Topics

Hi,
I'm running OPNsense 25.1.2 on a Trigkey G5 which uses the Intel N100 CPU.
At the command line I've run 'sysctl -a | grep temperature' and I get the following:

hw.acpi.thermal.tz0.temperature: 27.9C
dev.cpu.3.temperature: 45.0C
dev.cpu.2.temperature: 44.0C
dev.cpu.1.temperature: 44.0C
dev.cpu.0.temperature: 44.0C

At the same time the GUI is showing the CPU cores at 49C. Why is there a difference between the two results ?

Thanks

Hi,
I've been having a look around my Opnsense server and was hoping someone could explain what system information quality is showing me.

I've attached an image of what I get.
Thanks

Hi.
I've moved my config from an AMD GX-420CA system to an Intel N100 system, apart from updating the temperature sensors and adding the following tuneables, is there anything else I need to update or change to get the max performance out of this ?

net.isr.dispatch: deferred
net.isr.bindthreads: 1
net.isr.maxthreads: -1
net.inet.rss.bits: 2
net.inet.rss.enabled: 1

Speedtests seem good, may be 20/30Mbps slower than the ISP router.
Any tips for tweaking the last bit out of the connection ?

I have IPSec and WireGuard VPNs configured, do I need to do anything else for them ?

In plugins I have two entries in red.
os-realtek-re (missing)
os-udpbroadcastrelay (missing)

I don't need either of those, how do I clear the red entries ?

Thanks

Hi.
Just moved config from opnsense 24.x ( I was one version behind the latest 24 ) running on an older server, to a new N1000 based server running 25.1

Phase1 will come up for a while, phase2 doesn't. Then phase1 will drop.
Have there been any major changes that would stop the IPSec VPN from working ?

Also do I need to configre System: Settings: Miscellaneous:  Hardware acceleration ?
Currently this is set to none, should it be set to anything for the N100 ?  Not sure if it matters I also have a wireguard VPN.

Thanks

Hi
Today I've spent some time doing some housekeeping and general tidying up on my firewall.

I've noticed an interface called OPT5, but I don't know what this is.
It seems to be using the same interface as my WAN.

Can anyone advise what this is, and if it is needed or can it be removed?

Thanks

Hi,
I'm looking at buying one of these to connect via PPPOE to a 900Mbps/100Mbps FTTP circuit.
https://www.aliexpress.com/item/1005004360072281.html

I'll add 16GB ram and 128GB SSD.

Does anyone see any issues with this, or could suggest a better alternative.

Thanks

Hi,

My OPNsense is currently configured with multiple interfaces, I need to allow multicast between two of them.

LAN  192.168.1.x
OPT1 10.10.10.x ( wifi )

Routing of traffic between these interfaces is working well, but I have devices in both ranges that send and receive multicast so I need this to pass between the two.

Ideally I'd like to specify what multicast IP addresses and ports are allowed, but it's not an issue if I have to allow all multicast.

Can someone advise how to do this, or are there any guides on how to set this up.

Thanks.

Hi,

My dashboard is showing Insight Aggregator as stopped.

Looking at: SYSTEM: LOG FILES: GENERAL I get:

Code Select Expand

flowd aggregate died with message Traceback (most recent call last): File "/usr/local/opnsense/scripts/netflow/flowd_aggregate.py", line 160, in run aggregate_flowd(self.config, do_vacuum) File "/usr/local/opnsense/scripts/netflow/flowd_aggregate.py", line 80, in aggregate_flowd stream_agg_object.add(copy.copy(flow_record)) File "/usr/local/opnsense/scripts/netflow/lib/aggregates/interface.py", line 75, in add super(FlowInterfaceTotals, self).add(flow) File "/usr/local/opnsense/scripts/netflow/lib/aggregates/__init__.py", line 185, in add self._update_cur.execute(self._update_stmt, flow) sqlite3.DatabaseError: database disk image is malformed

I've gone into REPORTING: SETTINGS and tried Repair Netflow Data, and then Reset Netflow Data.  Neither have made a difference.

Any idea how I resolve this ?

thanks.

Hi

I had some strange network issues yesterday when one gateway had packet loss.

My WAN is PPPoE and I have a Wireguard VPN to Private Internet Access

OPT1 LAN - 192.168.1.x
OPT3 Wifi - 10.10.1.x

All LAN devices use the WAN as there default route, all wifi devices use the PIA wireguard VPN.
This is all working well and has been stable for quite a long time.

Yesterday all devices started having intermittent issues accessing the internet. My PC connected to the LAN had issues with putty sessions and SIP Phones which would disconnect and instantly re connect.  Ping would drop a couple of packets and then carry on as normal. My WAN connection has been up for 32+ days and all looks fine.

What I noticed was the PIA Gateway was reporting packet loss, once that hit 20% the PIA connection went down and the network devices, LAN & wifi, had a short session of issues.  Once PIA connected again it all worked fine until the next session of packet loss.

I disabled Gateway monitoring on the PIA gateway and that seemed to stop the issues. I've since changed the PIA server I connect to and that seems to have resolved the issue and Gateway monitoring is working fine.

While this was happening CPU usage on my firewall was around 10%, memory @ 6% and no issues with disk space.

Why would one gateway having packet loss affect another gateway ?
Any ideas how I can investigate this ?

Thanks

Hi
I currently use the wireguard PrivateInternetAccess script from FingerlessGlov3s to manage my PIA connection.

I've started seeing a lot of packetloss regardless of which server I connect to, so I was hoping there may be a similar script for another VPN provider.

Is anyone aware of such a script ?

Thanks

Hi,

Once a connection is established with WireGuard the peer appears with data in the List Configuration.

Once the connection has been terminated the peer remains and shows the same as when connected, but the
'latest handshake' time obviously increases.

Is there any way to reset the peer details when the client has disconnected and the latest handshake is above xx minutes ?

I think this would make it easier to see if the client is still connected to the server.

Thanks

Hi.

I've installed and configured WireGuard on my android phone. On the phone I enable the VPN and in OPNSense VPN / WireGuard / List Configuration I see my 4G IP Address showing and the VPN connection appears to be fine.

On the phone I disable the VPN, but List configuration shows it still active and data is still passing and I can connect via the VPN even though it is turned off on the phone.

On the handset how do I disable the VPN connection so it actually goes off ?

Thanks

Hi.
I'm trying to setup remote access into my LAN and have had no luck with openVPN or Wireguard.
Currently I have an IPSEC Site to Site VPN setup and a WireGuard VPN to PIA. These work fine.

I'm now trying to allow two users access into the LAN.

With openVPN when I ran through the wizard I got the following error:

Code Select Expand

Fatal error: Uncaught ArgumentCountError: Too few arguments to function cert_create(), 7 passed in /usr/local/etc/inc/plugins.inc.d/openvpn/wizard.inc on line 631 and exactly 8 expected in /usr/local/etc/inc/certs.inc:212 Stack trace: #0 /usr/local/etc/inc/plugins.inc.d/openvpn/wizard.inc(631): cert_create(Array, '608f2359d911a', '2048', '397', Array, 'sha256', 'server_cert') #1 /usr/local/www/wizard.php(155) : eval()'d code(1): step12_submitphpaction() #2 /usr/local/www/wizard.php(155): eval() #3 {main} thrown in /usr/local/etc/inc/certs.inc on line 212

I re tried and each time got the same error.

So I decided to try wireguard. I've followed this guide: https://www.youtube.com/watch?v=gNyIACWc60w and all seemed well but there was no connection. Looking in the logs I don't even see an attempt to connect. So I've removed the settings and tried again.

Following this guide https://www.youtube.com/watch?v=FglE8aQua5o, I can get so far, but when it shows the auto added WAN rule, that doesn't happen for me and I'm not sure what to add.

Does anyone have a guide to setup either openVPN or WireGuard so I can allow a couple of family members remote access ?

Thanks

Hi.

Today I've finally got my opnsense box online and working.

Most things seem to be working well, but I have two android clients who have an issue access several sites but ONLY when routing via PIA Wireguard.

All wifi clients access via the same access points, get there IP Address & DNS details from the same DHCP server and route out via the same PIA wireguard VPN.

I've got my phone and my tablet sat in front of me. My phone seems to be able to get anywhere, my tablet is the one having troubles.

Phone has the IP Address 10.10.10.10, Tablet 10.10.10.1
Both have the default gateway as 10.10.10.1 ( opnsense )
Both have DNS server as 10.10.10.1

On my phone I can go to tumblr and log in, on my tablet I can get to the site but login times out.
There are various web sites that work for the phone, but not for the tablet.

There are no specific rules configured, all traffic is routing via the PIA VPN. If I taken them off the VPN then it works..

Anyone had any issues with this, or any idea who to start looking in to it ?

Thanks

Hi,

Currently I'm running on a Qotom J1900 box with 8GB Ram and 128SSD.

Most things seem to be fine, but I'm getting the odd slow issue on a wireguard VPN.
It's not all the time, so I do think it could be the PIA server I'm connecting to.
However, is a J1900 OK for a 80/20 FTTC circuit doing PPPoE, 1 x IPSEC, 1 x Wireguard VPN and multiple clients ?

I've moved from pfsense which is running on a GX-420CA ( aes-ni supported ) with 8GB, 128GB SSD, 2 x Intel gigabit nics and 2 x Realtek gigabit nics with the same config. I've not had any issues with that box or the nics. 

Would that be a better box to run opnsense on ?

Thanks

Hi,

I used FingerlessGlov3s OPNsensePIAWireguard script to set up my VPN.
All that is working fine, but I'm getting some pages not loading and others are very slow.

I wondering if it's the PIA server I'm using so would like to change it.
Can any one advise how to do this ?

Thanks

Hi.

I have DHCP v4 configured on my LAN and its set to with two DNS Servers 192.168.1.1 & 1.1.1.1
192.168.1.1 is the IP Address of the opnsense server.

However DHCP requests are returning two DNS servers:
6 (Domain Name Server Option): 192.168.1.1, 8.8.8.8

Anyone know why a Google DNS server is being shown, and not cloudflare ?
Are there any config files I can check ?

Thanks

Hi,
My opnsense has:

LAN: 192.168.1.1 /24
OPT1WIFI: 10.10.10.1 /24

Devices connecting via Wifi get a DHCP IP Address in the 10.10.10.x range and I have rule on OPT1WIFI that routes all traffic out via my Wireguard PIA VPN. That seems to work fine.

But I'm having an issue allowing a Wifi device access to the LAN.. the traffic is sent out via the PIA Gateway not to the local device.

These are the rules I have configured on OP1WIFI.

• Block IPv6 mDNS
• Stop wireless clients getting to OPT2
• Any wifi client can access the LAN printer
• Specifc Wireless devices don't use the VPN
• Block anything that isn't in the AllowedList from the LAN
• Set the default gateway.

These rules are copied from a working pfSense, which I'm trying to move away from.

The wireless devices I've tried are in the AllowedList, but a traceroute from them shows the traffic is being sent via the WAN_PIAWG gateway, not to the local LAN device.

How do I only allow the 'AllowedList' access to the LAN ?

What I'm trying to achieve is set all wifi devices to use the VPN, except a chosen few.

Thanks

Hi.
I've moved from pfSense and everything seems to be working fine except DNS.

The firewall is on 192.168.1.1

I've got Unbound DNS enabled and configured as:
Network Interfaces: LAN, OPT1, OPT2, WAN_PIAWG
DNSSEC: enabled
IPv6 Link-Local: enabled
Local Zone Type: transparent
Outgoing Network Interfaces: WAN

In unbounds access list there is an entry for 192.168.1.1/24

My PC has it's DNS set as: 192.168.1.1 & 1.1.1.1

On the PC if I do: 

Code Select Expand

nslookup bbc.co.uk 1.1.1.1 or

Code Select Expand

nslookup bbc.co.uk 8.8.8.8 
I get the expected responses.

If I do

Code Select Expand

nslookup bbc.co.uk 192.168.1.1 I get:
;; connection timed out; no servers could be reached

At the command prompt on the firewall I can ping bbc.co.uk

Can anyone point me in the right direction to get this working correctly.

Thanks

Hello

I'm coming from pfSense where I use limiters and schedules.

My son children has an xboxone and I currently have a limiter configured to restrict the bandwidth he uses.
He has found this has stopped him getting lag and buffering.  Is there anyway to do this and only apply it to one or two IP Addresses ( alias list ) ?

My other son, has a NAS drive which he uses to backup uni work. I have a limiter running on a schedule to restrict how much bandwidth it uses during the day, and then allow it full bandwidth at night. So 0800 - 2300 it is limited outside of that its not.

Is there anyway to do this ?

Thanks