Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - ekke

Pages1
#1
24.7, 24.10 Legacy Series / Unbound crashes
August 16, 2024, 11:52:11 PM
Starting the service doesnt work, I need to reboot the router for unbound to start again.

any ideas?


2024-08-16T23:49:01   Warning   radvd   prefix length should be 64 for igc1   
2024-08-16T23:45:39   Notice   dhclient   dhclient-script: Creating resolv.conf   
2024-08-16T23:45:39   Notice   dhclient   dhclient-script: Reason RENEW on igc0 executing   
2024-08-16T23:45:21   Notice   flowd_aggregate.py   vacuum done   
2024-08-16T23:45:10   Warning   radvd   prefix length should be 64 for igc1   
2024-08-16T23:44:32   Notice   dhcp6c   dhcp6c_script: RENEW on igc0 executing   
2024-08-16T23:44:22   Notice   dhcp6c   dhcp6c_script: RENEW on igc0 executing   
2024-08-16T23:44:03   Error   opnsense   /usr/local/sbin/pluginctl: The command '/bin/kill -'TERM' '93298''(pid:/var/run/unbound.pid) returned exit code '1', the output was 'kill: 93298: No such process'   
2024-08-16T23:44:03   Notice   opnsense   /usr/local/sbin/pluginctl: plugins_configure unbound_start (execute task : unbound_configure_do(1))   
2024-08-16T23:44:03   Notice   opnsense   /usr/local/sbin/pluginctl: plugins_configure unbound_start (1)   
2024-08-16T23:43:58   Notice   opnsense   /usr/local/sbin/pluginctl: plugins_configure unbound_stop (execute task : unbound_service_stop(1))   
2024-08-16T23:43:58   Notice   opnsense   /usr/local/sbin/pluginctl: plugins_configure unbound_stop (1)   
2024-08-16T23:43:51   Notice   configctl   event @ 1723844631.14 exec: system event config_changed response: OK   
2024-08-16T23:43:51   Notice   configctl   event @ 1723844631.14 msg: Aug 16 23:43:51 OPNsense.netlabs.se config[42050]: config-event: new_config /conf/backup/config-1723844631.1397.xml   
2024-08-16T23:43:19   Notice   configctl   event @ 1723844598.53 exec: system event config_changed response: OK   
2024-08-16T23:43:19   Notice   configctl   event @ 1723844598.53 msg: Aug 16 23:43:18 OPNsense.netlabs.se config[95365]: config-event: new_config /conf/backup/config-1723844598.2477.xml   
2024-08-16T23:40:19   Warning   radvd   prefix length should be 64 for igc1   
2024-08-16T23:35:56   Notice   flowd_aggregate.py   vacuum dst_port_086400.sqlite   
2024-08-16T23:35:39   Notice   dhclient   dhclient-script: Creating resolv.conf   
2024-08-16T23:35:39   Notice   dhclient   dhclient-script: Reason RENEW on igc0 executing
#2
24.7, 24.10 Legacy Series / Unbound crashing very often, everytime I appliy config
July 28, 2024, 12:29:30 AM
So Unbound crashes almost everytime I add config and apply it, eg adding static entries via override.
any tips on where to start troubleshoot this issue?

logs:

QuoteNotice   unbound   daemonize unbound dhcpd watcher.   
2024-07-27T19:41:19   Critical   unbound   [76119:0] fatal error: failed to setup modules   
2024-07-27T19:41:19   Error   unbound   [76119:0] error: module init for module python failed   
2024-07-27T19:41:19   Error   unbound   [76119:0] error: python exception in Py_InitializeFromConfig: init_fs_encoding: failed to get the Python codec of the filesystem encoding   
2024-07-27T19:41:19   Notice   unbound   [76119:0] notice: init module 0: python   
2024-07-27T19:37:42   Informational   unbound   [80967:0] info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0
#3
General Discussion / Re: Installing Zeek/Bro
April 14, 2021, 09:21:15 PM
ANy update pn this issue ? Zeek is availble on pfsense
#4
Documentation and Translation / Re: AdGuard Home setup guide
March 25, 2021, 09:34:48 AM
AdGuard seems to be amazing! really slick interface and usefull features!
#5
General Discussion / Re: Feature Request Sandbox.
January 05, 2021, 12:02:23 PM
THis type of integration os to complex for , requires too much resources for the OPNSense project.
Or Am I wrong ?

What can be done is to send files from suricata to cuckoo, with no bidirecitonal integration.
#6
18.1 Legacy Series / Re: /usr/local/etc/bogonsv6 too big
February 07, 2018, 09:13:05 PM
Quote from: franco on February 07, 2018, 02:14:44 PM
It's normally over 1 MB once updated. The small file is the bootstrap file we ship with the core package.

If bogons are too big, you will have to disable them. Never heard of it before, half-guessing it is due to your hardware... how much RAM do you have?


Cheers,
Franco

xeon 1230v3 8GB RAM
#7
18.1 Legacy Series / /usr/local/etc/bogonsv6 too big
February 07, 2018, 12:02:23 AM

https://www.dropbox.com/s/7tswaldhlmkdgyg/opnsense.PNG?dl=0

ll /usr/local/etc/bogonsv6
-rw-r--r--  1 root  wheel  1492763 Jan 30 23:09 /usr/local/etc/bogonsv6

I get a error when OPNSense tries to load this list. for now I have commented it out.

#8
17.7 Legacy Series / Performance issues
September 26, 2017, 11:24:50 PM
Im running OPNsense on a xeon 1230v2 8GB with Intel 82574L x 2 onboard on a 1000/100 FTTH.

Before I ran pfSense under ESXi  with similar performance problems with a xeon 1220v3 / SM X10SL7-F. I switched to baremetal and downgraded the motherboard since it was overkill for a fw(it was my old freenas board)

I cant reach above ~350Mbit down and ~30Mbit up with either pfSense or OPNsense on baremetal.
At first I ran pfSense under ESXi, but I migrated to baremetal thinking there was some sort of latency issue causing the problems

With the old cheap ASUS 56u (40ish usd) home router I get 800 Mbit down and 100Mbit up

Benchmark setup.
Internet - switch- OPNsense- test computer
                        \-Asus 56u- test computer

IPS enabled or disabled doesn't matter when I use hyperscan as algorithm for suricata.
CPU utilization peaks at 19%.

Any ides on how I can improve performance?
#9
17.7 Legacy Series / Re: Mobile IPSec
September 23, 2017, 07:32:09 PM
I did also change identifier, but I couldn't get a successfull connection from my mobile until I restarted the IPSec service, which seems abit odd.
#10
17.7 Legacy Series / Re: Mobile IPSec
September 23, 2017, 12:18:21 AM
duh! I forgot to restart the IPSec service :) Working now....
#11
17.7 Legacy Series / Re: Mobile IPSec
September 22, 2017, 09:10:36 PM
thanx for the replay,

no my android mobile says failed unfortunately .
#12
17.7 Legacy Series / [SOLVED] Mobile IPSec
September 22, 2017, 01:56:08 AM
Im getting this error message in the logs,  queue full? what does that mean?

Sep 22 01:52:58   charon: 09[JOB] deleting half open IKE_SA with 94.234.170.103 after timeout
Sep 22 01:52:55   charon: 09[IKE] ignoring INFORMATIONAL_V1 request, queue full
Sep 22 01:52:55   charon: 09[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (92 bytes)
Sep 22 01:52:55   charon: 09[NET] sending packet: from 85.225.138.8[500] to 94.234.170.103[13590] (429 bytes)
Sep 22 01:52:55   charon: 09[IKE] received retransmit of request with ID 0, retransmitting response
Sep 22 01:52:55   charon: 09[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (782 bytes)
Sep 22 01:52:53   charon: 10[IKE] ignoring INFORMATIONAL_V1 request, queue full
Sep 22 01:52:53   charon: 10[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (92 bytes)
Sep 22 01:52:52   charon: 10[NET] sending packet: from 85.225.138.8[500] to 94.234.170.103[13590] (429 bytes)
Sep 22 01:52:52   charon: 10[IKE] sending retransmit 3 of response message ID 0, seq 1
Sep 22 01:52:51   charon: 10[IKE] ignoring INFORMATIONAL_V1 request, queue full
Sep 22 01:52:51   charon: 10[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (92 bytes)
Sep 22 01:52:51   charon: 10[NET] sending packet: from 85.225.138.8[500] to 94.234.170.103[13590] (429 bytes)
Sep 22 01:52:51   charon: 10[IKE] received retransmit of request with ID 0, retransmitting response
Sep 22 01:52:51   charon: 10[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (782 bytes)
Sep 22 01:52:49   charon: 10[IKE] ignoring INFORMATIONAL_V1 request, queue full
Pages1