Topics

1

Zenarmor (Sensei) / Opnsense box stops getting wan IP after 15 or 20 days - Zenarmor error

« on: April 30, 2022, 04:57:17 pm »

I am running 21.1.6.
I have experienced twice in last month an a half that my router stopped receiving IPV4 WAN address from the AT&T pass thru modem. It does not lose the IPV6 address.
I had to reboot to get it back up and running.

What could cause this?
For troubleshooting this, what logs should I be looking into? I have Zenarmor- Sensei setup for LAN interface, and this is what I saw in the System Diagnostic Activity. Can this be the reason, "HeapDumpOnOutOfMemoryError"?
My box has 8 GIG of memory and Intel core i5 2.30 GHZ 4 core cpu.

• /usr/local/openjdk8/bin/java -Xms2g -Xmx2g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+AlwaysPreTouch -server -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -Djdk.io.permissionsUseCanonicalPath=true -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Dlog4j.skipJansi=true -XX:+HeapDumpOnOutOfMemoryError -Des.path.home=/usr/local/lib/elasticsearch -cp /usr/local/lib/elasticsearch/lib/* org.elasticsearch.bootstrap.Elasticsearch -d --pidfile=/var/run/elasticsearch/elasticsearch.pid -Epath.conf=/usr/local/etc/elasticsearch{VM Periodic Task Th}

2

General Discussion / Opnsense box stops getting wan IP after 15 or 20 days

« on: April 28, 2022, 05:50:12 pm »

I am running 21.1.6.
I have experienced twice in last month an a half that my router stopped receiving IPV4 WAN address from the AT&T pass thru modem. It does not lose the IPV6 address.
I had to reboot to get it back up and running.

What could cause this?
For troubleshooting this, what logs should I be looking into? I have Zenarmor- Sensei setup for LAN interface, and this is what I saw in the System Diagnostic Activity. Can this be the reason, "HeapDumpOnOutOfMemoryError"?
My box has 8 GIG of memory and Intel core i5 2.30 GHZ 4 core cpu.

• /usr/local/openjdk8/bin/java -Xms2g -Xmx2g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+AlwaysPreTouch -server -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -Djdk.io.permissionsUseCanonicalPath=true -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Dlog4j.skipJansi=true -XX:+HeapDumpOnOutOfMemoryError -Des.path.home=/usr/local/lib/elasticsearch -cp /usr/local/lib/elasticsearch/lib/* org.elasticsearch.bootstrap.Elasticsearch -d --pidfile=/var/run/elasticsearch/elasticsearch.pid -Epath.conf=/usr/local/etc/elasticsearch{VM Periodic Task Th}

3

General Discussion / PiHole and Opnsense - which IP to use in the Opnsense System --> General DNS fi

« on: February 02, 2022, 01:14:29 pm »

I have a simple setup of Opnsense+PiHole.
I have assigned the IP of my PiHole to the DNS field in DHCP of Opnsense.
Should I use PiHole's IP in the System- Setting - General in the DNS field or use something like 9.9.9.9 in the system DNS box?

4

General Discussion / LAN and IOT VLAN firewall rules

« on: January 18, 2022, 03:11:16 pm »

I have created a LAN and VLAN-IOT setup for my home office.
I simply want VLAN-IOT subnet to just have internet access but not the LAN access.
I am not an IT person and not sure the rules I created, with help of the Opnsense forum and internet, are valid and protects my network.

I would appreciate any feedback.

LAN Rules


IOT Rules


Aliases

5

Intrusion Detection and Prevention / Intrusion Prevention System setup in my firewall

« on: January 08, 2022, 04:40:41 am »

I am planning to follow this guide to enable Intrusion Prevention System using this guide. Will this give me basic protection?

https://homenetworkguy.com/how-to/configure-intrusion-detection-opnsense/#_

6

General Discussion / How do I undo a static mapping

« on: September 26, 2021, 04:32:23 pm »

I static mapped a MAC address from DHCPv4 --> Leases.
I don't see this MAC any where in here but the device is functioning.
How do I undo the static mapping?

7

General Discussion / Creating Alias for PiHole and VLAN questios

« on: July 25, 2021, 07:44:40 pm »

I am setting up a new SOHO for my own use and I'm trying to move from my existing setup of one LAN for my home user and a VLAN for the IoT devices.
All my gears with static IP are residing in the LAN.
The devices are
Opnsense router: 192.168.4.1
Unifi 60W managed switch:192.168.4.2
Unifi AP-AC lite: 192.168.4.3
PiHole: 192.168.4.4
Unifi controller: 192.168.4.6

IoT VLAN20: 10.0.20.0/24
User VLAN 10.0.10.0/24

My goal is to keep all the devices and IPs as is. I already created a new VLAN10 where all the users laptops and pcs will be using VLAN10.

I have already created rules to block VLANs to access each other and LAN.

I created an alias for the Piholes and a allow rule to have my VLAN access it. I also have a rule to block any other DNS services for the VLANs.

I need to figure out 2 things:
1. How do I keep the printer in the LAN and have VLAN users share it?
2. For creating 2 Piholes alias what is the "Type" in the alias window? Is it hosts or networks?

For Type should it be Hosts in the dropdown or Networks?

8

General Discussion / Help with firewall - trying to setup LAN, VLAN10 & VLAN20

« on: June 06, 2021, 11:45:04 pm »

This is what I'm trying to setup but I think I need to do something in the firewall to allow PiHole DNS and other devices from Lan to VLAN10 access.

LAN 192.168.4.0/24 -MGT
VLAN10- 10.0.10.0/24 -0 family use, laptop, PC etc
VLAN20- 10.0.20.0/24 - IoT
PiVPN 192.168.4.0/24 subnet. I want to open port for 51826 in the firewall and port forward to PiVPN IP address.

I have the following setup using static IP in 192.168.4.0/24 network - Route, Unifi switch, 2 Unifi AP-AC Lite access points, Pihole, printer.
2X Unifi access points have already been setup with Vlan10 & Vlan 20 profile. One SSID for home use another for IoT.

I want to use the Pihole from my management subnet to Vlan 10 for it's DNS and ad blocker. The Lan and Vlan10 can talk to each other, I don't need to restrict this. I'm trying to make it simple.
IoT Vlan20 will use DNS 8.8.8, no need for PiHole access.

Now, what would be the most simplest way i Can implement this? I probably need some firewall rules but not sure how to.

9

General Discussion / Getting IPv6 DHCP server is running error when it's not running

« on: January 14, 2021, 02:44:05 pm »

i was looking into enabling IPv6 and for some reason now I can't stop the IPv6 dhcp server.
On the dashboard it shows the ipv6 dhcp server/service is not running but if O try to save the ipv6 settings under interface Lan to "none" from "dhcp6" it tells me the dhcp6 server is running and that needs to stop first.
I looked everywhere, unchecked it under firewall rules and rebooted the router but still seeing the error.

10

General Discussion / How to export only the firewall rules

« on: January 11, 2021, 01:21:06 am »

How do I export the entire firewall /aliases rules so I can post it on a forum for specific suggestion?
I tries the export option but that did not give me the entire firewall rules in a format I can use.

11

General Discussion / Where in Opnsens do I enter IPV6 DNS server address

« on: January 10, 2021, 06:16:55 pm »

I have Pihole as my DNS server.
I have setup under DHCPv4 with Pihole IP address in DNS Server field and it's all good.
On the other hand, My WAN and LAN clients are getting IPv^ address and the IPv^ test comes back as"working".

What I'm facing with now is where in Opnsense do I enter the IPV6 IP address of my Pihole so any lan clients using IPv6 with do thru Pihole DNS?

12

General Discussion / How do I rearrange the dashboard

« on: December 11, 2020, 03:13:06 am »

As I'm adding widgets in my dashboard they are all stacking on the right side. How can I move some of these of to left where I have empty real estate?
Here's a screenshot.

13

General Discussion / How do I add dhcpd6 in dashboard under services

« on: December 05, 2020, 04:45:48 pm »

I looks like my ipv6 is somewhat working, I'm seeing ipv6 addresses and also seeing ipv6 address for devices in ipv6 lease.
Why this does not show in my dashboard? if I try to add it manually by clicking the pencil and save it still does not add in the lists. added.

14

General Discussion / What entry should be in /etc/resolv.config

« on: July 27, 2020, 03:08:09 am »

I have a lan network which is used by my middle schooler so I use PiHole with OpenDNS family shield.
The VLAN is used by my daughter for her home office and I don't want any DNS filter blocking her from accessing work related stuff, so I have google DNS setup in the VLAN she connects.

Here's the setup;
LAN 192.168.4.0/24 Dhcp service DNS 192.168.4.2 (PiHole)
VLAN 10.0.8.0/24    Dhcp service DNS 8.8.8.8

System --> settings --> general --> DNS server "none"

What shoud be in /etc/resolv.config
     nameserver 127.0.0.1
     or
     nameserver 8.8.8.8
     or
     nameserver 192.168.4.2
     or wharever
 

15

General Discussion / Pi-hole DNS setup with Opnsense

« on: July 16, 2020, 01:24:09 am »

I have 2 Pi-hole I want to implement on my home network.
here's my network layout. What would be the best way to setup everything?

LAN- 192.168.4.0 - home network
DNS 1 - 192.168.4.200 -Pi-hole#1
DNS 2 - 192.168.4.201 -Pi-hole#2
=========================
VLAN IOT - 10.0.20.0/24
DNS 1 - 8.8.8.8
DNS 2 - 8.8.4.4