Topics

Hello, I was wondering if anyone else has had issues installing via the serial image in UEFI mode?

OPNsense-24.1-serial-amd64.img

DEC740

The console died loading ax0 and ax1. It stops responding. Though it does not disconnect my session.

I did some digging and came to the conclusion the following issue may be DNS related.

However; after changing the upstream DNS server: System > Settings > General and several restarts of the router later my DEC740 doesnt appear to be able to contact the mirror.

I assumed this was because the business version may be running "behind" for stability as I am on 23.1.1 community after a fresh install. Looking at the print out though it shows a searched version higher than what I am on.

Code Select Expand

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 23.1.1_2 at Sun Feb 26 13:13:28 PST 2023
Fetching subscription information, please wait... done
Fetching changelog information, please wait... fetch: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:13:amd64/23.4/sets/changelog.txz: Not Found
Updating OPNsense repository catalogue...
pkg: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:13:amd64/23.4/latest/meta.txz: Not Found
repository OPNsense has no meta file, using default settings
pkg: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:13:amd64/23.4/latest/packagesite.pkg: Not Found
pkg: https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:13:amd64/23.4/latest/packagesite.txz: Not Found
Unable to update repository OPNsense
Error updating repositories!
pkg: Repository OPNsense cannot be opened. 'pkg update' required
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***

Is this me or the mirror? Is there anything I can do? It seems that rather than DNS it cant fetch some manifest file.

This is the health check:

Code Select Expand

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 23.1.1_2 at Sun Feb 26 13:20:18 PST 2023
>>> Check installed kernel version
Version 23.1.1 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 23.1.1 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense
>>> Check installed plugins
os-etpro-telemetry 1.6_1
os-theme-cicada 1.32
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 66 dependencies to check.
Checking packages: .
beep-1.0_1 has no upstream equivalent
Checking packages: .
ca_root_nss-3.88.1 has no upstream equivalent
Checking packages: .
choparp-20150613 has no upstream equivalent
Checking packages: .
cpustats-0.1 has no upstream equivalent
Checking packages: .
dhcp6c-20200512_1 has no upstream equivalent
Checking packages: .
dnsmasq-2.89,1 has no upstream equivalent
Checking packages: .
dpinger-3.3 has no upstream equivalent
Checking packages: .
expiretable-0.6_2 has no upstream equivalent
Checking packages: .
filterlog-0.6 has no upstream equivalent
Checking packages: .
flock-2.37.2 has no upstream equivalent
Checking packages: .
flowd-0.9.1_3 has no upstream equivalent
Checking packages: .
hostapd-2.10_5 has no upstream equivalent
Checking packages: .
ifinfo-13.0 has no upstream equivalent
Checking packages: .
iftop-1.0.p4 has no upstream equivalent
Checking packages: .
isc-dhcp44-relay-4.4.3P1 has no upstream equivalent
Checking packages: .
isc-dhcp44-server-4.4.3P1 has no upstream equivalent
Checking packages: .
lighttpd-1.4.68 has no upstream equivalent
Checking packages: .
monit-5.32.0 has no upstream equivalent
Checking packages: .
mpd5-5.9_13 has no upstream equivalent
Checking packages: .
ntp-4.2.8p15_5 has no upstream equivalent
Checking packages: .
openssh-portable-9.1.p1,1 has no upstream equivalent
Checking packages: .
openssl-1.1.1t,1 has no upstream equivalent
Checking packages: .
openvpn-2.5.8 has no upstream equivalent
Checking packages: .
opnsense-23.1.1_2 has no upstream equivalent
Checking packages: .
opnsense-installer-23.1 has no upstream equivalent
Checking packages: .
opnsense-lang-22.7.3 has no upstream equivalent
Checking packages: .
opnsense-update-23.1.1 has no upstream equivalent
Checking packages: .
pam_opnsense-19.1.3 has no upstream equivalent
Checking packages: .
pftop-0.8_2 has no upstream equivalent
Checking packages: .
php81-ctype-8.1.15 has no upstream equivalent
Checking packages: .
php81-curl-8.1.15 has no upstream equivalent
Checking packages: .
php81-dom-8.1.15 has no upstream equivalent
Checking packages: .
php81-filter-8.1.15 has no upstream equivalent
Checking packages: .
php81-gettext-8.1.15 has no upstream equivalent
Checking packages: .
php81-google-api-php-client-2.4.0 has no upstream equivalent
Checking packages: .
php81-ldap-8.1.15 has no upstream equivalent
Checking packages: .
php81-pdo-8.1.15 has no upstream equivalent
Checking packages: .
php81-pecl-radius-1.4.0b1_2 has no upstream equivalent
Checking packages: .
php81-phalcon-5.1.4 has no upstream equivalent
Checking packages: .
php81-phpseclib-3.0.18 has no upstream equivalent
Checking packages: .
php81-session-8.1.15 has no upstream equivalent
Checking packages: .
php81-simplexml-8.1.15 has no upstream equivalent
Checking packages: .
php81-sockets-8.1.15 has no upstream equivalent
Checking packages: .
php81-sqlite3-8.1.15 has no upstream equivalent
Checking packages: .
php81-xml-8.1.15 has no upstream equivalent
Checking packages: .
php81-zlib-8.1.15 has no upstream equivalent
Checking packages: .
pkg-1.18.4 has no upstream equivalent
Checking packages: .
py39-Jinja2-3.1.2 has no upstream equivalent
Checking packages: .
py39-dnspython-2.2.1_1,1 has no upstream equivalent
Checking packages: .
py39-duckdb-0.6.1 has no upstream equivalent
Checking packages: .
py39-netaddr-0.8.0 has no upstream equivalent
Checking packages: .
py39-numpy-1.23.5_2,1 has no upstream equivalent
Checking packages: .
py39-pandas-1.5.3,1 has no upstream equivalent
Checking packages: .
py39-requests-2.28.2 has no upstream equivalent
Checking packages: .
py39-sqlite3-3.9.16_7 has no upstream equivalent
Checking packages: .
py39-ujson-5.0.0 has no upstream equivalent
Checking packages: .
py39-vici-5.9.9 has no upstream equivalent
Checking packages: .
radvd-2.19_1 has no upstream equivalent
Checking packages: .
rrdtool-1.8.0_2 has no upstream equivalent
Checking packages: .
samplicator-1.3.8.r1_1 has no upstream equivalent
Checking packages: .
squid-5.7 has no upstream equivalent
Checking packages: .
strongswan-5.9.9_1 has no upstream equivalent
Checking packages: .
sudo-1.9.12p2 has no upstream equivalent
Checking packages: .
suricata-6.0.9_1 has no upstream equivalent
Checking packages: .
syslog-ng-3.38.1 has no upstream equivalent
Checking packages: .
unbound-1.17.1_2 has no upstream equivalent
Checking packages: .
wpa_supplicant-2.10_6 has no upstream equivalent
Checking packages: .
zip-3.0_1 has no upstream equivalent
***DONE***

Hello! long time no see.

I ran my own SFF pc with opnsense for a long time, some VMs still. I donated from time to time, but with the fans failing in my SFF I decided to purchase a DEC740 to further support the project.

I am picky about making sure I am upto date though. Are there updates or resources to download and flash the hardware's BIOS?

Hiya,

When I attempt to install 20.7 into a gen2 VM even with secure boot disabled I cannot get passed the guided/advanced install menu. My keyboard simply will not function. I cannot drop to shell or otherwise interact with it via console. The live environment including GUI however works the entire time (though with perceived increase in CPU usage judging by the GUI).

However I do not run into this issue in a gen1 VM.

Further if I create a gen2 VM after installation and attach the VHD created it will boot without issue.

Just figured id let anyone know.

I was looking into helping some buffer issues I am having and came across this thread from 2016 https://forum.opnsense.org/index.php?topic=2279.0 I was wondering if this was fully implemented? It seemed to drop off as a beta add on pending FreeBSD 11.1 baked it in fully.

Current running system

OPNsense 17.7.r2-amd64
FreeBSD 11.0-RELEASE-p10
OpenSSL 1.0.2l 25 May 2017

Update available via builtin update

Code Select Expand

bsdinstaller 17.7.r_2 17.7 upgrade
ldns 1.7.0 1.7.0_1 upgrade
opnsense 17.7.r2 17.7 upgrade
opnsense-lang 17.7.r2 17.7 upgrade
opnsense-update 17.7.r1 17.7 upgrade
strongswan 5.5.2 5.5.3 upgrade
unbound 1.6.4 1.6.4_1 upgrade


My server runs in hyper-V on a dedicated NIC that is not transparent to the OS. After running the update to the above changes I lose WAN but not LAN. However it might be more than DNS I cannot ping direct IPs either. If I reboot the unit it works fine for around an hour or so then stops again.

I have since recovered the VM via a backup to the version in the first line and everything appears to be working correctly.

If I can be of any assistance please let me know.

When attempting to use a DNS server on my LAN as the primary DNS server the whole network loses connection. A reboot does not fix the issue.

However if the DNS server is set on the client. Than the network works fine. Not sure where I should start looking?

I already have DNS rebind set to off.

I have seen this in the error logs. This is the IP of my DNS server.

Code Select Expand


opnsense: /system_general.php: The command '/sbin/route delete -host 10.0.0.19' returned exit code '1', the output was 'route: route has not been found delete host 10.0.0.19 fib 0: not in table'


Basically. I have an adnetwork filter based off of DNS.

On the remote DNS server (which is on my LAN)
I have the IP statically set.
I have the default gateway the IP of the router.
I have the DNS server IP set to Google & Level3 Communications.

If I set the DNS server under Settings>General in opnsense I lose ALL network connectivity.

However; If I manually take a PC and set it to use the DNS server everything works correctly and ads are filtered.

I wanted the router to simply use this local DNS server because its a pain to set DNS on all members of the network. I initially thought this might be a drop because of a detected DNS rebind attack, however I ran my own DNS server previously and that was still disabled.

I dont really know where to begin debugging this.

OPNsense 17.1.a_878-amd64
FreeBSD 11.0-RELEASE-p2
OpenSSL 1.0.2j 26 Sep 2016

Attempting to get rid of restriction problems on the consoles in the house I have finally narrowed it down to an issue with UPnP on this build. I ran into a thread here https://forum.opnsense.org/index.php?topic=3469.0 that seemed to have the issue. I reinstalled miniupnpd in an attempt to fix it myself. During completion I get this message in the console readout.

For this daemon to work, you must modify your pf rules to add an anchor
in both the NAT and rules section.  Both must be called 'miniupnpd'.
Example:

# NAT section
# UPnPd rdr anchor
rdr-anchor "miniupnpd"

# Rules section
# uPnPd rule anchor
anchor "miniupnpd"
***DONE***

I am unsure if this is still needed since I saw no reference to this step in the thread mentioned before. I also am not clear on exactly the message is trying to have me do. My current build is.

OPNsense 17.1.a_410-amd64
FreeBSD 10.3-RELEASE-p9
OpenSSL 1.0.2j 26 Sep 2016

Any ideas on what I can attempt next?

Im using the 16.7 alpha and the HBSD kernel. Im trying to get my intel wifi card to work as wifi. I have an AP which works great actually, I'm just trying to get experience configuring them, because you never know. Unfortunately while I can see my NIC enabling it is a different beast entirely, I cannot set it to access point mode. It seems only capable of finding other networks.

Is there a decent list of what should be enabled generally speaking for an installation?

Updated today and now running

OPNsense 15.7_1018-amd64   
FreeBSD 10.2-RELEASE-p1   
LibreSSL 2.2.3

however after the initial and subsequent (2) reboots of the router the CPU usage is sitting at 25% the router itself is running an i3-4130 but it is running warm now with the constant usage. Unfortunetely I am unable to find the process doing it?

Code Select Expand

last pid: 46927;  load averages:  1.21,  1.16,  1.10  up 0+04:47:08    21:25:47
127 processes: 6 running, 101 sleeping, 20 waiting

Mem: 134M Active, 248M Inact, 232M Wired, 308K Cache, 125M Buf, 7211M Free
Swap:


  PID USERNAME   PRI NICE   SIZE    RES STATE   C   TIME    WCPU COMMAND
   19 root       -16 ki-1     0K    16K CPU2    2 286:23 100.00% [idlepoll]
   11 root       155 ki31     0K    64K CPU1    1 174:53  77.98% [idle{idle: cp
   11 root       155 ki31     0K    64K CPU3    3 172:00  73.88% [idle{idle: cp
   11 root       155 ki31     0K    64K RUN     2 170:11  73.88% [idle{idle: cp
   11 root       155 ki31     0K    64K RUN     0 163:23  72.85% [idle{idle: cp
40278 root        20    0   389M   260M uwait   0  20:56   1.66% /usr/local/bin
40278 root        20    0   389M   260M uwait   2  46:23   1.46% /usr/local/bin
19426 root        52    0   130M 30512K piperd  0   0:02   0.98% /usr/local/bin
2691 root        20    0 56708K  7164K kqread  3   0:01   0.68% /usr/local/sbi
40278 root        20    0   389M   260M uwait   1   1:09   0.10% /usr/local/bin
40278 root        20    0   389M   260M uwait   0  39:37   0.00% /usr/local/bin
40278 root        20    0   389M   260M uwait   2  19:20   0.00% /usr/local/bin
40278 root        20    0   389M   260M uwait   3  18:24   0.00% /usr/local/bin
40278 root        20    0   389M   260M uwait   2  12:54   0.00% /usr/local/bin
40278 root        20    0   389M   260M bpf     2   7:18   0.00% /usr/local/bin
40278 root        20    0   389M   260M bpf     2   7:16   0.00% /usr/local/bin
   12 root       -72    -     0K   320K WAIT    2   4:59   0.00% [intr{swi1: ne
   15 root       -16    -     0K    16K -       3   1:37   0.00% [rand_harvestq



The cores show the usage but the processes dont represent the missing %?

cant seem to tell the difference.

I use freeDNS (thanks for supporting this!!) The services page seems to understand this.

Code Select Expand

WAN freeDNS

however the email system (COOL FEATURE) says this

Code Select Expand

DynDNS updated IP Address on WAN (re1) to

and the logs indicate this

Code Select Expand

opnsense: /usr/local/etc/rc.dyndns.update: phpDynDNS (www): (Success) No Change In IP Address

Not a big deal just not sure if anyone reported it. It seems teh script or implimentation was originally statically named for dyndns and as such it reports that dynDNS succeeded but the services page itself seems to know what you are using and what you have selected but the alert text for the logs and email systems do not replicate this change.

First Id like to start with my build data

OPNsense 15.7_824-amd64   
FreeBSD 10.2-RELEASE-p1   
LibreSSL 2.2.2

My issue however also happened on 10.1 and the vanilla 15.7.X build. though since iv upgraded I have forgotten my sub version number.

My issue is that the IDS rules do not auto update. Attached is the configuration I would like to use. A standard check once a day. However when going into my IDS today I noticed they have not been updated since the 27th. before my upgrade to both 10.2 and _824. I then went and modified the schedule to update in 1 minute intervals for testing. After about 5 the rules still had not updated. I am hoping this is some kind of configuration issue. Does anyone have any insight?

Hi! I have recently installed OPNsense and currently over the 20 hours it has been running I have 11GB of log files. My SSD is only 32GB when I go into settings the feild for log file size is blank. I dont mind it using the space (not much else to use it for really) but will this start to cause issues as the drive gets mroe full? will opnsense have enough space provisioned for updates via another partitions? will old logs be deleted to make room for new logs?

do I have a problem I should correct?

Hi everyone! its taken months too get signed up entered the wrong email for activation and only recently found the link to fix that lol oops.

I have to say I love the project! I am very excited to dive into opnsense and I am super happy (mostly because I was specifically waiting for) that an IDS has been implemented and is now default on WAN (THANK YOU!) With my excitement to dive in I made have made a mistake. I hope this is ok to ask here if not please show me to the road to hardware compatibility. I bought a bare bones machine with DUAL NICs the chipsets are Realtek 8111Gs unfortunately I didn't realize Realtek was pretty much taboo for BSD.

That said since its a home I am not too worried about performance degradation ATM I will replace if necessary of course. My question is opnsense compatible with the 8111G chips? I have seen issues googling. Most were found in posts dated from 2013 in the pfsense forums. promising implementation in 10 alpha. I was just wondering if any version of opnsense currently or in the future supports these before I attempt to cancel the order or return it.

Thanks much! can't wait to get started!!