Messages

I recently discovered that my filesystem didn't come up cleanly after a power outage and may be related to some issues I had.

I did the old school boot into single user mode and ran fsck - actually twice before everything got cleaned up.

Is there a built in with with OpnSense to do this?  I found this with pfSense:

touch /root/force_fsck would force a check/repair on reboot.  Didn't seem to affect OpnSense.  This might be something handy to have as a GUI option down the road?

I may bow out of troubleshoot this for a bit, I found after a recent power outage my system didn't come up cleanly and my recent "me too" might be related to that.  However, my first post predated that outage so I was seeing something. I have a question about what I found, but will post a new thread so as not to hijack this one.

I'll see what I can do. I actually turned off IDS because it was crashing then recovering (mostly except for configd and sshd) every few hours so it was invisible unless you were watching. I'm now going on 18 hours with no issues, so you're suspicion of high workloads is correct.

Mine is: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz, 2 CPUs: 1 package(s) x 2 core(s), 4GB RAM. I have about 23% of RAM in use with the new IDS in use and a few items enabled.

It isn't a regular thing. I'll have an uptime for awhile before noticing it, often a week or more from what I can tell.

I'm looking for some advice on configuring my router's DNS. I run split DNS, I want my internal NAT clients to resolve to an internal NATted DNS server.

My main issue is that I have a web server, among other services, running on NAT and I find that OPNsense cannot resolve to things like URLs on my web-server.  Possibly because of my internal DNS being on a system behind NAT as well.

What would be best practice for this? Under System>Settings>General should I use my internal DNS server or External, or both? Or is there some other setting I need to have a look at?

Thanks all for any tips.

I've seen this as well.  Click Services then Diagnostics.

Make sure configd is running.  If not, start it.

I found mine off (or crashed) just this morning when I selected to check for updates.

Many DHCP services work like this by design, they won't start re-issuing used DHCP addresses if there are previously unused ones in the IP range given to it EVEN IF those leases have expired.

The simple answer is if that same device comes back onto the network at some point in the future it'll get (re)assigned the address it had before, even if its lease had expired. This can have some benefits both for logging and for devices that are really aggressive about getting the same address as they did once-upon-a-time.

Typically, once the never-used leases have been issued, it'll probably start from the bottom of the range and re-issue the oldest ones in a round-robin sort of fashion.

I've not hit the top of the range I assigned with my OpnSense install yet, but this seems to be the pattern it is following.

Ah. Thanks for that. I bumped into that bug while poking around with the feature too.

Hi all, I'm a bit confused about the checkboxes here...

For example, under rulesets, we have the first item "botcc.portgrouped" with a check box to the immediate left and to the right a checkbox for "enabled".

Obviously, the right checkbox is explanatory.  What's the left checkbox for?

Update, I did get my Squid issues sorted and turned it back on.  My CPU usage is down to about 5%.

Perhaps my initial Squid errors were causing it to restart over and over and thus the high load.

While troubleshooting a different issue, I noted that Squid was using most all of that...

top -SH from Shell showed it at ~35%. I did find something noting Squid using that much can be normal on an older Squid.org mailing list.

I've had to disable Squid for a different reason and that dropped me to about 5% CPU usage.

I have the exactly the same CPU as you and that's typically what I see mine at. I can't say if that's normal or not.

Certainly, the first one at the top of this page is the exact one I used:

http://mirror.wdc1.us.leaseweb.net/opnsense/releases/15.7.18/

OPNsense-15.7.18-OpenSSL-cdrom-amd64.iso.bz2   204M   09-Nov-2015 06:10

You could probably restore that to a USB drive and boot from it.

It probably should! I don't know for certain, but I just burned the image as is to a CD and it booted fine for me without having to do anything else to it.

It should boot, you're using the 64 bit version?

You might have better luck with a CD image.  Almost any USB external CD drive will work with that mini.