Topics

1

21.7 Legacy Series / [solved] 21.7.7 haproxy: "There are pending configuration changes"

« on: January 05, 2022, 07:37:59 pm »

So, while i had no issues on a 21.7.5 machine, i just setup a new opnsense,
so a completely NEW setup, no tinkering, no importing, no whatever.

while configuring haproxy i keep running into the issue that it says "There are pending configuration changes that must be applied in order for them to take effect. To review them visit the Config Diff page."
and when i hit apply.... it does not apply.
and so, no way to start haproxy.

when i move haproxy.conf.staging to haproxy.conf manually, and start haproxy manually, there is no issue and the gui happily says there are no config changes.
i then change something in the gui again aaaaaand.... broken again.

is this a known issue for 21.7.7 ?
is someone else experiencing this ?

we have opnsense support if needed, so i could always contact their paid support, but before bothering them  like that,
i wanted to verify in the community if anyone else is seeing this.

2

18.7 Legacy Series / firewall (live) logs question/suggestion

« on: October 08, 2018, 11:30:27 pm »

a few (questions/suggestions/remarks) regarding the firewall and the log functionality:

1) is it possible to ignore an interface in the live log without disabling logging on it completely?
=> i have several rules applied to multiple interfaces through the floating ruleset, and there are a few vlans that i dont need in my live log, but where i dont want to make new rules just for those interfaces, to not overcomplicate rule management

2) in that same live log, would it be possible to add an icon for the direction, so we could see if it is coming into or going out of the interface without clicking on the info button?
=> i opened up issue #2804 for this and have a 'proof of concept' code there
EDIT: thanks to AdSchellevis this is now already available in the master, thanks!

3) another item i miss in the live log is the ability to let it resolve hostnames immediately, again having to use the info button to resolve hostnames... yet i thought that this was an existing option somewhere (long ago) in the past?
(there is issue #2287 for this, but i remember it being possible when we still had the 'normal' log, before the live log, or am i mistaken?)

3

16.7 Legacy Series / npt issue

« on: December 18, 2016, 03:06:03 pm »

setup:
router => opnsense wan/lan => lan

config:

router has a /56
opnsense wan port has an ipv6
opnsnense lan port has fd00:1::1 as address
lan host has fd00:1::200 as address
npt is set to wan - aaaa:bbbb:cccc:dddd::/56 - fd00:1::/56

what goes right:
ping OUT from my lan pc to an internet host:
pc -> opnsense lan port ok (internal lan ip -> ipv6 host)
opnsense wan port ok (translated lan ip -> ipv6 host)
ping arrives perfectly on the internet host.

ping reply comes back:
opnsense wan port gets a request from the router's link-local to see who has the translated lan ip

expected: opnsense translates that ip back to its local ip, responds to the request and routes the traffic
reality: nothing happens... opnsense does not reply that it knows the address

what am i doing wrong or am i forgetting here?