Messages

1

24.7 Production Series / Re: Hang up after "failed to reclaim memory" message

« on: August 12, 2024, 12:38:57 pm »

Sorry if I wasn't clear, when I said the web interface doesn't work on reboot, it looks like a php issue to me. When I reload all services via terminal, it gets stuck on "starting php_fpm" but the web interface loads fine then.

2

24.7 Production Series / Re: Hang up after "failed to reclaim memory" message

« on: August 12, 2024, 11:12:16 am »

Thanks I'll keep an eye on the processes. Any recommendations about the php issue?

3

24.7 Production Series / Hang up after "failed to reclaim memory" message

« on: August 12, 2024, 10:41:14 am »

Good morning,
looking for some assistance with this weird issue. My device was working perfectly until a few updates ago (24.1?). Now it has several problems:

• web interface doesn't start properly, i need to reload all services on each boot
• Unbound stops working and also needs restart
• the whole device freezes, not even terminal, last message being    <3>pid 274 (python3.11), jid 0, uid 0, was killed: failed to reclaim memory

I have another instance in the same network working ok. I removed zerotier which seem to extend time between failures. Time of failure is very close to IDS rules updates, but it doesn't fail every day. Looking at the monitoring, memory deeps down to nothing from the usual 2gb free from 4gb.
Any ideas?

4

24.1 Legacy Series / Re: DuckDB error on Unbound update

« on: February 23, 2024, 11:32:05 am »

Worked like a charm. Brilliant work Franco.

5

24.1 Legacy Series / [SOLVED] DuckDB error on Unbound update

« on: February 23, 2024, 10:44:59 am »

Hi guys,
trying to update my system this morning from 23.7.12_5 to the latest. Upgrade process failing on unbound upgrade

Code: [Select]

>>> Invoking upgrade script 'unbound-duckdb.py'
Traceback (most recent call last):
  File "/usr/local/opnsense/site-python/duckdb_helper.py", line 65, in __enter__
    self.connection = duckdb.connect(database=self._path, read_only=self._read_only)
duckdb.IOException: IO Error: Trying to read a database file with version number 39, but we can only read version 51.
The database file was created with DuckDB version v0.6.0 or v0.6.1.
Any workarounds, or do I really need to get a lower version of duckdb?
Thanks for the help as usual.

6

21.1 Legacy Series / IPv6 ULA ping (SOLVED)

« on: June 22, 2021, 07:26:22 pm »

Hi,
I've come across a situation during my dual stack implementation.
My WAN interface is using DHCPv6 (client). from that interface, I can ping the other side of the link on the local link address but not the LUA.
ping6: sendmsg: Permission denied

Any ideas? I've created rules on the interfaces but with no luck.
Thanks.

-----------------

Editing: an old floating rule screwed me over. Waste of day.

Probably worth to mentioning that a generic ipv6 block rule was not stopping traffic between link local addresses though, but everything else.

7

21.1 Legacy Series / Re: Default deny rule change (Pcloud issue?)

« on: February 10, 2021, 05:46:32 pm »

Hi,
I'm editing the title. After looking to what was blocked, it seems that most are connections initiated by Pcloud (cloud storage) on my desktop or mobile devices.
Does that rings any bells?

8

21.1 Legacy Series / Re: Default deny rule change

« on: February 10, 2021, 10:54:50 am »

HI,
I have an any to any rule at the bottom of my LAN rules, so no traffic should be blocked by the firewall at all (i guess unless malformed or expired traffic)
I've attache dboth the rule and an example packet blocked (from a mobile phone, which seems to be the majority)

9

21.1 Legacy Series / Default deny rule change

« on: February 09, 2021, 02:40:01 pm »

Hi,
for testing purposes I want to allow all traffic from my LAN interface, while using certain rules to categorize.
Even after configuring an any to any allow rule, I still get packets blocked by the default deny rule. Is there a way to check what's wrong with these packets without having to capture and manually review them?
Quite a few of them are actually Https.
I also had to disable Firewall Rules Optimization as it seem to increase the number.
Thank you.

10

20.1 Legacy Series / Re: Zerotier plugin cpu issues

« on: May 23, 2020, 07:18:19 pm »

Hi Drakrain,
yes I do, thats the purpose of the vpn on a router for me. Incredible this is a known unresolved issue.
I'll check that, myabe I should go back to the old good OPENVPN.
Thank you so much, as I didn't find this bug report myself.

11

20.1 Legacy Series / Zerotier plugin cpu issues

« on: May 22, 2020, 12:35:04 pm »

Hi,
wanted to confirm if anyone else has notice this.
When using 2 OPNsense devices connected with a Zerotier tunnel, cpu will randomly spike to 100% during long periods, and start dropping packets.
The process is    /usr/local/sbin/zerotier-one /var/db/zerotier-one/{zerotier-one}
It doesn't happen with 1 OPNsense & 1 Openwrt devices connected.

12

19.7 Legacy Series / Logstash parsing with new logging

« on: August 09, 2019, 05:31:49 pm »

HI,
I'm sharing this here for others to use. It's far from perfect, but a starting point for mainly FW hits.

filter {
  if [type] == "opnsense" {
    grok {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{HOSTNAME:fw_name} %{WORD:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
      add_field => [ "received_at", "%{@timestamp}" ]
      add_field => [ "received_from", "%{host}" ]
    }
# filterlog #######################################################
    if [syslog_program] == "filterlog" {
        grok {
          match => { "syslog_message" => "(%{WORD:rulenr}),,,(%{WORD:rid}),(%{WORD:interface}),(%{WORD:reason}),(%{WORD:action}),(%{WORD:dir}),(%{WORD:version}),(%{WORD:tos}),,(%{NUMBER:ttl}),(%{NUMBER:id}),(%{NUMBER:offset}),(%{WORD:ipflags}),(%{NUMBER:protonumber}),(%{WORD:protocol}),(%{NUMBER:length}),(%{IP:src_ip}),(%{IP:dst_ip}),(%{NUMBER:src_port}),(%{NUMBER:dst_port}),(%{NUMBER:datalen})" }
          add_field => [ "parsed", "filterlog" ]
        }
    }
# unbound ########################################################
    if [syslog_program] == "unbound" {
       grok {
         match => { "syslog_message" => "%{GREEDYDATA:syslog_message2}"}
         add_field => [ "parsed", "unbound" ]
       }
    } 
# devd ###########################################################
    if [syslog_program] == "devd" {
       grok {
         match => { "syslog_message" => "%{GREEDYDATA:syslog_message2}"}
         add_field => [ "parsed", "devd" ]
       }
    }
# openvpn ########################################################
    if [syslog_program] == "openvpn" {
       grok {
         match => { "syslog_message" => "%{GREEDYDATA:syslog_message2}"}
         add_field => [ "parsed", "openvpn" ]
       }
    }

13

19.1 Legacy Series / Re: Posible bug on Firewall rules setting (edited)

« on: July 01, 2019, 03:49:33 pm »

Tried to applied in 2 devices but it failed, so I've manually executed the command and I'll be checking for a bit. I'll reprot back on your github.
Thank you.

14

19.1 Legacy Series / Posible bug on Firewall rules setting (edited)

« on: June 25, 2019, 10:28:44 am »

Hi Guys,
I would like to know if someone else has notice this.
Under Firewall, settings, advanced, if you change the firewall rules optimization setting from basic to none, the labels on the firewall logs get messed.
A reboot or delete of temporary tables doesn't solve the issue.
To get it back, you need to reverse the change.
(edited as I was reporting the wrong setting)

15

18.7 Legacy Series / Re: Wrong username or password after upgrade

« on: August 26, 2018, 09:14:21 pm »

As mentioned on another post, solved with the password reset option from the iso.