Topics

Hi, this should be an easy question.

I have recently updated my router and the old DDNS still appears (Services: Dynamic DNS (legacy)). What package should I remove to get rid of it? I do not want to remove something necessary.

Thanks

During the last two days I went to bed with Internet access and I woke up without it. My question is: How can I research what is happening?  What should I look for and where? I looked into logs but I could not find anything strange.

Symptoms:
- The router is operating but devices have no Internet access
- However, devices can access machines within the local VLANs, so my computer can see data from the camera, locally
- Cannot access the router GUI by DN but I can by IP
- From the router I can ping google.com and get DN for www.google.com
- I can connect externally via VPN
- When Windows tries to fix the issue by reseting DHCP, I lost the assigned IP (DHCP not working?)
- I had to restart the router to get everything back. I found out that restarting some services a couple of times seems to work too.


Some context:
It all started when I rebooted the router after many months of uninterrupted operation and I upgraded Opnsense to the latest version:
Type   opnsense   
Version   21.7.6   
Architecture   amd64   
Flavour   OpenSSL   
Commit   acdaa7649   
Mirror   https://pkg.opnsense.org/FreeBSD:12:amd64/21.7   
Repositories   OPNsense   
Updated on   Wed Dec 8 13:52:49 UTC 2021   
Checked on   Sat Dec 11 13:29:34 UTC 2021

All packages are up to date:
Your packages are up to date.

I only see this issue, but I don't see the reason, and it seems to work fine:
os-dyndns (misconfigured)   1.27_1   173KiB   OPNsense   Dynamic DNS Support

WAN connection is OK:
   Name   Interface   Protocol   Priority   Gateway   Monitor IP   RTT   RTTd   Loss   Status   Description   
      WAN_... (active)   WAN   IPv4   254 (upstream)   x.x.x.x      ~   ~   ~   Online   Interface


From a client computer I get no DNS access:
> tracert google.com
Unable to resolve target system name google.com.

> nslookup www.google.com
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  10.1.1.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out

But from the router I can ping and receive DNS responses with no problem


It seems to me that I could be a problem related to DHCP or DNS, but what should I look for, and in which GUI option, to find the source of error?

Thanks

I am trying to remove a host from the Live View display. I have set host != IP but it is still showing up.

Is this a bug or am I doing something wrong?

This should be an easy one, but I can't make it work.

I am trying to connect as a client to the OpenVPN server. What I want is to connect as if I was in one of my VLANs, transparently, let's say 192.168.3.0/24, and get an IP address from there as everyone else in the network.

So I use:
IPv4 Tunnel Network = 192.168.100.0/24
IPv4 Local Network = 192.168.3.0/24
Dynamic IP   unchecked
Address Pool   checked
Topology   unchecked

However I always get a 192.168.100.0 IP address and I am not able to access the VLAN. How can I configure this?

My ISP requests a VLAN of 20, does this mean I should not use VLAN 20 in my LAN?  Or will OPNsense treat differently VLANs on WAN interface vs VLANs on LAN interfaces?

I have a switch A that gets its address via DHCP. The switch is connected to opnsense in this way:

switch A (port 8 ) - VLAN 1 - opnsense (interface 3)
switch A (port 4 ) - VLAN 2 - switch B - opnsense (interface 2)

Both VLANs have DHCP activated and some clients are getting addresses. However, the switch (and also another switch I have) are not getting any address.
- I could see on Wireshark (VLAN 1 computer) the repeated requests from the switch to get an address (not the answers, though, if any exist).
-The firewall has the autogenerated rules to allow DHCP, and I even created a floating rule for that.
- I cannot see any request in the DHCP log

How can I troubleshoot this? Is there any option I might be missing for opnsense not to lease an address?

-----
UPDATE: I captured packets from Interfaces - diagnostics - Packet capture  and I can't see the request from the switch. However, I can see the request from a client. Is it possible that the DHCP request is not sent over the tagged port?  I think this worked for me in the past

In my network I have different APs to get wifi clients.
The problem is that the firewall rules I have defined in opnsense wrt these clients are basically useless. For example, I am blocking ping access to the wifi camera at 192.168.0.5. However, any client connected to the same AP can ping the camera, since the request is received by the AP, which deals with it immediately without having to pass through opnsense.  Is there a way I can force all traffic to go through opnsense?

I have an opnsense with a WAN and a LAN connection. The LAN has 3 VLANs and is connected to a switch.

I am a bit concerned about performance, so taking advantage I recently got a second switch I am thinking on an improvement. Since the 3 VLANs share the same network cable, it seems reasonable to me that this could cause performance issues, if the three VLANs move a lot of data at the same time. So I am considering two scenarios:

A) Spliting the VLANs, placing VLAN 1 (the most important) on its own cable and VLAN2 and 3 on another. The second switch will also have some VLAN 2 devices that will be routed through the main switch.

B) Just connecting the new switch to the main one. Opnsense will manage the 3 VLANs on a single cable as before.

So, out of these two options (A and B, as shown in the image). What is more "correct"?
(Note: maybe there is another option that I am not contemplating)

I used the "Register DHCP static mappings" to get the computer names into the DNS.

However:
ping computer1 cannot be resolved
But:
ping computer1.domain can.

Is there a way to allow DNS request without the domain?