Messages

Thanks @MB for the update. Looking forward to it.

Also, Yesterday i enabled the email reporting and today i got this message "Scheduled reports could not be generated. Probably elasticsearch service is not running or not working properly. Please check elasticsearch service manually."

Elastic search is working fine, reports in dashboard and reports section looks all good. Do not understand what could be the issue..

Hi, I am trying to setup monit. I used to work on version 18 but ever since i updated to 19 i am not able to receive any notification. Now when i tried to disable it and then re enable i am getting this error "/usr/local/etc/monitrc:22: syntax error 'failed'" at top of screen and monit is not starting.

First i thought it could be ssh port issue as my ssh was on different port. but i changed it to default 22 and issue is still there.

Please help. Thanks

Hi MB, In App Control, we can block an entire protocol / type of service. Is there any way to block one user and allow everyone else OR allow one user and block rest in network either by IP or MAC address. Thanks

Clearing the old database did the trick.

Hi, Ever since i updated to 19.1.6, "flowd_aggregate" service is stopping again and again no matter how many times i start it. After start it does work a while and  then stop, not immediately. Plz help.

Hi, I am using openvpn with users authenticating with local ldap server. My ldap server is UCS (univention cooperate server).

So everything is configured and VPN is working all well. The issue is that if i using "Authentication containers" as the basic first level name i.e. "CN=Users,DC=DOMAIN_NAME,DC=LOCAL" then it is working fine. For any other next group or container does not work.

I have tried these and are failing to authenticate:
1. CN=VPN_GROUP,CN=groups,DC=DOMAIN_NAME,DC=LOCAL
2. CN=VPN_GROUP,CN=Users,DC=DOMAIN_NAME,DC=LOCAL

I only want tp allow my VPN Group to authenticate so please help.

Thanks @MB. This fixed the issue.

I am currently running 0.7 & I am sending you the email for logs and screen shot error.

HI, I Can not open report in either Dashboard or Reports giving me an error "An error occurred while report is being loaded!".

In view error message it says:
{
  "error": {
    "root_cause": [],
    "type": "search_phase_execution_exception",
    "reason": "all shards failed",
    "phase": "query",
    "grouped": true,
    "failed_shards": []
  },
  "status": 503
}

Both "Sensei Packet Engine" and "Elasticsearch" are running. I have restarted the system and error is still there.

Hi, I have added another pool for some external users only. I want to limit their bandwidth usage. How can i do that ?

Hi @MB, I had a similar issue for "Sensei Packet Engine" stops within 5min everytime I enable it. It didn't fix with the reboot as well. But since "health check" is disabled (its been more than 24 hours and reboot few times), service is running without an issue.

I only faced this issue after updated OPNsense to 18.7.10.

Thanks @mimugmail. Worked.

Hi, I use "Multi WAN" with "WAN Failover"

Is there any way to let some specific users to use second wan and route the traffic through second wan connection only even if the first / primary connection is working. I need to add a dhcp group of users to only use our second ISP.

I run similar setup: Multi-WAN, Windows Domain server, and Opnsense. I have done many tests with pfsense and opnsense but nothing works completely when in case of not using windows DNS. You have to use DC's DNS services because one way or another every setting you can make will fail, forwarders do not work 100% as well.

So this is what I do and will hope this will help you as well.

First, you need DC's DNS so in DHCP4 settings add it as primary / first DNS.
Use Opnsense as your second DNS

In system -> Settings -> General -> Networking & DNS Servers -> Use Any of public DNS server
In system -> Settings -> General -> Networking & DNS server options -> Uncheck both i.e. "Allow DNS server list to be overridden by DHCP/PPP on WAN" & " Do not use the local DNS service as a nameserver for this system"

Now in OPNsense DNS / Unbound DNS -> Overrides -> Domain Overrides: Add your DC server here.
* Do add some host entries in "Host Overrides" so that when domain DNS is not available or down it will not disturb your internet connectivity or DNS connection/queries to other hosts.

Yes you need to enable "Static ARP entries"  option as per the question you asked.

This is all as per my testing because i had the similar issue:
Normal when you enable "Deny unknown client" option it do block the client but it only look for leftmost 6 digit in MAC address (AA:AA:AA:BB:BB:BB) which you specify either in list in allow / deny or static entries.

So to only allow mac from static entries you need to enable "Static ARP entries" option.

Thanks @MB and Thanks for the update.

Can you also add one option in reports for looking a live reports without manually refresh time. When in Dashboard / Reports -> Filter (Reports Interval) -> When selecting Custom interval there is "Start time" and "End time".

It will be great if you can add another option or select box there to select "End time" as ongoing.

For e.g: If i want to see current reports from a specific time let says since morning and wants to check the reports after every 10 or 15 min gap then every time i have to select the option "Go to today" in End time. It would be better if there is an option as ongoing which will automatically change time in some specific interval of time or select "refresh interval" as time to refresh and update the time in 'Reports Interval"