Messages

If you want to use Suricata on interfaces where is ZA used, you need to disable ZA on them first.

Thank you for the help.
I guessed as such and with ZA removed, Suricata still showing the same error message.
Unless NTOPNG could also give that error, I am not sure.

I will review it again.
Please, let me know if any other process like NTOPNG could cause that.
I have crossed some posts that mentioned the NIC driver being the culprint, I never notices that message on the bakup box running RTK NIC for example.

Thanks again.

This is the type of update that you wanna performe a clean install to avoid headaches, or you will spend endless time dealing with problems because of the major release.

IIRC, OPNSense team was preparing a "how-to" to make the upgrade, that alone was a clear "there are a lot of things to go wrong, fresh install it instead" message!!
No other major upgrade required that.

I was forced to fresh install it and it has been flawless but I did notice that some firewall stuff were not migrated over.
Still, zero problems.

It has been almost 2 weeks since you posted this and you are still having problems.
Backup the config and fresh install it!!

I have been using Zenamor and even paying for the home subscription but based on Pi-Holes log, the last thing I need is a service sending the smell of my fart to the cloud. Cancelled!!

So I am trying to test Suricata instead of Zenamor, but its logs keeps showing this "opening devname netmap:igb0/R failed: Device busy".

I did some digging but I don't fully understand it to make changes and break what is working.
Some possibilities include driver incompatible because of the igb0 driver.

The NIC is a Dell Intel I350-T4 Quad Port PCIe on a Dell SFF PC.

What could be possibly the reason and/or the fix??

The now OPNSense backup box, a miniPC with 2x onboard RTK NIC never displayed this message even tho RTK NIC are rated as bad NIC, I never really experienced issues with it.

If that matters, this is a small home network, that miniPC had crashed because Suricata's log was 150GB leaving no disk space so I have a mixed feeling touching it.

Thank you

I got similar experience on my Samsung Tablet ( Android )
On my phone ( GrapheneOS ) thankfully everything worked like a dream.

I used to have a dedicated WireGuard VPN VM coz it was a nightmare to get it working on OPNSense, with the latest release things are a lot smoother.

The workaround for me would be:

• Save the content of Config tab into a text file
• Install a package called qrencode on your pc assuming you are usiing Linux of course
• Then run: qrencode -t ansiutf8 -r "config_file_you_saved.conf"

It will generate the QR code for you.
If this is a OPNSense thing, it will work.
That is how I used to generate the QR code for the self hosted WireGuard before moving to OPNSense.

There should be a "Save" button that appears once you make any changes? Clicking on the Edit/Pencil button again would leave edit mode without saving (AFAIK).

I must be blind or on drugs.... or both.
I confess I did not noticed that save in there.

I have Brave "Auto Dark Mode for Web Contents" set to "Enabled"
That forces dark mode everywhere but breaks some pages color schema, like you cannot see, etc.
I have since installed Cicada theme and can confirm everything is working now.

Thank you very much.

I removed ZenArmor before upgrading to 24.7 and reinstalled it after the upgrade: I experienced no issues doing it this way

This has been the only option to avoid problems really with major updates.

From 24.1 to 24.7 tho I did a clean install anyway because the last time I checked, a instruction was gonna be provided for folks willing to make the upgrade.
To me that smells possible problems so a clean install was a must.

How to reproduce:

1. Edit on top right corner
2. "Add widget" or make changes to the default ones
3. Click on edit again to close edit mode
4. Click on any menu on left
5. Go back to the dashboard and only the default widgets are visible

I checked the logs and none have anything related to error, info, warning, etc mentioning the UI or anything related.

Thank you

Why should it? It's not built on Linux.

I mean, you understood what I meant :)

And at least all my OPNsense installations do create separate datasets for the standard Unix directories:

Code Select Expand


root@opnsense:~ # df
Filesystem                1K-blocks    Used     Avail Capacity  Mounted on
zroot/ROOT/24.7           233496696 1937352 231559344     1%    /
devfs                             1       0         1     0%    /dev
zroot/var/mail            231559480     136 231559344     0%    /var/mail
zroot/tmp                 231560452    1108 231559344     0%    /tmp
zroot/var/tmp             231559440      96 231559344     0%    /var/tmp
zroot/var/log             231699192  139848 231559344     0%    /var/log
zroot/var/crash           231559440      96 231559344     0%    /var/crash
zroot/usr/home            231559440      96 231559344     0%    /usr/home
zroot/var/audit           231559440      96 231559344     0%    /var/audit
zroot                     231559440      96 231559344     0%    /zroot
devfs                             1       0         1     0%    /var/dhcpd/dev
devfs                             1       0         1     0%    /var/unbound/dev
/usr/local/lib/python3.11 233496696 1937352 231559344     1%    /var/unbound/usr/local/lib/python3.11
/lib                      233496696 1937352 231559344     1%    /var/unbound/lib


You can set a quota on the /var/log dataset if you so desire.

I was gonna say that is because you have it installed with ZFS but so was mine even so I had a single disk.
This new box I installed it with UFS instead.

I am running the latest 24.7.7 and mine does not look like that unless I need to install it again from scratch and manually set those partitions OR set a CRON since everything is running and I don't wanna do another full install, to run a script to check and delete big log files.

[CONTEXT:]

TL;DR: OPNSense crashed due to zero disk space because of /var/log/suricata
OPNSense does not follow linux standard partition mounting.

CONTEXT:

I use Linux anywhere I can and the first thing I do is to have the partitions set individually like:

• /
• /var
• /home
• /boot

My current /home has been passed through 4 different distros because of the above, just mount it.

PROBLEM:

I was having a problem with the company Windows laptop ( urghhhh ) and tried to check if it could be my setup even so my Linux laptop works like a dream.
I was still running the old version since the latest major release was a big release so no normal update among other things, and OPNSense UI was gone.
With some digging, I found the problem and I cannot open those files to see the root cause.

OPNSense team, pet yourselves on the back, 14 days running without disk space and without crashing on its own!!




With that being said, this is the new box.
Everything is under "/ " and that is not good.
The box that crashed had -18GB for / and /var/hdcpd/dev was 100% full
I did delete all the logs for /var/log/suricata but based on those logs date, the system has been running still for 14 days and once I rebooted it after the clean-up, oh boy, all hell broke loose.
I can imagine all the processes had no idea in which world they were in lmao



SOLUTION

The installation should ask about /var the same way it asks about the swap.
It is better and wiser to have no logs than have no system.


HAPPY ENDING

This happened while WFH so hotspot for a few hours.
At least the installation is as easy as it gets and restoring a backup I had made things smooth BUT it didn't load the Firewall NAT rules for some reason.
I have Pi-Hole + Unbound Recursive DNS and I use the firewall to force anything name resolution via them only and block everything else ( DoT/DoH ), I got luck the 2020 post still exists so I could recreate those rules.

I was postponing this major release because why not?!
The new box I had around waiting for this is an i7, 32GB, 512GB NVMe.
I have been exploring the firewall a lot and Elasticsearch uses memory like a motherf.
Got a PCIe 4x Intel and can finally go past 1G (1-1.3G ) via IPoE instead of PPPoE

Last but not least, the box that crashed and it is a backup now running this latest version ( i5, 16GB, 256GB, RTK NIC ), this new widget UI was somewhat lag-ish.
After the reboot, they would be broken and no data to display while on this i7 box everything runs a lot smoother.

Hey all,

I just noticed the 24.7 upgrade pop-up and while checking the release note and the forum, this release appears to bring some surprises with it, I couldn't not notice the posts regarding problems.
I mean sure, nobody posts anything when things are working, right?! haha

Those who have performed a clean 24.7 install, have you had any problem in important the backup???
I will postpone this upgrade for a few months at least until I am certain that bugs and issues have been fixed.

I am no longer running mine as Proxmox VM which makes it easier to test things so old baremetal way is it, too much overhead problems with Proxmox when things go south.

Thank you

Hey all,

I have been running my OPNSense for years now on a humble Zotac i5 (2/4) miniPC with dual Realtek NIC, 16GB memory and SSD.
I am running the basic plus Zenarmor and NTOPNG with a decent performance both from hardware and network.
I wanna give some love to my home network with a proper 10G switch and a more decent firewall setup that can be fitted within a small U alike rack.

I know folks have managed to run OPNSense on Sophos hardware which some are 100% operational with the led and front buttons working without issue.
You can buy some cheap whatever that means Sophos appliances on eBay, which models are recommended???

Preferable a model that allows memory expansion and SSD replacement if possible.
16GB memory is a must imo to have a decent experience if you wanna play around with things rather than a standard router/firewall.

Thank you so much for any help.

Hi all,

This is my setup:

i5 16GB baremetal running Proxmox:

• OPNsense 23.7.1_3
• DNS01: Pi-Hole + Unbound Recursive DNS
• DNS02: Pi-Hole + Unbound Recursive DNS
• WireGuard VPN

Add both DNS under:

• System > Settings > General
• Services > DHCPv4 > LAN

I have had this setup for years and it always worked flawlessly for years.
I am upgrading the baremetal with an i7, 32GB, NVMe to allow OPNSense to have more resource since I am exploring more network plugins and firewall and 1G plan which is currently punishing its limited resources.

Well, I started by setting up the new DNS02, then kill the old DNSs to make sure everything was working, well, the internet stopped working!!
Back in the day I could always bring DNS01 down and OPNSense would always redirect the DNS requests to the DNS02 like nothing happened, it was beautiful and the reason why I have both DNS VMs.

Well, I thought it was the problem with the new VM so shut all the new setup down, and check the environment that has been running for years.
Shut DNS01 and the whole internet stops. DNS02 is no longer receiving the DNS requests as it used to so this is not a new setup problem.

I even tried to manually remove DNS01 from OPNSense which didn't work either but this is so wrong. I never used to have to do that.

My question is: Why is OPNSense no longer balancing the DNS requests between DNS01 and DNS02 as it used to??
If I shut DNS01 right now, the whole internet goes RIP like if the DNS02 did not existed.

I have firewall rules in place to only allow Pi-Holes to resolve DNS requests, redirect any DNS request to them and IoT with hard coded DNS from bypassing it with Outbound rule.
This setup has been working flawlessly for years so I have no idea what changed on the OPNSense level.

And before I starting going crazy, I would like to know what changed and how to fix it.
I do not remember when was the last time I left only DNS02 running to fully refresh Pi-Hole/Unbound caching, I know it was a few months back but I cannot remember when so perhaps that could indicate version/bug??

Thank you

System: Settings: Logging

Cheers
Maurice

Thank you so much

Thank you guys.

Admins, could you please close this??

Thank you

The dynamic range and the static entries must not overlap.

Yep, it looks like I have been doing this wrong for years and only noticed it now due to something non related sending me to the logs where I saw the errors.
Pool has been changed and the log is clean now.

Thank you