Messages

Hi,

I just upgraded to 22.7.2 and noticed an error that backups are failing on Google drive:

Code Select Expand


The following input errors were detected:

{"error":"invalid_grant","error_description":"Invalid JWT Signature."}
Saved settings, but remote backup failed.


Is anyone else facing the same problem?
Thanks.

Enable logging for the default "allow all" rule and see the firewall logs in real time as you ping from a client machine on LAN.

First try just one simple rule (i.e allow all) like the screenshot below. If it works then you can start adding more complex rules to make it robust and more secure.

My two cents.

Since all the tenets in your building are on the same subnet your situation is like logging into a hotel WiFi where all of your traffic is visible to anyone else staying in the hotel. No need to panic but just be more vigilant when you see anything odd in the logs or IDS services.

At the very least, disable OPNSense GUI from WAN, disable root login into OPNSense and disable HTTP redirect for GUI (under System ==> Settings).

As for the problem you posted, did you create any firewall rules for LAN? The default is "block all" and that is what seems to be happening in your case.

Hi,

I have 5 cheap L2 Trendnet switches (https://www.trendnet.com/products/edgesmart-switch/8-port-gigabit-EdgeSmart-switch-TEG-S80ES) that I would like to deploy on home network behind a Qotom device (6 ports) running OPNSense. First I tried the topology shown in diagram-01 below but only switch-A worked in this case. The VLANs on switch-B could neither access VLANs on switch-A nor OPNSense.

As an alternate, I'm thinking of combining the unused ports on OPNSense device to create a bridge and create VLANs on the bridge and connect each port of OPNSense to corresponding VLAN port on switch-A. And use port-1 on both switches to connect each other.

I'd need to take down my network to even try this one, so wanted to check in this forum if anyone has faced the same problem as I did in diagram-1 and if the alternate topology (diagram-2) will work in theory.

Thanks.

It did not work on the actual VLANs as I had to delete the assignment which pretty much toasted the static IP assignments. Since mine is a home network, I save a copy of IP assignments and had to do some copy & paste and now have OPNsense with VLANs up and running!

Interesting idea, I tried a test VLAN and moved it across to another interface and it seems to work.

Next steps would be to move the actual ones on the home LAN and keeping fingers crossed!!

Do you see ntopng running under services tab?

Hi,

I've a VLAN for IoTs that have about 70 static IPs assigned for different IoTs across the house. And I need to move this VLAN to another interface on the FW box.

Is there a way to download/upload the static IP assignment under DHCP? In worst case, I will have to type or copy/paste all the assignments manually but was curious if there is an easier/reliable way out of this.

Thanks.

Thanks Franco and totally understand that things are fluid and sharing details ahead of time can also set expectations which may backfire!!

Hi,

I was browsing the page at https://opnsense.org/about/road-map and just curious if there is a list of planned features for Jan 2023 release?

Thanks,

PS: the list overall is very impressive so hats off to the entire OPNSense team for staying the course with development work over last several years!

I did some experiment in the "/usr/local/etc/ntopng/ntopng.conf " and changed the port number from 3000 to 3001.

After restart the Ntop still shows up on 3000 so seems like Ntop rc service is not reading the "/usr/local/etc/ntopng/ntopng.conf " file when starting.

Hi,
I've installed Ntop's community edition, using Ports and it is working fine. The Community Edition restricts the number of interfaces to a maximum of 8. Here is the information on interfaces on OPNSense machine:

Code Select Expand


root@OPNsense:/var/db # ntopng -h
Available interfaces (-i <interface index>):
   1. igb0
   2. igb1
   3. ovpns1
   4. igb2
   5. igb3
   6. igb4
   7. igb5
   8. igb1_vlan20
   9. igb2_vlan30
   10. igb3_vlan40
   11. igb0_vlan100
   12. lo0


The max limit of 8 interfaces is enough for me but the ones that I need i.e. 9, 10 & 11 are not getting picked up. So edited "/usr/local/etc/ntopng/ntopng.conf " file and added following lines:

Code Select Expand


  -i=igb1_vlan20
  -i=igb2_vlan30
  -i=igb3_vlan40
  -i=igb0_vlan100
  -i=igb4
  -i=igb5
  -i=ovpns1


The above interfaces are less than 8 but when I restart the console shows following logs:

Code Select Expand


28/Jun/2022 22:19:10 [Prefs.cpp:1950] ERROR: Too many interfaces (8): discarded igb2_vlan30
28/Jun/2022 22:19:10 [Prefs.cpp:1951] ERROR: Hint: reset redis (redis-cli flushall) and then start ntopng again
28/Jun/2022 22:19:10 [Prefs.cpp:1950] ERROR: Too many interfaces (8): discarded igb3_vlan40
28/Jun/2022 22:19:10 [Prefs.cpp:1951] ERROR: Hint: reset redis (redis-cli flushall) and then start ntopng again
28/Jun/2022 22:19:10 [Prefs.cpp:1950] ERROR: Too many interfaces (8): discarded igb0_vlan100
28/Jun/2022 22:19:10 [Prefs.cpp:1951] ERROR: Hint: reset redis (redis-cli flushall) and then start ntopng again


So seems like Ntop is still using the default interface list instead of the ones specified in "/usr/local/etc/ntopng/ntopng.conf".

Does any one has any idea what I might be doing wrong here or how to make Ntop use the interfaces selectively.
Thanks,

Pankaj

Think I found the answer!

Code Select Expand


opnsense-code ports tools
cd /usr/ports/your/port
make reinstall


@franco I found one of your old post where you suggested using opnsense-code instead of portsnap

Code Select Expand


# opnsense-code ports
# cd /usr/ports


I am using this to install ntop community edition as the binary keeps installing the enterprise version with free trial expiring in 10 minutes! One question in case you can provide some guidance:

How do I maintain this repo going forward? And what commands do I use to update it? This device is the front end for the entire house to hesitant to experiment and will appreciate your input.
Thanks.