OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: psychofaktory on November 08, 2022, 08:08:54 AM

Title: Massive problems since upgrade to version 22.10
Post by: psychofaktory on November 08, 2022, 08:08:54 AM
Hello,

Since the upgrade to version 22.10, we have unfortunately been struggling with several problems.

The update itself was still error-free.
Since then, however, there have been repeated problems:

I urgently ask for help. At the moment, one network is still not accessible.
Title: Re: Massive problems since upgrade to version 22.10
Post by: Supermule on November 08, 2022, 08:17:03 AM
That is not good news.

Are you on a business or CE?
Title: Re: Massive problems since upgrade to version 22.10
Post by: psychofaktory on November 08, 2022, 08:24:41 AM
business!
Title: Re: Massive problems since upgrade to version 22.10
Post by: Supermule on November 08, 2022, 08:39:53 AM
Then you need to contact support to get it fixed asap.

Do you have a test environment or lab to do the upgrades before it goes into production??
Title: Re: Massive problems since upgrade to version 22.10
Post by: psychofaktory on November 08, 2022, 08:41:22 AM
OPNsense runs on a Deciso DEC3840 Server.

The Logs from System -> Logs from today are attached.

Couldn't get the Audit-Log exported.
Since I tried to get the audit log System Status (the red point on top right on the webgui) says:
"Crash Reporter - An issue was detected and can be reviewed using the firmware crash reporter".
Title: Re: Massive problems since upgrade to version 22.10
Post by: psychofaktory on November 08, 2022, 08:43:16 AM
Quote from: Supermule on November 08, 2022, 08:39:53 AM
Then you need to contact support to get it fixed asap.
Where can I reach the responsible support as quickly as possible?

Quote from: Supermule on November 08, 2022, 08:39:53 AM
Do you have a test environment or lab to do the upgrades before it goes into production??
No, we are only a small school without the necessary capacity and resources for such things.
Title: Re: Massive problems since upgrade to version 22.10
Post by: Supermule on November 08, 2022, 08:47:26 AM
https://shop.opnsense.com/product-categorie/support/

Bottom part of the page.
Title: Re: Massive problems since upgrade to version 22.10
Post by: psychofaktory on November 08, 2022, 08:54:55 AM
Can only find the mail address of the sales Team here.
Last time it took a few days since i got an answer on this email.
Title: Re: Massive problems since upgrade to version 22.10
Post by: Supermule on November 08, 2022, 08:56:22 AM
OPNsense.com
Deciso Sales B.V.
Edison 43
3241LS Middelharnis
The Netherlands

sales@opnsense.com
+31 187 744 020

Mon-Fri 9h to 17h CET
Title: Re: Massive problems since upgrade to version 22.10
Post by: franco on November 08, 2022, 10:32:23 AM
I want to stop you right here and consider:

> stopping eastpect. Waiting for PIDS: 5911

Turn off Zenarmor to try to confirm what you are seeing here... I'm inclined to move this to the appropriate forum.


Cheers,
Framco
Title: Re: Massive problems since upgrade to version 22.10
Post by: psychofaktory on November 08, 2022, 10:58:30 AM
I have now deactivated ZenArmor.

Since then, all networks can be reached again and the system can also be restarted cleanly.


Nevertheless, the logs look like a lot of errors to me.
The services cron, nginx and nut_upsmon also need a lot of time to come up.
Title: Re: Massive problems since upgrade to version 22.10
Post by: aduwing on November 08, 2022, 02:30:18 PM
The latest Zenarmor update caused havoc on my network. I uninstalled it for now until the issues are fixed.
Title: Re: Massive problems since upgrade to version 22.10
Post by: sy on November 08, 2022, 04:51:24 PM
Hi,

Can you share a bug report form the upper right corner of Zenarmor GUI?
Title: Re: Massive problems since upgrade to version 22.10
Post by: sy on November 08, 2022, 04:53:47 PM
Hi again,

You can try to increase the netmap buffer by following the instruction:

Please try to add the following tunable and then restart the firewall.

System - Settings - Tunable
Tunable: dev.netmap.buf_num
Value: 1000000
Title: Re: Massive problems since upgrade to version 22.10
Post by: psychofaktory on November 09, 2022, 04:50:49 PM
I have made the setting and will now test it for some time.
A Bug Report has been sent afterwards to the supplement.


Besides this Nginx still has problems starting.

The log says:
invalid PID number "" in "/var/run/nginx.pid".
and
bind() to unix:/var/run/nginx_status.sock failed (48: Address already in use)
bind() to 0.0.0.0:443 failed (48: Address already in use)
bind() to [::]:443 failed (48: Address already in use)
bind() to 0.0.0.0:80 failed (48: Address already in use)
bind() to [::]:80 failed (48: Address already in use)


After some time and manual start-up attempts, nginx can be started and works.

This behaviour did not occur before the upgrade to the new OPNsense version.
Title: Re: Massive problems since upgrade to version 22.10
Post by: psychofaktory on November 09, 2022, 05:08:45 PM
Addendum:
After adjusting the mentioned optimisation, restarting OPNsense and reactivating the ZenArmor services, there now seems to be a problem with the name resolution again.
It is now no longer possible to search for firmware updates via the OPNsense interface.

No DNS servers are entered under System -> Settings -> General.
Name resolution is done exclusively via Unbound DNS.

If I enter DNS servers under System -> Settings -> General, it is also possible to search for firmware updates if ZenArmor remains activated.


After deactivating the ZenArmor packet machine and restarting OPNsense, the search for firmware updates is possible again. Also without DNS server under System -> Settings -> General. Just as it was before the update.

This time all services (incl. nginx) could be started without errors.

It seems that there are other problems with ZenArmor in connection with the update that cannot be solved simply by adjusting the optimisation 'dev.netmap.buf_num'.
Title: Re: Massive problems since upgrade to version 22.10
Post by: sy on November 10, 2022, 03:11:11 PM
Hi,

We have determined a DNS issue and working on it. It will be shipped with the upcoming maintenance release next week.