Recent posts

Main Menu

Welcome to OPNsense Forum.
Log in
Sign up

OPNsense Forum
► Recent posts

Recent posts

Pages1 2 3 ... 10

#1

25.7, 25.10 Series / Re: Update to OPNsense 25.7.11...

Last post by Courier1027 - Today at 01:53:45 PM

Quote from: Monviech (Cedrik) on Today at 09:44:19 AMThe fix is included in 25.7.11_2.

Thanks. The plugin is working post this update. Marking this thread as solved

#2

General Discussion / OPNsense and FreeBSD. Multiboo...

Last post by tyler19820201 - Today at 01:30:58 PM

I have one storage device ada0 which does include several partitions. The laptop is a Lenovo T480. This is not my main laptop but my "testing lab". I have one efi partition on ada0p1 which has got Limine installed. The linux systems using this partition as the boot partition. The ada0p2 is my BSDEFI, dedicated only for BSD based distros. FreeBSD and OPNsense. My FreeBSD zfs pool called ALPHA is living on ada0p10, size is 99GB. I have 118GB free space on ada0 starting at 4376576 and i want the opnsense's pool placing there. My goal is to install OPNsense on ada0p9 on zfs with 20GB size, using poolname OMEGA. I want make ensure that those pools are identical and independent and able to boot without interfering with each others.
The custom install for opnsense went well, however after reboot Limine not able the recognize for which entry belongs to which pool. I use GPT partition table and my BIOS had been set UEFI boot only.

This is what i was doing:

Code Select

gpart add -t freebsd-zfs -b 4376576 -s 20G -i 2 -l OPNSENSE ada0

I was asking several AIs (grok, gemini, chatgpt, deepseek) and they were claiming that the opnsense and the freebsd zfs version might be different and that might causing the boot issue, however later on i was realizing not that is the core of the issue, but i was following the detailed command pointing to the zfs version to create the pool. I was trying this on my FreeBSD and also trying to create the pool on the OPNsense USB installation media as well, in shell, but both method was resulting boot issue after the installation finished and was trying the boot entries.
The command is:

Code Select

sudo zpool create -f -o compatibility=openzfs-2.1-linux \
-o altroot=/mnt \
-O compression=off \
-O mountpoint=legacy \
OMEGA /dev/ada0p9

Code Select

sudo mount -t zfs OMEGA /mnt

Then i was creating some "skeleton" dirs which are neccessary for booting up opnsense.

Code Select

sudo mkdir -p /mnt/dev /mnt/proc /mnt/tmp /mnt/conf /mnt/mnt /mnt/var/run /mnt/root /mnt/home /mnt/usr/local/etc

Then setting up the permissions for tmp folder.

Code Select

sudo chmod 1777 /mnt/tmp

This stops OPNsense from acting like a Live USB

Code Select

echo "default" | sudo tee /mnt/etc/platform
echo "default" | sudo tee /mnt/usr/local/etc/platform

Creating fstab for OPNsense

Code Select

sudo printf "OMEGA\t\t/\t\tzfs\trw\t0\t0\n" | sudo tee /mnt/etc/fstab

Next, i was creating the mntusb folder for the installation USB media of OPNsense.I was mounting the opnsense da1p4 data partition at /mntusb

Code Select

sudo mkdir /mntusb
sudo mount /dev/da1p4 /mntusb

Then i was copy the USBs folders and their files to the pool.

Code Select

foreach dir ( bin sbin lib libexec usr var etc root )
sudo cpdup -vv -I /mntusb/$dir /mnt/$dir
end

Next, create the kernel directory.

Code Select

sudo mkdir -p /mnt/boot/kernel

The kernel file is living in /boot/kernel both on opnsense and on freebsd as well, but i was renaming th kernel for opnsense to kernel.opn as AI recommended it...But was not help. Anyway:

Code Select

sudo cat /mntusb/boot/kernel/kernel | sudo tee /mnt/boot/kernel/kernel.opn > /dev/null
sudo cat /mntusb/boot/kernel/zfs.ko | sudo tee /mnt/boot/kernel/zfs.ko > /dev/null

Copy Boot Environment:

Code Select

foreach bdir ( modules defaults lua zfs )
sudo cp -a /mntusb/boot/$bdir /mnt/boot/
end

Code Select

sudo cp /mntusb/boot/device.hints /mntusb/boot/loader.efi /mntusb/boot/*.4th /mnt/boot/
sudo cp /mntusb/usr/local/etc/config.xml.sample /mnt/conf/config.xml

Write /mnt/boot/loader.conf:

Code Select

sudo cat <<EOF > /mnt/boot/loader.conf
loader_brand="opnsense"
loader_logo="hourglass"
loader_menu_title="OPNsense Multiboot"
zfs_load="YES"
currdev="zfs:OMEGA:"
vfs.root.mountfrom="zfs:OMEGA"
kernel="kernel.opn"
bootfile="kernel.opn"
kern.kmoddir="/boot/kernel"
root_rw_mount="YES"
beastie_disable="YES"
autoboot_delay="3"
carp_load="YES"
pf_load="YES"
if_bridge_load="YES"
if_vlan_load="YES"
EOF

I did use the

Code Select

sudo mount -t msdosfs /dev/ada0p2 /mnt/efi
sudo mkdir -p /mnt/efi/EFI/OPNsense
sudo cp /mnt/boot/loader.efi /mnt/efi/EFI/OPNsense/loader.efi

commands for the loader.efi file to copy it to the efi partition of ada0p2. This is only neccessary if i do the installation from the USBmedia.
On my FreeBSD the command is slightly different as the partition already mounted during boot on /boot/efi
The fstab for opnsense also has been modified adding the ada0p2 partition to /boot/efi later on during the installation process.

Then I was adding the "most important" lines according to AI:

Code Select

echo 'currdev="zfs:OMEGA:"' | sudo tee /mnt/efi/EFI/OPNsense/loader.env
echo 'vfs.root.mountfrom="zfs:OMEGA"' | sudo tee -a /mnt/efi/EFI/OPNsense/loader.env

As AI said:
"You must place a file called loader.env on your EFI partition (ada0p2) inside the EFI/OPNsense/ folder. This is the only way to stop it from "defaulting" to FreeBSD." Bruh....it did not help anyway....

Next,was adding the boot partition to fstab

Code Select

cat <<EOF >> /mnt/etc/fstab

/dev/ada0p2 /boot/efi msdosfs rw 0 0

EOF

The next step i did is the loader.conf file. I was adding the following:

zfs_load="YES"
currdev="zfs:OMEGA:"
vfs.root.mountfrom="zfs:OMEGA"
# This is the directory where modules (zfs.ko, etc) live
kern.kmoddir="/boot/kernel"
# This is the name of the binary INSIDE the 'kernel' directory
kernel="kernel.opn"
bootfile="kernel.opn"
root_rw_mount="YES"

My limine config looks like this:

/FreeBSD
comment: mymainsystem
protocol: efi_chainload
image_path: uuid(<partuuidofmyada0p2>):/EFI/FreeBSD/loader.efi

/OPNsense
comment: myfirewall
protocol: efi_chainload
image_path: uuid(<partuuidofmyada0p2>):/EFI/OPNsense/loader.efi

Additionally i did also create the loader.env file for FreeBSD as well and also was adding the
currdev="zfs:ALPHA:"
vfs.root.mountfrom="zfs:ALPHA"
lines for loader.conf.

About bootfs:
I did try several methods
1. set the bootfs only for ALPHA
2. set the bootfs only for OMEGA
3. set the bootfs both of them
4. set the bootfs none of them

Also was trying to delete the zpool.cache file on FreeBSD. But did not help.
FreeBSD requires a `zpool.cache` file to find the pool during the early boot stage. I was also trying it to generate the file but also did not help.
# Generate cache file for OMEGA
zpool set cachefile=/tmp/zpool.cache OMEGA
# Copy it to the destination
mkdir -p /mnt/boot/zfs
cp /tmp/zpool.cache /mnt/boot/zfs/zpool.cache

The following errors occured during the boot:

devmatch: Can't read linker hints file. devmatch: Can't read linker hints file.

devmatch: Can't read linker hints file.

devmatch: Can't read linker hints file. devmatch: Can't read linker hints file.

lumbtfu: lumbt_fu_read: open: /usr/local/share/lumbt-firmware/

lumbtfu: main: Firmware download failed!

devmatch: Can't read linker hints file.

devmatch: Can't read linker hints file.

Cannot 'start' webcand. Set webcand_enable to YES in /etc/rc.co Cannot 'start' webcand. Set webcand enable to YES in /etc/rc.com

devmatch: Can't read linker hints file.

add host 127.0.0.1: gateway loß fib 8: route already in table

devmatch: Can't read linker hints file.

add host::1: gateway 100 fib 8: route already in table

add net fe80::: gateway::1

add net ff02::: gateway::1

add net::ffff:8.0.0.0: gateway::1

add net::0.0.0.0: gateway::1

Or this: (but this had fixed by creating the "skeleton" dirs)

tunefs: /: could not open special device

mount_unionfs: /boot: Invalid fstype: Invalid argument

mount_unionfs: /conf: Invalid fstype: Invalid argument

mount_unionfs: /etc: Invalid fstype: Invalid argument

mount_unionfs: /home: Invalid fstype: Invalid argument

mount_unionfs: /root: Invalid fstype: Invalid argument

mount_unionfs: /usr: Invalid fstype: Invalid argument

mount_unionfs: /var: Invalid fstype: Invalid argument

pwd_mkdb: /etc/pwd.db.tmp: Read-only file system

pwd_mkdb: /etc/pwd.db.tmp: Read-only file system

Setting hostuuid: ca282ckb-654d-11b2-b78c-ee154fbba1fc.

Setting hostid: 0xdd7b3d30.

eval: cannot create /etc/hostid: Read-only file system

/etc/rc.d/hostid_save: WARNING: could not store hostuuid in /etc/hostid.

eval: cannot create /etc/machine-id: Read-only file system

/etc/rc.d/hostid_save: WARNING: could not store hostuuid in /etc/machine-id.

>>>>> Invoking import script 'importer'

Press any key to start the configuration importer:

mkdir:/conf/backup: Read-only file system

mkdir:/conf/sshd: Read-only file system

chmod: /root: Read-only file system

mkdir: /var/etc: Read-only file system

override r------ root/wheel uarch for /var/run/1d-elf.so.hints?

Loading kernel...

Failed to load kernel 'kernel.opn'

can't load 'kernel.opn'

Type '?' for a list of commands, 'help' for more

OK show currdev

zfs:OMEGA:

OK Is /boot/kernel/kernel.opn /boot/kernel/kernel.opn

OK boot

Loading kernel...

Failed to load kernel 'kernel.opn

can't load 'kernel.opn'

OK unload

OK set currdev="zfs: OMEGA:"

OK boot

Loading kernel...

Failed to load kernel 'kernel.opn'

can't load 'kernel.opn'

Any idea how to make it bootable both systems?
Currently if i remove the whole OMEGA partition, simply booting into my linux system and delete the partition FreeBSD will be bootable again. Otherwise both BSD system are unable to boot.

#3

25.7, 25.10 Series / Re: Continual issues updating

Last post by franco - Today at 12:34:49 PM

Here's an example for 25.7.11 base/kernel with signature verification (which requires 25.7.x to verify ok but is safer in your case):

# fetch https://pkg.opnsense.org/FreeBSD:14:amd64/25.7/sets/kernel-25.7.11-amd64.txz
# fetch https://pkg.opnsense.org/FreeBSD:14:amd64/25.7/sets/kernel-25.7.11-amd64.txz.sig
# fetch https://pkg.opnsense.org/FreeBSD:14:amd64/25.7/sets/base-25.7.11-amd64.txz
# fetch https://pkg.opnsense.org/FreeBSD:14:amd64/25.7/sets/base-25.7.11-amd64.txz.sig
# opnsense-update -bkr 25.7.11 -l .
# opnsense-shell reboot

If signatures still fail curl may be an option, too.

Cheers,
Franco

#4

25.7, 25.10 Series / Re: Hostwatch - high disk writ...

Last post by franco - Today at 12:26:56 PM

It seems all issues have now been recorded in https://github.com/opnsense/hostwatch/issues and don't need to be reposted.

Let's give it a bit of slack to be resolved.

Cheers,
Franco

#5

25.7, 25.10 Series / Re: [SOLVED] hostwatch at 100%...

Last post by franco - Today at 12:24:56 PM

@troplin that's fixed, but the message has been disabled for now to avoid excessive logging

@Taomyn it's in the list of things to fix this week

Cheers,
Franco

#6

25.7, 25.10 Series / Re: Hostwatch - high disk writ...

Last post by GreenMatter - Today at 12:01:24 PM

Updated to 25.7.11_2.
Unfortunately there's only slight difference in i/o demand created by hostwatch.
top -S -m io -o total
last pid: 8428; load averages: 0.39, 0.41, 0.37 up 2+17:07:59 11:52:30
144 processes: 2 running, 140 sleeping, 2 waiting
CPU: 5.1% user, 0.0% nice, 2.9% system, 0.5% interrupt, 91.5% idle
Mem: 343M Active, 6483M Inact, 1559M Wired, 670M Buf, 3881M Free
Swap: 8192M Total, 8192M Free
PID USERNAME VCSW IVCSW READ WRITE FAULT TOTAL PERCENT COMMAND
92104 hostd 2707 37 0 2640 0 2640 99.21% hostwatch
7034 root 53 54 0 19 0 19 0.71% python3.11
16 root 548 1 0 2 0 2 0.08% bufdaemon
1 root 0 0 0 0 0 0 0.00% init
97153 unbound 47 1 0 0 0 0 0.00% unbound
2 root 56 0 0 0 0 0 0.00% clock
5314 root 12 6 0 0 0 0 0.00% ng_queue
1474 squid 0 0 0 0 0 0 0.00% security_file_certg
3 root 0 0 0 0 0 0 0.00% crypto
10115 root 0 0 0 0 0 0 0.00% ge

iostat -x 2
extended device statistics
device r/s w/s kr/s kw/s ms/r ms/w ms/o ms/t qlen %b
da0 0 105 7.7 4048.1 0 1 0 1 0 0
da1 0 0 0.0 0.0 0 0 0 0 0 0

Plus I wasn't able to start hostwatch when I handpicked interfaces, works only when "All" is selected. When trying to start it in cli:

service hostwatch restart

hostwatch not running? (check /var/run/hostwatch/hostwatch.pid).
Starting hostwatch.
thread 'main' (116664) panicked at src/main.rs:53:79:
called `Option::unwrap()` on a `None` value
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Abort trap
/usr/local/etc/rc.d/hostwatch: WARNING: failed to start hostwatch

#7

25.7, 25.10 Series / Re: [SOLVED] hostwatch at 100%...

Last post by Taomyn - Today at 11:31:06 AM

I woke up this morning to my firewall on 100% cpu after upgrading to 25.7.11_1 last night, and a reboot seemed to fix it but then I came across this thread and also the _2 hotfix which I have now applied. I have tried to configure it to limit to only my LAN interface, but anything other than All keeps the service running. In the logs I see:

Code Select

2026-01-19T11:18:57Noticekernel<6>[18592] pid 77296 (hostwatch), jid 0, uid 0: exited on signal 6 (no core dump - bad address)
2026-01-19T11:18:56Noticeroot/usr/local/etc/rc.d/hostwatch: WARNING: failed to start hostwatch

For now I have just disabled it.

#8

25.7, 25.10 Series / Re: [SOLVED] hostwatch at 100%...

Last post by troplin - Today at 11:24:33 AM

Maybe I just don't understand it completely but those movement messages seem odd to me.

In my log I see the same message over and over again:

Code Select

INFO hostwatch: changed ethernet address host 00:1d:63:63:eb:35 moved from 64:62:66:22:44:8c to fe80::6662:66ff:fe22:448c at igc1

The message makes no sense to me, how can it move from a MAC address to an IPv6 address? Could there be a confusion of variables in the code?

Also the fact that it is the same message over and over again kind of makes me a bit suspicious that there might be an error in the code where the previous and current address are compared, or that the state isn't updated correctly.

#9

General Discussion / Re: Where is TCP processed - C...

Last post by chemlud - Today at 11:11:06 AM

To make things even more complicated:

- I downloaded a large file on SLOW with FF 147.0 and get an amazing 100MB/s...

What's going on here? Only the weekly updates of Tumbleweed slow?!?! But it's not the server, see OP.

#10

General Discussion / Re: Where is TCP processed - C...

Last post by chemlud - Today at 10:58:56 AM

Quote from: Seimus on Today at 10:07:51 AM1 What Distro you are using?
2 What realtek NIC does it use?
3 What is the realtek driver loaded for the NIC?
4 Did you try to upgrade the BIOS?
5 What are the temps during high volume downloads/uploads?
6 Can you post the NIC statistics (counters)?
7 Did you disabled ASPM?

1 opensuse Tumbleweed

2 01:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8211/8411 PCI Express Gigabit Ethernet Controller (rev 07)
Subsystem: Realtek Semiconductor Co., Ltd. RTL8111/8168 PCI Express Gigabit Ethernet controller

3 Kernel driver in use: r8169
Kernel modules: r8169

4 Yes, but it's Coreboot, the company Libretrend dose not provide any newer Coreboot version

5 Unremarkable temps, cooling is appropriate

6 like this? On the SLOW i have:

Code Select

sudo ethtool -S eth0
    NIC statistics:
    tx_packets: 3175999
    rx_packets: 8314948
    tx_errors: 0
    rx_errors: 0
    rx_missed: 36
    align_errors: 0
    tx_single_collisions: 0
    tx_multi_collisions: 0
    unicast: 8313262
    broadcast: 1686
    multicast: 0
    tx_aborted: 0
    tx_underrun: 0

7 No. It's an onboard NIC, so relevant?

Code Select

sudo ethtool --show-eee eth0  
    EEE settings for eth0:
    enabled - inactive
    0 (us)
        Supported EEE link modes:  100baseT/Full
                                  1000baseT/Full
        Advertised EEE link modes:  100baseT/Full
                                    1000baseT/Full
        Link partner advertised EEE link modes:  Not reported

Pages1 2 3 ... 10