Messages

Hi,

I am asking for help in a case I could swear it worked in the past.

Some days ago I received a mail fom Let's Encrypt about my certificates are about to expire and looked in the ACME Client logs and yeap all attempts to renew where failed.

I briefly describe what was working in the past:

- NAT Port Forward on WAN to ::1 port 80
- HAProxy listening on [::1]:80 and forward ACME HTTP-01 challange requests to [::1]:43580

The redirect is working according to Firewall Live View (see screenshot) but even a tcpdump (/usr/sbin/tcpdump -i lo0 -vv -n port 80) on the loopback device shows no traffic for port 80 and therefore nothing in the logs of HAproxy. I don't see anything blocked and redirects on LAN interface to ::1 are working  :o

As I urgently needed to renew my Let's Encrypt certificates I just added a the VIP fd00:61:63:6d::65 to my LAN interface and changed the NAT Port Forward on WAN to fd00:61:63:6d::65 port 80 and changed the listen address for HAproxy. That worked but no way to get redirect on WAN working again with ::1.

I really don't get into it. Am I missing something?

Thanks and best regards
Ingo

you reverted dhcp6c to 24.7.1 version (dhcp6c-20240710) and installed another newer one with pkg-add later.
Did you test in-between (and rebooted)?

Please test with dhcp6c-20240710 again as it seems you did some changes to the interfaces in between

Also please note that IPv6 DHCP on Deutsche Glasfaser takes 30-60 minutes depending on if you miss the Advertisement

Thanks for jumping in CruxtheNinth. I testet in between with a reboot. After that I  switched back to bare 24.7.2 and than added the newer one with pkg-add. So currently I am on 24.7.2 with the debug package from Franco.

why do you need PPP for DG? That should not longer be necessary according to their own published specs.
Both IPv4 and IPv6 should do DHCP (via IPOE)

Are you mistaking DG with Deutsche GigaNetz? DG in this thread is Deutsche Glasfaser, not Deutsche Giganetz.

No no :) I have a LTE modem (PPP) that was also requesting a dhcpv6 address. I have disabled that to not mix up the logs.  I am a poor Deutsche Glasfaser customer  :)

Ok Franco I disabled the PPP device. This was also requesting an IPv6 for no reason. Output looks ok now for my limited knowledge. But nothing happens ...

<13>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 65073 - [meta sequenceId="392"] RTSOLD script - Sending SIGHUP to dhcp6c
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="393"] restarting
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="394"] removing an event on igb0, state=SOLICIT
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="395"] listing event on igb0, state=SOLICIT
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="396"] <3>[interface] (9)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="397"] <5>[igb0] (4)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="398"] <3>begin of closure [{] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="399"] <3>[send] (4)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="400"] <3>[ia-na] (5)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="401"] <3>

• (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="402"] <3>end of sentence [;] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="403"] <3>comment [# request stateful address] (26)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="404"] <3>[send] (4)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="405"] <3>[ia-pd] (5)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="406"] <3>
• (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="407"] <3>end of sentence [;] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="408"] <3>comment [# request prefix delegation] (27)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="409"] <3>[request] (7)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="410"] <3>[domain-name-servers] (19)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="411"] <3>end of sentence [;] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="412"] <3>[request] (7)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="413"] <3>[domain-name] (11)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="414"] <3>end of sentence [;] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="415"] <3>[script] (6)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="416"] <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="417"] <3>end of sentence [;] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="418"] <3>comment [# we'd like some nameservers please] (35)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="419"] <3>end of closure [}] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="420"] <3>end of sentence [;] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="421"] <3>[id-assoc] (8)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="422"] <13>[na] (2)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="423"] <13>
• (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="424"] <13>begin of closure [{] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="425"] <3>end of closure [}] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="426"] <3>end of sentence [;] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="427"] <3>[id-assoc] (8)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="428"] <13>[pd] (2)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="429"] <13>
• (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="430"] <13>begin of closure [{] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="431"] <3>[prefix] (6)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="432"] <3>[::] (2)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="433"] <3>[/] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="434"] <3>[56] (2)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="435"] <3>[infinity] (8)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="436"] <3>end of sentence [;] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="437"] <3>[prefix-interface] (16)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="438"] <5>[vlan0.13] (8)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="439"] <3>begin of closure [{] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="440"] <3>[sla-id] (6)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="441"] <3>[1] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="442"] <3>end of sentence [;] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="443"] <3>[sla-len] (7)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="444"] <3>[8] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="445"] <3>end of sentence [;] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="446"] <3>end of closure [}] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="447"] <3>end of sentence [;] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="448"] <3>[prefix-interface] (16)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="449"] <5>[igb1] (4)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="450"] <3>begin of closure [{] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="451"] <3>[sla-id] (6)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="452"] <3>
• (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="453"] <3>end of sentence [;] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="454"] <3>[sla-len] (7)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="455"] <3>[8] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="456"] <3>end of sentence [;] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="457"] <3>end of closure [}] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="458"] <3>end of sentence [;] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="459"] <3>[prefix-interface] (16)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="460"] <5>[vlan0.42] (8)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="461"] <3>begin of closure [{] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="462"] <3>[sla-id] (6)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="463"] <3>[2] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="464"] <3>end of sentence [;] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="465"] <3>[sla-len] (7)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="466"] <3>[8] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="467"] <3>end of sentence [;] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="468"] <3>end of closure [}] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="469"] <3>end of sentence [;] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="470"] <3>end of closure [}] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="471"] <3>end of sentence [;] (1)
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="472"] called
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="473"] duplicated interface: igb0
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="474"] called
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="475"] creating an event on igb0, state=INIT
  <29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="476"] reset a timer on igb0, state=INIT, timeo=0, retrans=540
  <29>1 2024-08-29T12:02:24+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="493"] Sending Solicit
  <29>1 2024-08-29T12:02:24+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="494"] a new XID (2e4d29) is generated
  <29>1 2024-08-29T12:02:24+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="495"] set client ID (len 14)
  <29>1 2024-08-29T12:02:24+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="496"] set identity association
  <29>1 2024-08-29T12:02:24+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="497"] set elapsed time (len 2)
  <29>1 2024-08-29T12:02:24+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="498"] set option request (len 4)
  <29>1 2024-08-29T12:02:24+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="499"] set IA_PD prefix
  <29>1 2024-08-29T12:02:24+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="500"] set IA_PD
  <29>1 2024-08-29T12:02:24+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="501"] send solicit to ff02::1:2%igb0
  <29>1 2024-08-29T12:02:24+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="502"] reset a timer on igb0, state=SOLICIT, timeo=0, retrans=1098
  <29>1 2024-08-29T12:02:25+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="503"] Sending Solicit
  <29>1 2024-08-29T12:02:25+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="504"] set client ID (len 14)
  <29>1 2024-08-29T12:02:25+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="505"] set identity association
  <29>1 2024-08-29T12:02:25+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="506"] set elapsed time (len 2)
  <29>1 2024-08-29T12:02:25+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="507"] set option request (len 4)
  <29>1 2024-08-29T12:02:25+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="508"] set IA_PD prefix
  <29>1 2024-08-29T12:02:25+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="509"] set IA_PD
  <29>1 2024-08-29T12:02:25+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="510"] send solicit to ff02::1:2%igb0
  <29>1 2024-08-29T12:02:25+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="511"] reset a timer on igb0, state=SOLICIT, timeo=1, retrans=117408
  
  No more output since last line. Can you spot anything relevant or is this just an DG issue and waiting should help  ;)

Hi,

I still don't get an IPv6 from DG. Don't know if this is an DG issue or related to the problem discussed here.

I did the following:

opnsense-revert -r 24.7.1 dhcp6c
opnsense-update -zkr 24.7.2-nd

But nothing changed for hours so I reverted to to 24.7.2 original state.

I installed

# pkg add -f https://pkg.opnsense.org/FreeBSD:14:amd64/snapshots/misc/dhcp6c-20240820_1.pkg

and rebooted. But I don't see any 'dhcp6c.*event' messages (I enabled DHCPv6 logging on INFO).

I only see the following messages for dhcpv6:

<13>1 2024-08-29T09:56:59+02:00 fw.local.home dhcp6c 727 - [meta sequenceId="224"] RTSOLD script - Sending SIGHUP to dhcp6c
<29>1 2024-08-29T09:56:59+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="225"] restarting
<29>1 2024-08-29T09:56:59+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="226"] duplicated interface: igb0
<29>1 2024-08-29T09:56:59+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="240"] Sending Solicit
<29>1 2024-08-29T09:56:59+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="251"] Sending Solicit
<27>1 2024-08-29T09:56:59+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="252"] transmit failed: Network is down
<29>1 2024-08-29T09:57:00+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="256"] Sending Solicit
<29>1 2024-08-29T09:57:01+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="257"] Sending Solicit
<27>1 2024-08-29T09:57:01+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="258"] transmit failed: Network is down
<29>1 2024-08-29T09:57:03+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="270"] Sending Solicit
<29>1 2024-08-29T09:57:07+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="276"] Sending Solicit
<29>1 2024-08-29T10:01:06+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="4"] restarting
<29>1 2024-08-29T10:01:06+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="5"] duplicated interface: igb0
<29>1 2024-08-29T10:01:07+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="6"] Sending Solicit
<29>1 2024-08-29T10:01:07+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="7"] Sending Solicit
<27>1 2024-08-29T10:01:07+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="8"] transmit failed: Network is down
<29>1 2024-08-29T10:01:08+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="9"] Sending Solicit
<29>1 2024-08-29T10:01:08+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="10"] Sending Solicit
<27>1 2024-08-29T10:01:08+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="11"] transmit failed: Network is down
<29>1 2024-08-29T10:01:10+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="15"] Sending Solicit

Same thing happened to me. Suddently IPv6 was lost on my DG installation and not coming back to life since 6 hours. I'll see if I can catch the logs requested.

For ping I certainly did. Besides this I never cared about the scope in link-local. Shouldn't it work without scope  :-\
Are you able to ping a IPv6 link-local address on your network? Than there must be something wrong in my setup  :-[

Hi!

I updated today from 24.1.10 to 24.7.1. At a first glance everything worked smooth and I was happy and very pleased.

But it turned out that with release 24.7 I was no longer able to get any connectivity to IPv6 link-local addresses from the OPNsense box itself. I can not ping, telnet or access any IPv6 link-local address on my network. I require IPv6 link-local addresses for several services e.g. HAProxy as I use "Track IPv6 Interface" on all interfaces on my OPNsense box that's why I don't want to deal with changing prefixes.

In the live view of firewall logs I can see the packages pass (ICMP and telnet to port) but I don't get any response back. Ping from a Windows machine to an IPv6 link-local address works with not problem.

I am not sure if I missed something in the release notes and I am not an IPv6 expert. It just worked in the past.

Any help is really appreciated!

Attached you can find some screenshots.

Thanks and best regards
Ingo

Hi everyone,

I figured out that my ntpd process is always the second top process behind suricata regarding cpu usage.
Suricata is mostly around 25% followed by ntpd with around 10-12%, followed by ntopng.

Is this a normal figure for ntpd? It feels a lot to high from my prespective but I lack any comparisons.
The logfile is fine. No errors and and even on debug not much is shown. Any ideas what is causing ntpd to use so much cpu?

My CPU is a i5-7200U CPU @ 2.50GHz (2 cores, 4 threads).

Thanks and best regards
Ingo

The behaviour with the command  /usr/local/opnsense/scripts/dns/unbound_dhcpd.py --domain 'local.home' is reproducible. I executed the command (after the #kill -TERM 11057) and it succeeded. The next execution fails with 'Unable to lock on the pidfile'.

Code Select Expand


root@fw:~ # /usr/local/opnsense/scripts/dns/unbound_dhcpd.py --domain 'local.home'
root@fw:~ # /usr/local/opnsense/scripts/dns/unbound_dhcpd.py --domain 'local.home'
Unable to lock on the pidfile.



I'll drop you a note once this happenes again out of nowhere.

Best regards
Ingo

Ok, process termiated.

Code Select Expand


root@fw:~ # ps aux | grep 11057
root     11057   0.0  0.0   25416   14940  -  Ss   08:58       0:03.08 /usr/local/bin/python3 /usr/local/opnsense/scripts/dns/unbound_dhcpd.py --domain local.home (python3.8)
root     71577   0.0  0.0   12740    2532  0  S+   09:55       0:00.00 grep 11057
root@fw:~ #  kill -TERM 11057
root@fw:~ # ps aux | grep 11057
root     78974   0.0  0.0   12740    2532  0  S+   09:56       0:00.00 grep 11057


Is this good or bad news?

Hi Franco,

nope. Just found my own grep  ;)

Code Select Expand


root@fw:~ # ps aux | grep unbound-control
root     70523   0.0  0.0   12740    2536  0  S+   09:40       0:00.00 grep unbound-control


Here we go ....

Code Select Expand


root@fw:~ #  cat /var/run/unbound_dhcpd.pid
11057
root@fw:~ # ps aux | grep 11057
root     11057   0.0  0.0   25416   14940  -  Ss   08:58       0:02.56 /usr/local/bin/python3 /usr/local/opnsense/scripts/dns/unbound_dhcpd.py --domain local.home (python3.8)



Hi Franco,

thanks for picking up my issue.

Here are the results from the commands

Code Select Expand


root@fw:~ # /usr/local/opnsense/scripts/dns/unbound_dhcpd.py --domain 'local.home'
Unable to lock on the pidfile.
root@fw:~ # configctl unbound check
no errors in /var/unbound/unbound.conf


Repated the command /usr/local/opnsense/scripts/dns/unbound_dhcpd.py --domain 'local.home' several times. The result is always Unable to lock on the pidfile.

But despite the error unbound is still running this time.

I am a bit lost and helpless  :(

Best regards
Ingo

Hi together,

after the upgrade to 22.1 I was faced with an died unbound process after new wanip for several times now.
It's obviously that a router without a running nameserver is near to useless  ;)

The only thing I found so far are the following lines inside system/latest.log

Code Select Expand


<13>1 2022-02-02T00:49:02+01:00 fw.local.home opnsense 68773 - [meta sequenceId="444"] plugins_configure newwanip (,opt2)
<13>1 2022-02-02T00:49:02+01:00 fw.local.home opnsense 68773 - [meta sequenceId="445"] plugins_configure newwanip (execute task : ntpd_configure_do())
<13>1 2022-02-02T00:49:12+01:00 fw.local.home opnsense 68773 - [meta sequenceId="446"] plugins_configure newwanip (execute task : opendns_configure_do())
<13>1 2022-02-02T00:49:12+01:00 fw.local.home opnsense 68773 - [meta sequenceId="447"] plugins_configure newwanip (execute task : openssh_configure_do(,opt2))
<13>1 2022-02-02T00:49:12+01:00 fw.local.home opnsense 68773 - [meta sequenceId="448"] plugins_configure newwanip (execute task : unbound_configure_do(,opt2))
<11>1 2022-02-02T00:49:35+01:00 fw.local.home configctl 98849 - [meta sequenceId="449"] error in configd communication  Traceback (most recent call last):   File "/usr/local/opnsense/service/configd_ctl.py", line 68, in exec_config_cmd     line = sock.recv(65536).decode() socket.timeout: timed out
<11>1 2022-02-02T00:51:41+01:00 fw.local.home opnsense 88635 - [meta sequenceId="2"] /usr/local/etc/rc.newwanipv6: The command '/usr/local/opnsense/scripts/dns/unbound_dhcpd.py --domain 'local.home'' returned exit code '1', the output was 'Unable to lock on the pidfile.'
<13>1 2022-02-02T00:51:41+01:00 fw.local.home opnsense 88635 - [meta sequenceId="3"] plugins_configure newwanip (execute task : vxlan_configure_interface())
<13>1 2022-02-02T00:51:41+01:00 fw.local.home opnsense 88635 - [meta sequenceId="4"] plugins_configure newwanip (execute task : webgui_configure_do(,wan))
<11>1 2022-02-02T00:51:41+01:00 fw.local.home opnsense 72174 - [meta sequenceId="5"] /usr/local/etc/rc.filter_configure: Ignore down inet gateways : WAN_DHCP6
<11>1 2022-02-02T00:51:41+01:00 fw.local.home opnsense 72174 - [meta sequenceId="6"] /usr/local/etc/rc.filter_configure: ROUTING: keeping current default gateway '100.84.0.1'
<11>1 2022-02-02T00:51:41+01:00 fw.local.home opnsense 72174 - [meta sequenceId="7"] /usr/local/etc/rc.filter_configure: Ignore down inet6 gateways : WAN_DHCP6


The error is not reproducible from the command line. There must be some special circumstances leading to the error. The really bad thing is you are left with a system near to useless as unbound is no longer running anymore after the failure  :(

Has anybody seen this or any advice how to track this down?

Best regards
Ingo