Topics

Pretty simple issue but I have no idea where the fix is applied. The UDP Broadcast Relay service is operational but the service name doesn't show on the OPNSense Service dashboard widget, it is blank but the running/restart/stop buttons function correctly.

Can someone point to where this should be fixed?


https://ibb.co/Xr9hfbBS

I had the UDB Broadcast Relay Package working well on the 24.1 release, and from the summary screen it seemed that the process was running OK under 27.1, but my devices failed to work. When I go into the UDP screen, there is a red banner error (I cannot see anything in the general logs) and the previous config errors are removed, even though they are in the config.xml. Reading the config confirms this also as it complains there are duplicate/existing entries.

The below script was working on 24.1.x to retrieve opnsense backup via the api but now fails with HTTP/2 500 error. The user has GUI Diagnostics: Configuration History and GUI Firewall: Aliases privileges.

Code Select Expand

#!/usr/bin/bash

# Change API key and secret, number of days to keep backups, the path to your backups and the hostname for your firewall

key="redacted"
secret="redacted"
daystokeep=90
destination="backup/path"
fwhost="opnsense.hostnameredacted.com"

date=$(date +%Y-%m-%d)

result=$(/usr/bin/curl -I -s -k -u "$key":"$secret" https://$fwhost/api/core/backup/download/this | head -1)

if [[ $result != *"200"* ]]; then
   echo "Result of the HTTP request is $result"
      exit 1
      fi

      /usr/bin/curl -s -k -u "$key":"$secret" https://$fwhost/api/core/backup/download/this > $fwhost-config-$date.xml

      error=$?

Code Select Expand

./opnsense_backup_v2API.sh
Result of the HTTP request is HTTP/2 500

I'm trying to figure out why the Firmware Connectivity Check fails the IPV6 ping:

Code Select Expand


All repositories are up to date.
Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:4f00:a005:5::
PING6(1548=40+8+1500 bytes) [MY-IPV6_IP] --> 2001:1af8:4f00:a005:5::

--- 2001:1af8:4f00:a005:5:: ping6 statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:13:amd64/22.1
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 792 packages processed.
All repositories are up to date.
***DONE***

However from the OPNSense terminal:

Code Select Expand

root@opnsense:~ # ping6 2001:1af8:4f00:a005:5::
PING6(56=40+8+8 bytes) [MY_IPV6_IP] --> 2001:1af8:4f00:a005:5::
16 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=0 hlim=52 time=280.033 ms
16 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=1 hlim=52 time=278.851 ms
16 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=2 hlim=52 time=278.849 ms
16 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=3 hlim=52 time=279.302 ms
16 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=4 hlim=52 time=279.415 ms
16 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=5 hlim=52 time=278.946 ms
^C
--- 2001:1af8:4f00:a005:5:: ping6 statistics ---
6 packets transmitted, 6 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 278.849/279.233/280.033/0.419 ms
root@opnsense:~ #

I have been using DNS over TLS with Cloudflare IPv4 and IPv6 servers successfully for sometime.

I recently noticed that the Spot Apple TV and iOS apps reported 'Connecting' or 'No internet connection'.  I validated that none of the Unbound blocklists were blocking the Spotify servers and the moment I switched to an external DNS, Spotify would work.

Narrowing it down, I then removed all the DNS over TLS servers and only enabled 8.8.8.8 port 853.  This allowed Spotify to connect with no issues but the moment I re-added the Cloudflare IPs (both IPv4 and IPv6) Spotify wasn't happy. 

Not sure if the server list is used in a round robin fashion.  Does anyone know why Spotify is only playing nicely with Google's DNS when using DNS over TLS?

My IPv6 setup with my ISP is by prefix only.  I have all my VLANs correctly setup and clients are receiving a IPv6 address.  Gateway monitoring is enabled on the IPv6 Gateway and despite it showing as Offline, I have full IPv6 connectivity, confirmed with IPv6 test websites and ping6 to google.

As my ISP is not providing a IPv6 address, dpinger does not start:

Code Select Expand

/system_gateways.php: The WAN_DHCP6 IPv6 gateway address is invalid, skipping.

If I disable Gateway monitoring, my IPv6 connection stops working, until I re-enable Gateway monitoring.  Can anyone explain what is happening here?

I have followed the instructions of setting up Multi WAN, including the steps of adding DNS Servers to each Gateway group.

How does this work when using Unbound?  Does all traffic that is destined for a Gateway Group use the gateway DNS?  Is there anyway to use Unbound instead of external DNS Servers when using Multi WAN?

I'm trying to verify that my MacOS client is connecting to OPNSense for NTP requests but I'm receiving 'Exchange failed: Kiss of death and Exchange failed: Time out" errors.

Checking Apple's time servers, all seems OK:

Code Select Expand

❯ sudo sntp -sS time.apple.com
+0.236213 +/- 0.000137 time.apple.com 17.253.116.253

Now, checking the OPNSense firewall:

Code Select Expand

❯ sudo sntp -sS 192.168.1.1
sntp: Exchange failed: Kiss of death
sntp: Exchange failed: Timeout
sntp: Exchange failed: Timeout
sntp: Exchange failed: Timeout
+0.235124 +/- 0.131470 192.168.1.1 192.168.1.1

Running with the debug flag:

Code Select Expand

sudo sntp -d opnsense.home.lan
  leap:                     0
    t1:    E3EDA340.A5B18548  (bytes)
    t1:  3824001856.647240000 (fixed)
    t1:  3824001856.647240162 (float)
    t2:    E3EDA340.E2B9256F  (bytes)
    t2:  3824001856.885637607 (fixed)
    t2:  3824001856.885637760 (float)
    t3:    E3EDA340.E2C01759  (bytes)
    t3:  3824001856.885743579 (fixed)
    t3:  3824001856.885743618 (float)
    t4:    E3EDA340.A67EA5F8  (bytes)
    t4:  3824001856.650370000 (fixed)
    t4:  3824001856.650370121 (float)
offset:    00000000.3CA488C4  (bytes)
offset:           0.236885593 (fixed)
offset:           0.236885593 (float)
delay:    00000000.00C62EC6  (bytes)
delay:           0.003024028 (fixed)
delay:           0.003024028 (float)
ipaddr:          192.168.20.1
sntp: Exchange failed: Kiss of death
sntp: Exchange failed: Timeout
sntp: Exchange failed: Timeout
sntp: Exchange failed: Timeout
selected:
  leap:                     0
    t1:    E3EDA340.A5B18548  (bytes)
    t1:  3824001856.647240000 (fixed)
    t1:  3824001856.647240162 (float)
    t2:    E3EDA340.E2B9256F  (bytes)
    t2:  3824001856.885637607 (fixed)
    t2:  3824001856.885637760 (float)
    t3:    E3EDA340.E2C01759  (bytes)
    t3:  3824001856.885743579 (fixed)
    t3:  3824001856.885743618 (float)
    t4:    E3EDA340.A67EA5F8  (bytes)
    t4:  3824001856.650370000 (fixed)
    t4:  3824001856.650370121 (float)
offset:    00000000.3CA488C4  (bytes)
offset:           0.236885593 (fixed)
offset:           0.236885593 (float)
delay:    00000000.00C62EC6  (bytes)
delay:           0.003024028 (fixed)
delay:           0.003024028 (float)
ipaddr:          192.168.20.1
+0.236886 +/- 0.132248 opnsense.home.lan 192.168.20.1
  gtod:  1615013059.668058
adjust:           0.236885
   set:  1615013059.904943
~

I'm moving across from pfSense and am poking around opnsense.

I've come across a scenario where I need to add a custom input into telegraf.conf to run a script and read CPU temp.  There is no ability to add custom inputs from the Telegraf inputs GUI and if I were to manually edit /usr/local/etc/telegraf.conf it is overwritten when telegraf or opnsense is restarted.

Is there a way to make custom configuration persistent?