Topics

1

23.7 Legacy Series / High CPU usage when downloading

« on: November 23, 2023, 08:56:32 pm »

Hi all,
when downloading big files from internet the firewall's CPU goes to 90 - 100% on APU2C4 (with Intel network cards).

SYSTEM: DIAGNOSTICS: ACTIVITY
root   93   0   43M   28M   CPU2   2   795:57   76.86%   /usr/local/bin/python3 /usr/local/opnsense/scripts/netflow/flowd_aggregate.py (python3.9)

I've read many topic (eg. https://forum.opnsense.org/index.php?topic=31999.0), tried to clear logs and disable Netflow but no luck.
Any ideas?

2

23.7 Legacy Series / WSD and Bonjour service block

« on: September 28, 2023, 04:42:05 pm »

Hi all!
I need to block printer discovery from VLAN to LAN. I've set a rule that blocks all traffic from VLAN5 net to LAN net that is working. But if I try to add a printer using wizard in Win10 PC from VLAN5, it shows a printer in LAN and I can print.
How can I do?
Thanks in advance!

3

23.7 Legacy Series / VLAN rule

« on: September 28, 2023, 04:32:23 pm »

Hi everyone!
I'm trying to set a rule to block traffic from specific VLAN to a Wireguard subnet but doesn't work.

Action: Block
Interface: VLAN5
TCP version: IPv4+6
Protocol: any
Source: VLAN5 net
Destination: WG5 net OR Wireguard (Group) net

Setting destination to specific WG5 host or LAN subnet works. It's because of LAN address is set in Interfaces? I had also created WG5 interface (without any address configuration).
How can I set to block entire subnet? With alias?
Thanks in advance!

4

21.1 Legacy Series / Traffic shaping

« on: March 21, 2021, 07:35:15 pm »

It should be possible to share internet bandwidth among users evenly AND prioritize certain type of traffic?
If in Queues I have 2 queues, one for download ad one for upload with the same weight of 100, is it correct to create other 2 queues (dl/ul for example for https or VOIP) and 2 new rules that refer to those? Them should be placed before the current rules of shaping?
Thanks all

5

21.1 Legacy Series / WOL Dashboard widget

« on: March 21, 2021, 07:04:41 pm »

After upgrade to latest version 21.1.3_3-amd64, the WOL widget on dashboard isnt' working properly, It does nothing.
In Services - Wake on Lan it works, so it looks like a problem with wigdet.
I've already tried to remove/add widget.
Does anyone have this behavior?

6

20.1 Legacy Series / Postfix configuration

« on: March 27, 2020, 02:26:48 am »

Hello,
some months ago I set up in OPNsense a mail alert system with ntopng and Postfix.
The emails had my public IP in the subject line and all was working fine.
After setting up a secondary internet connection, now the subject reports the secondary IP (DHCP) instead of the primary one (PPPOE connection - public IP).
How can I set back external IP of my primary internet connection in the subject line?
I've tried with option smtp_bind_address but no luck.
And another problem is if I set something in Services/Postfix/General - System Hostname or System Domain,
I continue to receive emails with hostname-domain set in System/Settings/General Hostname and Domain, not the ones I set.
Changes made in gui are written correctly in /usr/local/etc/postfix/main.cf but seems that are ignored.
Now emails arrive with secondary IP and hostname.domain in subject line
[opnsense.domain@192.168.15.1] instead of [firewall.test@external-IP]

Thanks in advance for those who want to help me

7

20.1 Legacy Series / Access log B&B and hotel Wi-Fi

« on: February 27, 2020, 04:35:31 pm »

Hi all ,
I'd like to know if is it possible to schedule sending a mail with an Insight report every day (like "Export" function in web page), or if I must use ntop for this...
Or in any case what is the best practice for traffic log, offering Wi-Fi access in B&B with 1 or 2 access point, to give all possible informations in case of request from the authorities (IP, MAC address, history of connection)?
Thank you all!

8

General Discussion / Order shutdown

« on: October 08, 2019, 09:57:27 am »

Hello,
I'd like to set an order of shutdown services because of ntopng generate an alert of anomalous termination.
I think it's related to a key in redis (see here https://github.com/ntop/ntopng/issues/1896).
If I manually stop ntopng service from dashboard and reboot OPNsense, I didn't have any error.
If I reboot normally, notpng generates an error: ...[Error][Process] Started after anomalous termination (bug report) ntopng v.3.8.190910...

Thank you

9

General Discussion / Backup configuration ntopng

« on: October 08, 2019, 09:38:54 am »

Hello,
is there a way to export configuration from ntopng?
Gear - Backup Configuration returns a blank page with 2 square brackets. It points to https://OPNsenseIP:port/lua/get_config.lua

OPNsense 19.7.4_1-amd64
ntopng Community Edition v.3.8.190910

Thank you

10

19.7 Legacy Series / Revocation List

« on: August 08, 2019, 02:26:56 am »

Hi,
in System-Trust-Revocation the column "In use" is intended for the revocation list itself?
Is there a way to delete a CRL?
Regards

11

16.1 Legacy Series / CF image

« on: February 24, 2016, 12:39:40 am »

Hello, I'm trying to write the image OPNsense-16.1-OpenSSL-nano-i386.img on a new Compact Flash Kingston CF/4G for use with Alix 2d3 (256 MB, low memory I know...) but it doesn't fit.

Windows: physdiskwrite -u OPNsense-16.1-OpenSSL-nano-i386.img
WARNING: that disk is larger than 2 GB! Make sure you're not accidentally overwriting your primary hard disk! Proceeding on your own risk...
About to overwrite the contents of disk 3 with new data. Proceed? (y/n) y
3997163520/4294967295 bytes writtenWrite error after 3997163520 bytes.

Ubuntu: sudo dd  if=OPNsense-16.1-OpenSSL-nano-i386.img of=/dev/sdb bs=16k
dd: errore scrivendo "/dev/sdb": Spazio esaurito sul device
243968+0 record dentro
243967+0 record fuori
3997163520 byte (4,0 GB) copiati, 384,21 s, 10,4 MB/s

is there a way to force it or can I use other installation images? It is possible to resize the image?
Thank you and congratulation for your great project!

12

General Discussion / [SOLVED] Block mac address

« on: October 11, 2015, 02:18:51 pm »

Hi, is there a way to block navigation on wan to a specific mac address? I don't find anything, eg. in firewall rule I can only set an IP address...

13

General Discussion / Shared bandwidth

« on: October 01, 2015, 04:21:55 pm »

How can I replicate in OPNsense the simply QoS feature "Share bandwidth evenly on lan" that was in old great M0n0wall?
For a 10Mbit ADSL I tried these values in "Firewall - Traffic Shaper":

Pipe:
bandwith: 9Mbit/s
mask: destination

Rule:
sequence: 1
interface: wan
proto: ip
source: any
src-port: any
destination: any
dst-port: any
direction: both
target: name of pipe previously created

But results aren't great...
Does anyone know how and what set properly?

14

General Discussion / Website blacklist

« on: September 28, 2015, 06:11:46 pm »

Hello, in regard of proxy (transparent mode), it should block navigation if I set in blacklist a specific website. In fact it blocks only HTTP, not HTTPS. How can I set it right?
PS: Is it possible without proxy?
Thank you

15

General Discussion / Windows Updates caching

« on: September 23, 2015, 05:35:37 pm »

Hello everyone, this is my first post.
First of all, compliments for the great job you're making for this project!!
I've already searched in the forum but unfortunately I didn't find the answer.
So, this is my question: is in your plans implementing a feature for simply caching Windows Updates like IPFire (see http://wiki.ipfire.org/en/configuration/network/update-booster)?
In my lab there are many PCs (for repairing - no AD), when Windows Update starts internet connection slows down, a simply web page can take 1-2 mins to load. I think it could be helpful for everyone that doesn't have a good internet connection. If not possible, can you tell me a solution for this?
I've tried http://wiki.squid-cache.org/SquidFaq/WindowsUpdate with pfSense, but IPFire's solution is much better and ready to use...
Hope to see that in OPNsense, and sorry for my bad english... 
Thank you