Topics

1

24.7 Production Series / Interface gets deleted from configuration if physical one gets switched off/on.

« on: October 02, 2024, 01:02:02 pm »

I found a bug!

So my mini PC had issues, I was playing with BIOS settings and accidently disabled one Ethernet adapter.
OPNsense booted, no interface in Interfaces, no sigh of it anywhere, as if it never existed.
Restart, go BIOS, enable adapter, boot OPNsense.
Interface is still missing from Interfaces, no sigh of it anywhere. Mine was the WAN one

I had to reset to default configuration to fix it. Maybe it is worth looking into, maybe not.
Cheers!

2

General Discussion / Dynamic DNS ddclient plugin not working for AWS R53.

« on: February 09, 2024, 08:30:37 am »

Looks like legacy plugin, dyndns, which worked perfectly with AWS, got dropped.

There is 25 pages long thread about ddclient issues:
https://forum.opnsense.org/index.php?topic=26446.360

I'm getting very strange errors, and the error srting "No address found for" is not even in source code ... How to debug it, please?


Or can we have legacy dyndns plugin back please?

Code: [Select]

2024-02-09T18:22:11 Warning ddclient No address found for 313-(redacted uuid)-483b3 [aws - ]
2024-02-09T18:16:59 Warning ddclient No address found for 313-(redacted uuid)-483b3 [aws - ]
2024-02-09T18:11:47 Warning ddclient No address found for 313-(redacted uuid)-483b3 [aws - ]
2024-02-09T18:08:13 Warning ddclient No address found for 313-(redacted uuid)-483b3 [aws - ]
2024-02-09T18:03:37 Warning ddclient No address found for 313-(redacted uuid)-483b3 [aws - ]
2024-01-17T12:35:04 Notice ddclient WARNING: file /usr/local/etc/ddclient.conf: file /usr/local/etc/ddclient.conf must not be accessible by others.
2024-01-17T12:35:04 Notice ddclient WARNING: file /usr/local/etc/ddclient.conf: file /usr/local/etc/ddclient.conf must be accessible only by its owner.
2024-01-17T12:35:04 Notice ddclient WARNING: file /usr/local/etc/ddclient.conf: file /usr/local/etc/ddclient.conf must be accessible only by its owner (fixed).
2023-12-20T11:04:17 Notice ddclient WARNING: file /usr/local/etc/ddclient.conf: file /usr/local/etc/ddclient.conf must not be accessible by others.
2023-12-20T11:04:17 Notice ddclient WARNING: file /usr/local/etc/ddclient.conf: file /usr/local/etc/ddclient.conf must be accessible only by its owner.
2023-12-20T11:04:17 Notice ddclient WARNING: file /usr/local/etc/ddclient.conf: file /usr/local/etc/ddclient.conf must be accessible only by its owner (fixed).


3

General Discussion / Set Date and Time using GUI. Feature request

« on: January 24, 2024, 06:32:48 am »

My router forgets date-time if it gets shut down. I believe its either incompatibility of RTC clock hardware with FreeBSD (OS not updating RTC clock) or battery (just replaced it or just my luck.

To set date back to correct one, I need to ssh into the box and issue "date" command.

It would be nice to set date and time using GUI. Thanks! And it is a great project!

PS: Box is Lenovo M73 (10AX) micro PC with added 2nd Eth card.

4

General Discussion / Dynamic DNS plugin os-ddclient not supporting Route53?

« on: July 21, 2022, 10:44:33 am »

I wanted to set it up, looked at docs, docs recommend os-ddclient. But seems it misses Route53 support.

The legacy plugin, os-dyndns, supports even two Route53s, lol, IPv4 and v6. But it complains "Please make sure to upgrade to os-ddclient before 22.7 is released as this plugin will be removed from our repository".

What am I missing, please?

5

General Discussion / Firewall - How to block one DHCP host from talking to Internet

« on: November 25, 2020, 01:34:33 pm »

I have an WiFi access point (AP) attached to OPNsense machine via ethernet.
AP gets its IP via OPNsense DHCP. AP's own DHCP server is disabled.
I want to prevent AP firmware phoning home to TP-Link.

What is the proper way to configure this in Firewall? How can I specify a DHCP lease (MAC address?) as a source in firewall rule?
OPNsense 20.7.5-amd64

6

20.7 Legacy Series / Lets Encrypt acme plugin - GUI problem

« on: November 21, 2020, 01:41:39 pm »

Hi guys.

Plugin works fine, issued and applied cert using dns-01 validation via AWS.

When I navigate to Services / Let's Encrypt / Settings I see two tabs: Settings and Update Schedule.
If I press Update Schedule it bypasses the list view and opens Edit Job window straight away.
Whatever I press in Edit Job window, Cancel, the x top right button, GUI jumps back to Settings tab.

There is no way to see list of scheduled jobs.

Thanks for great plugin, btw   OPNsense 20.7.5-amd64
----------------------
Mini guide to use the os-acme-client plugin:

1. Install acme plugin.
1.1 Enter hostname and domain name in System: Settings: General
2. AWS setup
2.1 Create IAM Policy, appendix a.1
2.2 Create AWS IAM User
3. In OPNsense GUI / Services / Lets Encrypt :
3.1 / Accounts - add new, type name, email.
3.2 Press icon that looks like user - registers Letsencrypt account
3.3 / ChallengeTypes add new
    Challenge Type: dns-01 challenge
    DNS Service:m Route53
    Sleep Time: 30
    AWS ID / Secret: keys from step 2
4. Create certificate
4.1 Services: Let's Encrypt: Certificates make new certificate
    Common Name: hostname.domainname from step 1.1
4.2 Press Issue button (and tail -f /var/log/acme.sh.log)
5. Enable all
    Services: Let's Encrypt: Settings - Enable Plugin
    System: Settings: Administration:  SSL Certificate - select Letsencrypt one.

a.1 Policy
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "route53:GetHostedZone",
                "route53:ChangeResourceRecordSets",
                "route53:ListResourceRecordSets"
            ],
            "Resource": "arn:aws:route53:::hostedzone/ZZZZHHHFFFRRR"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "route53:ListHostedZones",
                "route53:GetHostedZoneCount",
                "route53:ListHostedZonesByName"
            ],
            "Resource": "*"
        }
    ]
}

7

Tutorials and FAQs / Setting up home router for ISP with VLAN tagging (and PPPoE, and DoT DNS)

« on: March 21, 2020, 08:11:08 am »

Step by step configuring WAN with Vlan via OPNsense GUI
----------------------------------------------------------------

Assumptions:
Default install of OPNsense, Wizard was not run
Your WAN physical interface = re0
Your ISP Vlan Tag = 2

1. Interfaces – Other Types – VLAN = [ Iface: re0, Tag: 2, PCP: 0 ]. Create new interface re0_vlan2
2. Interfaces – Point-to-Point – Devices = [ Interface: pppoe0, Iface(s): re0_vlan2 ]. Create new interface pppoe0

Fill in ISP login/password here.

3. Interfaces – Assignments – WAN = pppoe0
4. Interfaces – WAN – IPv4 Configuration Type = PPPoE
5. Checks:
 - in Interfaces – WAN, that login/password been populated from pppoe0.
 - Lobby - Dashboard - Interfaces - WAN has IP address (public IP).
 - Lobby - Dashboard - Gateways - WAN_PPPOE has IP address (10.x).
 - Interfaces – Point-to-Point – Log file

DoT DNS using Unbound (exists in default install)
-------------------------------------------------------

6. in Services - Unbound - General - Custom Options, paste:
      server:
          tls-cert-bundle: /etc/ssl/cert.pem
      forward-zone:
          name: "."
          forward-tls-upstream: yes
          # Quad9
          forward-addr: 9.9.9.9@853#dns.quad9.net
          forward-addr: 149.112.112.112@853#dns.quad9.net
7. in System - Settings - General - DNS servers:
 - enter as first entry: 127.0.0.0, None
8. System - Settings - General - DNS server options - Allow DNS server list to be overridden by DHCP = uncheck


Enjoy



TPG specific notes:
login/password were different from my previous ADSL account: <oldlogin>@tpg.com.au / NoPassword (yes, 'NoPassword').

8

General Discussion / Netflow and InSight configuration

« on: July 08, 2018, 01:48:48 pm »

I tried to configure it, created
- Reporting/Netflow/:
  -- Interfaces - WAN
  -- Egress Only - WAN
  -- Capture Local - false (default)
In Reporting/Insight - No Data available.
Amended:
- Reporting/Netflow/:
  -- Interfaces - WAN, LAN
  -- Egress Only - WAN
  -- Capture Local - true
In Reporting/Insight - some graphs and pie charts appeared.

Now I thought, I'm only interested in WAN traffic, changed  "Interfaces - WAN, LAN" to  "Interfaces - WAN", pressed apply, router just died on me - no GUI response, not serving traffic. Rebooted - seems OK. Not sure is it a bug or just me.

Thanks a ton, and its best project ever

9

General Discussion / How to whitelist DNS queries ?

« on: July 06, 2018, 12:36:47 pm »

Hi.

I would like to whitelist DNS queries coming from LAN to external resolver.

Aim is to block DNS leaks while using VPN on internal machines. I want internal machines be able to resolve only few DNS records - my VPN provider's endpoints.

Is it at all possible? Thanks !

10

Hardware and Performance / [Solved] Wi-Fi Access Point Mode unavailable for internal adapter

« on: July 01, 2018, 11:17:02 am »

Hi.

I just installed 18.1 on my box with Intel mini PCI-e wifi card. I have iwn0 interface. I created clone of wireless interface iwn0_wlan1 in Wireless/Devices
In Assignments I assigned and enabled iwn0_wlan1 as WIFI.
In Interfaces/WIFI I see all the settings I need, but Mode has only 'Infrastructure (BSS)' and no 'Access Point' I need.
How can I enable Access Point, please?