Messages

Sorry if I wasn't clear, when I said the web interface doesn't work on reboot, it looks like a php issue to me. When I reload all services via terminal, it gets stuck on "starting php_fpm" but the web interface loads fine then.

Thanks I'll keep an eye on the processes. Any recommendations about the php issue?

Good morning,
looking for some assistance with this weird issue. My device was working perfectly until a few updates ago (24.1?). Now it has several problems:

• web interface doesn't start properly, i need to reload all services on each boot
• Unbound stops working and also needs restart
• the whole device freezes, not even terminal, last message being    <3>pid 274 (python3.11), jid 0, uid 0, was killed: failed to reclaim memory

I have another instance in the same network working ok. I removed zerotier which seem to extend time between failures. Time of failure is very close to IDS rules updates, but it doesn't fail every day. Looking at the monitoring, memory deeps down to nothing from the usual 2gb free from 4gb.
Any ideas?

Hi,
I've come across a situation during my dual stack implementation.
My WAN interface is using DHCPv6 (client). from that interface, I can ping the other side of the link on the local link address but not the LUA.
ping6: sendmsg: Permission denied

Any ideas? I've created rules on the interfaces but with no luck.
Thanks.

-----------------

Editing: an old floating rule screwed me over. Waste of day.

Probably worth to mentioning that a generic ipv6 block rule was not stopping traffic between link local addresses though, but everything else.

Hi,
I'm editing the title. After looking to what was blocked, it seems that most are connections initiated by Pcloud (cloud storage) on my desktop or mobile devices.
Does that rings any bells?

HI,
I have an any to any rule at the bottom of my LAN rules, so no traffic should be blocked by the firewall at all (i guess unless malformed or expired traffic)
I've attache dboth the rule and an example packet blocked (from a mobile phone, which seems to be the majority)

Hi,
for testing purposes I want to allow all traffic from my LAN interface, while using certain rules to categorize.
Even after configuring an any to any allow rule, I still get packets blocked by the default deny rule. Is there a way to check what's wrong with these packets without having to capture and manually review them?
Quite a few of them are actually Https.
I also had to disable Firewall Rules Optimization as it seem to increase the number.
Thank you.

Hi Drakrain,
yes I do, thats the purpose of the vpn on a router for me. Incredible this is a known unresolved issue.
I'll check that, myabe I should go back to the old good OPENVPN.
Thank you so much, as I didn't find this bug report myself.

Hi,
wanted to confirm if anyone else has notice this.
When using 2 OPNsense devices connected with a Zerotier tunnel, cpu will randomly spike to 100% during long periods, and start dropping packets.
The process is    /usr/local/sbin/zerotier-one /var/db/zerotier-one/{zerotier-one}
It doesn't happen with 1 OPNsense & 1 Openwrt devices connected.

HI,
I'm sharing this here for others to use. It's far from perfect, but a starting point for mainly FW hits.

filter {
  if [type] == "opnsense" {
    grok {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{HOSTNAME:fw_name} %{WORD:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
      add_field => [ "received_at", "%{@timestamp}" ]
      add_field => [ "received_from", "%{host}" ]
    }
# filterlog #######################################################
    if [syslog_program] == "filterlog" {
        grok {
          match => { "syslog_message" => "(%{WORD:rulenr}),,,(%{WORD:rid}),(%{WORD:interface}),(%{WORD:reason}),(%{WORD:action}),(%{WORD:dir}),(%{WORD:version}),(%{WORD:tos}),,(%{NUMBER:ttl}),(%{NUMBER:id}),(%{NUMBER:offset}),(%{WORD:ipflags}),(%{NUMBER:protonumber}),(%{WORD:protocol}),(%{NUMBER:length}),(%{IP:src_ip}),(%{IP:dst_ip}),(%{NUMBER:src_port}),(%{NUMBER:dst_port}),(%{NUMBER:datalen})" }
          add_field => [ "parsed", "filterlog" ]
        }
    }
# unbound ########################################################
    if [syslog_program] == "unbound" {
       grok {
         match => { "syslog_message" => "%{GREEDYDATA:syslog_message2}"}
         add_field => [ "parsed", "unbound" ]
       }
    } 
# devd ###########################################################
    if [syslog_program] == "devd" {
       grok {
         match => { "syslog_message" => "%{GREEDYDATA:syslog_message2}"}
         add_field => [ "parsed", "devd" ]
       }
    }
# openvpn ########################################################
    if [syslog_program] == "openvpn" {
       grok {
         match => { "syslog_message" => "%{GREEDYDATA:syslog_message2}"}
         add_field => [ "parsed", "openvpn" ]
       }
    }

Tried to applied in 2 devices but it failed, so I've manually executed the command and I'll be checking for a bit. I'll reprot back on your github.
Thank you.

Hi Guys,
I would like to know if someone else has notice this.
Under Firewall, settings, advanced, if you change the firewall rules optimization setting from basic to none, the labels on the firewall logs get messed.
A reboot or delete of temporary tables doesn't solve the issue.
To get it back, you need to reverse the change.
(edited as I was reporting the wrong setting)

As mentioned on another post, solved with the password reset option from the iso.

It's a VM, ssh access is protected  and VT is off.

Hi,
I've upgraded 2 members of a cluster yesterday.
Backup member upgraded OK, but after upgraded master, I can't login back on ssh or webgui.
Any ideas on how to recover from this?
I've rebooted it several times hoping it will load properly, but I see no error messages.
This is what i get on the syslog:
<11>Aug 26 08:56:50 opnsense: /index.php: Web GUI authentication error for 'USERNAME' from 192.168.1.15