Topics

Looks like OPNsense is in a transition phase between its old and icons and logos, with the new icon and logo here on the forums and in 25.1, but the old icons and logos still on the OPNsense website.

Now to find a nice, square icon of the new logo for my Homarr setup....

EDIT: seamless update to 25.1, BTW, thanks OPNsense team!

Trying to install docker in a container today, I cam across this error when attempting a wget command.

Code Select Expand


Connecting to syd1lxdmirror01.do.letsbuildthe.cloud (syd1lxdmirror01.do.letsbuildthe.cloud)|170.64.160.91|:443... connected.
GnuTLS: The TLS connection was non-properly terminated.
Unable to establish SSL connection.


Same issue on a couple of machines, and trying to wget different files.

Being behind my OPNsense router, the first step I tried solved the issue - disabling Zenarmor's active protection on my LAN (netmap).

Thoughts?

Routine upgrade from GUI today took a while, so I checked what was going on, and the shutdown had hung at "All buffers synced". Left it for several minutes, and eventually pulled the power plug.

On reboot, upgrade proceeded and all is well.

Just updated to 24.1 this morning, and in haproxy, under Settings, "Rules&Checks", "User Management", "Settings" and "Advanced" are all blank!

Despite this, my virtual servers are still working, so seems to be an error with GUI. Have tried a page refresh / private window / disabled ad blocker, but no dice.

EDIT: as below, I'm an idiot...I forgot there are drop-down menus!  ;D

On OPNsense 23-series and now 24 I have a problem where haproxy often won't come up when the system reboots.

Since I use haproxy to access a number of services via virtual servers (home assistant etc) it's a bit of a problem having to go into the dashboard and manually restart haproxy.

So - a couple of questions / requests for help:

1) Is there a reason for this behaviour?
2) Is there a way (cronjob, systemd service call) to automate ensuring haproxy is up, and if not, start / restart it?

In regards #2, under HAProxy > Maintenance, there is a 'Cron Jobs' tab, which can be used to reload or restart HAProxy. I'm wondering if one of the configurable parameters could be used to "restart HAProxy IF not running"?

Thanks!

EDIT: and I've just discovered on 24.1 under settings, Rules&Checks, User Management, Settings and Advanced are all blank! Despite this, my virtual servers are still working, so seems to be an error with GUI. Will open a separate thread.... - I'm an idiot...I forgot there are drop-down menus!  ;D

A bit of an intermittent one - but on some occasions i.e. after yesterday's updates, haproxy isn't restarting on reboot.

Had anyone else experienced this?

Upgraded to 1.14 from 1.13 today via the GUI and get "network error" in the Zenarmor pages.

So - uninstalled using the OPNsense plugins page, and reinstalled as per web instructions ( https://www.zenarmor.com/free-edition-plan).

Now, I'm stuck on the wizard - I get a spinning wheel under 'Database Settings', then nothing happens, and I can't select 'Next' to get to 'Interface Settings'. I suspect this is a netmap driver issue, or similar - although 1.13.4 was running fine.

There are no errors under 'Notifications', and the Info says "Engine Started".

I've just installed 23.7.RC1 on a new bare metal fanless N100 system. It's mostly working, as evidenced by my posting here :)

In doing so, I migrated my config across from my existing 23.1 setup. So - both a hardware migration and a software update.

However, I've run into the following issue when attempting to install the os-acme-client package, or update:

Code Select Expand

***GOT REQUEST TO INSTALL***
Currently running OPNsense 23.7.r1 at Sat Jul 22 00:00:54 NZST 2023
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/23.7/OpenSSL/latest/meta.txz: Not Found
repository SunnyValley has no meta file, using default settings
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/23.7/OpenSSL/latest/packagesite.pkg: Not Found
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/23.7/OpenSSL/latest/packagesite.txz: Not Found
Unable to update repository SunnyValley
Error updating repositories!
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***

And perhaps as a result, a number of plugins from my old install aren't able to be reinstalled:

os-acme-client (missing)   
os-dyndns (missing)   
os-etpro-telemetry (missing)   
os-haproxy (missing)   
os-sensei (missing)   
os-sensei-updater (missing)   
os-sunnyvalley (orphaned)   1.2_3   
os-wireguard (orphaned)   1.13_6   

Is this a config issue related to the migration and upgrade, or do I just have to wait until the RC1 repo catches up?

I've purchased an Alder Lake N100 from aliexpress as an upgrade from my aged HP SFF 6300 (i5-3470T). Use case is as home router, serving about 50 devices, including NAS, on a 300/100Mbit WAN fibre connection, 1Gbit backbone & switches (no 2.5G or 10G).

It's one of the older, cheaper options - but still has DDR5 support, and 4 x intel i226-V NICs.
https://www.aliexpress.com/item/1005005593329224.html

Main reason is auto power-on restore (I unhooked the PSU and CPU fans from the SFF to make it silent, since it's running in my office, and so it won't boot up without manually overriding the fan error), and secondarily to reduce power consumption. I've been running OPNsense for about 4 years, and have a well set up installation, including Zenarmor, HAProxy, wireguard and openVPN servers.

Reading these forums there doesn't seem to yet be much information - but there's a Serve The Home forum Youtube review (https://www.youtube.com/watch?v=58nVTNYrJ3E&t=910s) which makes 'em look pretty compelling from a price / performance point of view.

Hopefully the install all goes to plan - I've got 16GB Crucial DDR5 4800, and a Crucial P3 nvme ready to go.

Will update this thread in due course - but in the meantime, keen to hear of others' experiences / tips.

Edit: found a good guide on migrating OPNsense to new hardware. Wish me luck!

https://homenetworkguy.com/how-to/migrate-opnsense-to-new-hardware/

Using the 23.1.6 OPNsense web GUI, I downloaded the openVPN config ("file only") for my Android client (OpenVPN Connect 3.3.2).

Connected ok, but wouldn't route traffic. Log showed a compression error.

It turns out the problem is that the GUI-generated config has the line "compress lzo", but the current Android app requires "comp-lzo" to work.

I ran into a similar error with cypher fallback option not working due to OPNsense vs OpenVPN client version changes & differences and resulting incompatibilities.

Moral of the story: carefully read the changelogs, log files, and know how to troubleshoot!

Edit: I see that compression is a deprecated option according OpenVPN: https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#Option:--comp-lzoStatus:Pendingremoval

I have wireguard set up with a local server (10.1.1.1, DNS 1.1.1.1, port 51820). Pretty standard stuff.

When I added a peer with an allowed IP of '0.0.0.0/0', saved and re-enabled the local wg server, I lost all WAN access across the LAN and firewall itself. In other words, the opnSense router could no longer ping out e.g. 1.1.1.1 times out.

As soon as I remove the peer from the WireGuard server's list of peers, or change the allowed IP to "10.1.1.0/24" and restart wg-0, WAN comes back up.

Bizarre.