"Recent posts
#21
General Discussion / Squid crashing
Last post by mooh - Today at 04:19:42 PMJust to let everyone know: I just discovered that for the last 2 days squid has been crashing without restarting. It popped up while running ansible apt updates on a number of machines. As it turns out, squid crashes on every 3rd "apt update", wether ansible is running in parallel mode or sequentially. I have been unable to find anything in the logs nor any core dumps. Resetting nor re-installing the plugin has not helped.
Squid was only used here to work-around auto-proxy config problems debian had for a while some time ago. I solved the issue creating an interface group with the required FW rules and removed squid from the firewall.
Squid was only used here to work-around auto-proxy config problems debian had for a while some time ago. I solved the issue creating an interface group with the required FW rules and removed squid from the firewall.
#22
General Discussion / Re: Zoraxy Reverse Proxy does ...
Last post by Monviech (Cedrik) - Today at 03:56:16 PMI don't remember it was a while ago but maybe here?
/usr/local/etc/lighttpd/conf.d/debug.conf
The error log should be redirected to syslog since thats defined already in the startup of lighttpd
https://redmine.lighttpd.net/projects/1/wiki/Server_errorlogDetails
/usr/local/etc/lighttpd/conf.d/debug.conf
The error log should be redirected to syslog since thats defined already in the startup of lighttpd
https://redmine.lighttpd.net/projects/1/wiki/Server_errorlogDetails
#23
General Discussion / Captive portal configuration u...
Last post by rowusu3 - Today at 03:50:39 PMI have a custom template being used for my captive portal. Four tunnels have already been set up with the custom template for VPN authentication. I recently tried adding a fifth tunnel, the webpage loads alright but it does not render fully. The page loads but the login form does not appear. How can I troubleshoot and get this resolved?
#24
General Discussion / ISC DHCP seesm to keep resetti...
Last post by Oli_wachno - Today at 03:26:49 PMHi there,
I have been running opnsense on a Protectli VP4650 since around mid of October now.(opnsense Version 25.7.9 Architecture amd64)
During the last weeks, my home network kept failing (as in windows complaining it has lost internet connection) on wired as well as on un-wired connections.
I think I have tracked down the cause of these connection losses, but I can't explain why this happens...
I can see errors occuring on the log like
Predceeding this, I can see on the inforamtion log something that is IMHO dhcpd restarting multiple times
In this particular case, this happen 22 times until the log calms down....
Any advice on how to investigate this issue?
Cheers
Oli
I have been running opnsense on a Protectli VP4650 since around mid of October now.(opnsense Version 25.7.9 Architecture amd64)
During the last weeks, my home network kept failing (as in windows complaining it has lost internet connection) on wired as well as on un-wired connections.
I think I have tracked down the cause of these connection losses, but I can't explain why this happens...
I can see errors occuring on the log like
Code Select
2025-12-09T07:33:41 Error dhcpd dhcp.c:4164: Failed to send 301 byte long packet over vlan0.2 interface.
2025-12-09T07:33:41 Error dhcpd send_packet: No buffer space available
Predceeding this, I can see on the inforamtion log something that is IMHO dhcpd restarting multiple times
Code Select
025-12-09T07:33:42 Informational dhcpd All rights reserved.
2025-12-09T07:33:42 Informational dhcpd Copyright 2004-2022 Internet Systems Consortium.
2025-12-09T07:33:42 Informational dhcpd Internet Systems Consortium DHCP Server 4.4.3-P1
2025-12-09T07:33:41 Error dhcpd dhcp.c:4164: Failed to send 301 byte long packet over vlan0.2 interface.
2025-12-09T07:33:41 Error dhcpd send_packet: No buffer space available
2025-12-09T07:33:41 Informational dhcpd DHCPACK on 192.168.2.14 to 68:c6:ac:fd:83:e7 (tg-lenovo) via vlan0.2
2025-12-09T07:33:41 Informational dhcpd DHCPREQUEST for 192.168.2.14 from 68:c6:ac:fd:83:e7 via vlan0.2
2025-12-09T07:33:40 Informational dhcpd Server starting service.
2025-12-09T07:33:40 Informational dhcpd Sending on Socket/fallback/fallback-net
2025-12-09T07:33:40 Informational dhcpd Sending on BPF/vlan0.2/64:62:66:22:e8:ef/192.168.2.0/24
2025-12-09T07:33:40 Informational dhcpd Listening on BPF/vlan0.2/64:62:66:22:e8:ef/192.168.2.0/24
2025-12-09T07:33:40 Informational dhcpd Sending on BPF/vlan0.3/64:62:66:22:e8:ef/192.168.3.0/24
2025-12-09T07:33:40 Informational dhcpd Listening on BPF/vlan0.3/64:62:66:22:e8:ef/192.168.3.0/24
2025-12-09T07:33:40 Informational dhcpd Sending on BPF/vlan0.4/64:62:66:22:e8:ef/192.168.4.0/24
2025-12-09T07:33:40 Informational dhcpd Listening on BPF/vlan0.4/64:62:66:22:e8:ef/192.168.4.0/24
2025-12-09T07:33:40 Informational dhcpd Sending on BPF/vlan0.10/64:62:66:22:e8:ef/192.168.10.0/24
2025-12-09T07:33:40 Informational dhcpd Listening on BPF/vlan0.10/64:62:66:22:e8:ef/192.168.10.0/24
2025-12-09T07:33:40 Informational dhcpd Sending on BPF/vlan0.1/64:62:66:22:e8:ef/192.168.1.0/24
2025-12-09T07:33:40 Informational dhcpd Listening on BPF/vlan0.1/64:62:66:22:e8:ef/192.168.1.0/24
2025-12-09T07:33:40 Informational dhcpd Wrote 40 leases to leases file.
2025-12-09T07:33:40 Informational dhcpd Wrote 0 new dynamic host decls to leases file.
2025-12-09T07:33:40 Informational dhcpd Wrote 0 deleted host decls to leases file.
2025-12-09T07:33:40 Informational dhcpd For info, please visit https://www.isc.org/software/dhcp/
2025-12-09T07:33:40 Informational dhcpd All rights reserved.
2025-12-09T07:33:40 Informational dhcpd Copyright 2004-2022 Internet Systems Consortium.
2025-12-09T07:33:40 Informational dhcpd Internet Systems Consortium DHCP Server 4.4.3-P1
2025-12-09T07:33:40 Informational dhcpd PID file: /var/run/dhcpd.pid
2025-12-09T07:33:40 Informational dhcpd Database file: /var/db/dhcpd.leases
2025-12-09T07:33:40 Informational dhcpd Config file: /etc/dhcpd.conf
2025-12-09T07:33:40 Informational dhcpd For info, please visit https://www.isc.org/software/dhcp/
2025-12-09T07:33:40 Informational dhcpd All rights reserved.
2025-12-09T07:33:40 Informational dhcpd Copyright 2004-2022 Internet Systems Consortium.
2025-12-09T07:33:40 Informational dhcpd Internet Systems Consortium DHCP Server 4.4.3-P1
2025-12-09T07:33:13 Informational dhcpd Server starting service.
2025-12-09T07:33:13 Informational dhcpd Sending on Socket/fallback/fallback-net
2025-12-09T07:33:13 Informational dhcpd Sending on BPF/vlan0.2/64:62:66:22:e8:ef/192.168.2.0/24
2025-12-09T07:33:13 Informational dhcpd Listening on BPF/vlan0.2/64:62:66:22:e8:ef/192.168.2.0/24
2025-12-09T07:33:13 Informational dhcpd Sending on BPF/vlan0.3/64:62:66:22:e8:ef/192.168.3.0/24
2025-12-09T07:33:13 Informational dhcpd Listening on BPF/vlan0.3/64:62:66:22:e8:ef/192.168.3.0/24
2025-12-09T07:33:13 Informational dhcpd Sending on BPF/vlan0.4/64:62:66:22:e8:ef/192.168.4.0/24
2025-12-09T07:33:13 Informational dhcpd Listening on BPF/vlan0.4/64:62:66:22:e8:ef/192.168.4.0/24
2025-12-09T07:33:13 Informational dhcpd Sending on BPF/vlan0.10/64:62:66:22:e8:ef/192.168.10.0/24
2025-12-09T07:33:13 Informational dhcpd Listening on BPF/vlan0.10/64:62:66:22:e8:ef/192.168.10.0/24
2025-12-09T07:33:13 Informational dhcpd Sending on BPF/vlan0.1/64:62:66:22:e8:ef/192.168.1.0/24
2025-12-09T07:33:13 Informational dhcpd Listening on BPF/vlan0.1/64:62:66:22:e8:ef/192.168.1.0/24
2025-12-09T07:33:13 Informational dhcpd Wrote 40 leases to leases file.
2025-12-09T07:33:13 Informational dhcpd Wrote 0 new dynamic host decls to leases file.
2025-12-09T07:33:13 Informational dhcpd Wrote 0 deleted host decls to leases file.
2025-12-09T07:33:13 Informational dhcpd For info, please visit https://www.isc.org/software/dhcp/
2025-12-09T07:33:13 Informational dhcpd All rights reserved.
2025-12-09T07:33:13 Informational dhcpd Copyright 2004-2022 Internet Systems Consortium.
2025-12-09T07:33:13 Informational dhcpd Internet Systems Consortium DHCP Server 4.4.3-P1
2025-12-09T07:33:13 Informational dhcpd PID file: /var/run/dhcpd.pid
2025-12-09T07:33:13 Informational dhcpd Database file: /var/db/dhcpd.leases
2025-12-09T07:33:13 Informational dhcpd Config file: /etc/dhcpd.conf
2025-12-09T07:33:13 Informational dhcpd For info, please visit https://www.isc.org/software/dhcp/
2025-12-09T07:33:13 Informational dhcpd All rights reserved.
2025-12-09T07:33:13 Informational dhcpd Copyright 2004-2022 Internet Systems Consortium.
2025-12-09T07:33:13 Informational dhcpd Internet Systems Consortium DHCP Server 4.4.3-P1
2025-12-09T07:30:00 Informational dhcpd DHCPACK on 192.168.4.31 to 94:27:70:77:2c:b6 via vlan0.4
2025-12-09T07:30:00 Informational dhcpd DHCPREQUEST for 192.168.4.31 from 94:27:70:77:2c:b6 via vlan0.4
In this particular case, this happen 22 times until the log calms down....
Any advice on how to investigate this issue?
Cheers
Oli
#25
General Discussion / Re: Zoraxy Reverse Proxy does ...
Last post by crazywolf13 - Today at 03:18:29 PMI see.
I'm not particularly sure if this is the correct way, but I added the following lines to the file: /usr/local/etc/lighttpd/lighttpd.conf
Then running:
I could see the following when selecting Debug and Informational:
But that does not really look like "debug" info to me, any ideas what I'm missing?
I'm not particularly sure if this is the correct way, but I added the following lines to the file: /usr/local/etc/lighttpd/lighttpd.conf
Code Select
debug.log-request-header = "enable"
debug.log-response-header = "enable"Then running:
Code Select
/usr/local/etc/rc.restart_webguiI could see the following when selecting Debug and Informational:
Code Select
2025-12-09T15:15:36
Informational
lighttpd
10.10.20.9 opnsense.XXX.dev - [09/Dec/2025:15:15:36 +0100] "GET / HTTP/2.0" 400 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:145.0) Gecko/20100101 Firefox/145.0"
2025-12-09T15:15:36
Informational
lighttpd
10.10.20.9 opnsense.XXX.dev - [09/Dec/2025:15:15:36 +0100] "GET / HTTP/2.0" 400 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:145.0) Gecko/20100101 Firefox/145.0"
2025-12-09T15:15:34
Informational
lighttpd
10.10.20.9 opnsense.XXX.dev - [09/Dec/2025:15:15:34 +0100] "GET / HTTP/2.0" 400 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:145.0) Gecko/20100101 Firefox/145.0"
2025-12-09T15:15:33
Informational
lighttpd
10.10.20.9 opnsense.XXX.dev - [09/Dec/2025:15:15:33 +0100] "GET / HTTP/2.0" 400 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:145.0) Gecko/20100101 Firefox/145.0"But that does not really look like "debug" info to me, any ideas what I'm missing?
#26
Development and Code Review / Re: Automating configuration o...
Last post by bimbar - Today at 03:06:21 PMCLI mainly for quick setup via copy&paste of snippets.
#27
General Discussion / Re: how to connect to two subn...
Last post by viragomann - Today at 02:58:40 PMThe traffic can be natted (masqeraded) by BINAT rules, but this cannot be done on your site. Nat has to happen on the remote sites.
#28
General Discussion / Re: Port Forwarding issue insi...
Last post by viragomann - Today at 02:48:34 PMPossibly the services don't accept access from outside of their local subnet.
Another possible reason is that the containers are missing a default gateway.
Another possible reason is that the containers are missing a default gateway.
#29
25.7, 25.10 Series / Re: os-OPNWAF / Exchange 2019 ...
Last post by Monviech (Cedrik) - Today at 02:36:46 PMI have a hunch.
Could you go to:
In there find the lines that say:
Delete these lines or comment them out.
Then afterwards do
This restarts apache without regenerating the configuration file. Don't press Apply in the GUI now, otherwise the configuration file will revert.
Then test if the authentication popup got better or no change.
If the above did the trick, I wonder if RedirectMatch solves it:
Could you go to:
Code Select
/usr/local/etc/apache24/Includes/gateway_vhosts.confIn there find the lines that say:
Code Select
Redirect / /owa/Delete these lines or comment them out.
Then afterwards do
Code Select
service apache24 restartThis restarts apache without regenerating the configuration file. Don't press Apply in the GUI now, otherwise the configuration file will revert.
Then test if the authentication popup got better or no change.
If the above did the trick, I wonder if RedirectMatch solves it:
Code Select
RedirectMatch ^/$ /owa/ #30
25.7, 25.10 Series / Re: Time based Shaper?
Last post by knebb - Today at 02:26:15 PMHi,
thanks for your explanations and your patience! Very kind!
I am really trying to understand. And I think I got it in theory now.
So I have currently setup in the following way:
Line Download
Line Upload:
Configured Pipes with the WFQ scheduler and CoDel activated:
No rules in Shaper
A rule on bottom of the WAN interface as catch-all:
Looks pretty fine for me...but!
As soon as I activate the rule on the WAN interface my traffic to any internet host drops completely.
But my traffic through Wireguard-VPN works pretty fine, but not limited to the above 365Mbit/s....
I have no clue what I am doing wrong...anyone an idea?
I think the bug is not related- as far as I understand it the bandwidth calculation is wrong and offers only half of configured values. But through Wireshark I do not have any limits (why not???) and to Internet all is blocked....
Thanks again!
/KNEBB
thanks for your explanations and your patience! Very kind!
I am really trying to understand. And I think I got it in theory now.
So I have currently setup in the following way:
Line Download
- Min: 750Mbit/s
- Max: 1000Mbit/s
Line Upload:
- Min: 375Mbit/s
- Max: 500Mbit/s
Configured Pipes with the WFQ scheduler and CoDel activated:
- VoIP Upload -> 10Mbit/s
- VoIP Download -> 10Mbit/s
- LAN Upload (min) -> 365Mbit/s (the min available bandwidth reduced by the 10Mbit/s for VoIP)
- LAN Upload (max) -> 500Mbit/s
- WAN Download (min) -> 750Mbit/s
- WAN Download (max) -> 1000Mbit/s
No rules in Shaper
A rule on bottom of the WAN interface as catch-all:
- Action: Allow
- Interface: WAN (which is NATed to pulic IP)
- Direction: out
- First match: active
- IPv4
- Protocol: any
- Source/ SrcPort: any
- Dest/ DstPort: any
- Traffic Shaping:
- In RuleDirection --> LAN UploadQueue (min)
- In ReverseDirection --> LAN DownloadQueue (min)
Looks pretty fine for me...but!
As soon as I activate the rule on the WAN interface my traffic to any internet host drops completely.
But my traffic through Wireguard-VPN works pretty fine, but not limited to the above 365Mbit/s....
I have no clue what I am doing wrong...anyone an idea?
I think the bug is not related- as far as I understand it the bandwidth calculation is wrong and offers only half of configured values. But through Wireshark I do not have any limits (why not???) and to Internet all is blocked....
Thanks again!
/KNEBB
