Messages

Nothing - a blank line

I found these lines in System/general log:

Code Select Expand

2023-07-31T21:23:50 Notice kernel <118>You may need to manually remove /usr/local/etc/unbound/unbound.conf if it is no longer needed.
2023-07-31T21:23:42 Notice kernel <118>*** OPNsense\Unbound\Unbound Migration failed, check log for details
2023-07-31T21:23:42 Error config Model OPNsense\Unbound\Unbound can't be saved, skip ( OPNsense\Phalcon\Filter\Validation\Exception: [OPNsense\Unbound\Unbound:general.active_interface] option not in list{}
2023-07-31T21:23:42 Error config [OPNsense\Unbound\Unbound:general.active_interface] option not in list{}
2023-07-31T21:22:50 Notice kernel <118>[87/214] Extracting unbound-1.17.1_3: .......... done
2023-07-31T21:22:50 Notice kernel <118>Using existing user 'unbound'.
2023-07-31T21:22:50 Notice kernel <118>Using existing group 'unbound'.
2023-07-31T21:22:50 Notice kernel <118>[87/214] Upgrading unbound from 1.17.1_2 to 1.17.1_3...
2023-07-31T21:22:50 Notice kernel <118> unbound: 1.17.1_2 -> 1.17.1_3
2023-07-31T21:22:50 Notice kernel <118>unbound-1.17.1_2: already unlocked


I have the same problem.

I get this message. Where can I find the log?

Code Select Expand

*** OPNsense\Unbound\Unbound Migration failed, check log for details

Patch works fine for me.

Yes!
Now the tunnel is showing up again.

No difference.

Did that patch change anything?

Code Select Expand

root@reserv2:~ # opnsense-patch becf4e93428
Fetched becf4e93428 via https://github.com/opnsense/core
No file to patch.  Skipping...
1 out of 1 hunks ignored while patching opnsense/scripts/ipsec/vici/__init__.py
No file to patch.  Skipping...
1 out of 1 hunks ignored while patching opnsense/scripts/ipsec/vici/compat.py
No file to patch.  Skipping...
1 out of 1 hunks ignored while patching opnsense/scripts/ipsec/vici/exception.py
No file to patch.  Skipping...
1 out of 1 hunks ignored while patching opnsense/scripts/ipsec/vici/protocol.py
No file to patch.  Skipping...
1 out of 1 hunks ignored while patching opnsense/scripts/ipsec/vici/session.py
No file to patch.  Skipping...
1 out of 1 hunks ignored while patching opnsense/scripts/ipsec/vici/test/test_protocol.py
root@reserv2:~ #

After upgrading to 22.1.10 the IPsec tunnel (host-host) has dissapeared both from the dashboard-ipsec widget and from VPN->IPsec->Status Overview.

However, the tunnel itself is working as expected.

Upgraded  some 10 routers last night without reboot. After a few hours, four of the units failed with one or more services stopped.
Found following in the system/general log

Code Select Expand


2021-09-22T23:46:58   configctl[19087]   event @ 1632347211.39 msg:   
.
approx 7000 identical lines within 1 second
.
2021-09-22T23:46:58   configctl[19087]   event @ 1632347211.39 msg:   
2021-09-22T23:46:58   kernel   pid 34492 (unbound), jid 0, uid 59, was killed: out of swap space

Unbound was stopped in three units, unspecified python process in one and syslog-ng in one.
Just restarted the failed processes and everlything looks good after 1 hour.

My api calls for firmware status are not woring properly anymore. Is there any documentation of the changes?

If you are starting the config from scratch the following should work:

• Define a Real server: name Internal_www, IP: 172.16.60.11, port 80, no ssl
• Define a Virtual service->Backend Pool: name pool_www, add server Internal_www (remember to press TAB after entering server name)
• Define a condition: Name e.g. www, Host matches, Host string = www.domain.com
• Define a rule: Name redirect_www, Select Conditions: www, HAProxy function: Use specified Backend, pool_www
• Define a Virtual Service->Public Service: Name front_443, Listen address: 196.44.xxx.xxx:443 (TAB), enable ssl-offloading, default backend pool: pool_www (TAB), certificate: your Let's Encrypt cert, Advanced settings: Select rules: redirect_www

If you run into problems, it can be a good idea to skip the ssl part initially to make the basic redirect work first. After that you could add ssl offloading and then the other conditions/rules/hosts one by one.
Good luck.

There is a (typing) error in the code that creates the filename that explain the time issue.

I have raised the issue on GitHub

When I look deeper I have similar problem.
I also have domain override for a .local domain. DNS lookup never fails when I do it from a connected pc or Linux client. However, when I test from the console on one of my OPNsense boxes I also get intermittent failures.

Code Select Expand

drill host.mydomain.localFails 25-75% of tries

Code Select Expand

drill @192.168.16.1 host.mydomain.local Works every time

Code Select Expand

drill ikea.comWorks every time

Something odd is going on.

You could also try to restrict Outgoing network interfaces to LAN only.

Try to enter following in Custom options in Unboud settings:

Code Select Expand


server:
domain-insecure: "yourdomain.local"


I had similar problems when using a 16GB USB3 stick but after changing to a 4GB USB2 it has worked every time.