Recent posts

#1
26.1 Series / Re: [SOLVED] Upgraded to 26.1....
Last post by allenlook - Today at 08:13:26 PM
I figured out what caused the problem, most likely.

After the update to 26.1.2 the system was supposed to reboot.  The dialog came up with the little spinning gear wheel, but then it returned back to the dashboard and kept running, there was likely no actual reboot.

I came back later and restarted the services thinking they'd randomly failed, but they actually were stopped and the system was hung waiting for a process to terminate.

I just did the update to 26.1.2_5 and the same thing happened - the system would give the "rebooting" dialog but never reboot. 

I used ssh to get in and brought up the menu to reboot manually, and it indicated it was stuck waiting for process 137.  I used "ps aux | grep 137" to identify the process (python) and then had to use "kill -9 137" because kill alone would not do it.

Then the system immediately rebooted and now it's running as normal.
#2
26.1 Series / Re: Destination NAT (port forw...
Last post by LisaMT - Today at 08:10:26 PM
Seems to still have this issue in 26.1.2_5
#3
German - Deutsch / Re: Zwei Baustellen ISC->KEA /...
Last post by 0zzy - Today at 08:05:00 PM
Hab ich auch:
General Settings -> Interfaces alle bisherigen drin.
#4
German - Deutsch / Re: Mini PC
Last post by viragomann - Today at 07:24:37 PM
Quote from: Manfred53 on Today at 07:13:31 PMDie sind ein bischen teuer, ich hatte an Alternativen gedacht.
Dafür hast du eine ausgewählte Hardware und keine laufenden Kosten, sofern du dann auf die Community-Version wechselst.

Aber auf https://opnsense.org/get-started/ findest du auch allgemeine Hardwareempfehlungen.
Im Grunde ist jedes x86_64 System verwendbar.

Bezügliche Netzwerk-Interfaces gelten Intel als sehr gut unterstützt, während Realtek oft Probleme machen, jedenfalls mit den Standard Treibern in FreeBSD. Zu Broadcom gibt es hier, glaub ich, auch Threads.
#5
German - Deutsch / Re: Mini PC
Last post by Manfred53 - Today at 07:13:31 PM
Die sind ein bischen teuer, ich hatte an Alternativen gedacht.
#6
26.1 Series / Re: Remote migration of firewa...
Last post by danderson - Today at 06:59:58 PM
i did 2 of them, i would make sure your fully up to date on the patch levels, then do the export and import, then instead of removing the old rules, i would disable them to make sure the new ones are working for you. Once all confirmed you can remove the old ones.   I had issues with some new rules on 26.1.1 but not on 26.1.2 and newer

Quote from: guvi on Today at 06:45:45 PMHi,
has anyone managed to perform a migration of old firewall-rules to the new format remotely?
If so, please share any pointers/ideas on how to succeed  :-)

#7
26.1 Series / Re: Router Advertisements left...
Last post by mokaz - Today at 06:55:44 PM
Hi Franco,

Thanks a lot for your update, I've checked the /etc/etc/radvd.conf file which essentially (aside two commented initial lines) is empty..
I'll check this out as I know that on this node I'm full on DHCP on the WAN interfaces (note the S).

Thanks again for your wonderful work all around OPNsense, this piece of kit is smashing really !

Cheers,
m.
#8
26.1 Series / Remote migration of firewall r...
Last post by guvi - Today at 06:45:45 PM

Hi,
has anyone managed to perform a migration of old firewall-rules to the new format remotely?
If so, please share any pointers/ideas on how to succeed  :-)
#9
Quote from: viragomann on Today at 06:41:34 PM
Quote from: meyergru on Today at 05:52:35 PMPer DHCP verteilt man dann die (eine!) IP des zentralen Zeitservers.
Ist der Eintrag leer liefert der DHCP die Interface IP. Das reicht mir doch.

Eben 🙂
#10
German - Deutsch / Re: Frage zur DHCP-Konfigurati...
Last post by viragomann - Today at 06:41:34 PM
Quote from: meyergru on Today at 05:52:35 PMPer DHCP verteilt man dann die (eine!) IP des zentralen Zeitservers.
Ist der Eintrag leer liefert der DHCP die Interface IP. Das reicht mir doch.

Und falls ich einen bestimmten Server verwenden wollte, würde die IP auch für alle Subnetze dieselbe sein. Also wofür sind da Anpassungen erforderlich?

Quote from: meyergru on Today at 05:52:35 PMManche gehen sogar so weit, per Port-Forwarding jeden ausgehenden Request auf Port 113 auf die OpnSense umzubiegen, um genau das zu verhindern, wenn ein Client sich die NTP-Server gar nicht per DHCP holt.
Mach ich auch, allerdings für Port 123. ;-)

Dummerweise fragen meine OpenSUSE dennoch ihren eigenen Pool ab, worauf OPNsense ein KoD schickt. Der Pool muss da noch auf jeder Maschine deaktiviert werden.