Messages

If the worst has happened and your system does not boot any more, you can either reinstall OpnSense from scratch or create a FAT32/VFAT USB stick with a correct loader.efi and copy that to the EFI partition into the correct locations (this is tedious, however). IDK how to fix it with BIOS boot.

Boot a FreeBSD 14.1 CD/DVD image, escape to shell, use the same gpart command you gave above to install the boot loader.

Similar for EFI:

Code Select Expand

mount -t msdosfs /dev/da0p1 /mnt
cp /boot/loader.efi /mnt/efi/boot/bootx64.efi
cp /boot/loader.efi /mnt/efi/freebsd/loader.efi
umount /mnt

Yup. After having someone at the remote site connect a display, keyboard and having no FreeBSD iso (and no CD-ROM either). I had to prepare a USB stick for download. Then, they had no internet to download that. Then, they had a Mac and no USB stick... been there, done that - not funny in any case.

I opened a feature request, although I know it was my own fault...

I would sincerely like to thank you both for saving my life with your info... Upgrade broke my system and it seemed the backups stopped a while back, still get cold shivers thinking about it.

Also this uncovered that my zfs mirror wasn't properly working and the mirrors p1 was faulty, after copying the files a DD from the working p1 to the faulty fixed that as well.

Thank you!

I've used one until the VPN speed was unbearable. I tunnel all outgoing traffic over 5x load balanced tunnel but the box could not handle it. Now i added a dedicated 4x NIC (3x LACP to switch, 1x WAN) and virtualized OPNsense on my Poweredge T630.

Also bought a second hand 1u server (to much pain when i need to google something when the T630 is down), planning to slap in a 10GB qlogic nic for LAN and use the onboard 1GB for WAN.
Bought a cheap i5 (with AES-ni) off of ebay, testing out the performance in the next weeks.

Hello!

I've stumbled upon a used Mellanox device that has just a plain linux OS running on it. Would anyone know if OPNsense could run on it? https://blog.mellanox.com/2017/11/mellanox-sn2010-the-best-hyperconverged-infrastructure-switch/

it has 18 10G/25G sfp+ ports and 4x 40G/100G uplink sfp+ and 2x mnmt 1GB ports. Would this even make (opn)sense to reflash this?

Thanks

Nope, its indeed a missing repo.
I assume i cant go back to freebsd11 right? not sure what the mainstream is i guess 11 seeing your reply.
So other then backing up the config and reinstalling, is there a way to solve this without down time?

Hello!

How would i go about routing the internet traffic for OPNsense itself over one of my VPN client gateways? Where would i add these firewall rule since my firewall has 10 VLANs i know how to setup internet traffic for clients in those vlans, just not on what interface or floating rules i have to add to route my opnsense (updates, NS lookups) traffic over a secure tunnel

Please advise, thanks.

Ezra

Hello all!

Im on 20.1 and when trying to update in the UI i get:

Code Select Expand

Firmware status check was aborted internally. Please try again.

When using the console opnsense-update or pkg update i get:

Code Select Expand

# pkg update
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:12:amd64/20.1/latest/meta.txz: Not Found
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:12:amd64/20.1/latest/packagesite.txz: Not Found
Unable to update repository OPNsense
Error updating repositories!

I've tried nearly every mirror, no go so far...

Please advise, thanks!

Ezra

Aah, i have 7 networks selected, let me try to disable the ones i dont really need. Thanks for the heads up.

edit: still cant find the chromecast device on either 4 of the selected vlans. 5th is the vlan the chromecast is on.
Any direction you can point me to troubleshoot this?

Hey!

So i have the mDNS repeater setup and selected all my vlans, but it does not work, any starting point to trouble shoot this?

What server did you specify as exlude? I'm fighting this for over a year already.
Thanks

Hey guys,

I want to be able to use my chromecasts (and home automation server) auto discovery and use it like everything is on 1 subnet. which it isnt of course.

I have multiple vlans containing clients that need access to my chromecast vlan.

Now reading up on IGMP Proxy, it only confuses me more.

Like: what to set as upstream? I dont think this needs to be WAN? I just want to use this locally, what subnets need to be in the upstream, only the chromecast vlan?

And what to set as downstream: vlans that need access to it?

Also can this be used for Wake On Lan accross subnets?

Thanks

edit: also have Mdns enabled on all vlans

Hve you tried using sticky connections?

Do you have some stats on the single thread? I hve 3 clients vonnected with a loadbalance gw group. But some pages time out might be due to some mtu issue?!

Anyone?

Hello!

I'd like to adjust what notifications are sent via SMTP. Now all gateway down notifications spam my inbox because of 5x VPN gateway, can i adjust this?

Kind regards,

Ezra

Sorry for the long wait. Only started this last week. In my case i have 5x client using nl.privateinternetaccess.com as hostname.
Which can all have a different IP:

Code Select Expand

nl.privateinternetaccess.com has address 46.166.190.130
nl.privateinternetaccess.com has address 46.166.186.244
nl.privateinternetaccess.com has address 46.166.190.197
nl.privateinternetaccess.com has address 46.166.188.212
nl.privateinternetaccess.com has address 109.201.154.141
nl.privateinternetaccess.com has address 46.166.190.220
nl.privateinternetaccess.com has address 46.166.186.236
nl.privateinternetaccess.com has address 46.166.188.213
nl.privateinternetaccess.com has address 46.166.137.234
nl.privateinternetaccess.com has address 46.166.188.226
nl.privateinternetaccess.com has address 109.201.154.151
nl.privateinternetaccess.com has address 46.166.137.240
nl.privateinternetaccess.com has address 46.166.138.135

How to proceed in this case, any ideas?
Thanks again for the write up.

Ezra

Hello,

I have 5x VPN Tunnel, where i want to route all my traffic over.

I use the Unbound DNS server and selected all my VPN gateways to route it over.

Now when my VPN tunnels are down they can't resolv anymore.

I've added a floating rule: pass -> tcp/udp -> out -> DNS -> dest (alias for vpn addresses) -> WAN gateway
Then a floating to block all outgoing DNS over WAN gateway just to be sure.

This just does not work as expected. Any idea how to solve this?

Thanks,

Ezra