Messages

1

24.7 Production Series / Re: OPNsense needs periodic reboot since updated to 24.7.9_1-amd64

« on: November 26, 2024, 04:49:29 pm »

This is an Intel nick that's been running great for quite a few years.  Didn't have this particular issue back in the summer and folks are correct, about the last update is when I started noticing the issue.
I'm continuing to look at logs when it happens to see if I can sort out what is going on, but so far nothing stands out.

2

24.7 Production Series / Re: OPNsense needs periodic reboot since updated to 24.7.9_1-amd64

« on: November 25, 2024, 10:26:29 pm »

Ok maybe I'm not losing my mind.

I've seen the same errors, but can't remember when it started.  I tought at first it was my ISP dropping.

What I noticed is no more arp, no route... just out of the blue.   I have to down the interface and bring it back up, and it's fine.

Reboot of the firewall fixes it as well, and a power cycle of the ONT fixes it.  I don't think your card is going bad... I think something odd is definitely going on.

3

24.1 Legacy Series / Re: Duplicate and growing number of entries in Universal Plug and Play: Status

« on: February 21, 2024, 08:43:27 pm »

Disabling Allow PCP/NAT-PMP Port Mapping setting doesn't help. I can still see duplicate entries and the client reads them incorrectly.

Confirmed.  I thought at first it was working, but nah, back to a bunch of duplicate entries.

4

General Discussion / Re: Unbound DNS not working anymore

« on: February 19, 2024, 10:46:38 pm »

Reporting -> Settings

Under "Unbound DNS reporting"

"Reset DNS Data"

I had to do something similar.

5

24.1 Legacy Series / Re: Duplicate and growing number of entries in Universal Plug and Play: Status

« on: February 19, 2024, 05:42:02 am »

I'm seeing this too.  Do you happen to have NAT-PMP checked as well in your UPnP settings?

I did have that turned on.   I've disabled it for now, not sure it would matter, but here's hoping!

6

24.1 Legacy Series / Re: KEA DHCP DNS search suffix

« on: February 17, 2024, 09:17:42 am »

It is not the job of the recursive DNS server to append search domains. The resolver library on the client does that.

Oh I know, however it appears KEA doesn't quite use the default system one as ISC did.  Most likely just some missing options right now.  Not a showstopper, just a minor annoyance.

7

24.1 Legacy Series / Re: KEA DHCP DNS search suffix

« on: February 16, 2024, 07:54:30 am »

System : Settings : General

I set this on my install, but still having issues pinging just by host name internally, unless I'm missing something else.

8

24.1 Legacy Series / Re: Duplicate and growing number of entries in Universal Plug and Play: Status

« on: February 16, 2024, 07:53:45 am »

After reading this I check and I'm seeing the same growing list happening.  Not sure it's causing any issues, but it's concerning for sure.

9

23.7 Legacy Series / Re: Local Tag

« on: October 05, 2023, 05:26:41 pm »

I have a rule that contains IPs, Aliases, etc. for internal machines that I do not want to have specific internet access when a VPN tunnel goes down.

I tag those as "BLOCKINET" and then in my WAN OUTBOUND Rules I have a match set for BLOCKINET and anything with that tag set and matches, I set it to 'block' so they cannot route out the WAN interface if the VPN tunnel goes down.

10

23.7 Legacy Series / Re: Boot delay for WAN for slow modem calling in

« on: September 02, 2023, 08:04:09 pm »

release then renew WAN

Is that because your modem assigns a private address if it has no upstream connection? Cable modems typically do that (192.168.100.1 is their standardized IPv4 address).

That's exactly what the "Reject Leases From" feature is for (in the WAN interface's DHCP client configuration).

Cheers
Maurice

This is exactly what my modem does, so I set it to reject those leases.  Works like a charm until the cable modem is back up and functioning.

11

Virtual private networks / Re: Enabling Wireguard Immediately Breaks the Internet

« on: September 02, 2023, 08:09:30 am »

You're welcome!

12

Virtual private networks / Re: Enabling Wireguard Immediately Breaks the Internet

« on: September 01, 2023, 08:02:02 am »

Most likely what is happening is when you enable wireguard your Local endpoint config in OPNsense is overwriting the default routes.

You can try going into the Local endpoint config and select "Disable Routes"

That should stop it from adding it's own routes into the table.

13

General Discussion / Re: voip

« on: August 23, 2023, 02:31:41 pm »

Your question is extremely broad and vague at the same time.

What benefits are you looking for?

If you took on this project, you should be able to give us a bit more detail of what YOU'RE looking for in a firewall and your plans for the implementation.

14

General Discussion / Re: Wireguard and local DNS lookup

« on: August 07, 2023, 08:08:53 pm »

I have this working.  Unbound runs on port 5353 with Adguard Home running natively on port 53.

The trick is to point your DNS at the wireguard tunnel's gateway... So whatever the IP is on your WIreguard interface, DNS should be listening on there.

Mine forward to there, then adguard looks at unbound port 5353 for all look ups.. including local DNS entries.

15

23.7 Legacy Series / Re: How I can tell unboud to use DoH if ISP nativly?

« on: August 07, 2023, 08:06:06 pm »

Services -> Unbound DNS -> DNS over TLS

Set your server addresses and ports there and Unbound will utilize that.
Make sure "Use System Nameservers" is unchecked at the top.