Topics

I've just updated to 25.1.5_4 and after the reboot the NTP service doesn't start, anybody's seeing a similar behaviour?

I've attached some errors from the log, if it can help.

Tia.

[doktornotor]

I've followed the instructions by doktornotor here and that seems to work.

The issue I have (and I don't know what the root cause is) is that the modem GUI interface I created negotiates at 100 Mb/s rather than 1000 Mb/s: why on earth this is happening?

Tia.

I read the official article of how to import an existing configuration, and it seems quite straight forward.

I also came across with this post where the OP stated the importer doesn't work as expected and he used a workaround - has anybody used the  importer and in case can confirm whether or not it works as in the guide?

Tia.

I've set up two wireguard instances, one for ProtonVPN and one for Mullvad (and they both work), what I don't understand why on the dashoboard under gatewaus I can't see the Mullvad entry, any suggestions?

Tia.

[/var/log RAM disk]

I have upgraded my device to 16GB of RAM, and considering my OPNsense uses around 1.5GB (give or take), I was thinking to enable both /var/log RAM disk & /tmp RAM disk options (so I can avoid some writes to the SSD) - apart from the fact I will lose the logs on reboot, any drawback I have to be aware of?

Tia.

I'd want to allow only two devices within the LAN to access the OPNsense gui (and ssh too), can someone explain to me how do I do that?

Tia.

[let out anything from firewall host itself (force gw)]

I've configured Unbound with DoT and Quad9 servers (9.9.9.9 & 149.112.112.112), and looking at the firewall live view on the WAN interface, I see continual calls to those servers on port 53 (and not 853) where the source is my WAN IP address, the destination is the Quad9 server and the label is "let out anything from firewall host itself (force gw)"

Similarly, if I filter port 853, i see the same type of output, i.e. source is my WAN IP address, the destination is the Quad9 server and the label is "let out anything from firewall host itself (force gw)"

I'd want to know if that's normal beavhiour or there is something wrong in my configuration.

Tia.

I've decided to test the (new) Kea DHCP service and I've added 10 hosts an in the 'Reservations' section, so far so good.

What I don't understand is that if I click on 'Leases DHCPv4' menu, I see all those hosts with a Lifetime of 86400 (which is the default value for hosts with no reservation), and they actually expire within 24 hrs, hence I'm confused, why is that?

Tia.

[Dynamic gateway policy]

While configuring a WG interface, I'd like to understand whther or not we should enable the feature Dynamic gateway policy.

Tia.

[net.inet.rss.bits]

While reading the document https://docs.opnsense.org/troubleshooting/performance.html I decided to enable RSS (my appliance has got 4x i225 ports and a Celeron J4125, 4 cores) and after reboot I've noticed that the value of net.inet.rss.bits is set to 3: just courious to understand why consdering that before enabling RSS the value was correctly set to 2...  ::)

Also, I read in the guide that if RSS is enabled with the 'enabled' sysctl, the packet dispatching policy will move from 'direct' to 'hybrid'. But not for me as even after rebooting, the dispatching policy is still 'direct', and should I set a tuneable to change that to 'hybrid'? Or would it be better to change that to 'deferred' considering my connection is PPPoE?

Tia.

[WireGuard Selective Routing to External VPN Endpoint]

Still a lot to learn, so please educate me: by reading the official document WireGuard Selective Routing to External VPN Endpoint it seems there is no need to create a firewall rule for the DNS, and the only mention is at the very end of the document but just relating to DNS leaks (so I read it as optional):

1) why is there no need for firewall DNS rule?

2) as for the very last paragraph/note, I was expecting also the need to specify the destination port range i.e. DNS/DNS, but why is it not the case?

On a separate note, in the instance WG configuration there is a DNS servers setting, but it's not mentioned on any documentation, so what is that for?

I'm testing protonVPN which has been configured for LAN2 of my appliance (all the devices connected to LAN2 will go through the VPN) and I have still doubts how to best configure DNS: I have attached both the port forward and the LAN2 firewall rules, could someone kindly let me know if I've done it correctly?

Also, the first rule of the firewall rules (the DNS one), is it necessary or it's redundant?

Tia.

[rdr rule]

I have configured my LAN2 interface with Wireguard (testing ProtonVPN) and looking at the firewall -> log files -> live view I've noticed a few rdr rule entries, could someone please explain what is an rdr rule?

Tia.

I have configured one of my appliance ports to use ProtonVPN and I followed the official instructions including this: https://docs.opnsense.org/manual/how-tos/wireguard-client-proton.html#protonvpn-dns-leaks

I have only a smart TV connected to that port (LAN2), with a static IP address of 192.168.10.16 (for ProtonVPN is then 10.2.0.2).
Using the embedded browser, I've checked any potential DNS leaks browsing to www.dnsleaktest.com website, and no leaks occur (it only detects the ProtonVPN server).

In ISC DHCPv4 for LAN2, I have included the DNS server as the Proton one - 10.2.0.1

Now, if I look at the Firewall -> Live View of both the above IP addresses + port=53, I see the smart tv querying not just the ProtonVPN IP address (10.2.0.1) but also Google DNS servers, how is that possible?

Any suggestions would be much appreciated.

Tia.

[htpasswd]

I tried to install htpasswd but I got the message that's not been found in the repositories, is there a workaround to get it installed?

Tia.

I'm running 23.7.12_5 installed on two Transcend SSD 128GB (ZFS), one 2.5" SATA and one mSATA, and looking at my dashboard (SMART Status), I've noticed one SSD has disappeared, and I suppose it means one drive has failed, am I correct?

How do I understand which one has failed?

Tia.

Decided to uninstall Zenarmor and after rebooting OPNsense 23.7.8_1 I saw a plugin missing notification, how so?

Tia.

I've created a VIP (see picture) on a different subnet than my LAN net (192.168.0.1/24), and I can't understand how to make that IP visible (the modem I need to reach is on 192.168.2.1) e.g. pingable from a device within my LAN: could someone  please guide me?

I believe I have to create an NAT outbound rule, what exactly?

Tia.

[System -> Configurations -> Backups]

I wasn't able to find an explanation of what that option in System -> Configurations -> Backups exactly does: could someone shed some light?

Tia.

As per subject, is that possible? After the upgrade to 23.7.6, the cicada theme has lots of displaying issue and I can't even change to the default theme from GUI (all the drop-down menus don't work), hence I'm hoping I can do that from CLI.

Tia.