Messages

In case of issues with unbound, I would suggest disabling both DHCP registration and the reporting (stats/graphs) part of DNS block lists, as I found these to produce errors in the logs. Now it runs fine here. I didn't investigate further to find a root cause.

Just tested it. This fine with me, thanks!

On a related note: I have a similar device, which has the annoying habit of disabling the HDMI output if no screen is connected at boot. So in case of an issue, you can't connect a monitor later on to see what the device is doing, or work locally.

I'm on IOS (iPhone SE 2022), perhaps that's the difference here.

I just tried this, but it doesn't seem to make any difference whatsoever. Tried with Safari and Chrome, after refreshing the page, disabling ad block etcetera.

Title pretty much says it all. I'm currently using my phone to look at the OPNsense gui, and I noticed the 'Inspect' button in the firewall rules section is not visible, so I am not able to observe the evaluation and state count. Could this functionality perhaps be brought back?

Some time ago, I posted the message below to the 24.1 stable forum. One of the hypothesis is that kea fails to startup properly due to link flapping, caused by Zenarmor binding to the interface at the same time. This issue still exists with 24.7 final. When I disable Zenarmor, all is well.

A few OPNsense releases ago, I migrated from isc-dhcp4 to kea. This mostly works, however there is one nagging issue: Every once in a while, after a reboot, kea appears not to be running. In the logs, the message 'no interface configured to listen to DHCP traffic' is shown. After a manual restart of kea all is well.
The error is not readily visible on the OPNsense dashboard, as kea appears to be running, it just isn't doing anything.
As this doesn't always happen, it seems to be a timing-sensitive issue. Are other people seeing this?

Code Select Expand

2024-07-11T15:35:01 WARN [kea-dhcp4.dhcp4.0x834bcb000] DHCP4_MULTI_THREADING_INFO enabled: yes, number of threads: 2, queue size: 64
2024-07-11T15:35:01 WARN [kea-dhcp4.dhcpsrv.0x834bcb000] DHCPSRV_NO_SOCKETS_OPEN no interface configured to listen to DHCP traffic
2024-07-11T15:35:01 WARN [kea-dhcp4.dhcpsrv.0x834bcb000] DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: the interface igb0 is not running
2024-07-11T15:35:01 WARN [kea-dhcp4.dhcp4.0x834bcb000] DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
2024-07-11T15:35:01 WARN [kea-dhcp4.dhcpsrv.0x834bcb000] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
2024-07-11T15:34:57 WARN [kea-dhcp4.dhcp4.0x834bcb000] DHCP4_MULTI_THREADING_INFO enabled: yes, number of threads: 2, queue size: 64
2024-07-11T15:34:57 WARN [kea-dhcp4.dhcp4.0x834bcb000] DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
2024-07-11T15:34:57 WARN [kea-dhcp4.dhcpsrv.0x834bcb000] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.


@sy: I think you misunderstood the issue the OP is trying to convey. What he presumably meant, is that starting with the 24.7 release candidates, the local Zenarmor management (the one in the OPNsense GUI) is not working anymore when the cloud agent (os-sensei-agent) is not installed, configured, and connected to the cloud management servers.

I just ran into this myself as well. You get some kind of 'can't connect' error when opening the Zenarmor submenu of the OPNsense GUI, even after initial setup and configuration. On OPNsense versions up to 24.1, Zenarmor could be used perfectly fine with only local administration.

Thanks!

The URL https://www.teamnl.org/ is currently being classified as 'gambling'. It is however the official Dutch site covering the Olympic Games 2024 in France. Maybe the site has shown gambling ads at some point, but it isn't related to gambling in itself. Could you please recategorize it?

Now that I think of it: the LAN interface kea is running on has a fixed IPv4 address which is inherently stable, but it uses 'track interface' for IPv6.
Can this process of assigning an IPv6 address momentarily cause some kind of interface flapping, disrupting IPv4 service, which causes kea to quit?

A few OPNsense releases ago, I migrated from isc-dhcp4 to kea. This mostly works, however there is one nagging issue: Every once in a while, after a reboot, kea appears not to be running. In the logs, the message 'no interface configured to listen to DHCP traffic' is shown. After a manual restart all is well.
The error is not readily visible on the OPNsense dashboard, as kea appears to be running, it just isn't doing anything.
As this doesn't always happen, it seems to be a timing-sensitive issue. Are other people seeing this?

Code Select Expand

2024-07-11T15:35:01 WARN [kea-dhcp4.dhcp4.0x834bcb000] DHCP4_MULTI_THREADING_INFO enabled: yes, number of threads: 2, queue size: 64
2024-07-11T15:35:01 WARN [kea-dhcp4.dhcpsrv.0x834bcb000] DHCPSRV_NO_SOCKETS_OPEN no interface configured to listen to DHCP traffic
2024-07-11T15:35:01 WARN [kea-dhcp4.dhcpsrv.0x834bcb000] DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: the interface igb0 is not running
2024-07-11T15:35:01 WARN [kea-dhcp4.dhcp4.0x834bcb000] DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
2024-07-11T15:35:01 WARN [kea-dhcp4.dhcpsrv.0x834bcb000] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
2024-07-11T15:34:57 WARN [kea-dhcp4.dhcp4.0x834bcb000] DHCP4_MULTI_THREADING_INFO enabled: yes, number of threads: 2, queue size: 64
2024-07-11T15:34:57 WARN [kea-dhcp4.dhcp4.0x834bcb000] DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first.
2024-07-11T15:34:57 WARN [kea-dhcp4.dhcpsrv.0x834bcb000] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.


As for ISC's reasons:

https://www.isc.org/kea/

I'm somewhat alarmed bij KEA having 'premium (commercial/paid) extensions'. How does the OPNsense team look at this? Don't we risk more and more extensions being made paid options over time once people have switched over from ISC?

Sometimes I log into the OPNsense web interface, go to the Zenarmor dashboard page, and then I'm greeted with the message that the packet engine has been updated, and needs to be restarted manually in order to activate the new version.
I try to configure my systems so they need as little manual intervention as possible. Would it be possible to restart the packet engine (not daily, but as part of an upgrade) using cron or something? I wouldn't mind a few seconds of downtime during the night for this.

I noticed this as well, but can't remember it from previous unbound versions. Maybe it is a new stat or something that has always been there but never shown? Unfortunately, I couldn't find any documentation on how to mitigate this.