Topics

Anyone else dealing with this?

Code Select Expand

[29-Jan-2025 15:51:23 UTC] PHP Warning:  PHP Startup: Unable to load dynamic library 'mongodb.so' (tried: /usr/local/lib/php/20230831/mongodb.so (Cannot open "/usr/local/lib/php/20230831/mongodb.so"), /usr/local/lib/php/20230831/mongodb.so.so (Cannot open "/usr/local/lib/php/20230831/mongodb.so.so")) in Unknown on line 0


For the life of me I cannot get around this...

OUT OF THE BLUE, HAproxy simply stopped working and all my services are unaccessible now.

I haven't changed my configuration for the last 2 years at least and just like that, this morning, it stopped redirecting traffic.

What makes it even more bizzarre is that the only URL that accepts is the one that takes to OPNsense itself.

After having checked the entire configuration from ZERO, I'm at a dead end. Any ideas?

Hello,

I've been running Zenarmor on my DEC3840 for a while and just recently I've upgraded to a 10G/10G p2p INET connection. Zenarmor is monitoring my AX1 and I wonder whether it supports Native Netmap as I'm seeing a growing number of errors (OUT) on all VLANs as reported onto the INTERFACE STATISTICS widget.

I hadn't notice any errors when Zenarmor was monitoring igbx ports.

Any suggestion?

Hello,

I'd like to upgrade my appliance from the current 8G to either 16G or 32G but I'm struggling to find a list of supported compatible modules.

Can you guys point me in the right direction for finding such a list?

Thanks!

Hello,

Having run a dmidecode dump, I've noticed that my RAM is running at half its speed. (please see below)
Any ideas why and how to set it to the right speed (2666)?

Code Select Expand

Handle 0x0024, DMI type 17, 40 bytes
Memory Device
Array Handle: 0x0022
Error Information Handle: 0x0027
Total Width: 64 bits
Data Width: 64 bits
Size: 8 GB
Form Factor: DIMM
Set: None
Locator: DIMM 0
Bank Locator: P0 CHANNEL B
Type: DDR4
Type Detail: Synchronous Unbuffered (Unregistered)
Speed: 1333 MT/s
Manufacturer: Unknown
Serial Number: 00000866
Asset Tag: Not Specified
Part Number: TS1GLH64V6B3       
Rank: 1
Configured Memory Speed: 1333 MT/s
Minimum Voltage: 1.2 V
Maximum Voltage: 1.2 V
Configured Voltage: 1.2 V


Thanks!

Hello,

My DEC3840 is running at a very high temperature (in my opinion) of about 65/67C.
What's the regular operating temperature for this device?

Just yesterday it stopped working, I had to shut it down and let it cool for a while, then rebooted and started functioning again. Now temp sits at around 60C.

Can anyone assist? @franco?

Hello,

I've upgraded my ISP to 10G symmetric and configured my DEC3840 at such.
Bizarrely enough, 10G clients are getting full speed, 1G clients are getting ~300M Download / 940M Upload.

Here's my topology:

ISP--10G-->DEC3840--10G-->Meraki MS125-24P-->Clients (10G, 2.5G, 1G)

Any clue anyone?

Hello,

What FS.COM module is compatible the most with the Deciso DEC3840, Broadcom or Marvell?

https://www.fs.com/de-en/products/74680.html?attribute=27&id=3350408
OR
https://www.fs.com/de-en/products/111924.html?attribute=26184&id=479666

Also, shall I select GENERIC, FS or what else as for compatibility?

Thanks!!

I'm lost...

Installation went smoothly as usual...then reboot and BOOM no more internet.
Tried rebooting modem 3x no luck
Tried rebooting OPNsense 3x no luck
Change WAN interface no luck

I'm running out of ideas and kids want to kill me.

Help!!!

Hello,

I'd like to swap my dec3840 fan with noctua's as the noise is driving me crazy...
Anyone can give me specs for ordering the right one?

I'm looking for dimensions, voltage, number of pins etc.

Any help is highly appreciated. Also, my FW runs at ~50°C, at what temperature yours are running?

Cheers!!

NW4FUN

I've filed a stupid amount of time (daily over the last 2 months) the below crash report and never got an answer.

Do you guys have any idea what's going on with my DEC3840??




Fatal trap 12: page fault while in kernel mode
cpuid = 2; apic id = 08
fault virtual address   = 0x0
fault code      = supervisor write data, page not present
instruction pointer   = 0x20:0xffffffff80de1e0c
stack pointer           = 0x28:0xfffffe00107c7d10
frame pointer           = 0x28:0xfffffe00107c7e00
code segment      = base 0x0, limit 0xfffff, type 0x1b
         = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags   = interrupt enabled, resume, IOPL = 0
current process      = 0 (if_io_tqg_2)
trap number      = 12
panic: page fault
cpuid = 2
time = 1683248715
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00107c7ad0
vpanic() at vpanic+0x17f/frame 0xfffffe00107c7b20
panic() at panic+0x43/frame 0xfffffe00107c7b80
trap_fatal() at trap_fatal+0x385/frame 0xfffffe00107c7be0
trap_pfault() at trap_pfault+0x4f/frame 0xfffffe00107c7c40
calltrap() at calltrap+0x8/frame 0xfffffe00107c7c40
--- trap 0xc, rip = 0xffffffff80de1e0c, rsp = 0xfffffe00107c7d10, rbp = 0xfffffe00107c7e00 ---
iflib_rxeof() at iflib_rxeof+0x52c/frame 0xfffffe00107c7e00
_task_fn_rx() at _task_fn_rx+0x72/frame 0xfffffe00107c7e40
gtaskqueue_run_locked() at gtaskqueue_run_locked+0x15d/frame 0xfffffe00107c7ec0
gtaskqueue_thread_loop() at gtaskqueue_thread_loop+0xc2/frame 0xfffffe00107c7ef0
fork_exit() at fork_exit+0x7e/frame 0xfffffe00107c7f30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00107c7f30
--- trap 0x8038b000, rip = 0xffffffff80c311df, rsp = 0, rbp = 0x6 ---
mi_startup() at mi_startup+0xdf/frame 0x6
KDB: enter: panic
panic.txt0600001214425053113  7127 ustarrootwheelpage faultversion.txt0600007414425053113  7532 ustarrootwheelFreeBSD 13.1-RELEASE-p7 stable/23.1-n250430-7eb6eb035df SMP

Hello,

I've just upgraded my INET to 10G and as a result throughput has been negatively impacted. Let me explain:

INET->DEC3840->10G DAC into MS125p switch

On 1G WAN (igb0), I used to have solid 940/940 DL/UL on both iPerf3 and Speedtest.com
On 10G WAN (ax1), throughput is usually (as it fluctuates for no apparent reason) ~200M DL / ~1200M UL on both iPerf3 and Speedtest.com tested on a mGig client and ~200M DL / 940M UL on a 1G client

When running Speedtest from the OPNsense, I get a solid 6G/6G

Changing WAN (both port and speed) is the only change I've introduced and as soon as I go back to 1G on igb0, performances are back to what is expected.

Meraki TAC has been doing any sort of test and config change, this is not a SWITCH issue, I just don't know what is wrong with my FW.

Any help?

Hello,

I've configured Squid transparent (SSL) proxy and added the ACL ftp://ftp.ut-capitole.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz
Having selected SOCIAL NETWORK as category to block, unfortunately blocks whatsapp file transfer

I've added .whatsapp.com and .whatsapp.net to both whitelist and SSL bump. Whilst it allows whatsapp messaging, I cannot get the file transfer (video, photo, files, etc.) to work.

Any hint?

Hello folks,

I'm looking to implement an SSL DPI function in order to policy some unwanted behaviour (ie. Snapchat.com).
I run Sensei that can block the Snapchat app, however its website can be easily accessed since traffic is encrypted and sensei fails to detect and block as it should.

Any pointers? I haven't found any solution through OPNsense's plugin repositories...

TYA in advance

Hello,

Today I've noticed thousands of these (please see pic). It goes back to when I upgraded to 23.1

Is this expected behavior?

Not sure whether it's related to this, but my memory usage skyrocketed to 90% (it never went above ~45-50% before).

Thanks for taking the time to advise.

Hey guys,

Lately my DEC3840 became noisier and noisier and I was wondering whether there's any settings I shall config in order to lower the fan speed and thus its noise.

ATM everything is set as HIADAPTIVE although configuring any other setting has no impact on fan speed whatsoever.

Also, fan are clean from dust/dirt buildup and I've also ran a good amount of vacuuming just in case.

I'm quite lost atm and I'd appreciate any pointers to get this sorted ASAP.

Worst case scenario, I may consider to replace fans with some NOCTUAs, however I'd like to get specs and/or manuals before opening the case and invalidating the warranty for nothing.

Cheers!

Hey guys,

While running an Audit->Health I've got the following issue

>>> Check for missing or altered base files
Error 2 ocurred.
etc/sysctl.conf:
   size (311, 345)
   sha256digest (0x8c57d647047d84b9be4cddbb0b6d58c1d5839f148b62d1137b8bf2611f681cfd, 0x06ec8255e5fdfb4ccaf2059bc0d12c92554e4ba8f92b9d4c51af74ba58ba00c9)

Any idea of what that could be?

For completeness of info, this is the full audit outcome which shows other errors which I believe are linked to another issue I have with connecting to repositories

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.7.9_3 (amd64/OpenSSL) at Mon Dec 19 13:52:24 CET 2022
>>> Check installed kernel version
Version 22.7.9 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.7.9 is correct.
>>> Check for missing or altered base files
Error 2 ocurred.
etc/sysctl.conf:
   size (311, 345)
   sha256digest (0x8c57d647047d84b9be4cddbb0b6d58c1d5839f148b62d1137b8bf2611f681cfd, 0x06ec8255e5fdfb4ccaf2059bc0d12c92554e4ba8f92b9d4c51af74ba58ba00c9)
>>> Check installed repositories
SunnyValley
OPNsense
mimugmail
>>> Check installed plugins
os-acme-client 3.14_1
os-api-backup 1.0_1
os-bind 1.24_1
os-ddclient 1.9_1
os-debug 1.5
os-dmidecode 1.1_1
os-hw-probe 1.0_1
os-igmp-proxy 1.5_2
os-iperf 1.0_1
os-lldpd 1.1_2
os-mdns-repeater 1.1
os-net-snmp 1.5_2
os-netdata 1.2_1
os-nut 1.8.1_1
os-sensei 1.12.1
os-sensei-agent 1.12.1
os-sensei-updater 1.12
os-smart 2.2
os-speedtest-community 0.9_3
os-sunnyvalley 1.2_2
os-wireguard 1.13_2
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 63 dependencies to check.
Checking packages: .
beep-1.0_1 has no upstream equivalent
Checking packages: .
ca_root_nss-3.85 has no upstream equivalent
Checking packages: .
choparp-20150613 has no upstream equivalent
Checking packages: .
cpustats-0.1 has no upstream equivalent
Checking packages: .
dhcp6c-20200512_1 has no upstream equivalent
Checking packages: .
dnsmasq-2.87,1 has no upstream equivalent
Checking packages: .
dpinger-3.2 has no upstream equivalent
Checking packages: .
expiretable-0.6_2 has no upstream equivalent
Checking packages: .
filterlog-0.6 has no upstream equivalent
Checking packages: .
flock-2.37.2 has no upstream equivalent
Checking packages: .
flowd-0.9.1_3 has no upstream equivalent
Checking packages: .
hostapd-2.10_5 has no upstream equivalent
Checking packages: .
ifinfo-13.0 has no upstream equivalent
Checking packages: .
iftop-1.0.p4 has no upstream equivalent
Checking packages: .
isc-dhcp44-relay-4.4.3P1 has no upstream equivalent
Checking packages: .
isc-dhcp44-server-4.4.3P1 has no upstream equivalent
Checking packages: .
lighttpd-1.4.67 has no upstream equivalent
Checking packages: .
monit-5.32.0 has no upstream equivalent
Checking packages: .
mpd5-5.9_12 has no upstream equivalent
Checking packages: .
ntp-4.2.8p15_5 has no upstream equivalent
Checking packages: .
openssh-portable-8.9.p1_4,1 has no upstream equivalent
Checking packages: .
openssl-1.1.1s,1 has no upstream equivalent
Checking packages: .
openvpn-2.5.8 has no upstream equivalent
Checking packages: .
opnsense-22.7.9_3 has no upstream equivalent
Checking packages: .
opnsense-installer-22.1 has no upstream equivalent
Checking packages: .
opnsense-lang-22.7.3 has no upstream equivalent
Checking packages: .
opnsense-update-22.7.9 has no upstream equivalent
Checking packages: .
pam_opnsense-19.1.3 has no upstream equivalent
Checking packages: .
pftop-0.8 has no upstream equivalent
Checking packages: .
php80-ctype-8.0.26 has no upstream equivalent
Checking packages: .
php80-curl-8.0.26 has no upstream equivalent
Checking packages: .
php80-dom-8.0.26 has no upstream equivalent
Checking packages: .
php80-filter-8.0.26 has no upstream equivalent
Checking packages: .
php80-gettext-8.0.26 has no upstream equivalent
Checking packages: .
php80-google-api-php-client-2.4.0 has no upstream equivalent
Checking packages: .
php80-ldap-8.0.26 has no upstream equivalent
Checking packages: .
php80-pdo-8.0.26 has no upstream equivalent
Checking packages: .
php80-pecl-radius-1.4.0b1_2 has no upstream equivalent
Checking packages: .
php80-phalcon-5.1.1 has no upstream equivalent
Checking packages: .
php80-phpseclib-3.0.16 has no upstream equivalent
Checking packages: .
php80-session-8.0.26 has no upstream equivalent
Checking packages: .
php80-simplexml-8.0.26 has no upstream equivalent
Checking packages: .
php80-sockets-8.0.26 has no upstream equivalent
Checking packages: .
php80-sqlite3-8.0.26 has no upstream equivalent
Checking packages: .
php80-xml-8.0.26 has no upstream equivalent
Checking packages: .
php80-zlib-8.0.26 has no upstream equivalent
Checking packages: .
pkg-1.17.5_1 has no upstream equivalent
Checking packages: .
py39-Jinja2-3.1.2 has no upstream equivalent
Checking packages: .
py39-dnspython-2.2.1_1,1 has no upstream equivalent
Checking packages: .
py39-netaddr-0.8.0 has no upstream equivalent
Checking packages: .
py39-requests-2.28.1 has no upstream equivalent
Checking packages: .
py39-sqlite3-3.9.15_7 has no upstream equivalent
Checking packages: .
py39-ujson-5.0.0 has no upstream equivalent
Checking packages: .
py39-vici-5.9.3 has no upstream equivalent
Checking packages: .
radvd-2.19_1 has no upstream equivalent
Checking packages: .
rrdtool-1.8.0_1 has no upstream equivalent
Checking packages: .
samplicator-1.3.8.r1_1 has no upstream equivalent
Checking packages: .
squid-5.7 has no upstream equivalent
Checking packages: .
strongswan-5.9.8_1 has no upstream equivalent
Checking packages: .
sudo-1.9.12p1 has no upstream equivalent
Checking packages: .
suricata-6.0.9_1 has no upstream equivalent
Checking packages: .
syslog-ng-3.38.1 has no upstream equivalent
Checking packages: .
unbound-1.17.0 has no upstream equivalent
Checking packages: .
wpa_supplicant-2.10_6 has no upstream equivalent
Checking packages: .
zip-3.0_1 has no upstream equivalent
***DONE***

Any insight might surely help, thanks.

NW4FUN

Hey guys,

While checking for updates etc, I've got an error stating "Firmware status: Could not find the repository on the selected mirror.".
This error applies to mimugmail repository apparently

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 22.7.9_3 (amd64/OpenSSL) at Mon Dec 19 13:50:05 CET 2022
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 822 packages processed.
Updating SunnyValley repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .. done
Processing entries: .... done
SunnyValley repository update completed. 31 packages processed.
Updating mimugmail repository catalogue...
pkg: https://opn-repo.routerperformance.net/repo/FreeBSD:13:amd64/meta.txz: Not Found
repository mimugmail has no meta file, using default settings
pkg: https://opn-repo.routerperformance.net/repo/FreeBSD:13:amd64/packagesite.pkg: Not Found
pkg: https://opn-repo.routerperformance.net/repo/FreeBSD:13:amd64/packagesite.txz: Not Found
Unable to update repository mimugmail
Error updating repositories!
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***

Are their servers down or what?

Hello,

I've implemented a timed scheduled BLOCK ALL policy running on my kids VLAN from 10pm to 6am every day. Needless to say, it is so straight forward that it is working as expected until I realised my daughter was able to send/receive iMessages on her iPhone to which point I tried to give her a FaceTime call and to my surprise this was going through no problems at all!!

I'm puzzled on what/why this is happening as to my understanding the BLOCK ALL TRAFFIC policy should do what it says on the tin, period.

What am I missing??

Cheers,

NW4FUN

Hello,

Users are connecting to Wi-Fi via Radius MSCHAPv2. A very simple username and password authentication.
Users can login smoothly, however, very randomly aka with no clear pattern, they're been kicked out requiring for them to re-authenticate.

There's no use expiry nor other timing set to any user and it's very frustrating as I don't know what I'm doing wrong.

What's your guess?

NW4FUN

Edit: I should have added that no other users are logging in other than iOS/MacOS ones