Messages

Thank you! That worked perfectly.

DigitalOcean is listed as a service type. But I can't seem to get it to work.

I made sure to run updates today, so I am on the latest stable version.

I've confirmed my domain is configured to use Digital Ocean's nameservers, and I've added the domain, with an A record, to my DO account. I also made sure to wait long enough for the TTL to rollover.

When configuring the domain, I use these settings:

* Enable: checked
* Service type: DigitalOcean
* Interface to monitor: WAN
* Hostname: tipperthecat.life
* MX: empty
* Wildcards: Unchecked
* Verbose Logging: Checked
* Username: My DO username.
* Password: The token I generated in DO today.
* Description: Empty.

When I click "Save and Force Update", I get this in the "General Log":

Oct 27 14:23:48    opnsense: /services_dyndns_edit.php: Dynamic DNS Record ID (< DO Username >): UNKNOWN ERROR
Oct 27 14:23:48    opnsense: /services_dyndns_edit.php: Dynamic DNS Record ID (< DO Username >): PAYLOAD: {"id":"not_found","message":"The resource you were accessing could not be found."}
Oct 27 14:23:48    opnsense: /services_dyndns_edit.php: Dynamic DNS (tipperthecat.life): Current Service: digitalocean
Oct 27 14:23:48    opnsense: /services_dyndns_edit.php: Dynamic DNS (tipperthecat.life): _checkStatus() starting.
Oct 27 14:23:47    opnsense: /services_dyndns_edit.php: Dynamic DNS (tipperthecat.life via DigitalOcean): _update() starting.
Oct 27 14:23:47    opnsense: /services_dyndns_edit.php: Dynamic DNS (tipperthecat.life): running dyndns_failover_interface for wan. found em0
Oct 27 14:23:47    opnsense: /services_dyndns_edit.php: Dynamic DNS (tipperthecat.life): 73.25.124.39 extracted
Oct 27 14:23:47    opnsense: /services_dyndns_edit.php: Dynamic DNS: updatedns() starting

Any ideas?

> Edit: Marking as solved.

I want to access the web ui for my cable modem. It's documentation says the default ip is 192.168.100.1. Of course, since the modem is outside the firewall, that address just plain won't work for it.

I've googled around, as well as searched this form. So far the closest I've found to anything helpful is this: https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall

Unfortunately, that's for pfsense. The UI for OPNSense is not the same... And there's not enough background there, or in my own head, for me to figure out where in OPNSense I should make the changes.

So, can someone tell me how to access my modem's UI? Maybe translate the pfsense wiki page into something for OPNSense, or if that's not actually how I should do it, point me in the right direction?

Thanks!

So, you need a CloudFlare account to use for testing?

It's been long enough I don't think a bump is a bad thing. Anyone have any ideas for me?

Ah hah. System -> Log file shows this:

Jul 1 12:45:31    opnsense: /services_dyndns_edit.php: Dynamic DNS (home.davidreagan.net): UNKNOWN ERROR - Invalid request headers
Jul 1 12:45:31    opnsense: /services_dyndns_edit.php: Dynamic DNS (home.davidreagan.net): PAYLOAD: {"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6103,"message":"Invalid format for X-Auth-Key header"}]}],"messages":[],"result":null}
Jul 1 12:45:31    opnsense: /services_dyndns_edit.php: Dynamic DNS (home.davidreagan.net): Current Service: cloudflare
Jul 1 12:45:31    opnsense: /services_dyndns_edit.php: Dynamic DNS (home.davidreagan.net): _checkStatus() starting.
Jul 1 12:45:31    opnsense: /services_dyndns_edit.php: Dynamic DNS (home.davidreagan.net): _update() starting.
Jul 1 12:45:31    opnsense: /services_dyndns_edit.php: Dynamic DNS (home.davidreagan.net): running get_failover_interface for wan. found em0
Jul 1 12:45:31    opnsense: /services_dyndns_edit.php: Dynamic DNS (home.davidreagan.net): 67.171.230.238 extracted
Jul 1 12:45:31    opnsense: /services_dyndns_edit.php: Dynamic DNS: updatedns() starting

I have the Dynamic DNS configured to use CloudFlare.com. It is supposed to keep home.davidreagan.net pointed at my home IP address. When I click "Save and force update" the record on CloudFlare.com does not change to my new IP address.

It has the correct username and password for CloudFlare. I double checked that.

home.davidreagan.net is configured as an A record on CloudFlare's DNS page.

I enabled verbose logging, but I have not found where to view those logs yet.

Do you have any suggestions on how to troubleshoot this?

I've generated a large list of ip addresses that I want blocked. I added them to a url table alias, hosting the text file on Dropbox. Then I configured the rules the same way https://docs.opnsense.org/manual/how-tos/edrop.html has you configure the spamhaus rules.

The ip addresses show up in the pftables list. That means everything is loaded correctly, right? Or just that the alias was loaded?

The issue is that I can still go to both the url and ip of a site I want blocked. I double checked that the ip I was testing was in the pftables list.

The pfsense wiki says that an aliases file can be a single ip per line. https://doc.pfsense.org/index.php/Aliases that's what I've generated. See: https://dl.dropboxusercontent.com/u/29137804/someonewhocares.txt, those are the ip's I found for the hosts listed here: http://someonewhocares.org/hosts/

Did I just miss a step?

Thanks for the broad reply. I'm happy to learn as much as I can about this. :)

After a nice 23 or so days, the issue has reared it's ugly head again. Fortunately, it's a Friday evening, and I can troubleshoot. :)

I ran some iperf3 tests. I set up the server on my Ubuntu laptop. The results: http://pastebin.com/ksaXeHdE

Unfortunately, I could not find any explanation on how to interpret what iperf3 output. Google was not my friend this evening. Could you take a look at my pastebin link and tell me if you spot anything?

In case it's useful: I have 2 TP-LINK TL-SG108 unmanaged switches. Those are what my pastebin is referring to. So, LAN goes to the right switch, a cable from that one goes to the left switch, and another cable goes to my NetGear wireless router with DD-WRT on it. All my devices are plugged into one of the switches.

For testing, I used a usb 3 ethernet adapter connected to my laptop. Then I just moved the other end of the cable between switches and the LAN nic.

I did not test the WAN with iperf3. I'm not entirely sure how I'd go about it... Sorry if it's obvious...  :-\ I thought about sticking it on my VPS, but there's a lot more than just my modem between me and it...

On the Dashboard, CPU and RAM usage seems pretty low to me. I did see the CPU spike to 19% once, but it's mostly sitting at less than 5%. At least while I've been watching... Reporting -> doesn't have a cpu load graph does it? Just named different? 'Cause I don't see one.

If any of my fellow cable modem users have any insight, I'm using a ARRIS SURFboard SB6141 DOCSIS 3.0 Cable Modem purchased new (not refurbished) from Amazon.

One thought, wouldn't the fact that this is "fixed" by restarting my firewall box mean that the modem should be fine? Power cycling the modem has no effect.

Anyway, now I'll upgrade OPNSense and reboot. I'll be back when it pops up again. (Or there's some I can reply to without the issue actually occurring...)

Edit:
Just a quick note that the issue appeared again on 7/13/2016. Sticking it here since this where I've been keeping my notes... :\ Don't have time to troubleshoot right now, so a quick reboot is all I'll do.

Hmm... Always happens when I can't take time to troubleshoot... *sigh* 8/3/2016

Well, after 5 days of uptime, my packet loss issue reappeared.

I still have no idea how to troubleshoot this...

So, this? https://docs.opnsense.org/manual/ips.html ?

The Services -> Intrusion Detection -> Enabled checkbox is not checked, nor have I ever checked it.

I would think that an issue caused by drivers would be constant, not something that happens after some time. Am I wrong?

I haven't spent much time working with the network layer. So, I'm not really sure where to start figuring issues out... Any pointers would be appreciated.

The issue is that my opnsense firewall is causing packet loss. This shows itself by making me repeatably refresh pages to get the browser the correct dns response. When I restart the system, the issues go away for a while.

I have tested this by removing anything but ethernet cords between my computer, and the firewall. As well as going directly to the cable modem. Packet loss only occurs when the firewall is involved.

It also appears to only occur after the firewall has been on for a while. This last time was 6 days or so. Times before that varied, but I wasn't keeping track of what exactly happened.

I know it's packet loss because the dashboard on my firewall shows anywhere from 15-30+% loss when the issues occur. I also see packet loss when pinging 8.8.8.8.

I've googled some, but I didn't find anything that helped. Maybe because I'm not sure what the best search terms are...

My hardware should not be an issue. It's a 5 or so year old repurposed gateway tower with an i3 cpu, 16gb of ram, and an ssd. I'm using two Intel Gigabit CT PCI-E Network Adapter EXPI9301CTBLK nics for my LAN and WAN ports.

Any suggestions on what I can try?

Thanks!

The reason I want firewall level blocking is that Microsoft can just undo all of the steps mentioned in that answer the next time you really do need to install updates. Especially since they are not telling you what the updates are anymore... At least on W10 and in the Windows Update program.

I found this guide to be useful when trying to achieve the same thing, but you have to carefully read the instructions.

Thanks, that worked. :)

@smajor, what you described is pretty much what I ended up doing after reading the pfsense doc page. Thanks for the reply!

[Could anyone explain how to do that, or point me to some docs that would help?]

I was able to get OPNsense working on my wired network, but when I tried to add my router into the mix, I ran into lots of problems.

What I want to do is:

From outside my network, I want the connections to look like this: Cable Modem -> OPNsense firewall -> Unmanaged Switches. All my devices, including my wireless router should connect to the switches. So, wireless devices would look like:  Cable Modem -> OPNsense firewall -> Unmanaged Switch -> Wireless Router -> Device

Could anyone explain how to do that, or point me to some docs that would help? I did read through docs.opnsense.org. And the topics I found about wireless related issues on here, pertained to setting up wireless connections on the firewall, not dealing with a router.

I was able to get my wired devices to work with that set up.  I also tried modem -> firewall -> router -> switches.  I was able to get my router to create a wireless network. But none of my wireless devices could get through to the internet. Plus I had issues getting to the routers configuration page, since opnsense gave it a different ip than what it served the config site on... Thus, I had issues with DHCP server conflicts and mac address clone issues...

My router is a NETGEAR WNR3500L N300 running DD-WRT v3.0-r27520M (07/17/15) kong. And I'm using two TP-LINK TL-SG108 8-Port 10/100/1000Mbps Desktop Switch's.

Sorry for the lack of detail in what I tried, I was just trying random things without really thinking about it. Which is a really bad way to figure things out...  :-[

Thanks for any help in advance. :)