and as secondary DNS iam using an Adguard installation on another Hardware.

So if one fails the clients are still connected to the internet.

But i this the right way of deploying it?  Or should i Use the Adguard as my primary DNS Server?


Thanks a lot.
Mario

2
24.1 Legacy Series / Clients loosing Lan connection - KEA - DHCP - No buffer Space available
« on: June 04, 2024, 05:34:41 pm »
Hey everyone,

last days i recieve some interrupts in my Network.  But at the moment i can not figure out where the problem is located.

Some days ago i got the information about some clients lost the connection to the internet for some time (approx. 20 seconds). After this time, everything is working fine.

Today, the same problem also happened, but this was the first time, i found a strange entry in my KEA log. But until now i can not interpret the error message.

Code: [Select]
2024-06-04T14:03:17 Error kea-dhcp4 ERROR [kea-dhcp4.packets.0x834410400] DHCP4_PACKET_SEND_FAIL [hwtype=1 f4:a8:0d:6e:7f:8a], cid=[01:f4:a8:0d:6e:7f:8a], tid=0xe600623e: failed to send DHCPv4 packet: failed to send DHCPv4 packet: No buffer space available
2024-06-04T14:03:17 Error kea-dhcp4 ERROR [kea-dhcp4.packets.0x834410400] DHCP4_PACKET_SEND_FAIL [hwtype=1 b4:b2:91:e9:bc:8e], cid=[01:b4:b2:91:e9:bc:8e], tid=0x602b506: failed to send DHCPv4 packet: failed to send DHCPv4 packet: No buffer space available
2024-06-04T14:03:14 Error kea-dhcp4 ERROR [kea-dhcp4.packets.0x834410400] DHCP4_PACKET_SEND_FAIL [hwtype=1 f4:a8:0d:6e:7f:8a], cid=[01:f4:a8:0d:6e:7f:8a], tid=0xe600623e: failed to send DHCPv4 packet: failed to send DHCPv4 packet: No buffer space available

Maybe someone knows this error ?

Thanks a lot.

Mario

3
24.1 Legacy Series / How to handle DNS Queries / Or switch Topology
« on: May 30, 2024, 04:10:32 pm »
Hey everyone,

at the moment iam dealing with some sporadic DNS problems (timeouts, or answering at the second request).

  • Webpages sometimes take about 3 seconds to load. 
  • But the Bandwith of the internet connection is not the limitation ( about 50% load)

So it seems to me that there could be a limitation in DNS Queries.

The network was first designed for about 20 people, and now from time to time more people using this network.

Attached to this post, i've added the topology of my network.
  • > Cause of the size of the building - there are 2 network cabinets, connected with fiber. So i've got a bandwith of  2x 10 Gbit/s.   
  • All switchtes named "V2" are located in the upper floor
  • All V1 switches in the base ground.

At the moment there are about 80 people using the internet.

The ISP only offers 2 connections with each 100/40Mbit, but there is a plan to switch to a fiber internet (but this is not available at the moment)

At the Baseground (V1) is located:
  • ISP connection
  • Firewall
  • NAS
  • "Proxmox Server" (with Adgaurd)


At the OpnSense firewall iam using a traffic shaper to prioritize the "important" traffic, like Video Calls or Phone Calls.

But now, there are some timeouts in the DNS queries.
First i tried to switch all DNS Queries to the seperate DNS Server (Adgaurd) > The timeouts increases
Then i switched to "Primary AdGuard" and "Secondary Opnsense" > This is now working

Is there any recommendation (Best Practise) how, to deploy DNS Servers ?
> There is no local Active Directory Server - All Users are managed by Azure Active Directory.

Thanks a lot.

Mario

4
24.1 Legacy Series / Multi WAN Ipv6 - Load Balancer
« on: April 20, 2024, 12:59:26 pm »
Hey everyone,

at the moment iam trying to set up a load balancer with ipv6. But there are some problemes with sporadic disconnects.

I think the reason why is, that the computer switches the connections.

I've read somehing in this forum that i have to disable the "Shared forwarding" option. Even reading the documentation, i don't understand the meaning of this option.

My something can explain it to me ?

Thanks a lot

Mario

5
24.1 Legacy Series / Ram Overflow after update to 24.1
« on: February 05, 2024, 05:43:18 am »
Hey everyone,

i would like to ask if someone got the same problems like me.  After updating to to the new version of Opnsense everthying was fine. But now after 2 days my system ran out of memory.

The config wasn't change after the update, so i think, that this is probably not the reason why having these probelms.

After having a look at the logs, there are many entrys from "/usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force".

Has anyone an idea what i can do ?

Thanks a lot.

Mario

Code: [Select]
2024-02-05T05:28:30 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T05:26:48 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T05:25:20 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T05:23:52 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T05:23:46 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T05:22:29 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T05:20:42 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T05:20:09 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T05:16:21 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T05:12:07 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T05:08:22 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T05:03:19 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T04:57:08 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T04:47:32 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T04:42:38 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T04:42:36 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T04:42:30 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T04:37:27 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T04:33:13 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T04:29:21 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T04:24:43 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T04:24:31 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T04:22:15 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T04:16:17 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T04:16:11 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T04:12:09 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T04:12:09 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T04:03:56 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T04:03:53 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T04:00:55 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T03:53:36 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T03:48:38 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T03:44:31 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T03:31:51 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T03:27:49 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T03:22:44 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T03:18:12 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T03:16:35 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T03:11:22 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T03:02:17 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T03:02:09 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T02:56:07 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T02:50:50 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T02:45:57 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T02:45:57 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T02:40:51 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T02:36:16 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T02:33:14 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T02:29:36 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T02:25:08 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T02:15:17 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T02:15:13 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T02:10:41 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T02:07:35 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T02:03:27 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T02:00:09 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T01:42:28 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T01:42:23 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T01:39:30 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T01:34:29 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T01:29:12 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T01:29:08 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T01:25:37 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T01:20:34 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T01:08:52 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T01:03:08 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T00:59:20 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T00:51:11 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T00:46:17 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T00:42:35 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T00:37:23 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T00:37:08 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T00:28:09 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T00:28:09 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T00:22:44 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T00:19:27 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T00:19:27 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T00:15:08 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T00:12:22 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T00:09:04 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T00:03:33 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-05T00:03:16 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T23:59:36 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T23:58:59 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T23:53:31 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T23:53:28 Error configctl error in configd communication  Traceback (most recent call last):   File "/usr/local/sbin/configctl", line 65, in exec_config_cmd     line = sock.recv(65536).decode() ConnectionResetError: [Errno 54] Connection reset by peer
2024-02-04T23:49:31 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T23:49:31 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T23:43:16 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T23:43:16 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T23:40:16 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T23:35:20 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T23:35:19 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T23:35:18 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T23:35:18 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T23:27:06 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T23:23:19 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T23:20:46 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T23:20:46 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T23:11:46 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T23:06:26 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T23:06:26 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T23:02:41 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T22:59:14 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T22:54:20 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T22:51:11 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T22:45:59 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T22:35:39 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T22:33:42 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T22:28:27 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T22:22:15 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T22:17:46 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T22:13:22 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T22:03:33 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T21:58:57 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T21:56:10 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T21:50:32 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T21:47:04 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T21:42:21 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T21:39:02 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T21:31:49 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T21:26:22 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T21:23:03 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T21:19:08 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T21:15:11 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T21:15:04 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T21:09:01 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T21:04:59 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T21:00:38 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T20:58:46 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T20:54:31 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T20:51:29 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T20:47:00 Error configctl unable to connect to configd socket (@/var/run/configd.socket)
2024-02-04T20:02:10 Error dhcp6c transmit failed: Can't assign requested address
2024-02-04T20:02:10 Error dhcp6c transmit failed: Can't assign requested address
2024-02-04T20:01:18 Error dhcp6c transmit failed: Can't assign requested address
2024-02-03T13:51:20 Warning opnsense /usr/local/etc/rc.newwanip: Interface '' (ovpns1) is disabled or empty, nothing to do.
2024-02-03T13:51:20 Error opnsense /usr/local/etc/rc.bootup: The command '/usr/sbin/powerd -b 'adp' -a 'adp' -n 'adp'' returned exit code '69', the output was 'powerd: no cpufreq(4) support -- aborting: No such file or directory'
2024-02-03T13:49:31 Critical reboot rebooted by root
2024-02-03T13:47:39 Error ftp-proxy exiting on signal 15
2024-02-03T13:47:39 Error ftp-proxy exiting on signal 15
2024-02-02T11:07:17 Error opnsense /usr/local/etc/rc.newwanip: The command '/usr/sbin/daemon -f -p '/var/run/updaterrd.pid' '/var/db/rrd/updaterrd.sh'' returned exit code '3', the output was 'daemon: process already running, pid: 53016'
2024-02-02T11:07:14 Error dhcp6c transmit failed: Can't assign requested address
2024-02-02T11:06:31 Error dhcp6c transmit failed: Can't assign requested address
2024-01-15T04:01:12 Error dhcp6c transmit failed: Can't assign requested address
2024-01-15T04:01:12 Error dhcp6c transmit failed: Can't assign requested address
2024-01-15T04:00:32 Error dhcp6c transmit failed: Can't assign requested address
2024-01-14T06:15:11 Warning vnstatd Warning: Writing cached data to database took 11.1 seconds.
2024-01-12T10:15:05 Warning vnstatd Warning: Writing cached data to database took 5.6 seconds.
2024-01-11T12:34:46 Error dhcp6c transmit failed: Can't assign requested address
2024-01-11T12:34:46 Error dhcp6c transmit failed: Can't assign requested address
2024-01-11T12:32:42 Error dhcp6c transmit failed: Can't assign requested address
   
Code: [Select]
PID
USERNAME
PRI
NICE
SIZE
RES
STATE
C
TIME
WCPU
COMMAND
31452 root 20 0 13M 8K wait 1 0:01 0.00% /bin/sh /usr/local/opnsense/scripts/dhcp/prefixes.sh (<sh>)
91709 root 52 0 13M 8K nanslp 0 0:01 0.00% /usr/sbin/cron -s (<cron>)
234 root 20 0 24M 8K wait 1 0:01 0.00% /usr/local/bin/python3 /usr/local/opnsense/service/configd.py (<python3.9>)
15958 root 21 0 64M 8K lockf 3 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
98821 root 21 0 64M 8K lockf 0 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
4923 root 31 0 64M 8K lockf 3 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
41091 root 20 0 64M 8K lockf 0 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
65805 root 20 0 64M 8K lockf 2 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
18097 root 21 0 64M 8K lockf 2 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
3980 root 20 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
28288 root 20 0 64M 8K lockf 0 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
67161 root 20 0 64M 8K lockf 2 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
8197 root 28 0 64M 8K lockf 2 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
55851 root 21 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
29000 root 21 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
82761 root 28 0 64M 8K lockf 3 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
9555 root 20 0 64M 8K lockf 0 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
68662 root 28 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
99100 root 21 0 64M 8K lockf 2 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
43774 root 27 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
74199 root 20 0 64M 8K lockf 0 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
55906 root 20 0 64M 8K lockf 0 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
22064 root 28 0 64M 8K lockf 0 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
1263 root 20 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
52403 root 27 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
25923 root 20 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
93471 root 21 0 64M 8K lockf 2 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
12141 root 20 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
66097 root 20 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
30794 root 20 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
71604 root 20 0 64M 8K lockf 0 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
14496 root 21 0 64M 8K lockf 0 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
63649 root 20 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
21180 root 20 0 64M 8K lockf 2 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
2807 root 20 0 64M 8K lockf 3 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
65034 root 26 0 64M 8K lockf 3 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
36824 root 20 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
26799 root 20 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
19447 root 20 0 64M 8K lockf 0 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
85536 root 26 0 64M 8K lockf 2 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
74497 root 25 0 64M 8K lockf 2 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
53958 root 21 0 64M 8K lockf 3 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
92893 root 20 0 64M 8K lockf 2 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
13664 root 26 0 64M 8K lockf 2 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
35304 root 25 0 64M 8K lockf 3 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
69895 root 25 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
83182 root 20 0 64M 8K lockf 2 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
66681 root 25 0 64M 8K lockf 0 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
72324 root 24 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
3493 root 26 0 64M 8K lockf 3 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
73046 root 20 0 64M 8K lockf 3 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
25038 root 20 0 64M 8K lockf 2 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
27170 root 24 0 64M 8K lockf 0 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
7406 root 20 0 64M 8K lockf 0 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
26715 root 24 0 64M 8K lockf 2 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
45989 root 21 0 64M 8K lockf 2 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
40269 root 20 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
4409 root 25 0 64M 8K lockf 0 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
27287 root 20 0 64M 8K lockf 2 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
84267 root 20 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
46211 root 20 0 64M 8K lockf 3 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
22973 root 24 0 64M 8K lockf 3 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
48073 root 25 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
43126 root 20 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
31609 root 24 0 64M 8K lockf 0 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
80636 root 24 0 64M 8K lockf 0 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
85924 root 21 0 64M 8K lockf 3 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
77321 root 20 0 64M 8K lockf 2 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
33491 root 20 0 64M 8K lockf 3 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
86534 root 20 0 64M 8K lockf 2 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
85861 root 20 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
86019 root 52 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
35388 root 37 0 64M 8K lockf 2 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
91064 root 20 0 64M 8K lockf 0 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
41808 root 20 0 64M 8K lockf 0 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
3462 root 20 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
91436 root 20 0 64M 8K lockf 2 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
59778 root 24 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
89675 root 20 0 64M 8K lockf 3 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
88311 root 26 0 64M 8K lockf 2 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
78118 root 20 0 64M 8K lockf 1 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)
96402 root 24 0 64M 8K lockf 0 0:00 0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe1 force (<php>)

6
23.7 Legacy Series / "Set Priority" to a specific LAN rule
« on: October 24, 2023, 08:00:41 pm »
Hey everyone,

I would like to ask if there is a possibility to prioritize a specific LAN rule.

The reason why iam asking is Microsoft Teams. For example, at the moment some people are sharing one ISP connection (100/40 Mbits). Now when someone starts a download an reach out the Internet limitation, the videostreams of MS Tems starts to stutter or the clients get a disconnect.

Now iam looking for a solution, to say, that the traffic which belongs to Rule "MS TEAMS" always will get a higher priority.

I think this is possible, but at the moment, i do not know how i can realize this.

Maybe it could be the "Set Priority" settings in the ruleset?

Thanks a lot.

Mario

7
23.7 Legacy Series / High RAM usage
« on: October 13, 2023, 06:51:09 am »
Hi everyone,

please let ma ask a question about the RAM usage.

AFter some time the RAM Usage increases to the max available ram. But i do not know why.

After looking at "System -> Diagnostics -> Activity" the are many Processes with 60M Ram size. It is called " /usr/local/bin/php /usr/local/etc/rc.newwanipv6 ppoe1 force (<php>)"

After rebooting the system, everything is working fine.

Someone got a similar problem ?


Thanks a lot

Mario

8
23.7 Legacy Series / Where can i download the Client Software (OpenVPN)
« on: October 03, 2023, 01:28:55 pm »
Hey everyone,

at the moment iam trying to use openvpn for connection external clients.

On some clients the Software "OpenVPN GUI v11.24.0.0" is installed and it works fine.

But some clients haven't installed this Software and the new OpenVPN Connect software always crash on my Windows Systems.

Does someone got an Idea, where i can download the right client ?  Or is there a download directly integrated in Opensense?

Thanks a lot for helping me.

Mario

9
23.7 Legacy Series / Firewall - Virtualisation or Bare metal ?
« on: August 08, 2023, 05:14:47 pm »
Hey everyone,

I would like to ask how you are hosting your firewall.

Are you running it on "bare metal" or do you virtualize it (like on Proxmoxx).
-> Maybe you can share a short summary of your network size and how you host it

Thanks a lot .

Dear Mario

10
Hardware and Performance / Hardware sizing - 1500 clients Dual WAN
« on: July 02, 2023, 02:14:06 pm »
Hey everyone,

i would like to ask for some help.

We would like to switch over from another Firewall distribution to OPNsense. But at the moment we are struggeling, which are the best hardware to choose.

What would we like to to.
- We would like trying to install ZENarmor (to block social Networks / VPN / Adult pages)
- Clients are about 1500
- WAN -> 2 Uplinks which each 1000 Mbit/s / 50 Mbit/s

-> The modems should connected via RJ 45 (1 Gbit/s) directly to the firewall
-> The uplink to our internal network is not relay specified. Here it is possibile to use SFP+ uplinks or an Copper uplink.


> We thought about an "IPU 456A" System
Code: [Select]
Prozessor: AMD Ryzen 5 5600U (Cezanne, Zen 3), Hexa Core (12 Threads), 2,3 bis 4,2 GHz
Cache: 6x32 KByte L1 Instruction, 6x32 KByte L1 Data, 6x512 KByte L2, 16 MByte L3
Features: AES-NI, Hyper-Threading, MMX, SSE, SSE2, SSE3, SSSE3, SSE4A, SSE4.1, SSE4.2, AVX, AVX2, BMI1, BMI2, SHA, F16C, FMA3, AMD64, EVP, AMD-V, SMAP, SMEP, SMT, Precision Boost 2, XFR 2
AMD Radeon RX Vega 7 Grafikprozessor (bis 1800 MHz)
2 x DDR4-3200 (1600 MHz) SO-DIMM-Sockel (bis zu 64 GByte möglich)
4 x 10/100/1000/2500 MBit/s Intel i226-V Netzwerkschnittstellen
2 x SATA 6 GBit/s mit 5V-Stromanschluß (1 x interne 2,5-Zoll-Halterung vorhanden)
1 x M.2 2280 NVMe SSD Sockel (PCIe 3.0 x4, max. 4 GByte/s brutto)
1 x Mini PCIe Sockel (PCIe 3.0 x4)
1 x HDMI 2.0
1 x DisplayPort 1.4a
1 x USB 3.1 (USB 3.2 Gen 2x1, bis zu 10 GBit/s, USB-C);
2 x USB 3.1 (USB 3.2 Gen 2x1, bis zu 10 GBit/s, USB-A)
2 x USB 2.0 (bis zu 480 MBit/s, USB-A)
1 x TPM 2.0

There will be a upgrade to 32GB/RAM and an 256 SSD Drive.

But does someone have any experiences with a Gateway and ZENarmor with so many cllients ?

Thanks a lot
Mario

11
23.1 Legacy Series / Gateways are going down - Limit outgoing connections?
« on: July 02, 2023, 12:50:19 pm »
Hello everybody,

is there a possibility to limit the outgoing connection by the firewall?

I ask, because of using a dual wan connection with hardware, provided by my ISP. If there are to many "connections" pushing through the gateway i can see increasing the CPU load to 100% and the gateway went down.

So I would like trying to limit this connections to a maximum number.

Maybe someone knows a solution?

Thanks a lot.
Mario

12
23.1 Legacy Series / Configure IPv6 - Ruleset for VLANS
« on: June 17, 2023, 07:39:12 pm »
Hey everybody,

I do not know if it is the right place. But i would like to ask for some help by setting up an IPv6 config. Everything seems working flawless but there a some strange things, wich I do not understand. So i hope, you can help me.

First: There is no fix IPv6 prefix delegated, so it could be possible that these could change.

My networksetup:

  • Main LAN:
    - IP 192.168.20.0/24
    - fd85:xx:feb8:9820::1/64
    - 2003:xx:xx:20::/64
    IOT Net
    - IP 192.168.60.0/24
    - fd85:xx:feb8:9860::1/64
    - 2003:xx:xx:60::/64
    Guest Net:
    - IP 192.168.50.0/24
    - fd85:xx:feb8:9850::1/64
    - 2003:xx:xx:50::/64

If I get it right, so the internetacces is only possibel via the Global address "2003::".
>> This works fine > an IPV6 testsite shows me IPv4 and IPv6 compatibility

I set up an Pihole and provide this DNS via DHCPv6
> So every client gets an IPV4 DNS and IPV6 DNS Server (here - i provide the FD85:: adress, because these should be always the same)

And now to the part - i do not understand.

When i connect to the Guest or IOT net
> I only get the configured IPv6 adress. There is no "20" / "50" adress

But when i Connect to the Main LAN.
-> Every V6 Adress is provided "20" / "50" / "60"


I dont know why getting the other subnets at my main Lan .  Maybe someone can explain it ? Or is there an configuration error?

Now one question to the Ruleset:
For Example the GUEST net.
> I added an allow rule for the DNS Server (fd85:XX:feb8:9820::2)
> I added an Block Rule for "LAN NET" and "IOT NET"
> I added an Block Rule for the Private IPv6 Ranges (fd85:XX:feb8:9820::/64 and fd85:XX:feb8:9860::/64)

Is this the right way, or can it blocked by another way ?

Thanks a lot for helping me

Mario

13
23.1 Legacy Series / Some Questions about the update Types
« on: June 17, 2023, 12:56:20 pm »
Hey everyone,

At the moment iam trying to replace my Pfsense firewalls with opensense software.

But i think the updates are really fast - which is a good think, and today i realized that there are different Settings at the "menu -> System -> Firmware -> Setting"

Here is the possibility to change the Type.  Can you explain what i should set here ?
I can switch between / Development  / Community / Business. But in the Docs ( https://docs.opnsense.org/manual/updates.html ) there are only two option.

Which Repo should I use for the latest, tested version ?

Thank you .

14
General Discussion / DNS Setup - Wich solution should I use ?
« on: December 24, 2022, 02:51:57 pm »
Hey everyone,

iam sorry for asking, but i would like to hear, how you set up your OPNsense DNS.

Some days ago, i was using Pfsense with the plugin PfblockerNG.

Now i sucessfully set up and install the OPNsense on my System - everything works quite well. But at the moment iam tring to find a well working solution for the DNS Resolver and AD blocking feature of pfsense.

So here is my qestion, do you use ADblocking and IP blocking at your Setup? If yes, how do you realized it ?

Here is my Setup.
- Opensense + Zenarmor
- Unbound with additional ADlists.

But i do not know if it is the right way to filter my DNS.  Do you use always DNS over HTTPS ? Or are you using DNS via port 53 ?

Thanks a lot for helping.

I wish everyone a merry christmas ;)

Mario

15
German - Deutsch / 3CX APP funktioniert im Internen Netz nicht
« on: December 18, 2022, 08:26:39 pm »
Hallo zusammen,

Aktuell versuche ich meine Pfsense durch eine Opnsense zu ersetzen. Allerdings habe ich aktuell noch ein paar Probleme meine 3cx Telefonanlage ans laufen zu bringen.

Aufbau ist aktuell wie Folgt

WWW -> SIP (telekom), welche auf der 3CX konfiguriert wurde -> Fritzbox -> DECT
=> Diese Kette funktioniert soweit ohne Probleme

Weiterhin habe ich noch mehrere Android Geräte, worauf die 3CX APP läuft.
=> Sobald ich über das Handynetz verbunden bin, funktioniert diese APP ebfalls tadellos.
=> Im Internen Netz bekomme ich leider keine Verbindung zum Server

Die Ports sind alle Offen und der Check der 3cx erfolgt ohne Probleme.

> In dem IOT Netz sind die Ports ebenfalls geöffnet, auch eine ANY / ANY regel hat keinen Einfluss auf das Verbindungsproblem.

Hat zufällig jemand einen Tipp, was ich vergessen haben könnte. ?

Danke schon einmal im Voruas.

Pages: [1] 2
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2