Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - fearz

Pages1
#1
25.7, 25.10 Legacy Series / HA syncing issue
October 27, 2025, 07:49:23 PM
Hi,

Using latest opnsense 25.7.6 on both boxes with dedicated pfsync interface, i have 6 other identical interfaces on both boxes (same identifier, same name), in HA options i selected Firwall rules, virtual ips (and other stuff) on primary when i manually sync or even via cron (every 5 min.), i have this in logs:

opnsense/usr/local/etc/rc.filter_synchronize: Filter sync successfully completed with https://10.0.0.2:9443/xmlrpc.php.

on secondary:

2025-10-27T22:33:55Noticesyslog-ngConfiguration reload finished;
2025-10-27T22:33:55Noticesyslog-ngConfiguration reload request received, reloading configuration;
2025-10-27T22:33:54Warningopnsense/xmlrpc.php: warning: ignoring missing default tunable request: hw.ibrs_disable
2025-10-27T22:33:54Warningopnsense/xmlrpc.php: warning: ignoring missing default tunable request: vm.pmap.pti
2025-10-27T22:33:53Noticeroot/usr/local/etc/rc.d/suricata: WARNING: failed to start suricata
2025-10-27T22:33:51Noticeopnsense/xmlrpc.php: plugins_configure monitor (execute task : dpinger_configure_do(,null))
2025-10-27T22:33:51Noticeopnsense/xmlrpc.php: plugins_configure monitor (,null)

My problem is that I don't think anything is syncing, not the firewall rules or virtual ips or anything, i just noticed it recently, when i created a new interface on both boxes, allowed any any to carp even ipv4 any any, i created some rules, and none of them were created on the backup box, same interface identifier, same name.

How can I investigate the issue?

#2
General Discussion / Opnsense High Availability Questions
February 23, 2025, 09:37:42 AM
Hello,

Just new to Opnsense HA and its getting me really interested but i'm having several issues & questions.

I have a primary Opnsense VM and its working proplery with Multi-WAN on a proxmox VM.

Now i wanted to achieve HA so i created a clone from the existing one (exact replica), and following this video to create CARP/Virtual IPs as it has the exact setup of mine:

https://youtu.be/I5n3QXOlxmw?si=Yi8GepDm2M11afeD

My setup is as follows:

Modem 1 (DHCP ON) LAN port -> OpnSense Primary
Modem 2 (DHCP ON) LAN port -> Opnsense Primary
Modem 1 (DHCP ON) Lan port 2 -> Opnsense Secondary

Opnsense Primary: 192.168.4.1
Opnsense Secondary: 192.168.4.2

All services are ON on both (DHCP, DNS, AdGuard, ZenArmor, Crowdsec, etc)

The 1st problem is that when I turn on the secondary VM, the internet stops working or starts to stutter, I think that maybe related to that I have DHCP service on for the same subnet (192.168.4.x) and as well the other VLANs.

Should that be turned off on the secondary VM and HA sync should be taking place, so the question comes to my mind, what if the primary VM fails / offline, if DHCP is off on the secondary VM, how will the clients take IPs?

The 2nd problem is that when the primary is down, the secondary does not have internet to clients, if i login to opnsense via SSH and ping 1.1.1.1 - it pings normally, but the clients can't ping, not sure what is wrong, it shows in Virtual IPs status that the secondary is MASTER for both LAN & WAN.

The video was created for Opnsense 24.7.x however i'm using 25.1 - there were slightly different settings found in 25.1 vs. whats in the video, i just played around a bit with them but not sure if what i did was correct.

I'm ready to provide whatever configuration you need.

Your assistance is very much appreciated.

Thank you.
#3
General Discussion / Modem to Manage Switch to OPNsense Issue
February 01, 2025, 08:39:24 PM
Hello,

Here is what I want to achieve:

My ISP modem connected to a Linksys 382C managed switch, OPNSense LAN connected to the managed switch with DHCP on a specific VLAN, at the same time using that same cable (if anyone connected to the modems WIFI, it will take from OPNsense DHCP AND as well use the modems' ISP WAN connection as a secondary WAN on OPNSense)

So here's my configuration:

On my ISP modem:

I disabled DHCP and assigned static IP for modem 192.168.10.2

On Managed Switch:

Modem connect from its LAN port to managed switch port 7

Created vlan 10 (my switch uses PVID) so i set it up as follows:
In PVID i set port 7 to use PVID 10
On switch I set trunk port 2 & port 2 tagged & port 7 untagged
Opnsense LAN connect to switch on port 2

Now if i connect to the modems Wifi i take from Opnsense DHCP

Now on Opnsense:

LAN subnet: 192.168.4.x
Created interface vlan.10 / OPT7
Enabled Interface + DHCP from rane 192.168.10.1 to 192.168.10.2
On OPT7 interface firewall rule, I allowed IN ANY ANY
On LAN interface firewall rules I added LAN NET to OPT7 ANY ANY
On LAN interface firewall rules I added ICMP/IPv4 LAN NET to OPT7 ANY ANY

Now the problem is I cannot ping from or access anything from 192.168.4.x

I can if i connected to the modems WIFI, access the modems admin page and as well opnsense admin page but not the opposite.

The other thing after i fix the 1st issue, is to use that cable the modem as a gateway 192.168.10.2 in opnsense

Attached are screenshots for the whole situation.

#4
24.7, 24.10 Legacy Series / Multi-WAN - Strange DNS Issue - Need Help
December 04, 2024, 09:30:04 AM
Hi,

I'm having a very strange DNS issue that i'm unable to resolve.

I have 2 WAN connections (WAN1 - 192.168.6.1 - Primary & WAN2 - 192.168.5.1 - Secondary)

I have WANGRP consists of both WAN interfaces and a firewall rule set the default gateway as WANGRP so that I combine both connections and benefit from the speed.

In System, Gateways, If I choose WAN1 as an Upstream Gateway (checkbox) DNS won't resolve, however the connection is up.

If I choose WAN2 as an Upstream Gateway (checkbox) DNS works fine.

I need to choose WAN1 (primary) to have DNS resolve...I'm about to go crazy as to what would be causing this.

Please let me know of any settings/configurations you might need to know so we can solve this.

Thanks
#5
24.7, 24.10 Legacy Series / Traffic Shaper - Prioritizing Video Streaming
October 23, 2024, 08:12:18 AM
Hello,

I have the Traffic Shaper configured on my OPNsense box, but I think its a generic/general setup, no specific setup for say giving higher bandwidth for video streaming or gaming, is there any guide out there or any advice from someone on how to achieve this?

Thanks in advance.
#6
24.7, 24.10 Legacy Series / MultiWAN - Need help specifying the outgoing WAN IP for LAN clients
October 17, 2024, 10:40:52 PM
Hi,

As the title says, I have 2 WAN interfaces grouped in 1 group which I use as my gateway for my firewall rules & its fine.

It's just that sometimes my WAN IP is WAN1 and sometimes its WAN2.

How to make it that all LAN clients use the outgoing WAN1 IP while still retain the combination speed of both?

Thanks!
#7
24.7, 24.10 Legacy Series / Inter-VLAN routing - Help needed
October 06, 2024, 10:37:58 AM
Hello,

Here is my setup:

Proxmox with OpnSense with 3 NICS (bridged)
NIC1: WAN1
NIC2: LAN
NIC3: WAN2

I have OpnSense configured with the LAN interface (192.168.4.1)

I have Multi-WAN configured grouped in WAN_GRP and I have the firewall rules set any-any default gateway WAN_GRP & a DNS rule in firewall above the any-any to allow UDP/DNS requests

I have 2 VLANS (192.168.3.1 - named "muffin") & (192.168.2.1) VLAN 30 & VLAN 20 respectively on a managed Linksys switch.

I am able from management interface to talk with all VLANs

What I want to do is to have the VLANs talk with each others, i'm unable to achieve that.

VLAN 30 is able to ping the 192.168.4.1 gateway but not devices in it.

I dont have block private networks checked on any of the LAN/VLAN interfaces.

Attached are my rules, i'd appreciate any help please.
Pages1