Hello,
Since the upgrade to version 22.10, we have unfortunately been struggling with several problems.
The update itself was still error-free.
Since then, however, there have been repeated problems:
- When restarting, OPNsense hangs forever (several hours) with the message "stopping eastpect. Waiting for PIDS: 5911". OPNsense could then finally be restarted with "shutdown -r now".
- Some VLANs could no longer be reached from other networks. Only after I had replaced all VLAN interfaces with new interfaces with the designation according to the scheme vlan0.xx were most of the networks accessible again.
- OPNsense permanently had massive latencies and even packet losses. The error only disappeared after I removed the tick from "Allow changing the default gateway".
- The OPNsense webgui gives the error message 503 Service Unavailable every day. Only a restart via the console makes the webgui accessible again.
I urgently ask for help. At the moment, one network is still not accessible.
That is not good news.
Are you on a business or CE?
business!
Then you need to contact support to get it fixed asap.
Do you have a test environment or lab to do the upgrades before it goes into production??
OPNsense runs on a Deciso DEC3840 Server.
The Logs from System -> Logs from today are attached.
Couldn't get the Audit-Log exported.
Since I tried to get the audit log System Status (the red point on top right on the webgui) says:
"Crash Reporter - An issue was detected and can be reviewed using the firmware crash reporter".
Quote from: Supermule on November 08, 2022, 08:39:53 AM
Then you need to contact support to get it fixed asap.
Where can I reach the responsible support as quickly as possible?
Quote from: Supermule on November 08, 2022, 08:39:53 AM
Do you have a test environment or lab to do the upgrades before it goes into production??
No, we are only a small school without the necessary capacity and resources for such things.
https://shop.opnsense.com/product-categorie/support/
Bottom part of the page.
Can only find the mail address of the sales Team here.
Last time it took a few days since i got an answer on this email.
OPNsense.com
Deciso Sales B.V.
Edison 43
3241LS Middelharnis
The Netherlands
sales@opnsense.com
+31 187 744 020
Mon-Fri 9h to 17h CET
I want to stop you right here and consider:
> stopping eastpect. Waiting for PIDS: 5911
Turn off Zenarmor to try to confirm what you are seeing here... I'm inclined to move this to the appropriate forum.
Cheers,
Framco
I have now deactivated ZenArmor.
Since then, all networks can be reached again and the system can also be restarted cleanly.
Nevertheless, the logs look like a lot of errors to me.
The services cron, nginx and nut_upsmon also need a lot of time to come up.
The latest Zenarmor update caused havoc on my network. I uninstalled it for now until the issues are fixed.
Hi,
Can you share a bug report form the upper right corner of Zenarmor GUI?
Hi again,
You can try to increase the netmap buffer by following the instruction:
Please try to add the following tunable and then restart the firewall.
System - Settings - Tunable
Tunable: dev.netmap.buf_num
Value: 1000000
I have made the setting and will now test it for some time.
A Bug Report has been sent afterwards to the supplement.
Besides this Nginx still has problems starting.
The log says:
invalid PID number "" in "/var/run/nginx.pid".
and
bind() to unix:/var/run/nginx_status.sock failed (48: Address already in use)
bind() to 0.0.0.0:443 failed (48: Address already in use)
bind() to [::]:443 failed (48: Address already in use)
bind() to 0.0.0.0:80 failed (48: Address already in use)
bind() to [::]:80 failed (48: Address already in use)
After some time and manual start-up attempts, nginx can be started and works.
This behaviour did not occur before the upgrade to the new OPNsense version.
Addendum:
After adjusting the mentioned optimisation, restarting OPNsense and reactivating the ZenArmor services, there now seems to be a problem with the name resolution again.
It is now no longer possible to search for firmware updates via the OPNsense interface.
No DNS servers are entered under System -> Settings -> General.
Name resolution is done exclusively via Unbound DNS.
If I enter DNS servers under System -> Settings -> General, it is also possible to search for firmware updates if ZenArmor remains activated.
After deactivating the ZenArmor packet machine and restarting OPNsense, the search for firmware updates is possible again. Also without DNS server under System -> Settings -> General. Just as it was before the update.
This time all services (incl. nginx) could be started without errors.
It seems that there are other problems with ZenArmor in connection with the update that cannot be solved simply by adjusting the optimisation 'dev.netmap.buf_num'.
Hi,
We have determined a DNS issue and working on it. It will be shipped with the upcoming maintenance release next week.