Messages

Confirming that upgrade to 2.4.3 worked just fine for me as well. Thanks for the fix to everyone involved.

Which image types are you guys using here.. DVD or VGA?


Cheers,
Franco

I can't say 100%, but I would be surprised if I did use anything else than the USB installer e.g. VGA image.

I just want to "join the club" as well. I too got an kernel panic after upgrading to 24.7.2

Code Select Expand


panic: page fault
cpuid = 0
time = 1724410401
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0064e3e818
vpanic() at vpanic+0x131/frame 0xfffffe0064e3e940
panic() at panic+0x43/frame 0xfffffe0064e3e9a0
trap_fatal() at trap_fatal+0x48b/frame 0xfffffe0064e3ea00 trap_pfault() at trap_pfault+0x46/frame 0xfffffe0064e3ea50
calltrap() at calltrap+0x8/frame 0xfffffe0064e3ea50
trap 0xc, rip = 0xffffffff804d7de7, rsp = 0xfffffe0064e3eb20, rbp = 0xfffffe0064e3eb40
agp_close() at agp_close+0x57/frame 0xfffffe0064e3eb40 giant_close() at giant_close+0x68/frame Bxfffffe0064e3eb98
devfs_close() at devfs_close+0x4b3/frame 0xfffffe0064e3ec00
VOP_CLOSE_APV() at VOP_CLOSE_APV+0x1d/frame 0xfffffe0064e3ec20
vn_close1() at vn_close1+0x14c/frame 0xfffffe0064e3ec90
vn_closefile() at vn_closefile+0x3d/frame 0xfffffe0064e3ece0
devfs_close_f() at devfs_close_f+0x2a/frame 0xfffffe0064e3ed18
_fdrop() at_fdrop+0x11/frame Bxfffffe0064e3ed30
closef() at closef+0x24a/frame 0xfffffe0064e3edco
closefp_impl() at closefp_imp1+0x58/frame 0xfffffe0064e3ee00 amd64_syscall() at amd64_syscall+0x100/frame 0xfffffe0064e3ef30
fast_syscall_common() at fast_syscall_common+Bxf8/frame 0xfffffe0064e3ef30
syscall (6, FreeBSD ELF64, close), rip = 0x3843e84152ba, rsp = 0x3843f837fd8
18 , rbp = 0x3843f837fda0
KDB: enter: panic
[ thread pid 31 tid 100232 ]
Stopped at
kdb_enter+8x33: movq $0,0xfd9962(%rip)
NEC
db>

This on a real physical box with a Intel Core Duo CPU E6400 at 2.13Ghz with 2GB RAM. I have never had any kernel panic on this system before.

Luckily I just replaced some drives in that box so I reverted to OPNsense 24.7_9-amd64 / FreeBSD 14.1-RELEASE-p2, OpenSSL 3.0.14 which is running happily. Once I changed back to the new drives again I get the kernel panic.

I suggest that you pull this "upgrade" before more people are getting bit by this bug. Best of luck finding it.

Hi,

Just a little bit of feedback

1. BUG: On the first load, many widgets display "failed to load widget". If I refresh the page it (often) works.

2. BUG: The services widget does not seem to remember when I resize it (to my knowledge, all other widgets does).

3. Feature request: Would it be possible to compact the text a bit on some of the widgets (services, interfaces etc)? Less padding around text would make for a more relaxing and tidy view, and more information on screen - especially on the services widget.

4. Feature request: Widgets that can be resized does not show any clue that it can be reiszed

5. Feature request: The firewall widget has two modes, text mode and graphical "cake" mode which is not apparent - how about splitting them into two separate widgets?

6. Comment: While the new changes are welcome, I miss the old system information widget that compressed a lot of info in one widget without the need to launch multiple widgets.

7. Feature request : The underline of the headers seems to take it's own text line and consumes a lot of horizontal space. How about changing this:

header
---------
info,info,info

to this

header
info,info,info

instead?

Reinstalled and configuration restored (and since everything is working nicely there is definitively no hardware issue).

It is a shame, because since the FreeBSD part of the OS was working with pkg and everything one would think it would be possible to re-install from a half-broken system. Is not OPNsense "just" a package over FreeBSD? It would have been nice to recover the system without doing a full reinstall.

That being said to put a positive spin on this , reinstalling and restoring the configuration is done rather quickly and I got to play with ZFS as root as well.

Absolutely. It is well cooled and memtest is good as well. Voltages is also checked.
I doubt it is a hardware problem.

I ran the latest update as of writing this and my opnsense box is now simply not working anymore.
All services are apparently gone and the ui only shows partly things.

I can ssh to the opnsense box and dmesg shows a never ending stream of lines with  pid+Python 3.11 with signal.4
The pid shows various numbers.
If i start unbound from the shell I can get access to the outside world and run pkg for example.

I am of the penguin kind so freebsd is not my regular environment.

Is there some way of repairing my nonsense box via the tools or do I have to reinstall from scratch?
E.g. what can I do to get the system back up to a working state from the shell??

(Sorry for lack of detail but I am writing this from my phone due to lack of connectivity)

(Ps! The box is a intel core 2 machine just for the record)

Just following up on this.

I still get this error in the log files:
<6>pid 11135 (unbound), jid 0, uid 59: exited on signal 11

and I could find another post about what appears to be the same.
https://forum.opnsense.org/index.php?topic=20516.0

The way I notice this problem is that DNS simply does not work , and when I log in to my OPNsense box I see on the dashboard that the unbound service is "red" e.g. I need to click the "play" button to get it started again.

This is a very annoying issue, and since every crash in theory is a security issue as well I would love to know what to do to help diganose this better.

I find that quite often (several times week/day) DNS have stopped working due to Unbound being stopped as well.

Under system->general->logfiles it seems like the reason is a segfault:
<6>pid 57337 (unbound), jid 0, uid 59: exited on signal 11

It has been like this since 23.7 and also now with 24.1. For my use on this box it is not critical , but rather an annoyance.
The only thing that differs from the default is that I have enabled nearly everything on the blocklist under the DNBL drop down menu.
In addition I have also added a URL to my own blocklist that resides on a remote server in the form of "http://example.com/blocklist.txt" - that connection has been difficult at times, but I imagine a non-existing file should NOT cause any issues with Unbound, but then again that is the only thing I can think of.

As a side note - it would be great if it was possible to configure what to do if a service crash. (restart n-times before giving up, send mail, run a script (write to rs232 for example))

Actually, there is nothing more interesting in the logs as far as I can understand.
I am traveling a bit soon and it would be good have the opportunity to auto-restart unbound in case it goes down again.

And if the blocklist makes unbound crash since it can't parse the text - I would consider that a rather grave error (security risk) if it can't deal with garbled data.

Hi,

Unbound seems to crash/or exit for some reason according to the logfiles.
This happens now and then, but not often. Always when you don't need it of course.

Is this a known problem? If not , what can I do to help diagnose the issue?

You can run top. FreeBSD top - while not as feature rich as htop - still can do quite a bit more than Linux top.

Apparently yes.... pressing P give me pr. CPU statistics.... thanks. It would be nice if this was visible via the webgui though ;)

Hi,

I run OPNsense on a rather old core2 duo machine. I sometimes see the CPU usage peak at about 70% so what does this tell me? ... well in reality not much, but I am tempted to think that perhaps one CPU core is saturated from time ot time. My load average numbers are <1.0 which is good , but it still does not account for brief 2-3 second peaks that saturate a single CPU core.

Would it be possible to change the CPU usage bar under the system information widget to show if any CPU is saturated for a significant amount of time. The easiest would perhaps be to provide a CPU bar pr. CPU , but another alternative could perhaps be to add something similar to a "clip" indicator just like most audio programs has.

That way it would be easier to know if my system is actually saturated at times. As it is now it is not that easy especially since htop is not available when running pkg search htop as root on my opnsense box.

Just wanted to throw in that I too don't like the new dyndns client. The old one works , the new one does not support (as far as I am able to figure out) freedns.afraid.org which I use.
My solution was to drop the new dyndns client and use cron on one of my servers instead.

Firewall->Settings->Normalization

Hovering over any item under general settings such as disable interface scrub, ip do not fragment or ip random id hides the text by giving it the same color as the background color.

I use the tukan theme , but I bet there is something inconsistent with the GUI itself.