"Recent posts
#1
25.7, 25.10 Series / Re: Can't update 25.7
Last post by Jboy4 - Today at 10:26:01 AMThat was the fix. Thank you.
#2
General Discussion / Re: GUI/Shell crashing
Last post by meyergru - Today at 09:51:19 AMQuote from: Mattps on Today at 08:37:05 AMI've looked and couldn't find any microcode updates AMD only deliver these for this CPU via bios updates and the bios update for this model is only delivered by HP.
That is only partially correct. AMD may deliver what they want. The updates contained in BIOSes are being extracted and put into separate packages, such as os-cpu-microcode-amd for OpnSense, to be applied apart from BIOS updates. BTW: There are similar packages for Linux / Proxmox as well using the same extracted firmwares.
I repeatedly tried to tell you. Had you looked at https://forum.opnsense.org/index.php?topic=42985.0, point 23 and followed the link to the official docs there, you should have noticed.
The only question is if there is actually an update available in that package for you specific CPU and if it fixes your problem. You will find out only if you try, not by discussing if this is possible at all, so please do as Patrick said.
#3
General Discussion / Re: Multi-wan with PPPoE not w...
Last post by Monviech (Cedrik) - Today at 09:34:12 AMhttps://github.com/opnsense/core/issues/8181#issuecomment-2571634803
https://github.com/opnsense/core/issues/5238#issuecomment-927822469
I doubt it works in pfsense if its unsupported by FreeBSD in general.
If not, whats the configuration magic for that? It would need multiple FIBs (aka virtual routing instances)
https://github.com/opnsense/core/issues/5238#issuecomment-927822469
I doubt it works in pfsense if its unsupported by FreeBSD in general.
If not, whats the configuration magic for that? It would need multiple FIBs (aka virtual routing instances)
#4
General Discussion / Multi-wan with PPPoE not worki...
Last post by charles - Today at 09:08:44 AMHi,
I have 5 PPPoE lines from the same ISP.
After binding them to different interfaces on OPNsense and dialing each up separately, they obtain different IP addresses (all with 32-bit subnets) but the same gateway.
I configured unique monitor IPs for each gateway in the Gateway settings, and now the gateway status (including probe latency and packet loss) shows normal for all.
I also set up individual SNAT rules for each interface—with source/destination addresses set to "any", IPv4 protocol, and translation to the outgoing interface's IP.
However, when I create rules in Firewall -> Rules -> LAN and specify a gateway, only the rule pointing to the first PPPoE gateway works; the others fail to connect.
I've been using this exact setup on pfSense without issues for years. The key was just setting unique monitor IPs. But it seems this doesn't work on OPNsense?
Did I miss something crucial, or is this not supported on OPNsense? Are there any alternative workarounds?
Thanks!
I have 5 PPPoE lines from the same ISP.
After binding them to different interfaces on OPNsense and dialing each up separately, they obtain different IP addresses (all with 32-bit subnets) but the same gateway.
I configured unique monitor IPs for each gateway in the Gateway settings, and now the gateway status (including probe latency and packet loss) shows normal for all.
I also set up individual SNAT rules for each interface—with source/destination addresses set to "any", IPv4 protocol, and translation to the outgoing interface's IP.
However, when I create rules in Firewall -> Rules -> LAN and specify a gateway, only the rule pointing to the first PPPoE gateway works; the others fail to connect.
I've been using this exact setup on pfSense without issues for years. The key was just setting unique monitor IPs. But it seems this doesn't work on OPNsense?
Did I miss something crucial, or is this not supported on OPNsense? Are there any alternative workarounds?
Thanks!
#5
25.7, 25.10 Series / Re: Using Adguard Home and DNS...
Last post by scatman75 - Today at 09:03:00 AMI'm using this configuration (AdGuard Home on port 53) and dnsmasq also on port 53053, after previously abandoning a combination of ISC DHCP, Unbound, and AdGuard.
DNS resolution works perfectly. However, I'm experiencing significant problems with DHCP. After a complete system reboot (without any old leases), everything works as expected. After some time, presumably after the lease expires, the DHCP devices lose their connection and cannot reconnect. Unfortunately, I haven't been able to determine the cause of this behavior.
I've tried all available options in dnsmasq, but haven't found a stable solution yet. If you find a stable configuration, it would be great if you could share it here, especially the setting under "Services: Dnsmasq DNS & DHCP: General". My current settings are attached.
DNS resolution works perfectly. However, I'm experiencing significant problems with DHCP. After a complete system reboot (without any old leases), everything works as expected. After some time, presumably after the lease expires, the DHCP devices lose their connection and cannot reconnect. Unfortunately, I haven't been able to determine the cause of this behavior.
I've tried all available options in dnsmasq, but haven't found a stable solution yet. If you find a stable configuration, it would be great if you could share it here, especially the setting under "Services: Dnsmasq DNS & DHCP: General". My current settings are attached.
#6
General Discussion / Re: GUI/Shell crashing
Last post by Patrick M. Hausen - Today at 09:02:52 AMQuote from: Mattps on Today at 08:37:05 AMI've looked and couldn't find any microcode updates AMD only deliver these for this CPU via bios updates
Install the os-cpu-microcode-amd plugin and reboot to receive the latest microcode updates.
#7
General Discussion / Re: GUI/Shell crashing
Last post by Mattps - Today at 08:37:05 AMThanks Meyergru,
I've looked and couldn't find any microcode updates AMD only deliver these for this CPU via bios updates and the bios update for this model is only delivered by HP.
I'm going to put Proxmox on it today and try and run OPNsense as a VM and see if it's stable. The goal here to was to get it running natively on separate hardware from my larger Proxmox servers, so although this would be a compromise, I can live with for now.
I've looked and couldn't find any microcode updates AMD only deliver these for this CPU via bios updates and the bios update for this model is only delivered by HP.
I'm going to put Proxmox on it today and try and run OPNsense as a VM and see if it's stable. The goal here to was to get it running natively on separate hardware from my larger Proxmox servers, so although this would be a compromise, I can live with for now.
#8
Intrusion Detection and Prevention / Re: Help me to get a valid et...
Last post by zlinuxboy - Today at 07:48:37 AMsir,
I have been send the email through PM, please check it out, thanks in advanced.
I have been send the email through PM, please check it out, thanks in advanced.
#9
Intrusion Detection and Prevention / Re: Help me to get a valid et...
Last post by Monviech (Cedrik) - Today at 06:01:32 AMPlease tell me your email address(es) via PM and I'll check with sales.
#10
25.1, 25.4 Series / Re: WireGuard Kill Switch Fail...
Last post by Majx - Today at 02:48:13 AMI can confirm almost the exact same behavior on my end.
The issue is that when a connection state already exists before the killswitch rule is enabled, traffic continues to follow the previously created state. As a result, the killswitch rule is bypassed until those states are cleared. Manually clearing the relevant states forces the firewall to create new ones that will then be evaluated and blocked by the killswitch rule as intended.
The larger problem is that you need to clear all connection states for hosts in the subnet (10.0.10.0/24). Doing so will kill all active connections (gaming, downloads, streaming, etc.), since every existing state for that subnet will be dropped, which is very bad.
The alternative would be to disable state tracking completely, but that will result in reduced performance (and might break other features?).
The most reliable solution is still to clear the states, even though it will impact the entire 10.0.10.0/24 network. Fortunately, this state reset is typically required only once (when you first apply the killswitch rule). VPN clients (PC or mobile) do the same thing on connection, the difference is that they affect only a single device rather than the whole subnet.
The issue is that when a connection state already exists before the killswitch rule is enabled, traffic continues to follow the previously created state. As a result, the killswitch rule is bypassed until those states are cleared. Manually clearing the relevant states forces the firewall to create new ones that will then be evaluated and blocked by the killswitch rule as intended.
The larger problem is that you need to clear all connection states for hosts in the subnet (10.0.10.0/24). Doing so will kill all active connections (gaming, downloads, streaming, etc.), since every existing state for that subnet will be dropped, which is very bad.
The alternative would be to disable state tracking completely, but that will result in reduced performance (and might break other features?).
The most reliable solution is still to clear the states, even though it will impact the entire 10.0.10.0/24 network. Fortunately, this state reset is typically required only once (when you first apply the killswitch rule). VPN clients (PC or mobile) do the same thing on connection, the difference is that they affect only a single device rather than the whole subnet.
