"Recent posts
#1
26.1 Series / Re: OpenVPN - VPN Not Working ...
Last post by nero355 - Today at 10:58:48 PMQuote from: haim9080 on Today at 05:58:55 PMSo what the solution about that case ??Not using any VPN stuff on any kind of device these days, sorry! :)
#2
26.1 Series / Kea DDNS in practice...
Last post by Ed V. - Today at 10:04:33 PMI feel like I missed something very basic here...
Is there a way to specify a manual config file should be used versus the default template?
The various options for DHCP-DDNS (tsig-keys, ddns-domains, etc.) are overwritten with the default empty values whenever I start the Agent, and I can't seem to find where that overlay is hiding in the system.
The current OpnSense docs say to put the settings in the DHCP4 or DHCP6 files, but the DDNS variables are not recognized by those daemons.
I have a valid DDNS config (or at least the command line validation says it's all good), but the overwrite is driving me even more batty than usual.
Help?
Is there a way to specify a manual config file should be used versus the default template?
The various options for DHCP-DDNS (tsig-keys, ddns-domains, etc.) are overwritten with the default empty values whenever I start the Agent, and I can't seem to find where that overlay is hiding in the system.
The current OpnSense docs say to put the settings in the DHCP4 or DHCP6 files, but the DDNS variables are not recognized by those daemons.
I have a valid DDNS config (or at least the command line validation says it's all good), but the overwrite is driving me even more batty than usual.
Help?
#3
General Discussion / Re: HyperV CPU hvevent goes to...
Last post by sikhness - Today at 09:56:51 PMQuote from: maitops on April 05, 2025, 12:44:53 PMI tried with UFS + VHDX Fixed size on a fresh install of 25.1.4 with my conf imported.
(someone from pfsense community thinks it was related to ZFS here https://forum.netgate.com/topic/190927/pfsense-2-7-2-in-hyper-v-freezing-with-no-crash-report-after-reboot/29)
The issue is still there.Code Selectroot@proxy01:~ # top -aHSTn
last pid: 42090; load averages: 3.50, 1.88, 0.94 up 0+14:51:36 12:33:11
252 threads: 13 running, 226 sleeping, 13 waiting
CPU: 1.5% user, 0.0% nice, 0.4% system, 0.0% interrupt, 98.1% idle
Mem: 135M Active, 1875M Inact, 1813M Wired, 1100M Buf, 7823M Free
Swap: 8192M Total, 8192M Free
THR USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND
100004 root 187 ki31 0B 128K RUN 1 872:01 100.00% [idle{idle: cpu1}]
100009 root 187 ki31 0B 128K CPU6 6 871:57 100.00% [idle{idle: cpu6}]
100003 root 187 ki31 0B 128K CPU0 0 871:36 100.00% [idle{idle: cpu0}]
100007 root 187 ki31 0B 128K CPU4 4 871:35 100.00% [idle{idle: cpu4}]
100005 root 187 ki31 0B 128K CPU2 2 871:33 100.00% [idle{idle: cpu2}]
100116 root -64 - 0B 1472K CPU7 7 4:51 100.00% [kernel{hvevent7}]
100008 root 187 ki31 0B 128K RUN 5 871:22 98.97% [idle{idle: cpu5}]
100006 root 187 ki31 0B 128K CPU3 3 871:28 96.97% [idle{idle: cpu3}]
101332 www 21 0 537M 59M kqread 2 11:31 3.96% /usr/local/sbin/haproxy -q -f /usr/local/etc/haproxy.conf -p /var/run/haproxy.pid{haproxy}
100902 www 21 0 537M 59M kqread 4 12:29 1.95% /usr/local/sbin/haproxy -q -f /usr/local/etc/haproxy.conf -p /var/run/haproxy.pid{haproxy}
101333 www 23 0 537M 59M kqread 5 11:17 1.95% /usr/local/sbin/haproxy -q -f /usr/local/etc/haproxy.conf -p /var/run/haproxy.pid{haproxy}
101334 www 21 0 537M 59M CPU1 1 10:57 1.95% /usr/local/sbin/haproxy -q -f /usr/local/etc/haproxy.conf -p /var/run/haproxy.pid{haproxy}
100010 root 187 ki31 0B 128K RUN 7 867:24 0.00% [idle{idle: cpu7}]
100805 root 20 0 81M 52M nanslp 5 3:09 0.00% /usr/local/bin/php /usr/local/opnsense/scripts/routes/gateway_watcher.php interface routes alarm
100102 root -64 - 0B 1472K - 0 1:14 0.00% [kernel{hvevent0}]
100104 root -64 - 0B 1472K - 1 0:59 0.00% [kernel{hvevent1}]
100114 root -64 - 0B 1472K - 6 0:56 0.00% [kernel{hvevent6}]
100106 root -64 - 0B 1472K - 2 0:56 0.00% [kernel{hvevent2}]
root@proxy01:~ # kldstat | grep zfs
root@proxy01:~ # top | grep arc
As you can see hvevent7 is at 100%, no arc thing on top command and no zfs module loaded
Were you able to figure out how to fix the issue? I am having the same exact problem with OPNsense 26.1 (FreeBSD 14) running on Hyper-V and it just recently started happening when I upgraded to OPNsense 26.1 from 25.x. Never had this issue on 25.x.
#4
Tutorials and FAQs / Re: Guest WiFi - Dedicated VLA...
Last post by Mario_Rossi - Today at 08:07:15 PMThanks for the advice.
I was looking for RFC1918 and couldn't find it, then I realized I had to create an alias with
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
Then I deleted the two rules from the tutorial and created just one with source VLAN5 and destination !RFC 1918.
Now I'm testing it and it seems to work... AGH responds because there's an upstream rule that allows all VLANs to communicate with the AGH CT, but everything in the internal VLANs isn't reachable because there's no rule that allows it.
I was looking for RFC1918 and couldn't find it, then I realized I had to create an alias with
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
Then I deleted the two rules from the tutorial and created just one with source VLAN5 and destination !RFC 1918.
Now I'm testing it and it seems to work... AGH responds because there's an upstream rule that allows all VLANs to communicate with the AGH CT, but everything in the internal VLANs isn't reachable because there's no rule that allows it.
#5
General Discussion / How to set up ONsense to use F...
Last post by HomeLabDre - Today at 08:05:50 PMUsing ESXI VM's including OPNsense to be main firewall for internal server VM's as well as Access Point connected Device via FortiGate. Access point is managed by FortiGate but WAN access and managed by server. Using deprecated FortiGate due to FAP is dependent on it as a controller. Having NAT issues - Access point devices not accessing server - OPNsense not seeing access point
#6
German - Deutsch / Re: Frohe Weihnachten!
Last post by Patrick M. Hausen - Today at 07:23:54 PMFrisch ausgepackt, der Joystick kam dann auch noch. Ein neuer Commodore 64!
#7
German - Deutsch / Re: Frohe Weihnachten!
Last post by drosophila - Today at 07:19:41 PMEin schönes Gerät, und endlich mal eins, das RGB-LEDs benutzt, so dass man die echte Geschwindigkeit erkennen kann. :) Und... frohe Weihnachten! ;)
@ Patrick M. Hausen: der C64 sieht aus wie auf einem Altar. :) Aber ohne Joysticks ist schon recht puristisch. ;)
@ Patrick M. Hausen: der C64 sieht aus wie auf einem Altar. :) Aber ohne Joysticks ist schon recht puristisch. ;)
#8
Tutorials and FAQs / Re: Guest WiFi - Dedicated VLA...
Last post by Patrick M. Hausen - Today at 07:18:51 PMQuote from: Mario_Rossi on Today at 04:59:47 PMUm, okay, I'll think about it... it seemed more intuitive to make a "pass to WAN" rule, but what you're saying makes sense.
You could have done that on the EOL Sidewinder firewall which had a concept of "from interface X to interface Y" (or "zones" as they called them).
In OPNsense you can apply a rule to the interface to which the system in question is connected, but then the only destination selector is IP addresses or networks - not which way the packet leaves.
Users frequently confuse "WAN net" with the Internet. Nope. WAN net is the network locally connected to your WAN interface and nothing else.
What you could do is to create an "allow from guest net to any" rule and explicitly set the gateway to the WAN gateway. This has a small chance of uninteded leaks, though. In case of IPv6 for example your ISP gateway might route packets for your other local networks back to OPNsense. For IPv4 and strictly RFC 1918 it should work ok.
But best really create those block rules or create a group named "local networks" and use "! local networks" as the destination instead of "any".
#9
26.1 Series / Re: Is VPN kill switch rule st...
Last post by keeka - Today at 06:54:30 PMQuote from: OPNenthu on Today at 05:12:06 PMAh, interesting. I starting using OPNsense at the tail end of 24.7 and WAN rule directionality was already present, IIRC.
So maybe it's not misinformation, just terribly outdated.
In that case I may be mistaken as that is about the time I started using OPNsense regularly. I do recall some point in the past, only being able to select direction via floating rules. That may have been pfsense.
#10
Development and Code Review / Re: cron job parameters only w...
Last post by drosophila - Today at 06:52:18 PMThanks for the clarification! So that's why the log messages are truncated when using script_output. I've wasted several hours trying to find out why it wouldn't pass on the parameters like it should until I tried the other types. There's not much to be found about these cron jobs in conjunction with configd, and nobody uses parameters it seems, only a few (2, IIRC) internal scripts seem to so I kept thinking I'd missed the description of some special syntax that might be required. I did find an old thread (this one) where someone was successfully using the parameters with type script_output, so I expected the error was with my lack of understanding. I still seem to be missing something about the parameters / their syntax as the above script obviously works with type script_output while for me it just won't pass the parameter at all, I always get an empty parameter for $1.
So, since this is cleared up (in a way), can I use the internal interface aliases, like "WAN" in the cron parameters somehow, and if so, how? Would be really handy. :)
So, since this is cleared up (in a way), can I use the internal interface aliases, like "WAN" in the cron parameters somehow, and if so, how? Would be really handy. :)
