Messages

Hi there,

I've got two WANs with IP addresses that might change (although they don't do so often).
I'd like to be able to connect to my network from wherever I am, through either of the WANs, so I have two dynamic addresses (isp1-myname.mydnsprovider.tld and isp2-myname.mydnsprovider.tld).

However in Services: Dynamic DNS I cannot pick which interface to use for DynDNS. So both addresses are set to the same (default) WAN IP address.
Is there another way to configure this somehow?

System: Gateways: Single indeed shows options to add a monitor IP for a particular GW.
Apparently the gateway from my ISP doesn't allow ping.
First I added the Google DNS server for this (8.8.8.8 ), hoping this one will allow pings for eternity :)

A bit odd since "Disable Gateway Monitoring" was on for me (so I'd assume, given the help text of "This will consider this gateway as always being "up"", the GW group would not show "pending").

And also strange that the same public IP address cannot be used twice for GW monitoring of different gateways: "The monitor IP address "8.8.8.8" is already in use. You must choose a different monitor IP.". I chose 8.8.4.4 for the 2nd GW but then reverted to my ISP's DNS servers, which seem to be pingable.

Both GWs in both GW groups show up as "Online" now, thanks!

When comparing to pfSense: apparently there no state is provided and if the status cannot be determined, it would be considered as "up", at least on OPNsense per the below Monit feedback:

Code Select Expand

Program 'gateway_alert'
  status                       Status failed
  monitoring status            Monitored
  monitoring mode              active
  on reboot                    start
  last exit value              1
  last output                  Gateways status could not be determined, considering all as up/active. (Group: GWGMemberdown_ISP1)
                               Gateways status could not be determined, considering all as up/active. (Group: GWGMemberdown_ISP2)
  data collected               Sun, 24 Jan 2021 13:23:54

Found it: on OPNsense, the setting is at a slightly different location: Firewall: Settings: Advanced -> Gateway Monitoring, and is enabled by default.

Disable State Killing on Gateway Failure
The monitoring process will flush states for a gateway that goes down if this box is not checked. Check this box to disable this behavior.

Hi all,

Coming from pfSense, I'm looking for an equivalent setting of "Flush all states when a gateway goes down" (pfSense: System -> Advanced -> Miscellaneous).
I needed to use this setting as my SIP trunk would stop working periodically.

Is there some equivalent setting in OPNsense to this? Or is this included in the "Allow default gateway switching" setting ("If the link where the default gateway resides fails switch the default gateway to another available one."), and hence should this one be set instead?

Thanks!

Hi guys,

I'm trying to configure two Gateway groups (dual-WAN) but both are stuck at "Pending" state.
What I did:
- Add a Tier 1 and a Tier 2 for the GW group
- Trigger level: member down
- Apply changes

When Googling I understand this could be related to the fact that a "monitor" is missing. Well, that might be true, but:
1. Where can this monitor be added?
2. Coming from pfSense, no such monitor was required (for "member down" at least) - does anyone know the reason why OPNsense would require these?

Thanks!

Hi,

I'm setting up OPNsense on VMware with 6GB RAM and 90GB (virtual) Hard Drive.
During the installation I'm asked whether I want to continue with a "recommended swap partition of 8192M".

I do not think this is necessarily 'recommended' in the above setup, and hence should be set zero? Any thoughts?

From the installation docs on https://docs.opnsense.org/manual/install.html, I see disabling swap is typically done for embedded systems.

For me, "Do not use the local DNS service as a nameserver for this system" didn't fix the problem.
However, marking "Prefer to use IPv4 even if IPv6 is available" on the same Systems-Settings-General page, did.

Hi all,

I'm running OPNsense on VMware ESXi 6.7 and have about 10 VLANs.

What is the most recommended way of working?
A/ Define the VLANs on the VMware VM definition (so a unique interface is presented to OPNsense)
B/ Apart from the mandatory LAN and a WAN, provide a trunk interface to OPNsense with all VLANs and define the other VLANs in OPNsense (subinterface of the trunk)

What are the advantages/disadvantages of each approach?

Advantages of A:
- Security: in case OPNsense gets breached, the VLANs that are not defined to the VM will not be visible

Advantages of B:
- When adding a VLAN, OPNsense doesn't need to be restarted

I'm sure there are more - any ideas?
E.g. is there an expected CPU overhead or speed drop with one approach vs. the other?
Or expected issues when moving OPNsense to a different system?

Alright, understood. Dropping that plan then.

As an alternative, would following work?

• Have the latest & greatest config file available of VM1 at all times (maybe automatically generate & sync it somewhere?)
• For a planned downtime: spin up VM2 on a different system with same (fixed) virtual MAC addresses but NOT connecting the virtual adapters, except for 1 management adapter
• Import the config into VM2 through the management adapter
• Turn off the VM1; once down connect the virtual adaptors to VM2
• After the planned downtime: turn off VM2 and turn on VM1 again

Any comments?

Hi guys,

My situation:
- ISP A: n=1 Public IP address, bound to a certain MAC address
- ISP B: n=1 Public IP address (though PPPoE)
- Latest OPNsense using different VLANs with WAN failover (i.e. VLAN 1 using ISP A by default, if not available then ISP B; VLAN 2 using ISP B by default, if not available then ISP A)

I'd like to use OPNsense High Availability so I can reboot my host easily.
Is that elegantly possible with just n=1 IP address per WAN link (out of which one is bound to a MAC address, which I can choose (once))?

Thanks!

FYI, changing from the default VMware Paravirtualization storage to LGI Logic Parallel did the trick.

Hi there,

When I try to install OPNsense 20.7 on VMware ESXi 6.7, I get following error message when I do either the Guided or the Manual install:

The installer could not find any disks suitable for installation (IDE or SCSI) attached to this computer. If you wish to install OPNsense on an unorthodox storage device, you will have to exit to a LiveCD command prompt and install it manually, using the file /README as a guide.

The installation medium I'm using is OPNsense-20.7-OpenSSL-dvd-amd64.iso.
The VMware guest was created with default settings for Other -> "FreeBSD 12 or later versions (64-bit)".

Any idea what's going on/wrong?