Static IP for OPNSense

I was having an extremely difficult time getting my static IP WAN connection to work on OPNSense. I’m happy to report that I think I have solved the problem. I was able to get it to work last night but only after doing a factory reset.

If I am correct I think my problem was the upstream field. I was leaving it on automatic and I shouldn’t have done that. To the right of the field you can add your own upstream gateway.

What OPNSense means by upstream gateway is really your default gateway. I was under the assumption that since we have to pick the subnet mask that it based on that it would be the default gateway. For example /24 would mean a subnet mask of 255.255.255.0 and then I just assumed the gateway ends in one. I should not assume that.

I also though my issue was firewall rules related or there gateway section that is separate from the interface section. I never had that before and have read the instructions a few times. A lot of this stuff was automated with Sophos and now I have to manually set all this info. This section is important to show health and for load balancing/failover. Both are really important for my setup.

In order to become more comfortable with OPNSense I knew I would be having to factory reset at least one more time and then setting it all up again. This came earlier than I anticipated. That’s okay because I have learned a lot already. As I mentioned earlier I was giving myself a full year to learn this but with the EOL being moved up on my Cyberoam products I have no choice but to kick it into high gear.

The most important parts I have to figure out yet is Wireguard, a better understanding of firewall rules and load balancing/failover. I use 3 and sometimes for different WAN connections for my primary network. It is very imperative that I get this right.

Xerox 3335 Out of Memory Errors

There is a Xerox Workcentre 3334 here that use to print great but recently it has been giving me out of memory errors on both Word and PDF documents. These are larger files but nevertheless they should still print. Before the out of memory errors it would also take forever to print a few pages. 10 seconds or more pause between pages.

I don’t know what brought this on but it really never was a problem before. It’s a Xerox 3335 that is networked and only one computer prints to it. I tried a variety of different drivers on it and it didn’t matter. I also added the “lp” print queue to see if that would improve the speeds. PCL or PS also was useless. I also upgraded the firmware!

What seems to have worked is turning off the print spooling in the printer itself. Log into the printer and in the properties tab click on Maintenance on the left. From there you will see a “Firmware Upgrade” link.

One more thing I should mention is at first the issues were all with PDF documents. Using Chrome instead of Adobe Reader DC seems to have fixed that. Yesterday, the problem was with a 170 page Word document.

I’ll continue to monitor it and see if any other issues arise. I’ve never had to disable the print spooling on a printer before and I work with printers all the time. Thankfully the newer computers can handle the spooling much better than in years past.

Generic Wireless Earbuds are Not Bad

I will not pay over $100 for a pair of earbuds that will eventually wear out and that I may lose. I will not pay $50 either however, I will recommend generic wireless earbuds.

There are many choices out there on both Amazon and Aliexpress. I have purchased two of these bluetooth 5.0 earbuds now. They both are water resistent, have a charging pod. They last for hours and sound really good. What they lack in compared to airpods are shorter battery times, phone calls are bit more muffled and there are some weird things that occur when trying to charge. None of these are deal breakers and none of them are work $150+ to fix. I also assume the batteries will wear out sooner but at this price I can pick up another one if need be. The brand I got myself is different than the one I got my wife but they act the same and are very similar outside the case design.

How to take a screenshot in Mint

Taking a screenshot in Linux Mint is very easy to do. They have a built in program with a very simple name. It’s called Screenshot. That’s crazy!

Works like any other screenshot program. It gives you a few choices on the area and you can set a delay before it takes the screenshot.

As you can see it is super simple! I didn’t find any shortcut keys for it like one has in Windows, Mac, and Chrome. Nevertheless, I am really glad they have it built in.

OPNSense Trials and Tribulations Introduction

I’ve begun testing OPNSense as a possible replacement for my production cyberoam/sophos routers. I purchased a QOTOM (read: aliexpress seller) router with 6 NIC ports. All the ethernet ports are Intel. This version comes with a Core i5, 8 GB of RAM and a 64 GB SSD. It also has a toggle for wifi/LTE modem. Adding a modem/sim card will be the last thing I test. It is needed but not a priority. I have found some modems that should work with it but I’ll wait to order it.

Instead of writing “reviews” of the hardware and software I will need to do blog posts of bits and pieces. I expect this process to take a few months. I need to be comfortable with both the software and hardware. Many of these devices are going to be remote. Obviously you always want rock-solid uptime but I also need to be able to troubleshoot them almost exclusively remotely.

While the software is obviously separate from the hardware I will have to write about both at the same time. This is my first time working with QOTOM hardware. If this works I will be using much lower strength hardware due to power requirements.

I have worked with many different routers including PFSense. OPNSense was a fork of PFSense but has gradually become it’s own animal. Now with PFsense changing some of their rules I wonder if OPNSense will take of.

I have several cyberoam and sophos routers in production. I am very experienced with dd-wrt and Asus-wrt (merlin). I also work with Sonicwall everyday with a variety of models. While my Cisco experience (and now Meraki) isn’t all smart hands I wouldn’t consider myself an expert.

Lastly, it pisses me off that the latest security issues with Sonicwall and Sophos could have been prevented. Sophos was doing something stupid with their logins while Sonicwall says to just stop using their SSL VPN software. How is one supposed to use the VPN then?! Such craziness.

Yealink Would Not Provision with 3CX V16

I couldn’t get several Yealink phones to provision with 3CX V16. Actually, some of the issues started with V15.5. I finally revisited the issue with our recent upgrade to V16 and have finally figured it out.

These are Yealink T46S and T46G phones. The provisioning link was always to port 5000. If you change it from HTTP to HTTPS and the port 5000 to port 5001 then it works!

There has been a critical error on this website. Please check your site admin email inbox for instructions.

This was my first time seeing this error on one of my wordpress sites. Before I got this error I was seeing a NGINX error and didn’t understand why because all the other sites on this server was still up. I logged in and edited my NGINX file to use php8.0-fpm instead of php7.4-fpm. I reloaded and then went back to refresh the site. That is when I saw the error message:

There has been a critical error on this website. Please check your site admin email inbox for instructions.

I turned on debug by editing the wp-content file and turning debug to “true”. I saved it and refreshed the web page to get a message about a specific plugin. The directory was called anti-spam but I think it was Titan Security. I deleted the plugin directory and then refreshed again. That allowed me to login.

I should also mention that when you are switching PHP you also have to install the newer versions of cURL and ZIP. At least everyone should be using them in their wordpress installs. sudo apt install php8.0-curl and sudo apt install php8.0-zip.

The .ost is in use and cannot be Accessed Error

I think this was the first time I came across this error. The error message happened when a user was trying to send a PDF attachment. Apparently Outlook locked the .ost file from some other process. The message was The email username.ost is in use and cannot be accessed.

Easily enough just go into task manager and End Task on anything that says Microsoft Outlook. Simple enough yet dumb enough error message.

Wireguard and OPNSense Troubles

I am having some Wireguard(WG) and opnsense issues. Specifically, I can make the WG connection but for whatever reason I can’t seem to do anything with the connection. That usually means that I don’t have the right firewall rules. I also think this is my issue. However, I am just not having luck. I have followed some tutorials and have tried what makes logical sense to me.

For a solution, I do not have anything productive to add. I can connect to the OPNSense with Wireguard every time but unable to connect to WAN or LAN addresses.

UltraVNC Crashing My Computer

This was a first for me. I installed the latest UltraVNC 1.3.2 to do some testing on my desktop. I go to play a Steam game today and all it did was freeze and crash my computer. Thankfully it rebooted itself each time because the power button is basically shot but nevertheless it was disappointing to continually restart my game. Took me 3 crashes before I decided to remove what I had installed the week prior. That was the only new application.

I normally use Splashtop for my remote needs with UltraVNC only being used internally. However, I needed it to do some testing with my raspberry pi plus my internet was so awful I couldn’t even use Splashtop!

This is the first time in all the years that I have used UltraVNC that I ever had any issues. Event Viewer does list just one critical event with absolutely no useful information. I do have a few other errors but they are related to VirtualBox. Not sure why because I didn’t have VB running at the time.

In any event, apparently this version of UltraVNC server needs some more love.