Messages

I also have this strange problem.
However, I noticed that when I click on "Add Alias", the window does not appear in the middle but in the top left corner above the "OPNsense Logo".
I think the error is in the correct positioning of the edit window.
See attachment

Hello,

i can't upload templates since 20.7.7_x, too.
The error log seems to be fine: no error log point to a failed upload.

How we can fix this quickly (as tong2x asked, how to upload without GUI)?

*sarcasm on* thank you for the very helpful response *sarcsm off*

At Sophos XG, you can set neighbor-ip's for rip with the command "neighbor a.b.c.d".

So far I was not aware that you can set something like this. I wonder if this is RIP-compliant or a Sophos developed extension for RIP.

Hi guys,

can we set the neighbor-ip in the RIP-Settings for OPNsense to use unicast-messages to the neighbor?

Thanks and

Greetings
Mike

Hey guys,

where is the forum for OPNsense 20.1? I think, i'm missing this :D

Cheers
Migele

Have you add a rule for the "interface" wireguard to pass the traffic?
When i first configure the wireguard-connection, i wonder why there are successful handshakes between server and peer, but no traffic incoming. So i check this and found, that there is no "pass all"-rule. And now it's working.

[Real-Server]

Hello,

actually i work on a redirect-rule in HAProxy, which doesn't work.
In my example, a call to http://intranet.complex.org should redirected to http://intranet.complex.org/department. Following is the configured setup. What i do wrong?

This is what i already configured (IP's and Names are fictional):

Real-Server
Name:              Webserver
IP:                   192.168.69.69
Port:                 80

Condition:
Name:              Intranet
Type:                Host start with
Prefix:              intranet

Rule:
Name:              Intranet
Test type:         IF
condition:         Intranet
Log. operator:   none
execute func:    http-request redirect
HTTP Redirect:  location http://intranet.complex.org/department

Backend Pool:
Name:              Intranet
Servers:           Webserver
Rules:              Intranet

Public Service:
Name:              HTTP_Internal
Listen-Address: 192.168.69.1:80
Backend-Pool:   none
Rules:               Intranet

No errors occured if  i connect with my PC and OPNsense 18.7 on my APU1D-Board to described site.
A TCPDump does not give any errors. Everything seems fine to me. Maybe, it's your ISP?
Will that problem happen again when you go back to your OPNsense?

Hello,

I went to the remote office today and take the OPNsense...after I opened the box, I noticed that I gave wrong information. There was not a SSD inside, but an SD-Card. My Fail, sorry!
So i plug the SD-Card in my Linux-Machine and wanted to access to this. Nothing...
Gparted say me, the card ist not o.k.. I run some tests and realized that the card ist broken.
So i replaced the SD-Card with a SDD, and now its running fine.

I close this thread as solved. Thanks franco for take time to help me...the error was not the error I had hoped for, the error was irreparable.  :D

When i check the config history, there are several entrys. So my idea was, to made the "final" settings with SSH, delete two users i had added some time ago and delete all forerunning configs except the new one.

If i reboot the box, all forerunning configs are back how recovered. The SSH-settings are lost and the two "deleted" users back. After this, i took a look in the system.log.

Some entries appear that indicate an error. But why does the old Config appear again and again despite the new configuration?

Code Select Expand

May 17 08:32:47 firewall syslogd: kernel boot file is /boot/kernel/kernel
May 17 08:32:47 firewall kernel: OWNER=root MODE=100644
May 17 08:32:47 firewall kernel: WARNING: /mnt: reload pending error: blocks 64 files 101
May 17 08:32:47 firewall kernel: WARNING: /mnt was not properly dismounted
May 17 08:32:47 firewall kernel: tun1: changing name to 'ovpnc1'
May 17 08:32:47 firewall sshlockout[504]: sshlockout/webConfigurator v3.0 starting up
May 17 08:32:47 firewall kernel:
May 17 08:32:47 firewall kernel: re0: link state changed to UP
May 17 08:32:47 firewall configd.py: [a3037013-92fe-464d-a728-e0a0110e3e6f] Linkup starting re0
May 17 08:32:48 firewall opnsense: /usr/local/etc/rc.bootup: The command '/sbin/ifconfig 'pppoe0' inet6 -accept_rtadv' returned exit code '1', the output was 'ifconfig: interface pppoe0 does not exist'
May 17 08:32:48 firewall kernel:
May 17 08:32:48 firewall kernel: re1: link state changed to UP
May 17 08:32:48 firewall configd.py: [490dd0d9-488f-4502-a919-cf057a1dea9c] Linkup starting re1
May 17 08:32:48 firewall kernel: ng0: changing name to 'pppoe0'
May 17 08:32:49 firewall configd.py: [0edc9e6d-b783-4c48-9227-6840eefa25d7] Rewriting resolv.conf
May 17 08:32:50 firewall opnsense: /usr/local/etc/rc.bootup: Resyncing OpenVPN instances.
May 17 08:32:50 firewall kernel: done.
May 17 08:32:50 firewall kernel: ovpnc1: link state changed to UP
May 17 08:32:50 firewall configd.py: [b2b9e9b4-5e2b-44a9-93da-a3f852798611] New IPv4 on ovpnc1
May 17 08:32:50 firewall configd.py: [0eb60145-5ec6-4d4e-a4d3-ef040453dc29] New IPv4 on pppoe0
May 17 08:32:51 firewall kernel: pflog0: promiscuous mode enabled
May 17 08:32:52 firewall kernel: .done.
May 17 08:32:52 firewall configd.py: [5328beb9-b1ac-4d76-abd4-fbb03804b8c3] generate template OPNsense/WebGui
May 17 08:32:53 firewall configd.py: generate template container OPNsense/WebGui
May 17 08:32:53 firewall lighttpd[666]: (server.c.1412) server started (lighttpd/1.4.48)
May 17 08:32:53 firewall kernel: done.
May 17 08:32:53 firewall opnsense: /usr/local/etc/rc.bootup: ROUTING: setting IPv4 default route to 82.82.7.107
May 17 08:32:53 firewall kernel: done.
May 17 08:32:53 firewall kernel: done.
May 17 08:32:54 firewall kernel: done.
May 17 08:32:55 firewall kernel: done.
May 17 08:32:56 firewall kernel: done.
May 17 08:32:57 firewall kernel: ...
May 17 08:32:58 firewall configd.py: [4b8e0537-230d-4214-988c-49d97ea67118] generate template *
May 17 08:32:58 firewall kernel: .done.
May 17 08:32:59 firewall configd.py: generate template container OPNsense/Auth
May 17 08:32:59 firewall configd.py: generate template container OPNsense/Captiveportal
May 17 08:33:00 firewall configd.py: generate template container OPNsense/Cron
May 17 08:33:00 firewall configd.py: generate template container OPNsense/IDS
May 17 08:33:01 firewall configd.py: generate template container OPNsense/IPFW
May 17 08:33:02 firewall configd.py: generate template container OPNsense/Macros
May 17 08:33:02 firewall configd.py: generate template container OPNsense/Netflow
May 17 08:33:02 firewall configd.py: generate template container OPNsense/Proxy
May 17 08:33:05 firewall configd.py: generate template container OPNsense/Sample
May 17 08:33:05 firewall configd.py: generate template container OPNsense/Sample/sub1
May 17 08:33:05 firewall configd.py: generate template container OPNsense/Sample/sub2
May 17 08:33:05 firewall configd.py: generate template container OPNsense/Syslog
May 17 08:33:05 firewall configd.py: generate template container OPNsense/WebGui
May 17 08:33:08 firewall opnsense: /usr/local/etc/rc.bootup: Dynamic DNS: updating cache file /var/cache/dyndns_wan_golfisforoldies_0.cache: x.x.x.x
May 17 08:33:08 firewall opnsense: /usr/local/etc/rc.bootup: Dynamic DNS: (Success) No change in IP address
May 17 08:33:09 firewall kernel: done.
May 17 08:33:12 firewall configd.py: [76bf7f8e-3973-48fe-bcef-3a6a43cef854] generate template OPNsense/Syslog
May 17 08:33:12 firewall kernel: done.
May 17 08:33:12 firewall configd.py: generate template container OPNsense/Syslog
May 17 08:33:12 firewall root: /etc/rc.d/hostid: WARNING: hostid: unable to figure out a UUID from DMI data, generating a new one
May 17 08:33:15 firewall kernel: done.
May 17 08:33:20 firewall configd.py: [4dbc5bd8-cd50-4ce3-abd8-fd0757ebb859] restarting cron
May 17 08:33:20 firewall sshlockout[1731]: sshlockout/webConfigurator v3.0 starting up
May 17 08:33:20 firewall kernel: OK
May 17 08:33:22 firewall kernel:
May 17 08:33:23 firewall kernel:
May 17 08:33:23 firewall getty[1805]: open /dev/ttyv2: No such file or directory
May 17 08:33:23 firewall getty[1805]: open /dev/ttyv2: No such file or directory
May 17 08:33:23 firewall getty[1806]: open /dev/ttyv3: No such file or directory
May 17 08:33:23 firewall getty[1806]: open /dev/ttyv3: No such file or directory
May 17 08:33:23 firewall getty[1810]: open /dev/ttyv7: No such file or directory
May 17 08:33:23 firewall getty[1810]: open /dev/ttyv7: No such file or directory
May 17 08:33:23 firewall getty[1809]: open /dev/ttyv6: No such file or directory
May 17 08:33:23 firewall getty[1809]: open /dev/ttyv6: No such file or directory
May 17 08:33:23 firewall getty[1803]: open /dev/ttyv0: No such file or directory
May 17 08:33:23 firewall getty[1803]: open /dev/ttyv0: No such file or directory
May 17 08:33:23 firewall getty[1804]: open /dev/ttyv1: No such file or directory
May 17 08:33:23 firewall getty[1804]: open /dev/ttyv1: No such file or directory
May 17 08:33:23 firewall getty[1808]: open /dev/ttyv5: No such file or directory
May 17 08:33:23 firewall getty[1808]: open /dev/ttyv5: No such file or directory
May 17 08:33:23 firewall getty[1807]: open /dev/ttyv4: No such file or directory
May 17 08:33:23 firewall getty[1807]: open /dev/ttyv4: No such file or directory
May 17 08:36:09 firewall opnsense: /index.php: Successful login for user 'root' from: x.x.x.x
May 17 08:36:12 firewall configd.py: [47fb7cb8-b157-4add-b21a-8321f0f293fc] request pfctl byte/packet counters
May 17 08:36:18 firewall configd.py: [ade9dabe-f468-4289-92a1-44e7a9cdb466] request pfctl byte/packet counters
May 17 08:36:21 firewall configd.py: [a5d5d55a-73c1-4dfc-88d4-1c3a6be851ef] list ssl ciphers
May 17 08:48:27 firewall configd.py: [295e7714-3da2-4ad5-a9cd-190997e59cab] list ssl ciphers
May 17 08:48:33 firewall configd.py: [8c95c3ac-50bd-4789-b817-d18de94d83b7] Reloading filter
May 17 08:48:36 firewall opnsense: /system_advanced_admin.php: There is something wrong in your config because user sbtadmin password is missing!
May 17 08:48:36 firewall opnsense: /system_advanced_admin.php: There is something wrong in your config because user netbackup password is missing!
May 17 08:48:36 firewall opnsense: /system_advanced_admin.php: The command '/usr/sbin/pw 'groupadd' 'admins' -g '1999' -M '0,2000'' returned exit code '67', the output was 'pw: user `2000' does not exist'
May 17 08:48:36 firewall configd.py: [ce78b5f0-8fd1-4d85-8af2-6d694216942f] generate template OPNsense/Auth
May 17 08:48:37 firewall configd.py: generate template container OPNsense/Auth
May 17 08:48:39 firewall configd.py: [2787cb60-2b69-4dee-bac8-2d8e0f007774] restarting openssh
May 17 08:48:40 firewall configd.py: [3b480e09-2710-492f-9fe9-d2a341f6ba72] list ssl ciphers
May 17 08:48:40 firewall sshd[3446]: Server listening on :: port 22.
May 17 08:48:40 firewall sshd[3446]: Server listening on 0.0.0.0 port 22.
May 17 08:48:57 firewall configd.py: [a8fbe8c0-0936-493b-9d63-c632eb6bbf0c] request osfp
May 17 08:49:07 firewall configd.py: [0419cf8c-2a5a-45a8-b78d-dee32cf29a21] request osfp
May 17 08:49:10 firewall configd.py: [3d0d7959-d037-44f2-9cc0-bf9a4ea7f111] restarting cron
May 17 08:49:12 firewall configd.py: [db85f4e5-5c01-4fbe-b3f9-a4882241584a] Reloading filter
May 17 08:49:24 firewall configd.py: [ae7e48cb-48b0-4597-87ae-270e37b6071c] request pfctl byte/packet counters
May 17 08:49:31 firewall configd.py: [f75e2b2b-cdaa-4a7e-895e-5e0177ca950e] request pfctl byte/packet counters
May 17 08:49:32 firewall opnsense: user 'root' authenticated successfully
May 17 08:49:32 firewall sshd[3647]: Accepted keyboard-interactive/pam for root from x.x.x.x port 59831 ssh2
May 17 08:49:37 firewall configd.py: [42c07467-7064-4828-8593-a6d980a4a8f8] request pfctl byte/packet counters
May 17 08:49:43 firewall configd.py: [dbe99114-02c2-4305-85e1-8dafeda54b83] request pfctl byte/packet counters
May 17 08:49:49 firewall configd.py: [fd2e06d6-539c-4451-b843-c7958ff99077] request pfctl byte/packet counters
May 17 08:49:49 firewall opnsense: user 'root' authenticated successfully
May 17 08:49:50 firewall sshd[3817]: Accepted keyboard-interactive/pam for root from x.x.x.x port 51281 ssh2
899eb5745c2] retrieve upgrade progress status

I think, the problem with the config are two errors. The one:

Code Select Expand

May 17 08:32:47 firewall kernel: WARNING: /mnt: reload pending error: blocks 64 files 101
May 17 08:32:47 firewall kernel: WARNING: /mnt was not properly dismounted

and the other:

Code Select Expand

May 17 08:48:36 firewall opnsense: /system_advanced_admin.php: The command '/usr/sbin/pw 'groupadd' 'admins' -g '1999' -M '0,2000'' returned exit code '67', the output was 'pw: user `2000' does not exist'

I'm starting to think about rebuilding the OPNsense. But I am interested in the error and how to fix it without reinstallation.

Hi Franco,

Did you install any manual ports or FreeBSD packages?

there are no additional Python 3 packages. Python 3 isn't installed. Only "python2.7" and "python2.7-config".

The following packages are installed, which have something to do with Python:

• py27-asn1crypto
• py27-Babel
• py27-certifi
• py27-cffi
• py27-chardet 
• py27-cryptography
• py27-enum34
• py27-idna
• py27-ipaddress
• py27-Jinja2   2.10
• py27-MarkupSafe
• py27-netaddr
• py27-openssl
• py27-pycparser
• py27-pysocks
• py27-pytz 
• py27-requests
• py27-setuptools
• py27-six   
• py27-sqlite3
• py27-ujson 
• py27-urllib3
• python27

Only one plugin for DynDNS is installed...

Code Select Expand

root@firewall:~ # uname -a
FreeBSD firewall.example.com 11.0-RELEASE-p17 FreeBSD 11.0-RELEASE-p17 #0 14a0f7db3(stable/17.7): Tue Dec 12 03:19:44 CET 2017     root@sensey64:/usr/obj/usr/src/sys/SMP  amd64
root@firewall:~ # freebsd-version -u
11.0-RELEASE-p17
root@firewall:~ #


Code Select Expand

root@firewall:~ # opnsense-update -sn "18.1\/latest"
root@firewall:~ # pkg bootstrap -f
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+http://pkg.opnsense.org/FreeBSD:11:amd64/18.1/latest, please wait...
No trusted fingerprint found matching package's certificate
root@firewall:~ # sudo pkg upgrade -f
Updating OPNsense repository catalogue...
pkg: Repository OPNsense has a wrong packagesite, need to re-create database
Fetching meta.txz: 100%    1 KiB   1.5kB/s    00:01
pkg: No trusted public keys found
repository OPNsense has no meta file, using default settings
Fetching packagesite.txz: 100%  130 KiB 133.6kB/s    00:01
pkg: No trusted public keys found
Unable to update repository OPNsense
Error updating repositories!


After search this Forum about "No trusted fingerprint found matching package's certificate" i found this thread https://forum.opnsense.org/index.php?topic=4668.0

So i run the following "updated" script:

Code Select Expand

# pkg install ca_root_nss
# fetch https://raw.githubusercontent.com/opnsense/update/master/bootstrap/opnsense-bootstrap.sh
# sh ./opnsense-bootstrap.sh

Now, all seems perfect. But at the point, where the system tries to install / extract pkg-1.10.5 i lost my ssh session.
So, i have to login over the gui and have to enable ssh again, because after every reboot the settings with enabled ssh get lost and i have to reactivitate this ssh-setting. After i run the opnsense-bootstrap-script again, the ssh session stopped at same point at "Extract pkg-1.10.5".

The firewall is at a remote point. We currently can't access directly. We try several ways, but i think, if we fix the error with the always resetted config, we can run the update perfectly...

Hello Guys,

today, i saw, that one of our firewalls are on a older version (17.7.11). Now, i want to move to a newer version...

I try the update from the GUI. First the OPNsense has made an update to the 17.7.12 without reboot.
Then, as usual, I had to "unlock" the upgrade to 18.1 in the GUI to be able to install the latest version afterwards. After the upgrade, OPNsense will restart automatically, but after login, OPNsense shows me the version 17.7.11.

The same issue occure, when i try these steps from Shell and running "opnsense-upgrade", "pkg update -f" or rather with "opnsense-update" and type "18.1". In addition, the upgrade via the menu item "12" for a "Upgrade" do work, but after a new reboot, it will boot with 17.7.11 again :-/

What I also noticed is that the configuration does not contain the latest changes after each restart.

This machine is a APU1D4 with 16GB SSD-Storage, and how the name describes with 4GB RAM...

What can I do, to resolve this problem and switch to a new secure platform?



Cheers Mikele

pump...I don't usually do this, but I think the problem should be solved.
The problem already existed on pfSense.
What information do you need to find the problem?

I think, it's the same i posted some time ago. You are not alone...
https://forum.opnsense.org/index.php?topic=6496.msg27888#msg27888

Thank you for the fast answers.  :)

So i think, it's better for us, to stop installing i386 for this year to save much work and use only x64 for the future.

@franco: Short question: Why publish only 18.1 & 18.7 with i386 support? I assumed that every released version (18.1, 18.2 18.3,....) had both architectures until OPNsense 19.1 resp. FreeBSD 12 appears.  ::)

Regards
Mike