Messages

That will block it for clients within the LAN wanting to get to the WAN (Internet), what about from the WAN (Internet) into your LAN ?  Ie: a floating rule to block a wildcard for anything ending in *.abc.com

hopefully that makes sense.

Hi,

Is there anyway to block say *.abc.com (obviously being a wildcard) it will block all hostnames under it ?

I've looked everywhere and can't seem to find an easy solution, is there a way within Opnsense or perhaps using Sensei or some other plug in?

Bump, anyone?

Hi,

Got an interesting issue with os-ddclient and I've done a fair bit of testing relating to the issue, I'll try and explain the scenario best I can.

Primary Link : Always on 24/7 - assigned a Public IP - lets say it is 116.255.4.225
Secondary Link : Only active when primary link goes down - assigned a public IP - lets say it is 1.144.230.31

os-ddclient updates my domain with no problem when the primary link is active.  Now when I test failover and all traffic is routed out via the Secondary link, give it about 5-10 minutes and os-ddclient then updates my domain to be given the Secondary link IP, no issues here. 

I check my control panel with my domain provider and you can see it has been updated when the primary link fails with the secondary link IP.

The problem I see is when the primary link comes back and os-ddclient attempts to update the DNS record it fails and says that the IP was already set to 116.255.4.225. log below :

<29>1 2023-02-13T14:13:25+11:00 gateway. client[28050] 34812 - [meta sequenceId="1"] SUCCESS:  DNSNAME: skipped: IP address was already set to 116.255.4.225.

I then check the DNS provider control panel and its still got the secondary link IP in there, I have to actually go in and manually add back in my primary link IP to get things working again.


I then deployed a Debian VM and installed ddclient on that with the exact same config as Opnsense and on this VM it works perfectly as expected :

Primary Link fails and it updates the DNS record with the Secondary link IP, then I bring the Primary link back and it says to wait for 5 minutes which is fine, but then on the next attempt 5 minutes later it correctly updates the DNS record with the Primary link IP, there is no manual intervention required basically.

Any ideas why Opnsense is failing to act properly in the above scenario ?

Hi,

That's what I've done for the 23.X release. Fresh install and then resorted the config from a USB. Just make sure your config sits in a directory called conf, so like this /conf/config.xml

Once it is restored the system will reboot and all is good. Of course you will need to backup your custom scripts you have mentioned as well, I've had no issues doing it the way I have described Above.

AH yes, same here.. I have changed ISP's since and it is alerting that on the WAN interface, so that must explain it.

Is there anyway we can stop it spewing to the log file every 5 minutes though ?

I was just about to post the same thing :), I am seeing the same issue :

2023-01-29T13:21:51   Notice   dhclient   Creating resolv.conf   
2023-01-29T13:16:51   Notice   dhclient   Creating resolv.conf   
2023-01-29T13:11:50   Notice   dhclient   Creating resolv.conf   
2023-01-29T13:06:50   Notice   dhclient   Creating resolv.conf   
2023-01-29T13:01:50   Notice   dhclient   Creating resolv.conf   
2023-01-29T12:56:50   Notice   dhclient   Creating resolv.conf

and so on..

Sounds good, thank you.

Thanks for the explanation franco. I'll go with the opnsense repo version until they sort it out or until Opnsense supports the pkg version (any ideas when that may be)?

Interesting, even though it says :

Adding the ntop Repository

Before installing ntop packages, you need to add the official ntop repository.

FreeBSD 13 / OPNsense (latest release, based on FreeBSD 13)
pkg add https://packages.ntop.org/FreeBSD/FreeBSD:13:amd64/latest/ntop-1.0.pkg

OR am I reading this wrong ?

Just to clarify the non enterprise version of NTOP shows in the packages list (the OPNSense repo one) but not the NTOP-enterprise (NTOP repo) one.

Hope that makes sense.

No error, the GUI picks up the updates to the packages if I run the updates again, it just doesn't show them in the services section so I can't configure.

No, doesn't show there either.

The packages install no problems, just don't show up on the gui.

Hi,

First things first, great work with the release of 22.1, I have an issue in regards to NTOPNG, when I install it as per :

https://packages.ntop.org/FreeBSD/

I don't see the services listed under the services menu option on the right hand side, I have cleared cookies etc and tried multiple browsers, even reset the router and still nothing shows, so I can't configure the redis and NtopNG service, any ideas?