Recent posts

#81

General Discussion / Re: Trouble with VLAN setup on...

Last post by User074357 - November 20, 2025, 10:29:45 PM

Routing issues? Your PC would normally use the firewall as its gateway in order to route to the NAS subnet. In the other direction, the NAS would also use the firewall as its gateway to reach your PC. And, of course, if you use it to route, the firewall would need a default gateway to the Internet. You have the option of routing directly on the bridge, e.g. use a static route on your PC to route to the NAS through the firewall. If it's not routing, you'll likely need to provide more detailed information.

I use bridges for everything, as I can conveniently assign interfaces to whatever bridge I need them on at any given time, with no address or rule changes. It's not for everyone, but it works.

Routing seems to be fine. I can see the OPNsense sending outbound packets on the VLAN interface.
Just did a packet capture on both ends. There are ARP requests outgoing on the VLAN interface which never get responded to by TrueNAS.
When attempting to ping the OPNsense box from the NAS with "ping 192.168.20.1" the NAS also sends ARP requests which are never responded to.
Not sure what's going on there.

#82

25.7, 25.10 Series / Re: High CPU on Dashboard

Last post by senseOPN - November 20, 2025, 10:15:22 PM

I am seeing these log entries, but I'm not clear if they're a result of the high CPU:

Code Select Expand

2025-11-20T12:07:38-05:00
Error
lighttpd
(/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.82/src/gw_backend.c.533) connect() /var/lib/php/tmp/php-fastcgi.socket-1: Connection refused

That may well be the reason for the high CPU usage!

This is a socket:

root@OPNsense:~ # ls /var/lib/php/tmp/php-fastcgi.socket-1
srwxr-xr-x  1 root wheel 0 Nov 17 22:12 /var/lib/php/tmp/php-fastcgi.socket-1=


Does it exist?

What are the permissions?

#83

25.7, 25.10 Series / Re: High CPU on Dashboard

Last post by cyberfarer - November 20, 2025, 09:51:57 PM

I am seeing these log entries, but I'm not clear if they're a result of the high CPU:

Code Select Expand

2025-11-20T12:07:38-05:00
Error
lighttpd
(/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.82/src/gw_backend.c.533) connect() /var/lib/php/tmp/php-fastcgi.socket-1: Connection refused

#84

General Discussion / Unbound DNS and Adguard and sy...

Last post by tdukes - November 20, 2025, 09:51:17 PM

Hello,

I have been wondering about this for a while but can't find an answer.

I'm running Unbound DNS with OPNsense. OpNsense sits behind my internet providers modem/router and setup as a transparent filter bridge. I also have another PC running AdguardHome.

In System > Settings > General , what should I be using for the DNS servers? Should I use the PC running Adguard? If so, would Unbound be bypassed? I'd like to use both.

Thanks

#85

25.7, 25.10 Series / Re: High CPU on Dashboard

Last post by senseOPN - November 20, 2025, 09:28:55 PM

Yes, that does not look sane!

I made a test, had "top" running and then logged in to the dashboard.

I saw just a small spike and then it went down to normal:

last pid: 62529;  load averages:  0.24,  0.15,  0.09                                                                                                         up 12+02:08:11  21:27:58
64 processes:  1 running, 63 sleeping
CPU:  0.0% user,  0.0% nice,  0.4% system,  0.0% interrupt, 99.6% idle
Mem: 117M Active, 629M Inact, 2067M Wired, 104K Buf, 59G Free
ARC: 1198M Total, 815M MFU, 244M MRU, 1046K Anon, 17M Header, 118M Other
     873M Compressed, 2131M Uncompressed, 2.44:1 Ratio
Swap: 8192M Total, 8192M Free

#86

25.7, 25.10 Series / Captive-Portal Museum Applicat...

Last post by JimBob - November 20, 2025, 09:27:49 PM

Hi! Help! I'm using OPNsense 25.7-amd64 FreeBSD 14.3-RELEASE-p1 OpenSSL 3.0.17 on an Intel NUK11PAH to serve, via Captive Portal, a museum "assistant". The idea is to have an offline 10x10 matrix of buttons, so that the visitor can press buttons (e.g. "37") shown next to a display and receive audio, audio/video, or web page information for that exhibit. Although offline and unprotected by password, I want the visitor to be connected to the button matrix, without warnings of being offline (by spoofing the sites browsers check to verify online status) or warnings that unpassword-protected access is risky (I believe the Captive Portal process takes care of that), and have the browser immediately go to the button matrix, which is the landing page for the captive portal. I'm well on my way to having this operational, thanks to ChatGPT, but one issue has us both stumped. GPT directs me to upload my landing page by going to Sidebar -> Services -> Captive Portal -> Administration -> Templates (tab) and click the red "+" (Add) icon, bringing up a popup. I'm told to provide a name in the "Template name" textbox (I provide "A") and browse to my HTML file containing the 10X10 matrix of buttons (I do: it is called "index.html"). But when I click the "Upload" button, the popup disappears, but no template is added to the list, and no file is added to /usr/local/etc/captiveportal or anywhere else I can find. It's as if the popup did nothing. Once I have a template defined, I think my next step is to go to the "Zones" tab, create/edit a zone, and place the template file's name in the "Custom template box.

Where am I going wrong?

#87

25.7, 25.10 Series / Re: SSD get's massively writte...

Last post by senseOPN - November 20, 2025, 09:25:54 PM

root@OPNsense:~/smart #   diff collect_mb_2025-11-19 collect_mb_2025-11-20
1c1
< 4026285 MB
---
> 4026453 MB


root@OPNsense:~/smart # python3
Python 3.11.14 (main, Oct 21 2025, 21:38:48) [Clang 19.1.7 (https://github.com/llvm/llvm-project.git llvmorg-19.1.7-0-gcd7080 on freebsd14
Type "help", "copyright", "credits" or "license" for more information.
>>> 4026453 - 4026285
168

So, we are down to 168 MB in about 20 hours.


Good enough for me :-)

Thanks!

#88

24.7, 24.10 Legacy Series / Re: Mellanox ConnectX-3 VPI MC...

Last post by cheerbeer - November 20, 2025, 09:13:29 PM

I had the same issue, no idea why the mst commands are not working but there are some things you can check.

Perhaps try the package version of mstflint per here: https://adventurist.me/posts/00309

There is also a pciconf command that should work for getting the pcie ids versus the mst command.

The tunable in loader.conf is no longer necessary, as opnsense loads the driver by default.

Things to check to get the interfaces to load:

1.  Make sure the card is in ethernet mode, as opnsense does not support IB driver.  I did this in windows.
2.  Make sure there is a link or at a minimum an ethernet transceiver in the QSFP port.  The interface will not show up until there is an actual ethernet interface to load.

#89

German - Deutsch / Re: Einsteigerfrage zu NAT

Last post by Patrick M. Hausen - November 20, 2025, 09:10:28 PM

1. NAT greift immer von Firewall-Regeln.
2. Wenn du die NAT-Regel (eingehend) bei "Firewall rule association" auf "Pass" gestellt hast, greift auch das "Pass" vor allen anderen Firewall-Regeln.
3. Du musst also bei der NAT-Regel explizit auf eine Firewall-Regel verweisen statt "Pass" zu benutzen.
4. Die Block-Regel muss dann vor dieser in der Liste sein.

#90

General Discussion / Re: Trouble with VLAN setup on...

Last post by pfry - November 20, 2025, 09:07:17 PM

Routing issues? Your PC would normally use the firewall as its gateway in order to route to the NAS subnet. In the other direction, the NAS would also use the firewall as its gateway to reach your PC. And, of course, if you use it to route, the firewall would need a default gateway to the Internet. You have the option of routing directly on the bridge, e.g. use a static route on your PC to route to the NAS through the firewall. If it's not routing, you'll likely need to provide more detailed information.

I use bridges for everything, as I can conveniently assign interfaces to whatever bridge I need them on at any given time, with no address or rule changes. It's not for everyone, but it works.