Topics

Hi all,
when downloading big files from internet the firewall's CPU goes to 90 - 100% on APU2C4 (with Intel network cards).

SYSTEM: DIAGNOSTICS: ACTIVITY
root   93   0   43M   28M   CPU2   2   795:57   76.86%   /usr/local/bin/python3 /usr/local/opnsense/scripts/netflow/flowd_aggregate.py (python3.9)

I've read many topic (eg. https://forum.opnsense.org/index.php?topic=31999.0), tried to clear logs and disable Netflow but no luck.
Any ideas?

Hi all!
I need to block printer discovery from VLAN to LAN. I've set a rule that blocks all traffic from VLAN5 net to LAN net that is working. But if I try to add a printer using wizard in Win10 PC from VLAN5, it shows a printer in LAN and I can print.
How can I do?
Thanks in advance!

[OR Wireguard (Group) net]

Hi everyone!
I'm trying to set a rule to block traffic from specific VLAN to a Wireguard subnet but doesn't work.

Action: Block
Interface: VLAN5
TCP version: IPv4+6
Protocol: any
Source: VLAN5 net
Destination: WG5 net OR Wireguard (Group) net

Setting destination to specific WG5 host or LAN subnet works. It's because of LAN address is set in Interfaces? I had also created WG5 interface (without any address configuration).
How can I set to block entire subnet? With alias?
Thanks in advance!

It should be possible to share internet bandwidth among users evenly AND prioritize certain type of traffic?
If in Queues I have 2 queues, one for download ad one for upload with the same weight of 100, is it correct to create other 2 queues (dl/ul for example for https or VOIP) and 2 new rules that refer to those? Them should be placed before the current rules of shaping?
Thanks all

After upgrade to latest version 21.1.3_3-amd64, the WOL widget on dashboard isnt' working properly, It does nothing.
In Services - Wake on Lan it works, so it looks like a problem with wigdet.
I've already tried to remove/add widget.
Does anyone have this behavior?

Hello,
some months ago I set up in OPNsense a mail alert system with ntopng and Postfix.
The emails had my public IP in the subject line and all was working fine.
After setting up a secondary internet connection, now the subject reports the secondary IP (DHCP) instead of the primary one (PPPOE connection - public IP).
How can I set back external IP of my primary internet connection in the subject line?
I've tried with option smtp_bind_address but no luck.
And another problem is if I set something in Services/Postfix/General - System Hostname or System Domain,
I continue to receive emails with hostname-domain set in System/Settings/General Hostname and Domain, not the ones I set.
Changes made in gui are written correctly in /usr/local/etc/postfix/main.cf but seems that are ignored.
Now emails arrive with secondary IP and hostname.domain in subject line
[opnsense.domain@192.168.15.1] instead of [firewall.test@external-IP]

Thanks in advance for those who want to help me

Hi all :),
I'd like to know if is it possible to schedule sending a mail with an Insight report every day (like "Export" function in web page), or if I must use ntop for this...
Or in any case what is the best practice for traffic log, offering Wi-Fi access in B&B with 1 or 2 access point, to give all possible informations in case of request from the authorities (IP, MAC address, history of connection)?
Thank you all!

Hello,
I'd like to set an order of shutdown services because of ntopng generate an alert of anomalous termination.
I think it's related to a key in redis (see here https://github.com/ntop/ntopng/issues/1896).
If I manually stop ntopng service from dashboard and reboot OPNsense, I didn't have any error.
If I reboot normally, notpng generates an error: ...[Error][Process] Started after anomalous termination (bug report) ntopng v.3.8.190910...

Thank you

Hello,
is there a way to export configuration from ntopng?
Gear - Backup Configuration returns a blank page with 2 square brackets. It points to https://OPNsenseIP:port/lua/get_config.lua

OPNsense 19.7.4_1-amd64
ntopng Community Edition v.3.8.190910

Thank you

Hi,
in System-Trust-Revocation the column "In use" is intended for the revocation list itself?
Is there a way to delete a CRL?
Regards

Hello, I'm trying to write the image OPNsense-16.1-OpenSSL-nano-i386.img on a new Compact Flash Kingston CF/4G for use with Alix 2d3 (256 MB, low memory I know...) but it doesn't fit.

Windows: physdiskwrite -u OPNsense-16.1-OpenSSL-nano-i386.img
WARNING: that disk is larger than 2 GB! Make sure you're not accidentally overwriting your primary hard disk! Proceeding on your own risk...
About to overwrite the contents of disk 3 with new data. Proceed? (y/n) y
3997163520/4294967295 bytes writtenWrite error after 3997163520 bytes.

Ubuntu: sudo dd  if=OPNsense-16.1-OpenSSL-nano-i386.img of=/dev/sdb bs=16k
dd: errore scrivendo "/dev/sdb": Spazio esaurito sul device
243968+0 record dentro
243967+0 record fuori
3997163520 byte (4,0 GB) copiati, 384,21 s, 10,4 MB/s

is there a way to force it or can I use other installation images? It is possible to resize the image?
Thank you and congratulation for your great project!

Hi, is there a way to block navigation on wan to a specific mac address? I don't find anything, eg. in firewall rule I can only set an IP address...

How can I replicate in OPNsense the simply QoS feature "Share bandwidth evenly on lan" that was in old great M0n0wall?
For a 10Mbit ADSL I tried these values in "Firewall - Traffic Shaper":

Pipe:
bandwith: 9Mbit/s
mask: destination

Rule:
sequence: 1
interface: wan
proto: ip
source: any
src-port: any
destination: any
dst-port: any
direction: both
target: name of pipe previously created

But results aren't great...
Does anyone know how and what set properly?

Hello, in regard of proxy (transparent mode), it should block navigation if I set in blacklist a specific website. In fact it blocks only HTTP, not HTTPS. How can I set it right?
PS: Is it possible without proxy?
Thank you

Hello everyone, this is my first post.
First of all, compliments for the great job you're making for this project!!
I've already searched in the forum but unfortunately I didn't find the answer.
So, this is my question: is in your plans implementing a feature for simply caching Windows Updates like IPFire (see http://wiki.ipfire.org/en/configuration/network/update-booster)?
In my lab there are many PCs (for repairing - no AD), when Windows Update starts internet connection slows down, a simply web page can take 1-2 mins to load. I think it could be helpful for everyone that doesn't have a good internet connection. If not possible, can you tell me a solution for this?
I've tried http://wiki.squid-cache.org/SquidFaq/WindowsUpdate with pfSense, but IPFire's solution is much better and ready to use...
Hope to see that in OPNsense, and sorry for my bad english...  :D
Thank you