Messages

[In/out errors 6801598 / 1657]

I upgraded to 22.1 last week and everything went off without a hitch.
A quick hardware overview.
I run Opnsense as pure Firewall (High Avail. Scenario, 2 Hosts, 2 Switch, LACP)
Hosts with  32G, Xeon E2620,  Intel x520-DA2.
1 host with Fiber/ 1 Host with DAC.

lacp over both ports on X520.
more vlans on top of lagg.

Interface Statistics for lagg0

In/out packets   716441825 / 712558018 (358.71 GB / 284.60 GB)
In/out packets (pass)   716347241 / 712557150 (358.70 GB / 284.60 GB)
In/out packets (block)   4574009 / 868 (92 KB / 44 KB)
In/out errors   6801598 / 1657


Interface Statistics for ix0
In/out errors   6738215 / 0

Interface Statistics for ix1
In/out errors   63383 / 0

Same behavior with DAC or Fiber Gbic's
Same behavior for both Hosts

Any Hints ?

I got this error

[WARNING] (20353) : Proxy '1_HTTP_frontend': L6 sample fetches ignored on HTTP proxies (declared at /usr/local/etc/haproxy.conf.staging:70).
Warnings were found.
Configuration file is valid

What is wrong?

https://forum.opnsense.org/index.php?topic=27065.msg131206#msg131206

Hallo miteinander,
die HAProxy Configuration meldet eine Warnung nach den update auf 22.1.

22.1: wird mit HAProxy 2.4 mitgeliefert
21.7: ist mit HAProxy 2.2 dabei


[WARNING] (92134) : Proxy '110_HTTP_MAIN': L6 sample fetches ignored on HTTP proxies (declared at /usr/local/etc/haproxy.conf.staging:118).
[WARNING] (92134) : Proxy '110__HTTP_ALIAS': L6 sample fetches ignored on HTTP proxies (declared at /usr/local/etc/haproxy.conf.staging:240).
Warnings were found.
Configuration file is valid

aus /usr/local/etc/haproxy.conf.staging

118: http-request redirect scheme https code 301 if !acl_5f60ada90e0303.52206732 !acl_5f60ac7b7738e3.07651849
240: http-request redirect scheme https code 301 if !acl_5f60ada90e0303.52206732 !acl_5f60ac7b7738e3.07651849


acl acl_5f60ada90e0303.52206732 path_beg -i /.well-known/acme-challenge/

# ACL: SSLEstablished
acl acl_5f60ac7b7738e3.07651849 req.ssl_ver gt 0

# ACL: no_acme_challenge
acl acl_5f60ada90e0303.52206732 path_beg -i /.well-known/acme-challenge/

Irgendeine Idee ?
Vielen Dank im Voraus,

Does anyone have a similar scenario?
2 pfsense, one with wan connection and one on a second level (without wan access) ?

opensense 1 with acme-client (for wilcard-cert)
opensense2 (at another location) has to use the same wilcard-cert ...

Thanks a lot

Thanks very much,
that was the solution for the time being.
debug on the weekend.

Hi community,

i may have a problem cutting off long queries from haproxy.
Is there a config parameter to extend the length of the url / queries?
How do I get a rollback to haproxy 2.2.17?

Das ist bis heute noch nicht korrigiert ... Es hat mit Heute etwas Zeit und Schweißperle gekostet :-(

Hello!
I have a case here with 2 opnsense (cascaded connected).
One of them has a public IP and the second is cascaded (DMZ).
Letsencrypt runs on the first Opensense.
I would like to synchronize the certificates for extensions to the second Opensense and restart the GUI there (so the letsencrypt certificates are used for the GUI in the second router) .... is that possible?  how to? ideas ?
Thanks in advance

Hello!
How can I increase the logging of the haproxy?
So far, no matter what I have changed .. under services-> haproxy-> log ...
I see only
....
2021-07-15T12:55:39   haproxy[14562]   Proxy SMTP_backend_25 started.   
2021-07-15T12:55:39   haproxy[14562]   Proxy SMTPS_backend_465 started.   
2021-07-15T12:55:39   haproxy[14562]   Proxy SUBMISSION_backend_587 started.   
2021-07-15T12:55:39   haproxy[14562]   Proxy IMAPS_backend_10993 started.   
2021-07-15T12:55:39   haproxy[14562]   Proxy proxy started.   
....

thanks a lot

niemand ?

nobody ?

Hello!
if you create a zone in bind (regardless of whether webui / api), then the hosts, and then delete the zone again, the hosts remain in the configuration file. The problem is if you have created the zone several times (for testing or automation via API), deleted it and then created it again, the size of config.xml becomes huge. side effect is that the webgui is sluggish when the config.xml is so big.
In my case:
config.xml with bind block was about 9 MB in size,
after deleting the bind block using ...
sed -i '' -e '/ <bind> /, / <\ / bind> / d' config.xml
my config.xml is now about 300k.
Cheers

Hi!
Look the native opnsense api.
The opnsense dhcp implementation limitation, only direct connected interfaces(  subnets) are served.
Cheers

Klick on Button "Save" and then Reload the Service.

I am trying to configure the OPNSense DHCP server to send a fixed IP address to clients with bonded interfaces (multiple physical interfaces bonded in one virtual interface). The problem is that the bonded interface arbitrarily chooses the mac address of one of its underlying physical interfaces as its own mac address. This means that the mac address can change (and does change) each time the interface is rebooted. Thus, the static mapping in OPNSense cannot be based on a fixed MAC address for the client.

I have tried two things:

• Leave the mac address blank in the DHCP static map specification in OPNSense, and just set the client identifier. Have the client send that same identifier.
• Add a static map for all (four) physical mac addresses the bonding interface can take

Neither of these work. The OPNSense DHCP server doesn't seem to want to assign a static map based on client identifier. Only if I put a MAC address in there. In the second case, the UI rejects multiple static maps with different MAC addresses but the same IP.

I am curious if anyone has had the same issue and found a way to make it work. It seems like a limitation with DHCP itself, although it does seem like this is what the "client identifier" option is for.

Hi
On linux, for example Centos
Assigning permanent MAC address for a bonding network interface.

    Forcing a bond to get its MAC address from a specific slave, MACADDR directive has to be added with the MAC address of the required slave to /etc/sysconfig/network-scripts/ifcfg-bondX file.

#  cat /etc/sysconfig/network-scripts/ifcfg-eno1
DEVICE=eno1
NAME=eno1
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
NM_CONTROLLED=no

# cat /etc/sysconfig/network-scripts/ifcfg-eno2
DEVICE=eno2
NAME=eno2
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
NM_CONTROLLED=no

# cat /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
NAME=bond0
TYPE=Bond
MACADDR=a0:36:9f:0f:b1:70
ONBOOT=yes
BOOTPROTO=dhcp
NM_CONTROLLED=no
BONDING_OPTS="mode=active-backup primary=eno1 miimon=100"

After performing the necessary changes in the network configuration files make sure to reboot the system for the MAC address to take effect.