Messages

121

21.1 Legacy Series / Re: Zigzag CPU Load

« on: May 27, 2021, 03:04:47 pm »

The graphs look the similar to me.  One thing you might check is do you have PowerD enabled...check under System | Settings | Miscellaneous.  Adaptive works well for my setup...this was something I overlooked for quite a while after switching to OPNsense...so just in case you never checked it.  Anyhow it might make a difference.

Also, I've run into a situation where the RRD netflow data gets corrupted or confused and resetting/repairing will resolve excess CPU in this case...so that's something else to check.  That's under Reporting | Settings. 

122

21.1 Legacy Series / Re: NUT: no restart of UPS

« on: May 26, 2021, 03:21:02 pm »

I appreciate your posting about NUT as I have a different issue (probably my own doing, unsure at this point).  You might consider also posting at the link below.  I wish NUT was enhanced a bit more to include an option to shutdown after xx minutes of being on battery like my NAS units do.  I've looked at this for hours and can't figure out how to make this work.  Had a recent outage and OPNsense is a netclient, it reported battery low but didn't shutdown...didn't start to shutdown.  Log reported battery low, and then the UPS powered off about one minute later.  Cheers.

https://github.com/opnsense/plugins/issues

123

21.1 Legacy Series / Re: Unbound, stubby and pi-hole

« on: May 25, 2021, 06:18:32 pm »

DNSCrypt-Proxy supports both, as well as their own DNSCrypt...just to clarify.

a: correct, if you leave it blank it will use what you have in your general settings dns field...so...it's flexible.  Interface refers to "LAN1", "LAN2", "VLAN1"....etc.  So they can be the physical jacks on your router or virtual in the case of VLANs.  Yeah that wording a bit confusing...but it's the parameter(s) the DHCP server sends to hosts requesting an IP address...so it can be specified for each interface.

Good luck! 

124

21.1 Legacy Series / Re: Unbound, stubby and pi-hole

« on: May 25, 2021, 04:25:44 pm »

I have a similar setup but instead of stubby, I use dnscrypt-proxy and cloudflared (both for encryption using DoH) on my rpi's.  This for me at least simplifies, OPNsense tells hosts on my network to resolve at RPi addresses.  The Rpi's fully handle the connection to resolve the DNS requests.  If a port 53 request comes from a non Rpi device, then it is NAT'd to one of the RPi (not dropped or blocked) for processing.

a: DHCP under Services in OPNsense...for each network segment it applies to.
b: ?
c: Not that I'm aware.
d: as mentioned above, use a NAT rule to reroute any dest port 53 that are coming from NOT your pihole host.

Hope that helps.

125

21.1 Legacy Series / Re: Zigzag CPU Load

« on: May 20, 2021, 03:07:50 pm »

It's normal...it's related to insight data (flowd_aggregate.py) and file processing.

https://github.com/opnsense/core/issues/3587

126

General Discussion / Re: Live view filtering - Is this normal?

« on: May 18, 2021, 04:14:28 pm »

Looks like the filter bug is reported here.

https://github.com/opnsense/core/issues/4988

127

21.1 Legacy Series / Re: DHCPv6 [LAN] Settings

« on: May 10, 2021, 04:38:21 pm »

Under Interfaces (for LAN), you probably need to tick the box to allow manual adjustment of dhcpv6 for it to show under services.

128

General Discussion / Re: Help getting NUT working with CyberPower UPS

« on: April 09, 2021, 03:48:18 pm »

As an alternative, my cyberpower UPS works fine in netclient mode.  I run NUT on a raspberry pi (usb connected) and then point to it from my NAS and OPNsense...and monitor via zabbix.

129

21.1 Legacy Series / Re: GEOIP, not blocking?

« on: April 04, 2021, 01:42:05 pm »

I added a GEOIp block rule (floating) on my LAN, VLAN, and WAN interfaces with any source and it blocks everything...including outbound.  I thought outbound might be equally useful for malware ignoring that malware is hosted globally.  It does stop me when I click a sketchy result in a google search though.

130

21.1 Legacy Series / Re: flowd_aggregator High CPU Usage on 21.1.4

« on: April 04, 2021, 01:26:13 am »

Probably normal…more here.

https://github.com/opnsense/core/issues/3587

131

21.1 Legacy Series / Re: [Solved] Getting NUT Client to work

« on: March 25, 2021, 03:01:54 pm »

You were right on. I had to add a user and password. Once I did that it worked. Thanks..

Glad that did it.   

@mimugmail Do you know if there's much effort to add a password field (and maybe the power value field too to make it complete) in the GUI?  I can put a request in on github if you think it's worthwhile...let me know.  Thx!

EDIT: For anyone finding this thread...this is actually not an issue, see the description on the page linked below.  Make sure to choose netclient on the second tab...or whatever applies.

https://docs.opnsense.org/manual/how-tos/nut.html

132

21.1 Legacy Series / Re: Getting NUT Client to work

« on: March 25, 2021, 01:50:47 pm »

That listening port 1 is the same thing I have using a cyberpower ups (not a port actually, see edit at the bottom).

MONITOR qnapups@192.168.1.214 1 admin 123456 slave

I know with nut the name has to match exactly as well as the password.  In my example above, I had to use qnapups for the user, admin as the user and 123456 as the password.  You don't have a password it appears.  QNAP is involved in my setup and it's a static setting so basically, anyone using a QNAP NAS with NUT likely has this setting (unless they customized it).

My settings in the OPNsense GUI are service mode = netclient, name = qnapups, listen address = 192.168.1.214 (nut server address...in my case a raspberry pi).  On the second tab I have port = auto, but enable is UNchecked...likely not applicable in netclient mode.

Since you're missing a password, NUT may not be parsing the line correctly...guessing here.  Now the question is how did I enter the password, from the looks of it I manually edited this file that says not to as it might get overwritten in the future.  Might try adding a placeholder password to see if that changes anything if you don't have a legit password.

EDIT: From the documentation...section 6.3.

https://networkupstools.org/docs/user-manual.chunked/ar01s06.html

If it’s just monitoring this UPS over the network, and some other system is the master:
MONITOR myupsname@mybox 1 monuser mypass slave
The number "1" here is the power value. This should always be set to 1 unless you have a very special (read: expensive) system with redundant power supplies.

133

21.1 Legacy Series / Re: 21.1.3amd - Error when changing Alias

« on: March 15, 2021, 02:49:27 pm »

Related?

https://forum.opnsense.org/index.php?topic=19117.0

134

21.1 Legacy Series / Re: Will /var be periodically backed up even if it is set as a memory filesystem?

« on: February 22, 2021, 02:15:04 pm »

So, do you know if since the vnstat database is in /var/lib....it too is not written to disk AND is also wiped on reboot (using the memory option)?  Wonder if there's a way to relocate that database...and/or periodically back it up in that situation.  No plans to switch to memory option, but curious.  Thanks.

135

21.1 Legacy Series / Re: CPU Profile explanation

« on: February 01, 2021, 04:54:08 pm »

Regarding CPU, it's normal and related to process flowd_aggregate.py, see here for a lengthy discussion:

https://github.com/opnsense/core/issues/3587