OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: DanMc85 on June 28, 2018, 10:47:35 pm
-
Has anyone seen these errors and have any ideas on what causes/how to fix?
OPNsense 18.1.10-amd64
FreeBSD 11.1-RELEASE-p10
LibreSSL 2.6.5
Running on Hyper-V Gen 2 with 3 NICs (Intel I350)
PHP Warning: A non-numeric value encountered in /usr/local/etc/inc/filter.inc on line 467
opnsense: unable to dlopen /usr/local/lib/sasl2/libotp.so.3: /usr/local/lib/sasl2/libotp.so.3: Undefined symbol "EVP_MD_CTX_free"
opnsense: unable to dlopen /usr/local/lib/sasl2/libotp.so.3: /usr/local/lib/sasl2/libotp.so.3: Undefined symbol "EVP_MD_CTX_free"
opnsense: unable to dlopen /usr/local/lib/sasl2/libntlm.so.3: /usr/local/lib/sasl2/libntlm.so.3: Undefined symbol "HMAC_CTX_new"
opnsense: unable to dlopen /usr/local/lib/sasl2/libntlm.so.3: /usr/local/lib/sasl2/libntlm.so.3: Undefined symbol "HMAC_CTX_new"
Also I run into an issue where my WAN connection will randomly go down (Comcast) and I have to manually Go into interfaces, uncheck the box to disable, recheck the box to enable, then hit apply changes (basically forcing an interface reload) when the internet goes down. I notice it does this more often when I am using PrivateInternetAccess VPN frequently on its own separate Interface... Is there a Cron or script of sorts that can do this automatically if the Gateway checker apinger or now dpinger detects a failed gateway? I have already tried: supersede dhcp-server-identifier 255.255.255.255 but now I don't think it is a DHCP lease issue, although when I fix it, I generally have a different IP - especially if it was down for a couple hours without noticing.
Would calling /usr/local/etc/rc.newwanip do this for me?
-
Try this patch https://github.com/opnsense/core/commit/78d84c70a via
# opnsense-patch 78d84c70a
But you also need to provide output of the error "There were error(s) loading the rules ..." that you seem to be having to be sure...
The second thing is a LibreSSL problem in the ports. It should not happen on OpenSSL flavour.
You last question, this should help...
# configctl interface reconfigure wan
You can also use this a a cron job if you want to know how to set this up from the GUI. But gateway monitoring should do this for you also if properly configured.
Cheers,
Franco
-
Try this patch https://github.com/opnsense/core/commit/78d84c70a via
# opnsense-patch 78d84c70a
But you also need to provide output of the error "There were error(s) loading the rules ..." that you seem to be having to be sure...
The second thing is a LibreSSL problem in the ports. It should not happen on OpenSSL flavour.
You last question, this should help...
# configctl interface reconfigure wan
You can also use this a a cron job if you want to know how to set this up from the GUI. But gateway monitoring should do this for you also if properly configured.
Cheers,
Franco
Thanks... I still had that error this morning after applying the patch.
PHP Warning: A non-numeric value encountered in /usr/local/etc/inc/filter.inc on line 467
Is there a log file stored somewhere that would contain what is causing this error that I can open via WinSCP?
For your second suggestion... is that cron job the Periodic Interface Reset or are you referring to something else/making my own?
Thanks!
-
I think I found the source of the error, but not sure why it is there. It does not make sense...
Private Internet Access VPN Client
opnsense: /usr/local/etc/rc.filter_configure: New alert found: There were error(s) loading the rules: no IP address found for ovpnc2:0 - The line in question reads [0]:
Local OpenVPN SSLVPN Server
opnsense: /usr/local/etc/rc.filter_configure: New alert found: There were error(s) loading the rules: no IP address found for ovpns3:network - The line in question reads [network]:
-
I too am having the same problem. It is somehow related to OpenVPN. I completely reloaded my router and restored the backup but that did not help.
-
Do you have an OpenVPN client assigned to an interface and use that for outbound NAT?
Cheers,
Franco
-
Do you have an OpenVPN client assigned to an interface and use that for outbound NAT?
Cheers,
Franco
Yes, should it not be?
-
No, just tracking it. I've fixed the error parsing here, but it still boils down to: "no IP address found for ovpnc2:0"
Is ovpnc2 tun or tap? It comes up late, forcing the error on rules reload because it doesn't have an address for one reason or another.
Cheers,
Franco
-
No, just tracking it. I've fixed the error parsing here, but it still boils down to: "no IP address found for ovpnc2:0"
Is ovpnc2 tun or tap? It comes up late, forcing the error on rules reload because it doesn't have an address for one reason or another.
Cheers,
Franco
They are both Tun.
Not sure if it matters but,
The client above is TCP4
The server above is UDP4
-
Does this happen after a clean reboot? Or during reconfiguring OpenVPN on the GUI as well?
-
Does this happen after a clean reboot? Or during reconfiguring OpenVPN on the GUI as well?
I think it is happening from an overnight cron job or overnight connection issue... it is fine booting and during the day... if I log into the firewall GUI in the morning, it will show the error detected, and ask me to send a report. I know its not the periodic interface reset one, since I just added that.
0 4 * * * Renew Let's Encrypt certificates
0 3 * * * Automatic firmware update
0 * * * * Firmware changelog update
0 5 * * * Periodic interface reset (WAN)
5 * * * * Dynamic DNS Update
0 2 * * * Update and reload intrusion detection rules
-
But everything keeps working?
It's alleged that this will trigger it...
# configctl interface reconfigure wan
.. and everything is still fine?
Cheers,
Franco
-
But everything keeps working?
It's alleged that this will trigger it...
# configctl interface reconfigure wan
.. and everything is still fine?
Cheers,
Franco
Yes, or so it seems.
However I still have issues with my internet connection randomly dropping out with OPNsense usually once a week but sometimes more often. It's probably an issue or configuration problem. The ISP and modem are fine. An interface disable/enable or opnsense reboot always fixes it.
-
When it happens again, can you try to see if the configctl trick will fix this too?
You are using DHCP on WAN with a modem in front? If yes take a look at this:
https://forum.opnsense.org/index.php?topic=9050.0
Cheers,
Franco
-
When it happens again, can you try to see if the configctl trick will fix this too?
You are using DHCP on WAN with a modem in front? If yes take a look at this:
https://forum.opnsense.org/index.php?topic=9050.0
Cheers,
Franco
I will give that command a try next time it occurs.
Yes to the modem in front of opnsense. I do have gateway monitoring enabled using a far DNS ip address and it does not autorecover the wan interface when it goes down.
-
Ok, we need to put a feature in place that will prevent this going forward in 18.7.x.
https://github.com/opnsense/core/issues/2517
Cheers,
Franco