Messages

6. Delete alias not erase files in /var/db/aliastables and still exist in pftable.

If you reboot firewall this will clear out deleted alias from pfTable.

Someone may want to open an issue on github and link this thread if they have not already.

https://github.com/opnsense/core/issues/3399
https://github.com/opnsense/core/commit/00b46e05752ed5e8e98b0256ce34070ea71dfb17

patch locally, using (on >= 19.1.4):

Code Select Expand


opnsense-patch ea2f217cf


If I apply patch, will I need to do anything special before next upgrade? e.g. remove patch before doing upgrade to 19.1.7

Something's very wrong. It's like creating any "dynamic" alias (geoip, url table, etc) poisons OPNsense's alias functionality for me.

Can someone try this on their system for me? Create a new geoip alias for a random region. See if the pf table is filled. Then try deleting it.

I am able to create geoip alias, see them in the pfTable, and then delete them without issue. The pfTable will still have them listed until I reboot.

I'm on OPNsense 19.5.1_1 though, I haven't upgraded to 19.1.6 yet.

My hosts alias and geoip alias are working in 19.1.5_1.

Please check your "Firewall Maximum Table Entries" the default is 200000 which may be too small to hold all the alias IPs, especially if you use a lot of GeoIP Aliases or URL Table (IPs). I had the same issue and had to fix it by increasing the Firewall Maximum Table Entries value. I changed mine to 800000 but you will need to tweak it to what works for you.

Firewall -> Settings -> Advanced -> "Firewall Maximum Table Entries"

After increasing the Firewall Maximum table Entries, Update Bogons (Firewall -> Diagnostics -> pfTables -> "Update bogons" button) which should also update the geoips.

Then check your System Logs to see if the geoip and bogons were updated, or if you have a table-entries limit warnings. (System -> Log Files -> General). See attachment for example.

I have the same issue with slow OPNsense shutdown and restarts, can take minutes. Disabling the "Periodic NetFlow Backup" fixed it for me.

Not sure why NetFlow / Insight takes so long to backup. I have OPNsense running on a dedicated Qotom i7-7500U with 8GB RAM and 128SSD, more than enough CPU and I/O capabilities.

I have seen this behavior on other hardware configurations too.

What OPNsense installer image are you using?
VGA or Serial?

From my understanding all DHCP leases will be assigned to the same domain. Which is either the default system domain found in System -> Settings -> General -> Domain, or you can override in Unbound via Services -> Unbound -> General -> DHCP Domain Override.

Maybe set system domain to domain.com and the hostsnames to host1.o or host1.m? This way system will set as
host1.o.domain.com
host1.m.domain.com

Or you can try to manually set domain overrides using Services -> Unbound DNS -> Overrides.

You can reassign the interfaces from the Web GUI (Interfaces -> Assignments) or console. No need to reinstall.

Also do you have the interface locked to prevent interface removal?

Not sure why the interface would switch.

Are you using OpenVPN plugin in OPNsense or have separate OpenVPN server that needs to be routed by OPNsense?

I use an OpenVPN VM behind OPNsense that acts as road warrior VPN; I can connect to my OpenVPN remotely and have all my traffic routed through my home. Is this what you are trying to do?

Looks like v1.0 of UnboundBL was released on githib, has anyone tried it?

After looking at the log files I discovered the "Update and reload firewall aliases" cron job is not needed for URL Table Aliases, those are already being updated according to the expiration field.

Still unsure how to use the other cron commands.

Great news. I know Apollo Lake has been giving BSD some issues. Glad to see the jump to 11.2 has brought Apollo Lake compatibility.

Are you running 19.1 or 19.1.1? There was a hotfix in 19.1.1 that addressed some MTU issues that caused slowdowns because certain ISPs were requesting improper MTU sizes.

I had a similar issue happen. Turns out I needed to re-image my install media.  Once I re-flashed the USB drive with OPNsense installer and ran again it worked. See if that solves issue, if not maybe another issue that may need workaround.

[Reconfigure a plugin facility - ?]

Is there a Wiki page or something that explains how to use the different cron commands when creating a cron job via the WebGUI?

Some of the commands seem very straightforward but others I am not sure what they do or if they require other parameters. For example there is a command for "Remote Backup", but where do I set the remote backup location?

Commands:

• Automatic firmware update -  self-explanatory
• Regenrate DH parameters - self-explanatory
• Reconfigure a plugin facility - ?
• Update and reload intrusion detection rules - self-explanatory
• Update and reload firewall aliases - self-explanatory, but is this redundant? Aliases have expiry field, what does the cron command vs the alias expire field do?
• Issue a reboot - self-explanatory
• Download and reload external proxy ACLs - self-explanatory
• Download external proxy ACLs - self-explanatory
• Reload intrusion detection rules - self-explanatory
• Dynamic DNS Update - self-explanatory, but is this redundant? The Dynamic DNS client already performs update.
• Firmware changelog update - ? Are parameters needed for this? How are notifications handled?
• Periodic interface reset - ? Are parameters needed for this?
• Remote backup - Self-explanatory, but unclear how to setup. Are parameters needed for this?