Topics

Hello,
1.LAN RJ45 => 2 laptops
2.WAN
3.LAN RJ45 => bridge to cisco WiFi router (mostly Android devices)
4.LAN RJ45 => not tested.

Running 25.7.7, everything was good. (FW default allow all parameters)
28-Nov, Updating to 25.7.8 => 2 devices lost their Internet access (1 laptop on 1.LAN (RJ45) and 1 laptop on 3.LAN (RJ45)), while the others (Android) kept theirs.
No setup, no parameter changed during/after (compared to before, on 25.7.7)

Checking FW live view, I see these 2 laptops/IP have all TCP cnxion rejected
Since all Androids where still accessing Internet, I swap laptop1 from RJ45 on 1.LAN to WiFi on 3.LAN, same blockage; I switched laptop.2 from RJ45 on 3.LAN to WiFI on 3.LAN, same blcokage.

- How come TCP are now rejected, while everything is the same, same MAC, same static mapping IP, same rules, ...
- What should I do now ? (I tend to break things, so I prefer asking before messing around in the FW rules)

Thank you !
MSSG

Hello,
While doing try & error, I've checked and unchecked several times the IDS/IPS (to see if it was the cause to my access problems)

As I wanting to re-enable it, now I have this error message

Code Select Expand

error reconfiguring IDS => error installing ids rules (Error (1))

Did any of you came across this or am I the queen of breaking things ? (Not the first time I've been called so)

And most importantly, how do I solve this ? Will I need to do a complete re-install again ?

Hello,
This morning,
I log in to my OPNsense GUI as usual, but got this instead:

Code Select Expand

CSRF check failed. Your form session may have expired, or you may not have cookies enabled.
Config is the same as it was yesterday
What did I do wrong this time ?

While searching the forum, I found an old post mentioning this problem, but it'S only a question, no answer, no workaround ...

Hello,
On my LAN2, through a WiFi router AP 192.168.102.101, I have a tablet connected 192.168.102.103
So far so good

It has all Internet access (I can browse, no problem)

Except one app, which can't reach out

How do I scrutinize this in particular, to be able to set rules to allow it ? (Therefore I need to know exactly what ports are being used) 

Hello,
Today, I'm going to (try) connect my NAS (QNAP with double RJ45) to LAN1

LAN1: 192.168.101.101/24 DHCP 192.168.101.102-122
Unmanned switch with 2x NAS; 1x Laptop1; 1x Laptop2
Turn-on NAS: LEASE 192.168.101.104 and 192.168.101.105 (Which are already attributed in Static to other devices, OPNsense should not re-attribute these !)
Change these two dynamic IPs to Statics:
Static DHCPv4 for NAS 1st RJ45 = 192.168.101.111
Static DHCPv4 for NAS 1st RJ45 = 192.168.101.112

Can't connect to NAS GUI, can't even ping these IPs
And I have something weird on the dashboard:

Code Select Expand

2024-10-04T06:26:24-04:00
<6>arp: 192.168.101.112 moved from 24:5e:be:5c:86:6c to 24:5e:be:5c:87:6d on igc0
2024-10-04T06:26:22-04:00
<6>arp: 192.168.101.112 moved from 24:5e:be:5c:86:6d to 24:5e:be:5c:86:6c on igc0

Why is it swapping MAC every 2-3 seconds on this IP to an unknown MAC and back to known MAC ?
I've created a third STATIC Lease to the "new" MAC with 192.168.101.113 and now it stopped swapping, but I still can't access the GUI

What am I doing wrong ? it should be straightforward, plug, wait for IP, and connect, no ?

Hi,
I've installed ClamAV, nothing to it, it's pretty straightforward and the GUI makes it very easy.

But it doesn.t show me the button "download signatures"

I've removed and re-installed, I've removed, reboot, reinstalled, etc ... to no avail, the button just never appear

How do I force this button to pop-up ?

I've added "https://database.clamav.net/main.cvd" in the "service / ClamAV / Configuration / Signatures"
Is that enough ? how do I know it has been downloaded and is operational ?

Hi,
As I'm trying to make some modifications following posts found here, one of them leads to a folder in /etc/local/ somthing

But I don'T have a /etc/local path/folder ! Is that even normal ? or do I have to create one somewhere in the GUI that I would have overseen ?

This post is in the Tutorial section, puposedly labelled [NOOB] I hope it will help some of you to follow my newbe adventure through simple setup try and errors !

Hi,
After messing around for couple of days as I still couldn't get my WiFi router to work properly on LAN2, I decided to do a full reinstall
Backhoe lab table, screen+keayboard, reinstall from USB (the same first time)
Set up the four ETH (Wan, Lan1,2,3)
Set up full-traffic rules (to start) on all four interfaces

Now I have complete acces to the WiFi AP, but Not longer have any access to the outside !
Pings from laptop1 (on Lan1) Laptop2 (Lan2, direct and through WiFi AP) and Laptop3 (Lan3) nothing
Pings from OPNsense, nothing
I have a public address from my ISP though
NAT is left stock (auto) and FW are default too (except the added: "allow all to/from all for IPv4&v6)
I even tried with FW disabled, no avail

What's your first thought?  (Besides annoying nwebe..)

For those who wonder, I posting from my cell ... :-\

Hello,
Not sure this is the right sub to post this

I have a HUNSN RS39, with 4x i225 and no matter what I do,
I can't seem to be able to get the LAN2 (OPT1) and LAN3 (OPT2)

FW is basically the exact copy from LAN1, which works just fine

Any idea ? What could I've done wrong, or what "obvious" am I missing ?

Hello,
Question:
As it takes forever (about 4 hours now and still spinning) to download the signature list for ClamAV, I'm wondering ...
I've installed both C-ICAP and ClamAV,
1) Do I need to install both ?
2) Should I've installed CamAV and only then C-ICAP ?
3) If I install only C-ICAP, will it have to DL the signature list from ClamAV anyway ?

Just so I know if I have to keep waiting, or if I can/should just cancel ClamAV update

Hello,
Like a good newb' I have removed all check in Interfaces Setting, including "Disable hardware checksum offload" which was working fine until I set the IDS/IPS ... and I lost access to the GUI (But I'm still connected to Internet)

Is there a way *Through the Console* (As I lost access to GUI)
- to reverse last changes to prior config
- or to specifically re-check the "Disable hardware checksum offload"
- or to specifically uncheck IDS/IPS (To regain access to GUI and check "Disable hardware CRC"
 
=> or do I have to reinstall the whole system and start over ?

Hello,
Like a good newb' I have removed all check in Interfaces Setting, including "Disable hardware checksum offload" which was working fine until I set the IDS/IPS ... and I lost access to the GUI (But I'm still connected to Internet)

Is there a way to reverse last changes, or to specifically re-check the "Disable hardware checksum offload" through the console, or do I have to reinstall it all ?

Hello,
I'm so excited to finally have installed OPNsense on my box I bought 2 years ago (I first was trying to install through consol, never managed to, so I ended up buying a screen + keyboard just for it)

Install went fine, I couldn't use ZFS for I have only 1 drive, I've set all 4 RJ45 (iscg0 = Wan; icg1 = LAN1; icg2 =LAN2; icg3=LAN3)
each LAN will have their VLANs to isolate and manage groups of devices
Some VLANs will communicate with each others, some won't
LAN1 192.168.111.101 goes to a switch
LAN2 192.168.111.102 goes to my current Cisco Router/WiFi
LAN3 192.168.111.103 goes to the other switch

I've plugged my box between the modem and the network, no access to Internet, no access to OPNsense web GUI
I've plugged my box directly to my laptop1 (Linux) no access
I've plugged my box behind the router, no access (Router IP changed to 192.168.111.100/24 to match OPNsense)
I've plugged my box (WAN+LAN1) to the switch behind the router, no access to GUI
I've plugged my box (All four icg ) to the switch behind the router, I can ping LAN2 IP address but still can't access GUI

I'm sure I'm missing something simple/obvious, but just can't find what ?
Thank you