Messages

I recently had the same problem with a very old piece of hardware I maintain.  To make it work, I followed the steps from LinuxKernal1 at https://github.com/opnsense/core/issues/3528#issuecomment-530749451 and it worked perfectly on old and new systems.

Thank you for the info.  I actually meant IPS in my previous post, but I'll stay away from that until the issues get resolved.  Thanks again for being on top of this.

Thanks for the detailed info.  That really seems like quite the subtle little problem to find.  Good work figuring that out so quickly!

Is your assessment then that we should be OK with IDS on if not using the affected Intel network adapter?  For example, most of my boxes (unfortunately) have Realtek adapters.

Just for my information, is this a kernel bug in FreeBSD itself or just related to a modification by OPNSense?  Thanks.

Sure...

Also, just to clarify when I said they have just "1 LAN interface"...I meant they only have 1 LAN (not multiple LANS or any VLANS).  They all clearly have 1 WAN interface too.

DHCP, NTP, Suricata, and Unbound.  Intel Core i3 (quad core) with 4 GB RAM and SSD.  It really is overkill for my situation.

Thanks!  Sounds great.

Not any more.  I downloaded the rules initially and then after getting lots of alerts, I tried to disable them (including clicking Apply on the Rules tab).  The rules never seemed to "Apply".  Then I manually downloaded the rules again.  After the second manual download everything is working liked I'd expect and I can't repeat the "bad" behavior or explain it.  During the bad times, I was having some random, intermittent web interface issues (..it would freeze or have extra long pauses and sometimes require restarting...and yes, I was very patient waiting several minutes...and the machine is a quad core i3 with 4GB RAM and SSD).  Perhaps the web interface issues are the real culprit.  However, almost all of those issues are gone now even though I haven't really changed anything but did reboot a few times.  I'm sorry I can't provide real diagnostic information, but everything has been working as I'd expect for over a day now.

Thanks for the info.  I'm more used to other firewall packages like Sophos UTM and pfSense (...this is my first experience with OPNSense).  I've never investigated what they do and how they do it, but they seem to resolve themselves by default.  I don't know how they handle multiple interfaces either.  All of the setups I manage have a simple 1 LAN interface and DNS resolver is only on that 1 interface.

OK.  I'll try to flesh this out a little more.  I thought the SSL error might have been a key since they appear around the log message where I log into the web interface.  Also, maybe a little more info would be helpful....I think the web interface is actually started because when I attempt to login, the browser just spins and spins for a few minutes.  If the web interface weren't started at all, I'd get a quick "reject" error (I would imagine).

I'm not sure what was happening the first time, but since the last Rule download and update everything appears to work as I would expect.  I can now manually disable a rule and it actually appears to disable.

I'm testing OPNSense on a real production system (a small satellite office)...so real hardware in a simple 1 WAN, 1 LAN setup.  Everything works as expected except the problem I mentioned.  Clients machine can ping firewall via IP address.  Clients can resolve each other but no client can resolve the firewall's DNS name.  If I manually add the firewall as an Overrride, then all is well.  Can you resolve your firewall's name without an override?

Thanks.  It's not a huge deal since I can enable it manually, but the more stuff it does automatically, the better!

I've read in several posts here that TRIM should be enabled by default.  I just clean installed 16.7.r1 and TRIM was not enabled by default.  I do have an SSD installed so it should be supported.  I was able to manually enable it in single user mode.

I just installed a fresh copy of 16.7.r1.  Every time I restart, the web interface takes several minutes to become accessible (after the reboot is complete and I can log into the shell).  The log has several of these after each reboot: "lighttpd[46964]: (connections.c.1550) SSL: 1 -1 error:140E0197:SSL routines:SSL_shutdown:shutdown while in init".