Topics

I installed the plugin per the instructions here:  https://docs.opnsense.org/manual/how-tos/nut.html

The options looks somewhat different, but notably the username/password fields are missing so I'm unable to connect to the server that has the UPS on it.

Can I assume configuring from the command line is the same at other NUT installs for this or will the issue be corrected in a future release?  It is somewhat unusable as a client right now unless I'm missing something.

I've been using OpnSense for as long as I can remember. I have switched hardware a number of times. Today, I ran into something I've never seen and just can't figure out.

My current hardware has 3 interfaces: em0, em1, and em2.  Only em0 (LAN) and em1 (WAN) are used.

My drive has been having some issues reported by SMART, but otherwise everything has been working.  Today I decided to backup my configuration, put a new drive in and restore from backup.  Nothing I have not done before.

No WAN internet. After 2 hours combing over my config, on a lark I decided to reassign em2 as WAN and unassign em1.

Everything works perfectly with that change. I did nothing else. I have not tried swapping them back yet.

I have Unbound DNS configured as my DNS. I do use DHCP also with some static IPs defined to hosts. I have some LAN hostnames defined and it all seems to work okay... except when the WAN goes down (like it is now, I'm on my phone's hot spot).

I'd think that local hosts should still be able to resolve to each other. I must be missing a setting or maybe a rule to allow this.  Is this enough information to get a few suggestions?

I'm getting an error in System -> Settings -> Administration.

Even though I have only http selected, I'm getting an error when I save: "Certificate webConfigurator default is not intended for server use."

This cert does exist in the https dropdown, but I'm not using https.

I installed a fresh copy on a test machine and there appears to be a different default TLS cert on a clean install which is NOT in my production install.  I have upgraded many, many times so perhaps that is part of it.

Obviously, with this error, I cannot Save any changes in that section.

All, I have an internal DNS server that I want to retire in favor of using the built in UnboundDNS.  Everything works except my web server behind NAT.

Externally www.mysecretdomain.com resolves and works perfectly.

Internally www.mysecretdomain.com throws a rebind error because it tries to go to the admin page of OpnSense instead of www which is on a different system.

Indeed, internally pinging www.mysecretdomain.com resolves to my PUBLIC IP when it should resolve to my INTERNAL IP.

Even going to the Overrides section of Unbound and making sure www.mysecretdomain.com resolves to 10.0.1.201 does nothing.  It insists on resolving to my Public/Opnsense WAN IP.

What the heck am I doing wrong?

A long time ago when I started running OpnSense it was advised not to use SSDs.

Has this changed?  I have a mini PC with an EVO Plus NVMe drive I can upgrade with.

This is a culmination of my two other posts. My simple morning project has turned into a nightmare. That's how it goes for me.

I decided to switch out my OpnSense hardware. I have a decent i5 Mac mini not doing much, so I download the image, got it installed and my configuration imported. The initial boot after the installer was successful and everything came up and I'm ready to swap. Awesome!

I shut down to move it into it's new home and it's hanging at /boot/defaults/loader.conf

I reloaded, was successful again, ...and again... shutdown and first cold boot, it hangs.

I don't get it and I don't know enough about FreeBSD to even begin to figure out why this seems to work fine then fails.

Um, help?

I've had OpnSense for years, but might move to new hardware.  Over those years I've tried and failed many, many, times to get my configuration imported at install time.

Daily, I don't live in the *nix world. My desktops are Windows or Mac.

What format of, say, a USB flash drive is OpnSense expecting to find that contains my config? Is there a formatter for Mac/Windows that I can use as well as a tool to copy the config onto it?

Thanks for any advice!

I had 100Mbps service and I would typically get from speedtest-cli that speed.

Today my provider doubled our speed to 200Mbps.  Still, the most I can get with my OpnSense box is 104Mbps.

If I connect my laptop directly to my ISP's box, I'll get 220Mbps which is what I expect.

What should I look for on OpnSense to get the speed I expect?  I'm running it on HP hardware that has GIG Ethernet to the ISP.

Hi All,

I've followed the instructions here, as they seem to offer compatibility with macOS, iOS, Windows, and Android.

https://docs.opnsense.org/manual/how-tos/ipsec-rw-srv-rsamschapv2.html

I've done everything per those instructions and the test user.  ...and... now what?  How do I configure the clients?  That seems to be missing.

I initially followed this guide, which at least had instructions for the clients, which seems to have additional steps for the firewall (which makes sense and the first link doesn't have) but it didn't work:

https://docs.opnsense.org/manual/how-tos/ipsec-road.html

I'm not a VPN/IPsec expert at all, but there seems to be a lot of work done in this area with a lot of changes, and as someone who doesn't work at lot with VPN and isn't familiar with setting it up, I'm finding the documentation either a bit out of date and/or confusing.

Does anyone have a guide, external blog, anything with clear and simple to follow directions to get this working?

Thanks!

I'm trying to do a fresh install on a 2nd machine to use as a backup incase the main router goes down.  I never had problems installing v15 or v16, but man, the FreeBSD underpinnings of v17 seem to be making what was once simple, frustrating.

First it wouldn't boot until I did the steps here:
https://forum.opnsense.org/index.php?topic=4389.msg17200#msg17200

Now, I make it all the way to "Guided Installation" but on that screen I can't select anything. It's just frozen. No keyboard input. Nothin'. I have to force reset the PC.

I've been banging my head against the wall for the past hour on, what I thought based on my Ubuntu experiences, would be a fairly simple thing to do.

I'm trying to get my OPNsense configuration onto an old USB Flash drive of low capacity (hey, not much good for anything else nowadays!) so that when/if I have a melt down or replace hardware, I can insert the USB stick during install and choose "Restore Configuration" and be on my way.

In doing a dry run with this, the OPNsense installer (or rather FreeBSD) refuses to see the format on the flash drive complaining that it isn't formatted or an unknown partition type.

I figured that most distros on the planet would understand at least FAT16 or 32 by now, I guess not. I tried formatting in UFS2, but I either failed horribly or it doesn't like that either.

Could anyone tell me exactly what it might be looking for in terms of formatting and exactly how to do this so it works?

Personally frustrated, but appreciative of any help or suggestion!

Thanks all!

Hi all,

Is there a better description of the IDS rules? All the info buttons go to here: http://doc.emergingthreats.net/bin/view/Main/EmergingFAQ

...and that's fine, great descriptions of the obvious ones, but there are many more rules available than the generic descriptions listed there.

Some are self-explanatory or subsets of the lists on that page, which is again, easy.  Others I just don't have a clue about.

I recently discovered that my filesystem didn't come up cleanly after a power outage and may be related to some issues I had.

I did the old school boot into single user mode and ran fsck - actually twice before everything got cleaned up.

Is there a built in with with OpnSense to do this?  I found this with pfSense:

touch /root/force_fsck would force a check/repair on reboot.  Didn't seem to affect OpnSense.  This might be something handy to have as a GUI option down the road?

I'm looking for some advice on configuring my router's DNS. I run split DNS, I want my internal NAT clients to resolve to an internal NATted DNS server.

My main issue is that I have a web server, among other services, running on NAT and I find that OPNsense cannot resolve to things like URLs on my web-server.  Possibly because of my internal DNS being on a system behind NAT as well.

What would be best practice for this? Under System>Settings>General should I use my internal DNS server or External, or both? Or is there some other setting I need to have a look at?

Thanks all for any tips.

Hi all, I'm a bit confused about the checkboxes here...

For example, under rulesets, we have the first item "botcc.portgrouped" with a check box to the immediate left and to the right a checkbox for "enabled".

Obviously, the right checkbox is explanatory.  What's the left checkbox for?

Apologies if this is in the GUI and I'm overlooking it.  I'm interested in having OPNsense take over my DNS duties as it seems to do everything I need for my relatively simple LAN.

I need one host to have an MX record, but I can't seem to find an option to add it. If it does not exist, maybe a simple checkbox "

• Add an MX Record for this host" could be done at some point?

Hi all, somewhere around 15.7.19, or my enabling DHCP, OPNsense has started randomly freezing. All interfaces go dead and I'm forced to power off and back on.  I run the CPU headless, so I don't see what might be happening on the screen. I've attached a display for "next time."

The interval can be completely random.  Several days to just hours apart.  Mostly the latter.

I thought maybe the older hardware I was on was having a problem, so I migrated to a newer box.  The exact same issues happen with it.

The web GUI doesn't detect a programming, but I submitted one via that mechanism anyhow in hopes that may show something. Are there any other logs available via the shell I can look at or submit?

While you can now select an alias that uses a URL Table (IPs) - thanks for the bug fix! When using "URL Table (IPs)", you cannot set the Alias in a rule. You receive a "[alias name] not a valid source IP address or alias".

Using the same URL and creating an identical rule with a "URL IPs" works as expected.

Thanks!

Hi all, here is what I'm trying to accomplish. I thought I had it figured out, I suppose I do not.

I have a URL to a list of IPs in CIDR format hosted on a web server. Example of IPs in the list would look like this:

66.249.81.205/32
66.249.81.215/32
66.251.216.0/24
69.1.253.0/24
72.251.244.16/32

In the URL section of Alias, I've tried to add this under both "URL (IP)" and "URL Tables (IP)" [I really don't know what the difference is with these - the full help doesn't explain it nor the the link to the wiki have anything about this].

Whichever I choose, I've tried both, nothing seems to be downloaded (that I can tell) nor can I select the alias when I create a rule - it simply isn't in the list.

Does this feature not work the way I think it works?  If it does, what am I doing wrong?

Thanks!