OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: pyrodex on September 01, 2020, 01:21:00 am

Title: Sensei crashing box during configuration
Post by: pyrodex on September 01, 2020, 01:21:00 am

During the installation of latest Sensei version on the latest stable OPNsense 20.7 version (20.7.1) it is crashing after doing all the steps and hitting the finish button. Box crashes and reboots.

Setup:

SYS-1019D-4C-FHN13TP w/2x8GB ECC RAM
Dual GEOM hard drives
5 interfaces in use; ixl0 - GUEST, ixl1 - DMZ, ixl2 - IoT, ixl3 - LAN, and igb0 using NetGraph for AT&T bypass
No VLANs
Have Suricata running right now but disabled it on second try and failed.

Any thing to troubleshoot or provide additional context around?

Title: Re: Sensei crashing box during configuration
Post by: mb on September 01, 2020, 07:42:43 pm

Hi @pyrodex,

This is a netmap bug. Netmap is an Operating System module that Sensei uses to grab packets off the wire.

We have a test kernel available which fixes this crash and some other crashes/problems. OPNsense will soon provide an official one.

Follow these steps to try the test kernel:

Code: [Select]

[root@20gw /root]# cd /boot/
[root@20gw:/boot # fetch https://updates.sunnyvalley.io/opnsense/updates/netmap-kernel/kernel-12.1-0826-1.tar.gz
kernel-12.1-0826-1.tar.gz                           45 MB 4980 kBps    10s
[root@20gw /boot]# mv kernel kernel.stock.save
[root@20gw /boot]# tar zxf kernel-12.1-0826-1.tar.gz
[root@20gw /boot]# reboot
After the reboot, you should be able to see this kernel information:

Code: [Select]

root@20gw:~ # uname -a
FreeBSD 20gw.local 12.1-RELEASE-p8-HBSD FreeBSD 12.1-RELEASE-p8-HBSD #2  cfea49ed4(master)-dirty: Wed Aug 26 16:12:21 PDT 2020     root@igbopnsense.localdomain:/usr/obj/usr/src.compile/amd64.amd64/sys/SMP  amd64

root@20gw:~ #
To restore stock OPNsense kernel:

Code: [Select]

# cd /boot
# rm -rf kernel
# mv kernel.stock.save kernel
# reboot
Please test and let us know how it goes...

Title: Re: Sensei crashing box during configuration
Post by: pyrodex on September 02, 2020, 04:18:08 pm

Looks good now!

Now to play with it!

Title: Re: Sensei crashing box during configuration
Post by: pyrodex on September 02, 2020, 04:25:22 pm

So I've got it collecting data... I don't see my WAN link in the list of interfaces to protect, not sure if I should since I use netgraph for something and see igb0 (the physical WAN link) but not ngeth0.

I also setup a reverse DNS query server to my firewall (192.168.14.1) but don't see those IPs getting resolved. Am I missing something?

Title: Re: Sensei crashing box during configuration
Post by: mb on September 02, 2020, 06:14:03 pm

@pyrodex, thanks for the update. Glad to hear that this kernel fixed your problem.

Sensei is meant to be deployed on inner-facing interfaces. Reason is that you'll lose internal IP information if you operate on the WAN interface - due to NAT being applied. 

See: https://help.sunnyvalley.io/hc/en-us/articles/360025100613#h_2782cb49-feca-4514-a99b-48001d4c750c

What happens if you do a forward query?