"Recent posts
#51
German - Deutsch / Re: von Extern eigene OPNSense...
Last post by meyergru - July 17, 2025, 04:24:05 PMBeides.
1&1 VDSL macht teilweise DS-Lite. Du würdest es typischerweise daran sehen, dass die in OpnSense angezeigte WAN-IP eine aus dem Bereich 100.64.0.0/10 oder eine RFC1918 ist. Diese unterscheidet sich oft auch von der IP, die nach außen sichtbar wird, wenn man Verbindungen aufbaut.
Das würdest Du sehen, wenn bei https://wieistmeineip.de eine andere WAN-IP angezeigt wird als in Deinem Dashboard.
Es gibt hier auch einen Test dafür: https://ip.zuim.de/
Wenn das kein voller Dual-Stack ist, dann hast Du ein Router-behind-Router-Szenario, bei dem Du Dir die WAN-IP mit mehreren Kunden teilst. Es ist dabei nicht möglich, einen Port per IPv4 weiterzuleiten (der wäre nur für den Provider selbst erreichbar), bzw. bewirkt es nichts.
Bei Scans von außen erreichst Du also gar nicht Deine OpnSense, sondern den vorgeschalteten Router.
1&1 VDSL macht teilweise DS-Lite. Du würdest es typischerweise daran sehen, dass die in OpnSense angezeigte WAN-IP eine aus dem Bereich 100.64.0.0/10 oder eine RFC1918 ist. Diese unterscheidet sich oft auch von der IP, die nach außen sichtbar wird, wenn man Verbindungen aufbaut.
Das würdest Du sehen, wenn bei https://wieistmeineip.de eine andere WAN-IP angezeigt wird als in Deinem Dashboard.
Es gibt hier auch einen Test dafür: https://ip.zuim.de/
Wenn das kein voller Dual-Stack ist, dann hast Du ein Router-behind-Router-Szenario, bei dem Du Dir die WAN-IP mit mehreren Kunden teilst. Es ist dabei nicht möglich, einen Port per IPv4 weiterzuleiten (der wäre nur für den Provider selbst erreichbar), bzw. bewirkt es nichts.
Bei Scans von außen erreichst Du also gar nicht Deine OpnSense, sondern den vorgeschalteten Router.
#52
25.1, 25.4 Production Series / Re: Resolved: Memory Usage inc...
Last post by XabiX - July 17, 2025, 04:21:31 PMHello, it s my 1st time that I see my VM 25.11.1 rebooting within my Proxmox. I have not yet been able to understand why (no crash core dump).
I have disabeled IPv6 GW for now but I still see my mem 90% used in Proxmox which is OK but can"t seem to understand why it crashed.
Is there any idea?
I have disabeled IPv6 GW for now but I still see my mem 90% used in Proxmox which is OK but can"t seem to understand why it crashed.
Code Select
root@OPNsense:~ # top -o res
last pid: 18374; load averages: 0.16, 0.14, 0.15 up 0+00:32:05 16:18:44
83 processes: 1 running, 82 sleeping
CPU: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle
Mem: 303M Active, 425M Inact, 1448M Wired, 9687M Free
ARC: 613M Total, 121M MFU, 424M MRU, 15M Anon, 4797K Header, 47M Other
489M Compressed, 1400M Uncompressed, 2.86:1 Ratio
PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
62477 root 15 36 0 1401M 116M kqread 3 0:04 0.00% crowdsec
90642 unbound 4 20 0 120M 64M kqread 2 0:00 0.00% unbound
69639 root 10 20 0 1212M 57M kqread 3 0:01 0.00% crowdsec-firewall-b
98397 root 1 20 0 79M 52M nanslp 1 0:05 0.00% php
377 root 1 68 0 88M 46M accept 0 0:02 0.00% python3.11
22958 root 1 20 0 66M 40M accept 0 0:00 0.00% php-cgi
83348 root 1 23 0 51M 40M nanslp 1 2:25 0.00% python3.11
28331 root 1 20 0 64M 39M accept 0 0:00 0.00% php-cgi
28026 root 1 20 0 64M 39M accept 2 0:00 0.00% php-cgi
25618 root 1 20 0 68M 36M accept 2 0:00 0.00% php-cgi
22629 root 1 20 0 64M 36M accept 2 0:00 0.00% php-cgi
24001 root 1 20 0 62M 34M accept 0 0:00 0.00% php-cgi
25014 root 1 20 0 62M 34M accept 3 0:00 0.00% php-cgi
26897 root 1 68 0 56M 28M accept 0 0:00 0.00% php-cgi
26019 root 1 68 0 56M 28M accept 0 0:00 0.00% php-cgi
26714 root 1 68 0 56M 28M accept 0 0:00 0.00% php-cgi
26207 root 1 68 0 56M 28M accept 0 0:00 0.00% php-cgi
19937 root 1 68 0 56M 28M wait 0 0:00 0.00% php-cgi
25999 root 1 68 0 56M 28M accept 0 0:00 0.00% php-cgi
25255 root 1 68 0 56M 28M accept 0 0:00 0.00% php-cgi
25367 root 1 68 0 56M 28M accept 1 0:00 0.00% php-cgi
21145 root 1 68 0 56M 28M wait 3 0:00 0.00% php-cgi
23418 root 1 68 0 56M 28M accept 0 0:00 0.00% php-cgi
23220 root 1 68 0 56M 28M accept 0 0:00 0.00% php-cgi
24674 root 1 68 0 56M 28M accept 0 0:00 0.00% php-cgi
20534 root 1 68 0 56M 28M wait 1 0:00 0.00% php-cgi
21377 root 1 68 0 56M 28M wait 3 0:00 0.00% php-cgi
30005 root 1 68 0 56M 28M accept 0 0:00 0.00% php-cgi
29462 root 1 68 0 56M 28M accept 2 0:00 0.00% php-cgi
28931 root 1 68 0 56M 28M accept 0 0:00 0.00% php-cgi
62981 nobody 6 20 0 1233M 21M kqread 0 0:01 0.00% node_exporter
93059 root 1 20 0 32M 18M nanslp 1 0:01 0.00% python3.11
375 root 1 68 0 27M 15M wait 0 0:00 0.00% python3.11
16232 root 1 20 0 28M 15M select 2 0:00 0.00% python3.11
17419 root 3 20 0 45M 15M kqread 0 0:00 0.00% syslog-ng
15648 root 1 20 0 27M 14M select 2 0:00 0.00% python3.11
71043 redis 4 20 0 37M 12M kqread 1 0:01 0.00% redis-server
36847 dhcpd 1 20 0 28M 10M select 2 0:00 0.00% dhcpd
19715 root 1 20 0 23M 10M kqread 0 0:00 0.00% lighttpd
17134 root 1 68 0 24M 10M wait 0 0:00 0.00% syslog-ng
54091 root 1 20 0 20M 9060K select 2 0:00 0.00% sshd-session
16346 root 1 20 0 20M 9052K select 0 0:00 4.96% sshd-session
77473 root 2 20 0 21M 8756K nanslp 1 0:00 0.00% monit
53631 root 1 37 0 20M 8748K select 2 0:00 0.00% sshd-sessionIs there any idea?
#53
German - Deutsch / Re: von Extern eigene OPNSense...
Last post by Pitti3303 - July 17, 2025, 04:05:21 PMQuote from: meyergru on July 17, 2025, 10:56:00 AMScan mal von innen Deine OpnSense. Ich wüsste nicht, wie die Ports 8080, 8118, 137,139 usw. überhaupt auftauchen sollten, weil die ja schon lokal nicht offen sind - wie also von außen?
Hast Du die richtige IP gescannt? Hast Du einen DS-Lite-Anschluss?
Den Scan von innen auf die LAN-IP meiner OPNSense oder von innen auf die WAN-IP der Sense? Die gescannte IP hat gepasst. Was DS-Lite betrifft, wie würde ich das erkennen?
#54
German - Deutsch / Re: von Extern eigene OPNSense...
Last post by Pitti3303 - July 17, 2025, 03:56:54 PMQuote from: chrs on July 17, 2025, 12:21:35 PMQuoteHost is up (0.0012s latency).QuoteZur Topologie: VDSL
Ähm, den VDSL Zugang hätte ich auch gern. Da war bestimmt kein externer Zugang im Spiel.
Den Wert habe ich auch nicht erwartet. Fakt ist, ich habe meine WAN-IP von einem anderen Anschluss mit anderer WAN-IP gescannt.
#55
25.1, 25.4 Production Series / Re: Upgrade fail from 25.1.10 ...
Last post by VTOLfreak - July 17, 2025, 02:58:45 PMThe recovery process was simply restoring the VM snapshot. I was back up and running in two minutes.
But it does sound like I will have to create a new install as I can't upgrade from this one.
I didn't add any plugins to my installation that didn't come from the opnsense repository if that is what you mean. (see screenshot)
But it does sound like I will have to create a new install as I can't upgrade from this one.
I didn't add any plugins to my installation that didn't come from the opnsense repository if that is what you mean. (see screenshot)
#56
25.1, 25.4 Production Series / Re: Upgrade fail from 25.1.10 ...
Last post by franco - July 17, 2025, 02:44:00 PMA few people actually, but I fail to se why 25.1.11 is special and would break simplexml in particular. It smells like an issue with a third party repo interaction but nobody has given a hint in that direction yet.
https://github.com/opnsense/core/issues/8944
Unfortunately recovering without reinstall is cumbersome in these particular cases breaking PHP execution.
Cheers,
Franco
https://github.com/opnsense/core/issues/8944
Unfortunately recovering without reinstall is cumbersome in these particular cases breaking PHP execution.
Cheers,
Franco
#57
25.1, 25.4 Production Series / Re: 25.1.11 Upgrade breaks DNS...
Last post by amichel - July 17, 2025, 02:27:55 PMI am aware, but fact is that until the upgrade it worked out of the box assigning to the clients the KEA assigned IP as GW and DNS server. And Unbound in my case was listening on those interfaces.
This was then not working after the upgrade.
However I tried the upgrade again and it works now.
Thanks for the help.
This was then not working after the upgrade.
However I tried the upgrade again and it works now.
Thanks for the help.
#58
25.1, 25.4 Production Series / Re: 25.1.11 Upgrade breaks DNS...
Last post by meyergru - July 17, 2025, 02:15:24 PMKea is DHCP and DHCP only. So, if your DNS is no longer available, it cannot be blamed on Kea, but on whatever you use for DNS (probably Unbound). That is, unless Kea distributes the wrong IP for the DNS server to the clients.
#59
25.1, 25.4 Production Series / [SOLVED] 25.1.11 Upgrade break...
Last post by amichel - July 17, 2025, 02:07:53 PMAfter Upgrading to 25.1.11 I realized that Kea DHCP Server still assigns IP Adresses, but DNS is no longer available. I did not add any extra DHCP options so the Gatway and the DNS Server is the IPadress assigned to the KEA interface on that specific VLAN.
Could not test any further as I need the environment up and running and decided to revert the snapshot.
Anyone had similar experiences?
Andreas
Could not test any further as I need the environment up and running and decided to revert the snapshot.
Anyone had similar experiences?
Andreas
#60
General Discussion / Re: Duplicate menu entry OpenV...
Last post by Dieter - July 17, 2025, 01:52:29 PMThank you Patrick for your super fast answer,
with your explanation and the knowledge, that a colleague has added an deactivated interface [OpenVPN] - that I have activated :-( - we got the second entry under rules.
After deactivating the interface [OpenVPN] again the second entry has gone.
Dieter
with your explanation and the knowledge, that a colleague has added an deactivated interface [OpenVPN] - that I have activated :-( - we got the second entry under rules.
After deactivating the interface [OpenVPN] again the second entry has gone.
Dieter
