Topics

Hi,

In the latest change log I found this entry: "openvpn: add unique daemon name to each instance"

I couldn't find anything about this change here, does anyone know what this is for?

Best regards,

Maarten

Hi, I've got a problem with aliases not being updated. The reason seems to be that the timestamp of it lies within the future.

Code Select Expand


/var/db/aliastables

-rw-r-----  1 root  wheel    32 Jan 14 13:54:39 2022 WebServers.md5.txt
-rw-r-----  1 root  wheel   250 Jan 14 13:54:39 2022 WebServers.self.txt
-rw-r-----  1 root  wheel   250 Jan 14 13:54:39 2022 WebServers.txt


What's the best approach to solve this? I can do a "touch"  to the file to give it the current timestamp, but I don't know if that's the way to go or even which of the 3 files to touch.

Best regards,

Maarten

Hi, I'm trying to configure a pipe larger than 2gbit, but anything I configure over 2.1gb causes problems. The Shaper status does not show queues/rules after it encounters the pipe over 2.1gb.

for example "ipfw queue show", doesn't show anything, if there is a pipe over 2.1gb

Best regards,

Maarten

(OPNsense 21.7.1-amd64) (I checked, but this is also the case with OPNsense 20.7)

[[You need to be logged in to see the attached picture...]]

Hi, it takes about 13 minutes for my router to boot up. This is the case for years now. I'm trying to find out how I can solve this, but I'm not sure where to start.

I've attached a screenshot of the part where it becomes really slow. (Red Arrows) Every line of "Reconfiguring IPv4 on ovpns" takes minutes to complete.

I've tried to boot with all openvpn server connections disabled. As expected the boot was fast. I've re-enabled the connections and the boot is slow again.

Is this a known issue?

[You need to be logged in to see the attached picture...]


[Edit 2021-10-28]
Apparently executing this command is taking a long time:

configctl interface newip ovpns5  (this is executed for every vpn server you've configured)

This command is fired from this script:
/usr/local/etc/rc.syshook.d/start/10-newwanip

I noticed the delay is there when you assign an interface to the vpn instance. If you remove the interface assignment there is no delay anymore. (but then your setup doesn't work of course)
[/Edit]

Hi,

Is there a way to change default row count shown in for rules and stuff? (see attached image)

Best regards,

Maarten

Hi,

After a reboot my PPPoE connection failed. It does not try to reconnect. This is the log after the reboot:

Interfaces: Point-to-Point: Log File

Date Line
2020-08-25T13:08:48   ppp[22102]: process 22102 terminated
2020-08-25T13:08:48   ppp[22102]: [opt1_link0] Link: Shutdown
2020-08-25T13:08:48   ppp[22102]: [opt1] Bundle: Shutdown
2020-08-25T13:08:48   ppp[22102]: [opt1] IPV6CP: state change Stopped --> Closed
2020-08-25T13:08:48   ppp[22102]: [opt1] IPV6CP: Close event
2020-08-25T13:08:48   ppp[22102]: [opt1] IFACE: Rename interface pppoe0 to pppoe0
2020-08-25T13:08:48   ppp[22102]: [opt1] IFACE: Down event
2020-08-25T13:08:48   ppp[22102]: [opt1] IFACE: Delete route 0.0.0.0/0 x.x.x.x failed: No such process
2020-08-25T13:08:48   ppp[22102]: [opt1] IPCP: LayerDown
2020-08-25T13:08:48   ppp[22102]: [opt1] IPCP: SendTerminateReq #4
2020-08-25T13:08:48   ppp[22102]: [opt1] IPCP: state change Opened --> Closing
2020-08-25T13:08:48   ppp[22102]: [opt1] IPCP: Close event
2020-08-25T13:08:48   ppp[22102]: [opt1] IFACE: Close event
2020-08-25T13:08:48   ppp[22102]: fatal error, exiting
2020-08-25T13:08:48   ppp[22102]: 0x449dc90e3c0 <_pthread_sigmask+0x530> at /lib/libthr.so.3
2020-08-25T13:08:48   ppp[22102]: 0x33f04957cd0 <SendSignal+0x50> at /usr/local/sbin/mpd5
2020-08-25T13:08:48   ppp[22102]: 0x33f04958129 <DoExit+0x289> at /usr/local/sbin/mpd5
2020-08-25T13:08:48   ppp[22102]: caught fatal signal ABRT

What can cause this to happen?

Best regards,

Maarten

Hi,

I'm running a multiwan setup and sometimes on a reboot the dpinger service is not started. This is obviously a pretty big problem, because the gateway is then not enabled.

1) Is there a way to see why this happened?
2) Should a service like this be monitored and started if it failed?

Hi,

I'm checking out the latest production version of OPNsense, and I notice I still can't use aliases. This would greatly enhance the usage of the shaper configuration. Setting up a shaper configuration for a slightly more advanced network is a pain a.t.m.

Is there any plan on implementing this feature?

Best regards,

Maarten

(old similar topic old version)
https://forum.opnsense.org/index.php?topic=5500.0

Hi,

I've got a few gateways where 2 of them actually are gateways to the internet. I've checked both these internet gateways as "Upstream Gateway", and assigned the appropriate priority. The Switching works fine, but if both of the internet gateways are down the next gateway inline is selected as default gateway, which is unwanted because the rest does not connect to the internet.

Where can I specify that the rest of the gateways cannot be selected as default gateway? I know I can make a fake gateway that is next inline that goes nowhere and mark that as always on, but that seems a bit messy to me.

Best regards,

Maarten

Hi,

I've got a problem when connecting sites together via policy routing.

I've connected my sites as shown in the attached image, and the problem is I can't ping from "Site B" to "Site C" and visa versa.
The Ping request does reach the host at "Site C", and the ping reply travels back over the tunnel, but "Site A" decides to route the ping reply over the default gateway instead of the tunnel to "Site B". This is the case in both directions. So the policy routing seems to be setup correctly.

What can be the problem here?

Hi,

I have 2 routers connected over openvpn. I use policy routing to route the subnets. If I run a ping from one host to a host on the other network and then reboot the router, at boot the router creates a wrong state.

This happens probably because the host is still pinging and the vpn is not yet online. It is not always the case, but, when I have 3 pings to separate hosts, usually 1 or 2 do not reply untill I do a State table reset.

Is this a known issue?

Best regards,

Maarten

OPNsense 18.1.13-amd64
FreeBSD 11.1-RELEASE-p11
OpenSSL 1.0.2o 27 Mar 2018

Hi,

Is there a way to use the "External Alias" in your firewall rules? Looks like you're not able to assign this type of alias to a firewall rule. This should work right?

Best regards,

Maarten

Hi,

I've noticed when I use "WAN address" when creating a Port forward, it forwards the port on the "WAN address" and all VIP's on that interface. Is it suppose to be like this?

I've found another similar "issue" on older opnsense releases (https://forum.opnsense.org/index.php?topic=5312.msg22326#msg22326 ) The work around mentioned here does work.

Best regards,

Maarten

OPNsense 18.1.9-amd64
FreeBSD 11.1-RELEASE-p10
OpenSSL 1.0.2o 27 Mar 2018

Hi,

I'm using the A10 router and want to set usb boot to be the default. Is this possible? I want to be able to boot from usb in case of a update failure, without having to access the console.

Best regards,

Maarten

Hi,

I've got a problem with the traffic shaper. When I set the rule protocol to "tcp (non-ACK packets)" it does not trigger on any tcp packet, and when I set it to "tcp (ACK packets only)" it will trigger on normal tcp data packets.

So the Ack Queue is handling all tcp packets.

Best regards,

Maarten

Hi,

When I use pftop on the console and go to the queue view I get an error "Error Reading Queues (DIOCGETALTQS): Operation not supported by device".  Is there a way to fix this?

Best regards,

Maarten

Hi,

Is there an oid to check if there are updates available for the router?

Thanks, best regards,

Maarten

Hi, at the moment I'm configuring the traffic shaper, and must say I really like the clean GUI.

I've got a question though, what would be the best way to configure a separate value for the up and download? At the moment I'm thinking of making 2 Pipes(up/down), a double set of queues and double set of rules for it to work. But maybe there is a smarter way of doing this, so the configuration remains more readable?

Best regards,

Maarten

Hi, since I've updated to the latest version the dashboard has some alignment problems, see attachment. This is in the latest version of firefox and in IE on multiple computers. The rest of the pages are aligning properly. Is this a known issue?

Best regards,

Maarten

Hi, 

I can't find the option "State Killing on Gateway Failure", in pfSense this is found in "Advanced > Miscellaneous > Gateway Monitoring"

I'm probably looking in the wrong location, does anyone know where to find it?

Best regards,

Maarten