Topics

Hi,
I just upgraaded to 25.7 and noticed that under "System ==> Configurations ==> Backup" there are no settings for automated backups or Google Drive backup.

Did this feature got deprecated, relocated elsewhere in the UI or there are alternatives for automated backup?

Please point me in the right direction.
Thanks,

Pankaj

PS: On the "Backups" tab I only see three options - 1) Backup counts, 2) Download and 3) Restore.

This is a basic question about my network configuration and just want some input if I'm overcomplicating things.

My setup:
1.   OPNSense running on a firewall appliance which has six (6) ports, one used for WAN and the other five (5) are running their own subnets with VLAN tagging. With the exception of "Guest WiFi", each DHCP assigns a static IP address based on the MAC address of the device.
2.   In 2020, I started automating my home and was adding new devices on my home LAN aggressively. In the beginning I'd some network congestion which inhibited few of the IoTs, so I started assigning all of my IoTs static IP addresses in their respective configuration files.
3.   Now I've close to 100 IoTs installed throughout the house and I'm questioning the need to duplicate the effort of defining static IP address (against MAC) in the FW and in the configuration for each IoT device.

Question: Since all the IoTs are on one dedicated VLAN (with its own WiFi router), will I experience any network congestion if I configure each IoT in "DHCP" mode and let OPNSense dictate the static IP address assignment based on the IoT's MAC address.

I'll appreciate any pointers from others who may have more insights on network topologies or personal experiences.
Thanks.

I just upgraded to 24.7.1 and love the new dashboard UI, the pie charts and graph visualizations are quiet pleasant...well done team!!

But there is one part i.e. "Interface Statistics" where I liked the old theme table because it was easier to read the stats on "Errors In" and "Errors Out" across all interfaces at a glance but now have to hover mouse on each interface manually.

It is not a big deal but is there way for me to restore the tabular representation for "Interface Statistics" in the Lobby Dashboards?

Hi,

I've OpenVPN server running on my home network that has 4 underlying VLANs. The server is configured to provide access to all the four VLANs.

https://imgur.com/a/8Ec6y6i

Based on my understanding of OpenVPN documentation, it is possible to restrict a certain client (say user-A) to a subset of the networks. For instance, I created an override for user-A and added following in the CSO:
https://imgur.com/a/hfqZXW7

But user-A is still able to access all the VLANs so either CSO is not working or I understood it incorrectly from the documentation.
I'll appreciate any pointers or anything done incorrectly above.
Thanks.

Hi,

I just ran a Nessus scan on my home network and it showed a "medium" vulnerability for NTP service running on OPNSense. I am not sure what to make out of this output but hoping someone can take a look at it and guide if this is serious and how to plug if necessary.

My hesitation to tweak the NTP settings is due to the fact that few months back I had lots of issues with my IoTs related to NTP service (which I blocked for outside access) and forced the IoTs to use the NTP server running on OPNSense box.

Thanks,

Hi,

On my home network I run OPNSense with VLANs and there are no untagged ports on the firewall appliance. A friend of mine runs an IT company and has given me access to his LAN via a Fortinet client so that I can backup my stuff on his LAN.

After connecting to Fortinet client when I check fast.com for speed, I get 940 Mbps. But when I try to rsync files with
following command:

Code Select Expand


rsync -avz --progress <src> <dest>

I only get 6 Mbps for upload and 4Mbps for downloads.

My computer is running on nvme card and at the other end the backup end point is a Qnap NAS.

Is there a way to figure out why the speeds are so slow and if there is a way to speed things up?

Hi,

I just re-designed the entire home network from scratch with VLANs and removed all untagged interfaces and unmanaged switches. There seems to be an improvement in network performance and see minimal broadcast traffic on ntopng so seems like the project was totally worth it.

Also noticed that the stats in the dashboard for network interfaces have not changed in last one week, that seems odd but I am not expert so thought I'd ask here. Thoughts?

Is there a way to reset the stats for network interfaces in the dashboard?  Does any one know for what time duration (24h, 1 week, 1 month etc) these stats represent?

Thanks,
Pankaj

Hi,
The community edition of ntopng allows up to 5 interfaces for monitoring which is plenty for home users like me.
But the plugins for OPNSense plugin for ntopng only allows one interface, just curious if this is by design or an oversight?

Thanks.

Hi,

I am using Unbound DNS which is working fine but seems like the option to use it for machines on the LAN is optional as I was able to select a DNS server of my choice.

Code Select Expand


pm@mhome:~$ nslookup
> ibm.com
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: ibm.com
Address: 96.6.233.216
Name: ibm.com
Address: 2600:1406:3c:389::3831
Name: ibm.com
Address: 2600:1406:3c:38a::3831
> server 8.8.8.8
Default server: 8.8.8.8
Address: 8.8.8.8#53
> ibm.com
Server: 8.8.8.8
Address: 8.8.8.8#53


Is there a way to force LAN clients to use Unbound DNS and not be able to go to the WAN side for DNS queries?
Thanks.

If I've a router in AP mode and OPNSense is handling DHCP with two VLANs say:

1) IoTs: 192.168.1.*
2) Guest: 192.168.2.*.

The router will be assigned a 192.168.2.0/24 static IP address in this setup.

Would devices from Guest subnet (if given correct SSID/password) be able to get on the WiFi?

PS: I don't want to configure all this only to find out that it does not work so thought I will just ask here!

Hi,

I just upgraded to 22.7.2 and noticed an error that backups are failing on Google drive:

Code Select Expand


The following input errors were detected:

{"error":"invalid_grant","error_description":"Invalid JWT Signature."}
Saved settings, but remote backup failed.


Is anyone else facing the same problem?
Thanks.

Hi,

I have 5 cheap L2 Trendnet switches (https://www.trendnet.com/products/edgesmart-switch/8-port-gigabit-EdgeSmart-switch-TEG-S80ES) that I would like to deploy on home network behind a Qotom device (6 ports) running OPNSense. First I tried the topology shown in diagram-01 below but only switch-A worked in this case. The VLANs on switch-B could neither access VLANs on switch-A nor OPNSense.

As an alternate, I'm thinking of combining the unused ports on OPNSense device to create a bridge and create VLANs on the bridge and connect each port of OPNSense to corresponding VLAN port on switch-A. And use port-1 on both switches to connect each other.

I'd need to take down my network to even try this one, so wanted to check in this forum if anyone has faced the same problem as I did in diagram-1 and if the alternate topology (diagram-2) will work in theory.

Thanks.

Hi,

I've a VLAN for IoTs that have about 70 static IPs assigned for different IoTs across the house. And I need to move this VLAN to another interface on the FW box.

Is there a way to download/upload the static IP assignment under DHCP? In worst case, I will have to type or copy/paste all the assignments manually but was curious if there is an easier/reliable way out of this.

Thanks.

Hi,

I was browsing the page at https://opnsense.org/about/road-map and just curious if there is a list of planned features for Jan 2023 release?

Thanks,

PS: the list overall is very impressive so hats off to the entire OPNSense team for staying the course with development work over last several years!

Hi,
I've installed Ntop's community edition, using Ports and it is working fine. The Community Edition restricts the number of interfaces to a maximum of 8. Here is the information on interfaces on OPNSense machine:

Code Select Expand


root@OPNsense:/var/db # ntopng -h
Available interfaces (-i <interface index>):
   1. igb0
   2. igb1
   3. ovpns1
   4. igb2
   5. igb3
   6. igb4
   7. igb5
   8. igb1_vlan20
   9. igb2_vlan30
   10. igb3_vlan40
   11. igb0_vlan100
   12. lo0


The max limit of 8 interfaces is enough for me but the ones that I need i.e. 9, 10 & 11 are not getting picked up. So edited "/usr/local/etc/ntopng/ntopng.conf " file and added following lines:

Code Select Expand


  -i=igb1_vlan20
  -i=igb2_vlan30
  -i=igb3_vlan40
  -i=igb0_vlan100
  -i=igb4
  -i=igb5
  -i=ovpns1


The above interfaces are less than 8 but when I restart the console shows following logs:

Code Select Expand


28/Jun/2022 22:19:10 [Prefs.cpp:1950] ERROR: Too many interfaces (8): discarded igb2_vlan30
28/Jun/2022 22:19:10 [Prefs.cpp:1951] ERROR: Hint: reset redis (redis-cli flushall) and then start ntopng again
28/Jun/2022 22:19:10 [Prefs.cpp:1950] ERROR: Too many interfaces (8): discarded igb3_vlan40
28/Jun/2022 22:19:10 [Prefs.cpp:1951] ERROR: Hint: reset redis (redis-cli flushall) and then start ntopng again
28/Jun/2022 22:19:10 [Prefs.cpp:1950] ERROR: Too many interfaces (8): discarded igb0_vlan100
28/Jun/2022 22:19:10 [Prefs.cpp:1951] ERROR: Hint: reset redis (redis-cli flushall) and then start ntopng again


So seems like Ntop is still using the default interface list instead of the ones specified in "/usr/local/etc/ntopng/ntopng.conf".

Does any one has any idea what I might be doing wrong here or how to make Ntop use the interfaces selectively.
Thanks,

Pankaj

@franco I found one of your old post where you suggested using opnsense-code instead of portsnap

Code Select Expand


# opnsense-code ports
# cd /usr/ports


I am using this to install ntop community edition as the binary keeps installing the enterprise version with free trial expiring in 10 minutes! One question in case you can provide some guidance:

How do I maintain this repo going forward? And what commands do I use to update it? This device is the front end for the entire house to hesitant to experiment and will appreciate your input.
Thanks.

Here is my home network topology:

1. The wire from the utility company comes into a junction box and from there an ethernet cable comes to my desk and gets plugged into the ISP modem which provides the WAN port for the OPNSense device.
2. From my office desk there is another ethernet wire going to the utility junction box, lets call it "Return Wire" for clarity.
3. Each room in our house has a wall socket with a RJ45 cable running to the utility junction box, I've connected all of these wires and the "Return wire" with an unmanged switch.
4. Most rooms do not need the connection and there are only two rooms (living and family) which has multiple devices across multiple VLANs.

My OPNSense device has 6 ports, one is assigned to WAN (port-6) and this is what I did for the 5 LAN ports:

5. Assigned VLANs on port 1-4, these ports do not have any untagged interface.
6. Running an untagged interface on port-5
7. After OPNSense device, I attached an unmanaged switch with 8-ports which connects to the 5 LAN ports of OPNSense
8. The "Return Wire" is connected to the unmanaged switch from #7 so it provides connectivity to every wall socket in the house and creates my home network.
9. In the two rooms with multiple devices, I have added a managed switch which allows isolating devices based on VLANs.

But there are two unmanaged switches in my topology - one right behind the OPNSense device and another right after the first one inside the utility junction box.

Two questions:
1. I really want to get rid of the untagged interface on port-5 but do not want to make the sockets in the room redundant as right now it needs an untagged interface for DHCP to work.
2. The two unmanaged switch behind the OPNSense device must be having a ball with several DHCP broadcasts, is there any way to reduce this clutter?

I am also open to adding more managed switches if the above two objectives can be achieved.
Thanks.

I recently upgraded to version 22.1.3 and then noticed shortly thereafter that all the managed switches (Trendnet TEG-S80ES) in the house running VLANs are not working. None of the devices connected to VLAN ports are getting IP addresses, I cannot even see the DHCP requests in the logs on OPNSense.

For testing, I changed one VLAN port to "unmanaged" and the port immediately assigned an IP address, so there is no fault in the wiring and its hard to believe that four switches would go bad at the same time. But I am unable to pinpoint the source of the problem and even clueless where to look for trouble in OPNSense as I did not change any settings on the firewall or the switches.

If anyone has any pointers on where to start looking, please post here.
Thanks!

I recently upgraded to version 22.1.3 and then noticed shortly thereafter that all the managed switches (Trendnet TEG-S80ES) in the house running VLANs are not working. None of the devices connected to VLAN ports are getting IP addresses, I cannot even see the DHCP requests in the logs on OPNSense.

For testing, I changed one VLAN port to "unmanaged" and the port immediately assigned an IP address, so there is no fault in the wiring and its hard to believe that four switches would go bad at the same time. But I am unable to pinpoint the source of the problem and even clueless where to look for trouble in OPNSense as I did not change any settings on the firewall or the switches.

If anyone has any pointers on where to start looking, please post here.
Thanks!

Hi,
On the DHCP tab under Services, the see following:

"Services: DHCPv4: Leases (68)" and not sure what to make out of it in context of performance.

I have Netgear Orbi RBR 50 (base + two satellites) that give really strong Wi-Fi signal throughout the house and its documentation claims that 250 devices can be added but is there a way to check with OPNSense if DHCP clients are having any issues, I have not noticed any performance degradation for any device but just curious if there is anything to monitor for pre-emptive action.

Thanks.