Topics

1

24.1 Legacy Series / temperature sensors - get the data from OPNsense on regular basis - CLI or API

« on: April 11, 2024, 09:10:56 am »

hi there,

I am trying to figure out if I need a fan or not but one thing that does not help me is: the cpu temperatures shown in the report on GUI are not showing trends - only the status at this particular moment:



Is there any way to have it exported on regular basis?
I tried Monit and Telegraf but it seems this information is not there.
Any other way?

thx

2

24.1 Legacy Series / changing IP address of OPNsense

« on: April 07, 2024, 04:00:37 pm »

Hi there,

As probably lots of OPNsense users I set up the IP to be 192.168.1.1/24
Consecutively all VLANs I set to be 192.168.VLAN.1/24 (so 10,30,100, etc)
As of now I don't have any device in subnet 192.168.1.0/24 except the OPNsense itself - not sure if this is good or bad but that is how it is.

Now, the issue: lots of network devices come with default IP being 192.168.1.1
That means I cannot attach them to my network - I need to first reconfigure them offline and only once I gave them proper address I can attach them to my network.

So I am thinking loudly: let me change IP of OPNsense to i.e. 192.168.1.254/24 or even less obvious address: 192.168.1.199/24

Now, questions:
1- where do I have to change the IP:
- System/Settings/General/DNS (from GUI)  or
- Set Interface IP address from CLI
2- once this is done, OPNsense will be accessible for routing with new IP - I understand that all machines that are connected to this OPNsense (actually my entire network) have to have new DNS IP (I am using Unbound on OPNsense) and that would be all - all use the default gateway as per their segment so i.e. 192.168.VLAN.1

Is my thinking correct?
Is the sequence correct?
Am I missing anything?

thx

3

24.1 Legacy Series / nut - impossible to configure/customise

« on: March 13, 2024, 06:23:57 am »

hi,

I started using UPS and enabled the plugin on Opnsense
I am able to configure it to my needs (/usr/local/etc/nut/...) but the changes in any file don't survire neither reboot nor even disable/enable the Service

example is:

Code: [Select]

POWERDOWNFLAG /etc/killpower - with this statement Opnsense sends signal to UPS to turn it off - that behaviour migth not be desired
the config files are taken from templates that are here:
/usr/local/opnsense/service/templates/OPNsense/Nut/
but modifying these files does not help as per description:

Code: [Select]

cat /usr/local/opnsense/service/templates/OPNsense/Nut/upsmon.conf
# Please don't modify this file as your changes might be overwritten with
# the next update.
is there any mean to change this behaviour?
as a workaround I added a script that runs on restart and it changes the conf file but that is dirty solution

thank you

4

Tutorials and FAQs / allow specific URI on firewall

« on: April 21, 2023, 07:01:29 am »

hi there,

So I put my all IoT devices in separate VLAN and of course I allowed them ... nothing ;-)
But there are exceptions which I would like to handle somehow.
Example: one of my IoT devices is sending data to wunderground.com - updating the weather station details.
Now, I am not sure how to build the rule to allow this communication to happen.
When I open the internet for this device - of course it works but that is not what I would like.
When I open only wunderground.com it does not work - as per logs this domain although hardcoded in this IoT device (I know because it is me who wrote the program for it) - it calls different IPs - it seems like this domain is hosted by AWS.
So sometimes I see in the logfile:

Code: [Select]

52.22.134.222 [ec2-52-22-134-222.compute-1.amazonaws.com]another time another IP:

Code: [Select]

54.159.105.134 [ec2-54-159-105-134.compute-1.amazonaws.com]So how to build the rule to allow this specific IoT device (I used its MAC as a source) to reach only specific domain (wunderground.com) irrespective of its IP (in case the domain has different IPs).

If I am not able to know how to unblock the destination, the next rule hits: "block the internet for all IoT devices" and no updates on wunderground.com

thx