"Recent posts
#1
26.1 Series / Re: Enable SSH at Console
Last post by patient0 - Today at 04:46:53 PMOn the console use:
Not sure if the 'service start' survives a reboot.
The documentation uses SSH as an example: https://docs.opnsense.org/development/backend/configd.html#naming-convention
And: in the folder /conf/backup are backups of your previous config, in case you need them.
Code Select
configctl service start opensshorCode Select
configctl openssh startNot sure if the 'service start' survives a reboot.
The documentation uses SSH as an example: https://docs.opnsense.org/development/backend/configd.html#naming-convention
And: in the folder /conf/backup are backups of your previous config, in case you need them.
#2
Hardware and Performance / Re: [solved] Intel i226 Firmwa...
Last post by grimm26 - Today at 04:43:24 PMOK this only happens when I use the config file. If I don't specify a config file, I get a full inventory and can even filter by the MAC of my i226 card. I still get a message about "Unsupported device found - DeviceId: 15D6." though.
Code Select
Intel(R) Ethernet NVM Update Tool
NVMUpdate version 1.43.20.0
Copyright(C) 2013 - 2025 Intel Corporation.
./nvmupdate64e -i -l out.log -m 00A0C9261A48
Config file will not be read.
Unsupported device found - DeviceId: 15D6.
Inventory
[00:001:00:00]: Intel(R) Ethernet Controller I226-V
Alternate MAC address is not set.
Flash inventory started.
Shadow RAM inventory started.
Shadow RAM inventory finished.
Flash inventory finished.
OROM inventory started.
OROM inventory finished.
[00:001:00:00]: Intel(R) Ethernet Controller I226-V
Vendor : 8086
Device : 125C
Subvendor : 8086
Subdevice : 0000
Revision : 4
LAN MAC : 00A0C9261A48
Alt MAC : 000000000000
SAN MAC : 000000000000
ETrackId : 8000028D
SerialNumber : 00A0C9FFFF261A48
NVM Version : 2.20(2.14)
PBA : G23456-000
VPD status : Not set
VPD size : 0
NVM update : No config file entry
checksum : Valid
OROM update : No config file entry
CIVD : 0.0.0
EFI : 0.1.1, checksum None
#3
General Discussion / Re: Single gateway monitoring ...
Last post by arubenstein - Today at 04:31:26 PMQuote from: Patrick M. Hausen on Today at 04:19:58 PMBest open a feature request on Github.
Ah thanks for the pointer. I shall do so.
#4
26.1 Series / Enable SSH at Console
Last post by kmschneider1 - Today at 04:28:24 PMI am looking to find out how to enable ssh at the Console NOT using the WebGUI. I have searched extensively but the information always points to the WebGUI or is issues with existing SSH setups. For reference as to why I need the console. I made a dumb noob move while trying out caddy and did not backup first. My WebGUI is currently inaccessible. Everything else works perfectly so I am trying to fix it via the console since I think I know what is causing the issue. However, my opnsense box is in my basement and I apparently did not enable ssh before all this happened.
I do know that a reinstall will resolve this but since everything else (VPN,Port Forwarding, DHCP Leases) works, I am trying to fix it without needing to redo everything.
I do know that a reinstall will resolve this but since everything else (VPN,Port Forwarding, DHCP Leases) works, I am trying to fix it without needing to redo everything.
#5
Hardware and Performance / Re: [solved] Intel i226 Firmwa...
Last post by grimm26 - Today at 04:21:07 PMI have another intel NIC (i219) in my machine that seems to be getting in the way:
I think I need to use the -location option to specify (-m didn't help) but I haven't found the right thing to pass to that. Not sure what info in pciconf I need to put there:
Code Select
./nvmupdate64e -i -c nvm.cfg.txt -l out.log
Config file read.
Unsupported device found - DeviceId: 15D6.
Error: Config file ETrackId doesn't match NVM image version [config: 0x80000422, image: 0x74616465].I think I need to use the -location option to specify (-m didn't help) but I haven't found the right thing to pass to that. Not sure what info in pciconf I need to put there:
Code Select
igc0@pci0:1:0:0: class=0x020000 rev=0x04 hdr=0x00 vendor=0x8086 device=0x125c subvendor=0x8086 subdevice=0x0000
vendor = 'Intel Corporation'
device = 'Ethernet Controller I226-V'
class = network
subclass = ethernet #6
General Discussion / Re: Single gateway monitoring ...
Last post by Patrick M. Hausen - Today at 04:19:58 PMBest open a feature request on Github.
#7
General Discussion / Re: Deutsche Telekom - Glasfer...
Last post by Patrick M. Hausen - Today at 04:19:08 PMYou need only the two centre wires. Thats (with 6 total) 3 & 4 for RJ11 and (with 8 total) 4 & 5 for RJ45. This is really just "mechanics". RJ11 is the international equivalent of TAE with 6 wires total.
Common patch cables are RJ45 so I try to keep everything that way.
Common patch cables are RJ45 so I try to keep everything that way.
#8
General Discussion / Single gateway monitoring IP
Last post by arubenstein - Today at 04:15:13 PMAbout ten years ago, someone posted this:
https://forum.opnsense.org/index.php?topic=3974.msg14153#msg14153
Essentially, they asked why you couldn't specify the same IP on multiple gateway monitors. I've always wondered this too. The answer given in that post isn't entirely accurate. dpinger can definitely do this, with the -B command (which is already used). Here is my proofs:
In two different windows, I run:
then I run the following:
and
this is the result I see in the tcpdump windows
window 1:
window 2:
In my opinion, I'd rather dpinger / gateway monitoring be monitoring the same IP I specify "out on the net" to test gateway viability, rather than just the other end of the connection or whatever. This doesn't really test internet reachibility.
Can this change be considered? A further enhancement would be the ability to set more than one IP to monitor, which is a common feature on other firewalls.
Thanks for your consideration!
https://forum.opnsense.org/index.php?topic=3974.msg14153#msg14153
Essentially, they asked why you couldn't specify the same IP on multiple gateway monitors. I've always wondered this too. The answer given in that post isn't entirely accurate. dpinger can definitely do this, with the -B command (which is already used). Here is my proofs:
In two different windows, I run:
Code Select
window 1: tcpdump -i ix1 host 8.8.8.8
window 2: tcpdump -i igb0 host 8.8.8.8
then I run the following:
Code Select
root@fw1:~ # dpinger -f -B 100.91.121.144 8.8.8.8and
Code Select
root@fw1:~ # dpinger -f -B 216.220.92.80 8.8.8.8this is the result I see in the tcpdump windows
window 1:
Code Select
root@fw1:~ # tcpdump -i ix1 host 8.8.8.8
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on ix1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
10:02:01.129175 IP 216.220.92.80 > dns.google: ICMP echo request, id 8483, seq 15, length 8
10:02:01.131229 IP dns.google > 216.220.92.80: ICMP echo reply, id 8483, seq 15, length 8
10:02:01.629594 IP 216.220.92.80 > dns.google: ICMP echo request, id 8483, seq 16, length 8
10:02:01.631648 IP dns.google > 216.220.92.80: ICMP echo reply, id 8483, seq 16, length 8
10:02:02.715829 IP 216.220.92.80 > dns.google: ICMP echo request, id 27100, seq 0, length 32
10:02:02.717876 IP dns.google > 216.220.92.80: ICMP echo reply, id 27100, seq 0, length 32
window 2:
Code Select
root@fw1:~ # tcpdump -i igb0 host 8.8.8.8
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on igb0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
10:02:06.750199 IP 100.91.121.144 > dns.google: ICMP echo request, id 13418, seq 0, length 8
10:02:06.796505 IP dns.google > 100.91.121.144: ICMP echo reply, id 13418, seq 0, length 8
10:02:07.250663 IP 100.91.121.144 > dns.google: ICMP echo request, id 13418, seq 1, length 8
10:02:07.300514 IP dns.google > 100.91.121.144: ICMP echo reply, id 13418, seq 1, length 8
10:02:07.752011 IP 100.91.121.144 > dns.google: ICMP echo request, id 13418, seq 2, length 8
10:02:07.813853 IP dns.google > 100.91.121.144: ICMP echo reply, id 13418, seq 2, length 8
So, in essence, it would seem this work just fine if the UI would allow it.In my opinion, I'd rather dpinger / gateway monitoring be monitoring the same IP I specify "out on the net" to test gateway viability, rather than just the other end of the connection or whatever. This doesn't really test internet reachibility.
Can this change be considered? A further enhancement would be the ability to set more than one IP to monitor, which is a common feature on other firewalls.
Thanks for your consideration!
#9
General Discussion / Re: Deutsche Telekom - Glasfer...
Last post by chemlud - Today at 04:10:56 PMWhich advantage has RJ45 over RJ11? I'm totally unsure to which cable I have to connect the RJ11 plug,,, is there some kind of cabeling plan for RJ11/RJ45 available?
I have no LSA tool (and no experience with that at all...) but only a cheap rj45 crimp tool. Sounds crazy to have 1.5 Gbit with homebake stuff like that.
I have no LSA tool (and no experience with that at all...) but only a cheap rj45 crimp tool. Sounds crazy to have 1.5 Gbit with homebake stuff like that.
#10
25.1, 25.4 Legacy Series / Re: [SOLVED] Unbound DNS Overr...
Last post by KwicksSense - Today at 04:06:02 PMQuote from: estebang on February 10, 2025, 02:02:41 PMI've re-read your OP several times to try to avoid a pointless contribution... (an opening comment like that almost guarantees one), but I'm pretty sure I'm achieving what you want to do only with unbound with a very similar setup.clever solution. works well for me. Thanks!
I catch all local requests to my *.mxxxxxxx.org domain which are directed to a caddy reverse proxy container with a lan ip address.
We have some public code demo sites such as dev1, dev2 at dev1.mxxxxxx.org with public IP addresses. In Unbound overrides:
Host: * Domain: mxxxxxxx.org Value: 192.x.x.x Descrip: Caddy Reverse Proxy
Host: * Domain: dev1.mxxxxxx.org Value: 20.x.x.x Descrip: Public webserver IP address
Does this not work for you?
