Topics

Hello all,

i recently bought a zte mc888ultra. it has two interfaces (one is 2,5gbit) and supports amazing 5g speeds.
The zte has an option of "bridge mode", which directly assigns to a client connected to a selected port the ip address from the provider instead of the local subnet one (192.168.0.1/24).
Usually the providers give cgnat ip range addresses (10.147.10.1 ecc.) but my provider gives me an option for an APN that gets a public ip.
I have tried using this bridge option with opnsense, but it only gets a local ip range ip (192.168.0.182) when i have DHCP Server enabled in the zte and NO ip at all when i disable DHCP server in the zte.

i have tried multiple times with multiple changes,request options,mac spoofing ecc.. in the wan dhcp options of the opnsense, i also followed this thread "https://forum.opnsense.org/index.php?topic=41393.0c", but no result at all. When i do a tcpdump, i get DHCP NAK message of "wrong network".

I connected my computer directly with wireshark and it took immediately the provider external WAN IP, and from the DHCP 55 options there are some options like wpad option and option 81 that where requested.
How can i request wpad/dhcp proxy and option 81 fqdn through the opnsense dhcp advanced settings that maybe can help? Is there any other think i can do?

Thank you in advance.

Hello all.

First of all thank you to the opnsense team for the great work and the fluent update to 25.1 with no problems.

I would like to ask something related to traffic shaping.
I have noticed in the firewall rules, a new "experimental" section for traffic shaping (choosing direction and shaper in the rule) that reminded me of the long,long past using shaping in pfsense.

Is the Firewall/Shaper section going to change towards this approach in the future or will both co-exist in opnsense?
Are there any advantages/disadvantages?

Should we prefer the classic shaper of opnsense, start migrating to the new way for traffic shaping or use it only for limiters?

Sorry for the many questions and thank you in advance for any reply.

Hello,

i have opnsense latest version installed, and noticed a bug on the unbound configuration page.

I have some Host Overrides setup that work and today i tried to add an alias through "Edit Host Override Alias".

Althout i added the alias and verified it was working, in the page i see "No results found for selected host or none selected".

Hello all,

i have Opnsense 23.7.8_1 installed and trying to figure out how to setup traffic shaper.
I have followed every guide in this forum and on the official guides without result.

I have a multiwan setup with a vdsl and a 4g lte connection.
In the shaper settings i have setup pipes for  dsl up & down and 4g up & down.
in the rules section i have setup a rule without destination and source, only with direction (in or out)
one for each pipe. One for the upload pipe of each connection and one for the download pipe of each connection.

The problem is that after a lot of spending hours and testing, i noticed that even if i have policy routing for a device to use a specific gateway (for example instead of the primary dsl to use the 4g) instead of using the shaper rule for the 4g connection, it respects the rule for the vdsl connection (default wan connection/gateway for opnsense) which has a lower upload.

Even if i put the non-default gateway/interface rule higher, the shaper does not respect the rule.

From what i undestand, the shaper respects from the multiwan, as gateway, the default (active) wan?

Why don't the devices with the policy routing, use the shaper for the interface configured istead?

I also have shared forwarding enabled.

**** This happens to the devices to which i connect from remote (NAT- port forward), from internal LAN the shaper works correctly.

thank you

Hello,

i have installed opnsense 23.7.3 with multiwan setup.

Yesterday I have tried to setup a static route, towards a specific VPS IP xx.xx.xx.xx/32 and i have noticed that the route , although i can see in the status page correctly, when i do a traceroute from a LAN client towards the ip, the gateway used is not the one chosen at the static route.

Hello all

i have a pppoe connection that supports jumbo frames for 1500 MTU. I had inserted on my WAN interface the MTU to 1508 and in the INTERFACES overview, the MTU was correctly 1500.

I have noticed that after the latest update, although the MTU of the interface is set to 1508, the MTU in the interview section is 1492.

If i just press "SAVE" on the WAN interface, it sets again the MTU to 1500 of the pppoe, but if i reboot the firewall, it returns to 1492.

Same thing if i set the MTU to 1508 on the "point-to-point->devices->pppoe" section. At first the MTU is 1500 but after a reboot, it goes to 1492.

Thank you.

Hello all,

i have changed from ddclient backend to opnsense backend for dynamic dns update because of the many problems and many errors ddclient started to give after the latest updates.

Now dynamic dns with dyndns is working better.
The problem is that i also have namecheap that i can no longer update.

Is there a possibility to add, even a curl way update so i can update namecheap with the opnsense backend?

Thank you

Hello, after upgrade to 23.1.7 (and also _3 update) my wireguard routings that used to work with wireguard gateways setup stopped working without any change to my settings.

Hello all,

after upgrade to 23.1.1 i am getting continuous crashes:

Code Select Expand

PHP Errors:

[17-Feb-2023 19:05:37 Europe/Athens] PHP Fatal error:  Uncaught Error: Call to undefined function exec_command() in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code:24
Stack trace:
#0 /usr/local/etc/inc/xmlrpc/hass.inc(12): eval()
#1 /usr/local/opnsense/contrib/IXR/IXR_Library.php(446): exec_php_xmlrpc('\nini_set('displ...')
#2 /usr/local/opnsense/contrib/IXR/IXR_Library.php(384): IXR_Server->call('opnsense.exec_p...', '\nini_set('displ...')
#3 /usr/local/opnsense/contrib/IXR/IXR_Library.php(357): IXR_Server->serve('__construct(Array)
#5 /usr/local/www/xmlrpc.php(104): XMLRPCServer->start()
#6 {main}
  thrown in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code on line 24
[17-Feb-2023 19:06:58 Europe/Athens] PHP Fatal error:  Uncaught Error: Call to undefined function exec_command() in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code:24
Stack trace:
#0 /usr/local/etc/inc/xmlrpc/hass.inc(12): eval()
#1 /usr/local/opnsense/contrib/IXR/IXR_Library.php(446): exec_php_xmlrpc('\nini_set('displ...')
#2 /usr/local/opnsense/contrib/IXR/IXR_Library.php(384): IXR_Server->call('opnsense.exec_p...', '\nini_set('displ...')
#3 /usr/local/opnsense/contrib/IXR/IXR_Library.php(357): IXR_Server->serve('__construct(Array)
#5 /usr/local/www/xmlrpc.php(104): XMLRPCServer->start()
#6 {main}
  thrown in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code on line 24
[17-Feb-2023 19:08:19 Europe/Athens] PHP Fatal error:  Uncaught Error: Call to undefined function exec_command() in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code:24
Stack trace:
#0 /usr/local/etc/inc/xmlrpc/hass.inc(12): eval()
#1 /usr/local/opnsense/contrib/IXR/IXR_Library.php(446): exec_php_xmlrpc('\nini_set('displ...')
#2 /usr/local/opnsense/contrib/IXR/IXR_Library.php(384): IXR_Server->call('opnsense.exec_p...', '\nini_set('displ...')
#3 /usr/local/opnsense/contrib/IXR/IXR_Library.php(357): IXR_Server->serve('__construct(Array)
#5 /usr/local/www/xmlrpc.php(104): XMLRPCServer->start()
#6 {main}
  thrown in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code on line 24
[17-Feb-2023 19:09:40 Europe/Athens] PHP Fatal error:  Uncaught Error: Call to undefined function exec_command() in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code:24
Stack trace:
#0 /usr/local/etc/inc/xmlrpc/hass.inc(12): eval()
#1 /usr/local/opnsense/contrib/IXR/IXR_Library.php(446): exec_php_xmlrpc('\nini_set('displ...')
#2 /usr/local/opnsense/contrib/IXR/IXR_Library.php(384): IXR_Server->call('opnsense.exec_p...', '\nini_set('displ...')
#3 /usr/local/opnsense/contrib/IXR/IXR_Library.php(357): IXR_Server->serve('__construct(Array)
#5 /usr/local/www/xmlrpc.php(104): XMLRPCServer->start()
#6 {main}
  thrown in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code on line 24
[17-Feb-2023 19:11:01 Europe/Athens] PHP Fatal error:  Uncaught Error: Call to undefined function exec_command() in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code:24
Stack trace:
#0 /usr/local/etc/inc/xmlrpc/hass.inc(12): eval()
#1 /usr/local/opnsense/contrib/IXR/IXR_Library.php(446): exec_php_xmlrpc('\nini_set('displ...')
#2 /usr/local/opnsense/contrib/IXR/IXR_Library.php(384): IXR_Server->call('opnsense.exec_p...', '\nini_set('displ...')
#3 /usr/local/opnsense/contrib/IXR/IXR_Library.php(357): IXR_Server->serve('__construct(Array)
#5 /usr/local/www/xmlrpc.php(104): XMLRPCServer->start()
#6 {main}
  thrown in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code on line 24
[17-Feb-2023 19:12:22 Europe/Athens] PHP Fatal error:  Uncaught Error: Call to undefined function exec_command() in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code:24
Stack trace:
#0 /usr/local/etc/inc/xmlrpc/hass.inc(12): eval()
#1 /usr/local/opnsense/contrib/IXR/IXR_Library.php(446): exec_php_xmlrpc('\nini_set('displ...')
#2 /usr/local/opnsense/contrib/IXR/IXR_Library.php(384): IXR_Server->call('opnsense.exec_p...', '\nini_set('displ...')
#3 /usr/local/opnsense/contrib/IXR/IXR_Library.php(357): IXR_Server->serve('__construct(Array)
#5 /usr/local/www/xmlrpc.php(104): XMLRPCServer->start()
#6 {main}
  thrown in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code on line 24
[17-Feb-2023 19:13:43 Europe/Athens] PHP Fatal error:  Uncaught Error: Call to undefined function exec_command() in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code:24
Stack trace:
#0 /usr/local/etc/inc/xmlrpc/hass.inc(12): eval()
#1 /usr/local/opnsense/contrib/IXR/IXR_Library.php(446): exec_php_xmlrpc('\nini_set('displ...')
#2 /usr/local/opnsense/contrib/IXR/IXR_Library.php(384): IXR_Server->call('opnsense.exec_p...', '\nini_set('displ...')
#3 /usr/local/opnsense/contrib/IXR/IXR_Library.php(357): IXR_Server->serve('__construct(Array)
#5 /usr/local/www/xmlrpc.php(104): XMLRPCServer->start()
#6 {main}
  thrown in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code on line 24
[17-Feb-2023 19:15:03 Europe/Athens] PHP Fatal error:  Uncaught Error: Call to undefined function exec_command() in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code:24
Stack trace:
#0 /usr/local/etc/inc/xmlrpc/hass.inc(12): eval()
#1 /usr/local/opnsense/contrib/IXR/IXR_Library.php(446): exec_php_xmlrpc('\nini_set('displ...')
#2 /usr/local/opnsense/contrib/IXR/IXR_Library.php(384): IXR_Server->call('opnsense.exec_p...', '\nini_set('displ...')
#3 /usr/local/opnsense/contrib/IXR/IXR_Library.php(357): IXR_Server->serve('__construct(Array)
#5 /usr/local/www/xmlrpc.php(104): XMLRPCServer->start()
#6 {main}
  thrown in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code on line 24
[17-Feb-2023 19:16:24 Europe/Athens] PHP Fatal error:  Uncaught Error: Call to undefined function exec_command() in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code:24
Stack trace:
#0 /usr/local/etc/inc/xmlrpc/hass.inc(12): eval()
#1 /usr/local/opnsense/contrib/IXR/IXR_Library.php(446): exec_php_xmlrpc('\nini_set('displ...')
#2 /usr/local/opnsense/contrib/IXR/IXR_Library.php(384): IXR_Server->call('opnsense.exec_p...', '\nini_set('displ...')
#3 /usr/local/opnsense/contrib/IXR/IXR_Library.php(357): IXR_Server->serve('__construct(Array)
#5 /usr/local/www/xmlrpc.php(104): XMLRPCServer->start()
#6 {main}
  thrown in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code on line 24
[17-Feb-2023 19:17:45 Europe/Athens] PHP Fatal error:  Uncaught Error: Call to undefined function exec_command() in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code:24
Stack trace:
#0 /usr/local/etc/inc/xmlrpc/hass.inc(12): eval()
#1 /usr/local/opnsense/contrib/IXR/IXR_Library.php(446): exec_php_xmlrpc('\nini_set('displ...')
#2 /usr/local/opnsense/contrib/IXR/IXR_Library.php(384): IXR_Server->call('opnsense.exec_p...', '\nini_set('displ...')
#3 /usr/local/opnsense/contrib/IXR/IXR_Library.php(357): IXR_Server->serve('__construct(Array)
#5 /usr/local/www/xmlrpc.php(104): XMLRPCServer->start()
#6 {main}
  thrown in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code on line 24

Hello all,

i have recently updated to 23.1.r2 and i noticed that the option  "Dynamic state reset" is no more available.

I have multiwan setup and the primary wan is a pppoe dynamic ip connection and a pbx with multiple voip providers.
Today i had a disconnection of the pppoe connection and the voip stopped working. (Previous versions with dynamic state reset after disconnect everything worked correctly).
Is there any similar option i need to enable?

Thank you

[configd.py]

Hello,

i recently noticed in my logs a lot of

[3d448a43-1f6a-4745-9184-ee2022cc73f5] Script action stderr returned "b'usage: sysctl [-bdehiNnoqTtWx] [ -B <bufsize> ] [-f filename] name[=value] ...\n sysctl [-bdehNnoqTtWx] [ -B <bufsize> ] -a'"

these error lines for process configd.py.

What could this be?


Also i would like to ask for another strange thing (different problem), that i have installed the adguardhome plugin and every 2-3 days, all of sudden without reason it stops (the service appears red in the dhasboard) and i have to manually start because internet stops working.

Thank you

Hi all,
I have a multiwan setup with DNS servers setup in every wan, in system->settings->general and unbound as local resolver for my networks.
After reboot, DNS is not working correctly and services like ddclient do not work also. I have to manually reboot unbound to have everything working.
Another thing is that, clients with web proxy enabled, do not load pages. I had to insert 127.0.0.1, in "use alternative dns servers" option in order for clients to load pages correctly.
These problems started after upgrading to 22.1.5

Thank you.

Hello all,

I would like to know,  regarding this CVE-2019-14899 vulnerability,  if there is a way to apply to opnsense a fix for wireguard, similar to the fix for linux distributions with iptables

iptables -t raw -I PREROUTING ! -i wg0 -d 10.182.12.8 -m addrtype ! --src-type LOCAL -j DROP

Is there any firewall setting i could apply to my wireguard or openvpn interface?

Thank you

Hello all,

i have recently updated to 22.1 BETA and upon reboot, the pppoe and ppp (usb 3g dongle) are not working. I have to manualy go to Interfaces->Devices, choose the device and just click on save, without changing any setting, so that they get an IP and connect to the provider.

Hello all,

since i show the announcement for the opnsense business edition, i am a home user, but i would like to know if the reliability improvements only, are going to be applied to the free version sonner or later, also.

Just asking so in case i will upgrade because some of them are important.

thank you in advance

hello,

i would like to resolve a problem with this setup:

Router with PUBLIC IP x.x.x.x , LAN ip 172.16.99.1 and DMZ to ip 172.16.99.2 ------ opnsense with wan ip 172.16.99.2 and lan ip 192.168.1.1.

Port forward on opnsense NAT firewall with destination wan ip address port 5001 and nat to port 5000 of internal ip 192.168.1.10.

From outside networks port forward working correctly. From the inside using wan public ip x.x.x.x (dynamic) nat reflection not working.

Nat reflection enabled on firewall settings and at the nat rule.

Is there need for an outbound rule or something?

Thanks

Hello all,

I recently setup a dhcp wan connection behind NAT. The strange problem is with dynamic dns.
The dyndns gets the internal ip 172.x.x.x and not the real wan ip. It is strange that i have also a 3g wwan connection in the same setup that also gets a private range ip 10.x.x.x but if i choose this interface for the dyndns it correctly picks the public wan ip. The problem is with the wan.

When i run curl -4 url (and any ip site like checkip ecc). It shows the correct wan ip.
Why the opnsense client only for this interface shows the internal ip?
What can be the cause of that?

Thank you

Hello to everyone one.
I would like to know if someone can help, since i have a multi wan setup, on ow to better use and what the purpose of packet size in the gateway monitoring system instead of leaving default.
What can change depending on the packet size?

Thank you in advance.

Hello all,

could someone please explain me this new option in the interfaces configuration:

Dynamic gateway policy    
This interface does not require an intermediate system to act as a gateway
If the destination is directly reachable via an interface requiring no intermediary system to act as a gateway, you can select this option which allows dynamic gateways to be created without direct target addresses. Some tunnel types support this.

I use pppoe and 3g wan-usb ppp with dynamic ip for wan , wireguard and openvpn.
In which case should i use it, i cannot understand "intermediate system" meaning.

Thank you

Hello all,

i have a pppoe wan connection which makes the call through the providers vdsl modem.
The modem has it's own wan connection with ppoe passhthrough enabled so opnsense can make it's own pppoe connection.

The problem is that the pppoe connection on opnsense has packet loss 3-18% (which i see on the gateway monitor too) instead if i connect a pc to another lan port of the modem (through the modems pppoe connection) there is no packet loss.

I changed modem, i resetted it i changed ports, decreased MTU nothing.
Packet loss on opnsense pppoe connection persists.

The setup of the main wan connection through pppoe has remained the same for many months, this has starded lately with the last versions.

If someone with pppoe passthrough can test pppoe through passthrough, and tell me the results please i would be grateful.

Thank you.