Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - ekke

Pages1
#1
24.1, 24.4 Legacy Series / Re: Unbound keep crashing
August 29, 2024, 03:59:10 PM
Quote from: waxhead on February 18, 2024, 11:35:10 AM
I find that quite often (several times week/day) DNS have stopped working due to Unbound being stopped as well.

Under system->general->logfiles it seems like the reason is a segfault:
<6>pid 57337 (unbound), jid 0, uid 59: exited on signal 11

It has been like this since 23.7 and also now with 24.1. For my use on this box it is not critical , but rather an annoyance.
The only thing that differs from the default is that I have enabled nearly everything on the blocklist under the DNBL drop down menu.
In addition I have also added a URL to my own blocklist that resides on a remote server in the form of "http://example.com/blocklist.txt" - that connection has been difficult at times, but I imagine a non-existing file should NOT cause any issues with Unbound, but then again that is the only thing I can think of.

As a side note - it would be great if it was possible to configure what to do if a service crash. (restart n-times before giving up, send mail, run a script (write to rs232 for example))

I have also this issue with unbound. I have set a daily restart of opnsense and its little better now, but now and then unbound still crashes!

it cant go many hour before it crashes....

opnsense used to be stable, this is really bad!


2024-08-29T15:56:58   Notice   dhclient   dhclient-script: Creating resolv.conf   
2024-08-29T15:56:58   Notice   dhclient   dhclient-script: Reason RENEW on igc0 executing   
2024-08-29T15:56:08   Warning   radvd   prefix length should be 64 for igc1   
2024-08-29T15:55:13   Notice   dhcp6c   dhcp6c_script: RENEW on igc0 executing   
2024-08-29T15:55:00   Notice   send_telemetry.py   telemetry data collected 2 records in 0.03 seconds @2024-08-29 13:54:55.508004   
2024-08-29T15:54:52   Notice   dhcp6c   dhcp6c_script: RENEW on igc0 executing   
2024-08-29T15:52:13   Error   opnsense   /usr/local/sbin/pluginctl: The command '/bin/kill -'TERM' '89172''(pid:/var/run/unbound.pid) returned exit code '1', the output was 'kill: 89172: No such process'   
2024-08-29T15:51:07   Warning   radvd   prefix length should be 64 for igc1   
2024-08-29T15:47:30   Warning   radvd   prefix length should be 64 for igc1   
2024-08-29T15:46:58   Notice   dhclient   dhclient-script: Creating resolv.conf   
2024-08-29T15:46:58   Notice   dhclient   dhclient-script: Reason RENEW on igc0 executing   
2024-08-29T15:40:27   Warning   radvd   prefix length should be 64 for igc1   
2024-08-29T15:38:33   Notice   dhcp6c   dhcp6c_script: RENEW on igc0 executing   
2024-08-29T15:38:12   Notice   dhcp6c   dhcp6c_script: RENEW on igc0 executing   
2024-08-29T15:36:58   Notice   dhclient   dhclient-script: Creating resolv.conf   
2024-08-29T15:36:58   Notice   dhclient   dhclient-script: Reason RENEW on igc0 executing   
2024-08-29T15:33:28   Warning   radvd   prefix length should be 64 for igc1   
2024-08-29T15:26:58   Notice   dhclient   dhclient-script: Creating resolv.conf   
2024-08-29T15:26:58   Notice   dhclient   dhclient-script: Reason RENEW on igc0 executing   
2024-08-29T15:26:57   Warning   radvd   prefix length should be 64 for igc1   
2024-08-29T15:21:53   Notice   dhcp6c   dhcp6c_script: RENEW on igc0 executing   
2024-08-29T15:21:32   Notice   dhcp6c   dhcp6c_script: RENEW on igc0 executing   
2024-08-29T15:18:18   Warning   radvd   prefix length should be 64 for igc1   
2024-08-29T15:16:58   Notice   dhclient   dhclient-script: Creating resolv.conf   
2024-08-29T15:16:58   Notice   dhclient   dhclient-script: Reason RENEW on igc0 executing   
2024-08-29T15:08:45   Warning   radvd   prefix length should be 64 for igc1   
2024-08-29T15:06:58   Notice   dhclient   dhclient-script: Creating resolv.conf   
2024-08-29T15:06:58   Notice   dhclient   dhclient-script: Reason RENEW on igc0 executing   
2024-08-29T15:05:13   Notice   dhcp6c   dhcp6c_script: RENEW on igc0 executing   
2024-08-29T15:04:52   Notice   dhcp6c   dhcp6c_script: RENEW on igc0 executing   
2024-08-29T15:01:05   Notice   syslog-ng   Configuration reload finished;   
2024-08-29T15:01:05   Notice   syslog-ng   Configuration reload request received, reloading configuration;   
2024-08-29T14:59:40   Warning   radvd   prefix length should be 64 for igc1   
2024-08-29T14:56:58   Notice   dhclient   dhclient-script: Creating resolv.conf   
2024-08-29T14:56:58   Notice   dhclient   dhclient-script: Reason RENEW on igc0 executing   
2024-08-29T14:54:58   Warning   radvd   prefix length should be 64 for igc1   
2024-08-29T14:48:33   Notice   dhcp6c   dhcp6c_script: RENEW on igc0 executing   
2024-08-29T14:48:12   Notice   dhcp6c   dhcp6c_script: RENEW on igc0 executing   
2024-08-29T14:46:58   Notice   dhclient   dhclient-script: Creating resolv.conf   
2024-08-29T14:46:58   Notice   dhclient   dhclient-script: Reason RENEW on igc0 executing   
2024-08-29T14:45:24   Warning   radvd   prefix length should be 64 for igc1   
2024-08-29T14:38:24   Warning   radvd   prefix length should be 64 for igc1   
2024-08-29T14:36:58   Notice   dhclient   dhclient-script: Creating resolv.conf   
2024-08-29T14:36:58   Notice   dhclient   dhclient-script: Reason RENEW on igc0 executing   
2024-08-29T14:33:45   Warning   radvd   prefix length should be 64 for igc1   
2024-08-29T14:31:53   Notice   dhcp6c   dhcp6c_script: RENEW on igc0 executing   
2024-08-29T14:31:32   Notice   dhcp6c   dhcp6c_script: RENEW on igc0 executing   
2024-08-29T14:27:39   Warning   radvd   prefix length should be 64 for igc1   
2024-08-29T14:26:58   Notice   dhclient   dhclient-script: Creating resolv.conf   
2024-08-29T14:26:58   Notice   dhclient   dhclient-script: Reason RENEW on igc0 executing
#2
24.7, 24.10 Series / Unbound crashes
August 16, 2024, 11:52:11 PM
Starting the service doesnt work, I need to reboot the router for unbound to start again.

any ideas?


2024-08-16T23:49:01   Warning   radvd   prefix length should be 64 for igc1   
2024-08-16T23:45:39   Notice   dhclient   dhclient-script: Creating resolv.conf   
2024-08-16T23:45:39   Notice   dhclient   dhclient-script: Reason RENEW on igc0 executing   
2024-08-16T23:45:21   Notice   flowd_aggregate.py   vacuum done   
2024-08-16T23:45:10   Warning   radvd   prefix length should be 64 for igc1   
2024-08-16T23:44:32   Notice   dhcp6c   dhcp6c_script: RENEW on igc0 executing   
2024-08-16T23:44:22   Notice   dhcp6c   dhcp6c_script: RENEW on igc0 executing   
2024-08-16T23:44:03   Error   opnsense   /usr/local/sbin/pluginctl: The command '/bin/kill -'TERM' '93298''(pid:/var/run/unbound.pid) returned exit code '1', the output was 'kill: 93298: No such process'   
2024-08-16T23:44:03   Notice   opnsense   /usr/local/sbin/pluginctl: plugins_configure unbound_start (execute task : unbound_configure_do(1))   
2024-08-16T23:44:03   Notice   opnsense   /usr/local/sbin/pluginctl: plugins_configure unbound_start (1)   
2024-08-16T23:43:58   Notice   opnsense   /usr/local/sbin/pluginctl: plugins_configure unbound_stop (execute task : unbound_service_stop(1))   
2024-08-16T23:43:58   Notice   opnsense   /usr/local/sbin/pluginctl: plugins_configure unbound_stop (1)   
2024-08-16T23:43:51   Notice   configctl   event @ 1723844631.14 exec: system event config_changed response: OK   
2024-08-16T23:43:51   Notice   configctl   event @ 1723844631.14 msg: Aug 16 23:43:51 OPNsense.netlabs.se config[42050]: config-event: new_config /conf/backup/config-1723844631.1397.xml   
2024-08-16T23:43:19   Notice   configctl   event @ 1723844598.53 exec: system event config_changed response: OK   
2024-08-16T23:43:19   Notice   configctl   event @ 1723844598.53 msg: Aug 16 23:43:18 OPNsense.netlabs.se config[95365]: config-event: new_config /conf/backup/config-1723844598.2477.xml   
2024-08-16T23:40:19   Warning   radvd   prefix length should be 64 for igc1   
2024-08-16T23:35:56   Notice   flowd_aggregate.py   vacuum dst_port_086400.sqlite   
2024-08-16T23:35:39   Notice   dhclient   dhclient-script: Creating resolv.conf   
2024-08-16T23:35:39   Notice   dhclient   dhclient-script: Reason RENEW on igc0 executing
#3
24.7, 24.10 Series / Unbound crashing very often, everytime I appliy config
July 28, 2024, 12:29:30 AM
So Unbound crashes almost everytime I add config and apply it, eg adding static entries via override.
any tips on where to start troubleshoot this issue?

logs:

QuoteNotice   unbound   daemonize unbound dhcpd watcher.   
2024-07-27T19:41:19   Critical   unbound   [76119:0] fatal error: failed to setup modules   
2024-07-27T19:41:19   Error   unbound   [76119:0] error: module init for module python failed   
2024-07-27T19:41:19   Error   unbound   [76119:0] error: python exception in Py_InitializeFromConfig: init_fs_encoding: failed to get the Python codec of the filesystem encoding   
2024-07-27T19:41:19   Notice   unbound   [76119:0] notice: init module 0: python   
2024-07-27T19:37:42   Informational   unbound   [80967:0] info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0
#4
General Discussion / Re: Installing Zeek/Bro
April 14, 2021, 09:21:15 PM
ANy update pn this issue ? Zeek is availble on pfsense
#5
Documentation and Translation / Re: AdGuard Home setup guide
March 25, 2021, 09:34:48 AM
AdGuard seems to be amazing! really slick interface and usefull features!
#6
General Discussion / Re: Feature Request Sandbox.
January 05, 2021, 12:02:23 PM
THis type of integration os to complex for , requires too much resources for the OPNSense project.
Or Am I wrong ?

What can be done is to send files from suricata to cuckoo, with no bidirecitonal integration.
#7
18.1 Legacy Series / Re: /usr/local/etc/bogonsv6 too big
February 07, 2018, 09:13:05 PM
Quote from: franco on February 07, 2018, 02:14:44 PM
It's normally over 1 MB once updated. The small file is the bootstrap file we ship with the core package.

If bogons are too big, you will have to disable them. Never heard of it before, half-guessing it is due to your hardware... how much RAM do you have?


Cheers,
Franco

xeon 1230v3 8GB RAM
#8
18.1 Legacy Series / /usr/local/etc/bogonsv6 too big
February 07, 2018, 12:02:23 AM

https://www.dropbox.com/s/7tswaldhlmkdgyg/opnsense.PNG?dl=0

ll /usr/local/etc/bogonsv6
-rw-r--r--  1 root  wheel  1492763 Jan 30 23:09 /usr/local/etc/bogonsv6

I get a error when OPNSense tries to load this list. for now I have commented it out.

#9
17.7 Legacy Series / Performance issues
September 26, 2017, 11:24:50 PM
Im running OPNsense on a xeon 1230v2 8GB with Intel 82574L x 2 onboard on a 1000/100 FTTH.

Before I ran pfSense under ESXi  with similar performance problems with a xeon 1220v3 / SM X10SL7-F. I switched to baremetal and downgraded the motherboard since it was overkill for a fw(it was my old freenas board)

I cant reach above ~350Mbit down and ~30Mbit up with either pfSense or OPNsense on baremetal.
At first I ran pfSense under ESXi, but I migrated to baremetal thinking there was some sort of latency issue causing the problems

With the old cheap ASUS 56u (40ish usd) home router I get 800 Mbit down and 100Mbit up

Benchmark setup.
Internet - switch- OPNsense- test computer
                        \-Asus 56u- test computer

IPS enabled or disabled doesn't matter when I use hyperscan as algorithm for suricata.
CPU utilization peaks at 19%.

Any ides on how I can improve performance?
#10
17.7 Legacy Series / Re: Mobile IPSec
September 23, 2017, 07:32:09 PM
I did also change identifier, but I couldn't get a successfull connection from my mobile until I restarted the IPSec service, which seems abit odd.
#11
17.7 Legacy Series / Re: Mobile IPSec
September 23, 2017, 12:18:21 AM
duh! I forgot to restart the IPSec service :) Working now....
#12
17.7 Legacy Series / Re: Mobile IPSec
September 22, 2017, 09:10:36 PM
thanx for the replay,

no my android mobile says failed unfortunately .
#13
17.7 Legacy Series / [SOLVED] Mobile IPSec
September 22, 2017, 01:56:08 AM
Im getting this error message in the logs,  queue full? what does that mean?

Sep 22 01:52:58   charon: 09[JOB] deleting half open IKE_SA with 94.234.170.103 after timeout
Sep 22 01:52:55   charon: 09[IKE] ignoring INFORMATIONAL_V1 request, queue full
Sep 22 01:52:55   charon: 09[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (92 bytes)
Sep 22 01:52:55   charon: 09[NET] sending packet: from 85.225.138.8[500] to 94.234.170.103[13590] (429 bytes)
Sep 22 01:52:55   charon: 09[IKE] received retransmit of request with ID 0, retransmitting response
Sep 22 01:52:55   charon: 09[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (782 bytes)
Sep 22 01:52:53   charon: 10[IKE] ignoring INFORMATIONAL_V1 request, queue full
Sep 22 01:52:53   charon: 10[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (92 bytes)
Sep 22 01:52:52   charon: 10[NET] sending packet: from 85.225.138.8[500] to 94.234.170.103[13590] (429 bytes)
Sep 22 01:52:52   charon: 10[IKE] sending retransmit 3 of response message ID 0, seq 1
Sep 22 01:52:51   charon: 10[IKE] ignoring INFORMATIONAL_V1 request, queue full
Sep 22 01:52:51   charon: 10[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (92 bytes)
Sep 22 01:52:51   charon: 10[NET] sending packet: from 85.225.138.8[500] to 94.234.170.103[13590] (429 bytes)
Sep 22 01:52:51   charon: 10[IKE] received retransmit of request with ID 0, retransmitting response
Sep 22 01:52:51   charon: 10[NET] received packet: from 94.234.170.103[9039] to 85.225.138.8[4500] (782 bytes)
Sep 22 01:52:49   charon: 10[IKE] ignoring INFORMATIONAL_V1 request, queue full
Pages1