Topics

1

20.7 Legacy Series / Hyper-V install fails Gen2 (UEFI) VM

« on: August 06, 2020, 05:49:09 am »

Hiya,

When I attempt to install 20.7 into a gen2 VM even with secure boot disabled I cannot get passed the guided/advanced install menu. My keyboard simply will not function. I cannot drop to shell or otherwise interact with it via console. The live environment including GUI however works the entire time (though with perceived increase in CPU usage judging by the GUI).

However I do not run into this issue in a gen1 VM.

Further if I create a gen2 VM after installation and attach the VHD created it will boot without issue.

Just figured id let anyone know.

2

18.1 Legacy Series / SQM CODEL

« on: January 21, 2018, 05:52:16 am »

I was looking into helping some buffer issues I am having and came across this thread from 2016 https://forum.opnsense.org/index.php?topic=2279.0 I was wondering if this was fully implemented? It seemed to drop off as a beta add on pending FreeBSD 11.1 baked it in fully.

3

17.7 Legacy Series / Disconnects about an hour after update/boot

« on: August 05, 2017, 03:56:51 am »

Current running system

OPNsense 17.7.r2-amd64
FreeBSD 11.0-RELEASE-p10
OpenSSL 1.0.2l 25 May 2017

Update available via builtin update

Code: [Select]

bsdinstaller 17.7.r_2 17.7 upgrade
ldns 1.7.0 1.7.0_1 upgrade
opnsense 17.7.r2 17.7 upgrade
opnsense-lang 17.7.r2 17.7 upgrade
opnsense-update 17.7.r1 17.7 upgrade
strongswan 5.5.2 5.5.3 upgrade
unbound 1.6.4 1.6.4_1 upgrade
 
My server runs in hyper-V on a dedicated NIC that is not transparent to the OS. After running the update to the above changes I lose WAN but not LAN. However it might be more than DNS I cannot ping direct IPs either. If I reboot the unit it works fine for around an hour or so then stops again.

I have since recovered the VM via a backup to the version in the first line and everything appears to be working correctly.

If I can be of any assistance please let me know.

4

17.1 Legacy Series / Local DNS server failure

« on: December 10, 2016, 08:02:54 am »

When attempting to use a DNS server on my LAN as the primary DNS server the whole network loses connection. A reboot does not fix the issue.

However if the DNS server is set on the client. Than the network works fine. Not sure where I should start looking?

I already have DNS rebind set to off.

I have seen this in the error logs. This is the IP of my DNS server.

Code: [Select]

opnsense: /system_general.php: The command '/sbin/route delete -host 10.0.0.19' returned exit code '1', the output was 'route: route has not been found delete host 10.0.0.19 fib 0: not in table'

Basically. I have an adnetwork filter based off of DNS.

On the remote DNS server (which is on my LAN)
I have the IP statically set.
I have the default gateway the IP of the router.
I have the DNS server IP set to Google & Level3 Communications.

If I set the DNS server under Settings>General in opnsense I lose ALL network connectivity.

However; If I manually take a PC and set it to use the DNS server everything works correctly and ads are filtered.

I wanted the router to simply use this local DNS server because its a pain to set DNS on all members of the network. I initially thought this might be a drop because of a detected DNS rebind attack, however I ran my own DNS server previously and that was still disabled.

I dont really know where to begin debugging this.

OPNsense 17.1.a_878-amd64
FreeBSD 11.0-RELEASE-p2
OpenSSL 1.0.2j 26 Sep 2016

5

17.1 Legacy Series / UPnP issue

« on: October 11, 2016, 01:45:44 am »

Attempting to get rid of restriction problems on the consoles in the house I have finally narrowed it down to an issue with UPnP on this build. I ran into a thread here https://forum.opnsense.org/index.php?topic=3469.0 that seemed to have the issue. I reinstalled miniupnpd in an attempt to fix it myself. During completion I get this message in the console readout.

For this daemon to work, you must modify your pf rules to add an anchor
in both the NAT and rules section.  Both must be called 'miniupnpd'.
Example:

# NAT section
# UPnPd rdr anchor
rdr-anchor "miniupnpd"

# Rules section
# uPnPd rule anchor
anchor "miniupnpd"
***DONE***

I am unsure if this is still needed since I saw no reference to this step in the thread mentioned before. I also am not clear on exactly the message is trying to have me do. My current build is.

OPNsense 17.1.a_410-amd64
FreeBSD 10.3-RELEASE-p9
OpenSSL 1.0.2j 26 Sep 2016

Any ideas on what I can attempt next?

6

16.7 Legacy Series / Support List of WIFI cards?

« on: April 17, 2016, 04:29:35 am »

Im using the 16.7 alpha and the HBSD kernel. Im trying to get my intel wifi card to work as wifi. I have an AP which works great actually, I'm just trying to get experience configuring them, because you never know. Unfortunately while I can see my NIC enabling it is a different beast entirely, I cannot set it to access point mode. It seems only capable of finding other networks.

7

16.1 Legacy Series / Best "Generalized" Rulset for Suricata?

« on: January 24, 2016, 06:15:54 pm »

Is there a decent list of what should be enabled generally speaking for an installation?

8

15.7 Legacy Series / [SOLVED] New build CPU usage constantly at 25%?

« on: September 24, 2015, 03:26:00 am »

Updated today and now running

OPNsense 15.7_1018-amd64   
FreeBSD 10.2-RELEASE-p1   
LibreSSL 2.2.3

however after the initial and subsequent (2) reboots of the router the CPU usage is sitting at 25% the router itself is running an i3-4130 but it is running warm now with the constant usage. Unfortunetely I am unable to find the process doing it?

Code: [Select]

last pid: 46927;  load averages:  1.21,  1.16,  1.10  up 0+04:47:08    21:25:47
127 processes: 6 running, 101 sleeping, 20 waiting

Mem: 134M Active, 248M Inact, 232M Wired, 308K Cache, 125M Buf, 7211M Free
Swap:


  PID USERNAME   PRI NICE   SIZE    RES STATE   C   TIME    WCPU COMMAND
   19 root       -16 ki-1     0K    16K CPU2    2 286:23 100.00% [idlepoll]
   11 root       155 ki31     0K    64K CPU1    1 174:53  77.98% [idle{idle: cp
   11 root       155 ki31     0K    64K CPU3    3 172:00  73.88% [idle{idle: cp
   11 root       155 ki31     0K    64K RUN     2 170:11  73.88% [idle{idle: cp
   11 root       155 ki31     0K    64K RUN     0 163:23  72.85% [idle{idle: cp
40278 root        20    0   389M   260M uwait   0  20:56   1.66% /usr/local/bin
40278 root        20    0   389M   260M uwait   2  46:23   1.46% /usr/local/bin
19426 root        52    0   130M 30512K piperd  0   0:02   0.98% /usr/local/bin
 2691 root        20    0 56708K  7164K kqread  3   0:01   0.68% /usr/local/sbi
40278 root        20    0   389M   260M uwait   1   1:09   0.10% /usr/local/bin
40278 root        20    0   389M   260M uwait   0  39:37   0.00% /usr/local/bin
40278 root        20    0   389M   260M uwait   2  19:20   0.00% /usr/local/bin
40278 root        20    0   389M   260M uwait   3  18:24   0.00% /usr/local/bin
40278 root        20    0   389M   260M uwait   2  12:54   0.00% /usr/local/bin
40278 root        20    0   389M   260M bpf     2   7:18   0.00% /usr/local/bin
40278 root        20    0   389M   260M bpf     2   7:16   0.00% /usr/local/bin
   12 root       -72    -     0K   320K WAIT    2   4:59   0.00% [intr{swi1: ne
   15 root       -16    -     0K    16K -       3   1:37   0.00% [rand_harvestq


The cores show the usage but the processes dont represent the missing %?

9

15.7 Legacy Series / [SOLVED] Email and log alerts for dynamic DNS

« on: September 06, 2015, 03:27:53 am »

cant seem to tell the difference.

I use freeDNS (thanks for supporting this!!) The services page seems to understand this.

Code: [Select]

WAN freeDNS
however the email system (COOL FEATURE) says this

Code: [Select]

DynDNS updated IP Address on WAN (re1) to
and the logs indicate this

Code: [Select]

opnsense: /usr/local/etc/rc.dyndns.update: phpDynDNS (www): (Success) No Change In IP Address
Not a big deal just not sure if anyone reported it. It seems teh script or implimentation was originally statically named for dyndns and as such it reports that dynDNS succeeded but the services page itself seems to know what you are using and what you have selected but the alert text for the logs and email systems do not replicate this change.

10

15.7 Legacy Series / [Solved] IDS auto update not working

« on: August 30, 2015, 04:52:40 pm »

First Id like to start with my build data

OPNsense 15.7_824-amd64   
FreeBSD 10.2-RELEASE-p1   
LibreSSL 2.2.2

My issue however also happened on 10.1 and the vanilla 15.7.X build. though since iv upgraded I have forgotten my sub version number.

My issue is that the IDS rules do not auto update. Attached is the configuration I would like to use. A standard check once a day. However when going into my IDS today I noticed they have not been updated since the 27th. before my upgrade to both 10.2 and _824. I then went and modified the schedule to update in 1 minute intervals for testing. After about 5 the rules still had not updated. I am hoping this is some kind of configuration issue. Does anyone have any insight?

11

15.7 Legacy Series / Logfile size self deletion?

« on: August 16, 2015, 01:58:40 am »

Hi! I have recently installed OPNsense and currently over the 20 hours it has been running I have 11GB of log files. My SSD is only 32GB when I go into settings the feild for log file size is blank. I dont mind it using the space (not much else to use it for really) but will this start to cause issues as the drive gets mroe full? will opnsense have enough space provisioned for updates via another partitions? will old logs be deleted to make room for new logs?

do I have a problem I should correct?

12

General Discussion / Hey everyone new here cant wait to start!

« on: August 07, 2015, 04:20:28 am »

Hi everyone! its taken months too get signed up entered the wrong email for activation and only recently found the link to fix that lol oops.

I have to say I love the project! I am very excited to dive into opnsense and I am super happy (mostly because I was specifically waiting for) that an IDS has been implemented and is now default on WAN (THANK YOU!) With my excitement to dive in I made have made a mistake. I hope this is ok to ask here if not please show me to the road to hardware compatibility. I bought a bare bones machine with DUAL NICs the chipsets are Realtek 8111Gs unfortunately I didn't realize Realtek was pretty much taboo for BSD.

 That said since its a home I am not too worried about performance degradation ATM I will replace if necessary of course. My question is opnsense compatible with the 8111G chips? I have seen issues googling. Most were found in posts dated from 2013 in the pfsense forums. promising implementation in 10 alpha. I was just wondering if any version of opnsense currently or in the future supports these before I attempt to cancel the order or return it.

Thanks much! can't wait to get started!!