Messages

Thank you!! That's exactly what I needed. I'm pretty much in the same boat except I have a N200 (https://www.amazon.com/gp/product/B0C22Q1FYH/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&th=1). Great to hear things are going well so far on 23.7 RC1. From what I recall they were originally targeting July 31st to move to production with 23.7 so fingers crossed.

From what I understand FreeBSD 13.1 currently has issues with Alder Lake platforms and data corruption issues (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261169). From what I understand it's supposed to be fixed in FreeBSD 13.2. By chance does anyone have confirmation those fixes made it into the 23.7 RC for OPNSense?

Thanks! You've been very helpful. The only downside is that I'm trying to use a dynamic DNS updater and those require either letting my DNS config be overridden by WAN DHCP or specifying DNS servers. I currently have the router itself specified and that isn't working (unsurprisingly) so I guess I'll have to bite the bullet and pick some to specify.

Thank you! That's an excellent explanation and a much more detailed one than I'd anticipated. So based on what you're saying would the advantage to specifying my own name servers (Settings / General) be to use things like DNSSEC or perhaps point exclusively at servers that are geographically closer?

I know this is a dumb question but I need a hand here. What I need some help with is understanding how my current config is handling DNS requests at all and where it's sending them. I presently have Unbound DNS enabled with Forwarding Mode not enabled. However in System/General the only DNS server I have configured is the LAN IP of the firewall itself and I have un-checked the option to allow my DNS list to be overridden by WAN DHCP (no I do not want to use Comcast DNS servers). In DHCP the only DNS server configured is also the LAN IP of the firewall itself. Besides dynamic DNS none of the other DNS services on the firewall are enabled.

So with that in mind everything seems to be pointing at the firewall but I don't see anywhere the firewall or its services are configured to point elsewhere. DNS queries are unquestionably being fulfilled but I'm not sure where in my configuration it's being defined. I looked at live firewall logs for destination port 53 on the WAN interface and I see a number of different IPs, some owned by Microsoft, others to random other destinations.

I totally get that what I should do here is just add some DNS servers in the System/General area. I just want to try and understand how things are working presently before I go and change it.

Thanks in advance for your help!

Per https://homenetworkguy.com/how-to/configure-intrusion-detection-opnsense/#:~:text=To%20configure%20intrusion%20detection%20in,click%20the%20%E2%80%9CApply%E2%80%9D%20button. I'm adding my public IP to the Home Networks settings area. My concern, though, is that I don't want to have to manually update that address if it changes. Is there some kind of alias or variable I can put into that field that will update when my public IP updates?

Hah I may have found the problem. Based on something I saw about PCI interrupts not being available from the boot process I Google and found https://forums.freebsd.org/threads/vmxnet3-nic-disappeared-after-upgrade-to-freebsd-11-and-pci-e-errors-in-dmesg.58037/. Sure enough in /boot/loader.conf the value hw.pci.enable_msi was set to zero. Changing it to 1 brought back my NICs. I looked and sure enough in my config I had imported from my physical box that value was present under tunables and set to zero. I remedied that promptly.

Is there any harm in clearing out the Tunables section entirely of my config before I import it, just for good measure?

So ifconfig doesnt detect any Interface anymore?

This problem happened again, this time without any interface modifications. No idea what's going on here but clearly this install is somehow unstable after a reboot. An IFConfig shows no physical interfaces whatsoever, only Lo0, ENC0, pflog0, pfsync0 and ovpns1. That last one looks to have retained its config somehow. My two physical interfaces are em0 and em1.

Could I have my VM config messed up somehow? I've gotta get this fixed, I can't have my router be so unreliable.

I didn't think to try that (not much of a Linux guy) though I should have. At boot the console shows only a single interface that isn't one of the original ones and says no interfaces are assigned. If this happens again I'll do an IFConfig. I appreciate the suggestion.

Thanks for the reply. That is definitely a problem. So what are the steps to remove an adapter without hosing my system? They aren't even detected by the OS after reboot so I can't reassign. Is it simply not possible?

Preface: this situation is very likely less bug and more my own fault. I am not laying blame on anyone but myself. I wanted to bring this up, though, as it does seem like odd behavior.

I am making my first foray into virtualization (ESXi 6.7) and I'm working to virtualize my Opnsense install. I did a fresh install, imported my configuration just fine from my former physical install, and was up and running. I had an extraneous interface that I wanted to remove and so I powered off the VM and removed the extra virtual NIC, then powered back on.

Lo and behold, when it booted I was greeted with a message that no interfaces were assigned. I could not log in as root and my normal admin credentials got me in but the familiar console/SSH menu did not come up and I couldn't figure out how to bring it up. My prompt was just a dollar sign and I couldn't sudo either. I was completely locked out and had no means to reassign my interfaces and get up and running again. Even the password reset tool on the install image threw errors and failed to run.

So I get that maybe I missed steps and didn't cleanly remove the interface in Opnsense. But I find it exceedingly odd that the aforementioned actions would affect ALL interfaces and cause them to become unassigned, their configurations wiped from existence. Like I said this is all very likely my fault but it still seems quite bizarre.

EDIT: WOW. This happened again except this time I'm fairly sure I did things right. I went into Interfaces / Assignments and deleted the interface there. I did not remove it from the VM. On the next reboot BAM, no interfaces assigned. In fact it flat-out doesn't even look list my interfaces like the VM thinks the hardware isn't there at all. Restoring from one of Opnsense's backups (menu option 13) doesn't help (this time I gave myself SSH/Console access). Time to revert to a snapshot. Thank God for virtual machines.

Update for you all. I ran Memtest and right out of the gate was presented with a bevy of errors. I then re-ran it testing each of the two RAM sticks individually and both came back clean. I then tested both sticks at once again (possibly swapping their positions...I don't recall) and came back again with no errors. Per the documentation for Memtest that's not entirely unexpected with dual-channel RAM. I then ran the system through Linpack and it passed all the CPU tests. I've had it up and looking quite stable for well over 24 hours now so I'm cautiously optimistic.

I've rebooted it and I'm giving the system another 24 hours to think about what it's done. If it can pass that test I want to play with removing some of the workarounds that I entered for the Apollo Lake chipset just to see what happens. Or who knows...at that point I may be so fed up with working on this I'll run some performance tests and call it good.

Big thanks to everyone for your help and advice. I don't think I would have gotten here nearly as quickly or without far more effort without your help.

Thanks azdps! Doesn't it say so within that thread? From there:

omber
Update for ya'll looking at this in Q3 of 2018.

This is caused by a kernel bug in FreeBSD 11.1 branch on which pfSense 2.4 branch is based.
You can run legacy pfSense 2.3 release (based on FreeBSD 10.3) without issues. Package installation is not supported, however, so things like OpenVPN Client Export are not possible.
According to FreeBSD 11.2 release notes this should be fixed. See Section 5.2 Kernel Bug Fixes https://www.freebsd.org/releases/11.2R/relnotes.html. Upcoming pfSense 2.4.4 should be based on FreeBSD 11.2.

Bart I appreciate the help. For whatever reason I couldn't get the computer to recognize a bootable stresslinux flash drive. I used Rufus as well as Imagewriter but to no avail. I tried the same with Memtest and while the drive was recognized upon selecting it for boot I was immediately taken back to the boot options screen. I'll have to fiddle with settings a bit to see if I can get this working. Alternatively I have an extra SSD that I can try writing Memtest or StressLinux to. I'll report back here when I have something.

Also of note is that I've thus far tried just about every settings change I can find related to Apollo Lake chipsets including setting hint.hpet.0.clock="0" in /boot/loader.conf.local. From what I'm reading my guess is that OpnSense 19.7 supports Apollo Lake and the J3455 chipset without a bunch of contortions and workarounds...but any verification I can get would be great.

Also to try and rule out my SSD I want to run off the live installer via flash drive for a bit and see if the crash reproduces.

Thanks for the continued help.

Thanks for writing. I'd love to try using that program but I can't get my computer to recognize the drive with the bootable image on it after writing. Is that some sort of whole-system testing suite? Or alternatively would something like Prime95 accomplish what you're suggesting?