Recent posts

#1

26.1, 26,4 Series / Re: OPNSense not able to re-cl...

Last post by bringha - Today at 09:32:08 AM

However, if its eating up disk space and not RAM, perhaps its worth to have a look what fills the disk. The first suspect I would look at is the /var/log directory for the log files. Often enough a sick process throws a lot of log entries which fills disk space very fast

Code Select Expand

opnsense # du /var/log

might give some insights. Moreover, if its filling up a particular log file, this file might then give hints which process to look at

Br br

#2

Virtual private networks / Re: How do I use multiple sele...

Last post by OPNenthu - Today at 09:28:15 AM

It's one peer per instance.

I don't think it's a WG limitation but rather just a fact of life when you're connecting to a public VPN.  The clue is that each peer necessarily has "0.0.0.0/0" and "::/0" as the Allowed IPs in order to let you access the whole internet, which means they overlap and the routing is ambiguous.

You would need to policy route to separate gateways I think, and each one will cost you a device allocation on your account.

Cheapest clean way that isn't a hack: just manually switch the peer on your existing instance as needed.

#3

General Discussion / Re: newbie trying to set up ne...

Last post by Bob.Dig - Today at 09:06:23 AM

does anyone have any other recommendations?

Get a all-in-one box, it will be more secure for you than doing the stuff all on your own.

#4

Hardware and Performance / Re: [HOWTO] Install OPNsense 2...

Last post by RentedVista - Today at 07:32:36 AM

Had a similar problem with the earlier version of this product [FW-7551a-SV1] when trying to boot from the -serial image.  Just went unrecognized.  The -nano image written to a USB stick did however boot...

I'm entirely new to OPNsense and I'm the same shoes. I recently purchased an FW-7551A-SV1.

• Disabled watchdog timer in BIOS.
• Set console port speed to 115,200 in BIOS.
• Used Rufus 4.14p to write OPNsense 26.1.6 amd64/serial to USB flash drive. I noted in Disk Management that the flash drive partition style was GPT.
• In BIOS, changed boot order to boot first to USB. FW-7551A-SV1 wouldn't boot from flash drive.
• Wrote OPNsense 26.1.6 amd64/nano to flash drive instead and noted that the flash drive partition style is now MBR. FW-7551A-SV1 booted with no problems.
• Logged in as root/opnsense, selected 8 (shell), and entered opnsense-installer at the prompt.
• Completed installation wizard, including selecting to install to internal ~120 GB SSD, set root password, and halted system when finished.
• Changed boot order to boot first from SSD, saved changes and reset. FW-7551A-SV1 won't boot, with error, "Reboot and Select proper Boot device or Insert Boot Media in selected Boot device and press a key."

So, I think I was confused about how nano is intended to work. My understanding now is that it isn't intended to be installed to internal devices such as SSD disks. I would really like to figure out how to get the amd64/serial image installed to the internal SSD. In BIOS, I see:
UEFI 2.3; PI 1.2
American Megatrends
Core Version 5.008
Doing a bit of searching, I think this BIOS version should support GPT partition style / UEFI booting, but I'm seeing nothing related to configure in the BIOS, such as legacy/UEFI/CSM boot, etc.
I have experience with pfSense, and it sounds like others have installed pfSense on the FW-7551A-SV1, but I'm not ready to go that route. I really want to use OPNsense in this instance. I would appreciate your suggestions/input!

#5

Development and Code Review / Re: [ANDROID APP] OPNsense Mob...

Last post by Tof - Today at 05:56:36 AM

Hi, simply because I use Android, I prefer to launch an application that only shows me what I need and the next step is to try to display widgets on the home screen.

#6

Virtual private networks / How do I use multiple selectiv...

Last post by Lucid1010 - Today at 05:47:43 AM

Currently, mullvad selective routing is configured to connect to only one server, and it is working correctly.

I would like to add several more countries to the configuration.

However, because the tunnel address is identical, it seems that only a single instance is being utilized.

After adding peer settings for another country, it appears that routing is performed only through the newly configured country's server, rather than the server that was originally in use.

Mullvad allows a maximum of five devices.

Is it possible to use multiple country endpoints simultaneously while using the same WireGuard private key?

#7

General Discussion / Re: newbie trying to set up ne...

Last post by lumilumi - Today at 03:49:31 AM

With hardware/driver support limiting what you can do with wifi on opnsense, and concerns you have about wireless access point security, physically separate devices would seem the best choice for you. That or no wireless network.

thanks for the response - my plan is to use my old openwrt one box as an access point only!

#8

General Discussion / Re: newbie trying to set up ne...

Last post by lumilumi - Today at 03:48:52 AM

in all honesty - is there anyone around who has used something like this method before that would be willing to walk me through it?

Not only i use it every day for the last 12 years, i implemented such solutions to a lot of people. And they use it for many years not even thinking about it.

is it complicated for a networking newbie?

Its not complicated. Once you figure out how to configure interfaces in opnsense, you are pretty much set. How are you going to configure your access point depends on what that device actually is.

I have already set up opensense box on a mini pc (and gone through some of the settings / watched many tutorials / learned a lot about networks)

In this case, the most complicated part for a newbie would be configuring additional port on opnsense to work on a different subnet. Once you do that, you just attach access point to that port, and you are done.

I have just never worked through using a wireless access point (I feel so old fashioned, lol)

Its because there are endless ways on how you can do this. Not all of them are correct though. Especially if security and performance are your priority. Just because some solution works doesnt mean its implemented correctly.

Much of it is new to me also but in my unqualified opinion an opnsense router coupled with openwrt access point(s) is an appealing combo for a home user. You are able to re-purpose your existing gear or buy cost effective secondhand and there is ample documentation on both. I have a couple of meraki units, running openwrt in 'dumb AP mode', connected via a small managed switch.

Repurposing your old gear is nice if your gear comes from reputable manufacturer that does things correctly,. OpenWRT is great. I love it. However, running OpenWRT on TP-Link is not the same as running it on Cisco Meraki. TP-Link has critical flaws in its hardware and how it handles its port during device booting. Cisco Meraki has no such issues. And lets not even go into build quality and internal hardware choices.

You can in theory connect the APs directly to the opnsense box, but this can lead to interface issues on the router side. Check out the openwrt guides for access point only mode. Then consult the docs here for opnsense vlans.

You just need to make sure that your wireless device is working in AP mode. Avoid running wireless devices in router mode because then you have NAT and additional DHCP server which are not needed in this case.

all right - ive been trying to get my openwrt one box (bigblue) working in a dumb AP configuration (disabling DCHP) and attempting to set it to access point only mode

but problem 1 - opnsense box (blackbox) is not giving the internet to blue
problem 2 - when I disable dhcp (ignore the interface on blue) the ability to connect to blue (through ethernet or through wireless)  does not work at all


for clarity
black is connected through ethernet to ISP modem - then blue is connected to black through ethernet as well

(i'm pretty sure im getting the ports correct cause I set them manually)

does anyone have any other ideas? or recommendations?

#9

Virtual private networks / Re: Wireguard connection not s...

Last post by OPNenthu - Today at 01:48:59 AM

Try testing from a wired PC?  Not only is this a potentially unstable wireless link but you also have the issue of the mobile phone's power optimizations that could mess with the network.

#10

26.1, 26,4 Series / Re: OPNSense not able to re-cl...

Last post by Patrick M. Hausen - Today at 12:33:29 AM

FreeBSD as a "traditional" Unix does not have an explicit OOM killer. But in situations of memory pressure, whenever a process demands swap space while swap space is exhausted, it's killed.