Messages

But the question is: was this still working on 22.7?

I'm not sure I understand the question, but adjusting the tunables in OPNSense was still working on 22.7-amd64 and is currently working for me on 23.1-amd64. 

My problems started when I reset my OPNSense back to the "default" configuration without remembering that you have to update the boot parameters.  :-[  The resulting kernel panic sent me down a rabbit hole that took a couple of days to find my way out of.

It would be nice if OPNSense could tell if your hardware was susceptible to this issue and automatically add those boot parameters for you.  Like I commented before, for some reason the "live" install worked off of the USB stick but when I installed it to the HD it caused the panic.  I'm guessing the "live" install has different boot parameters or something.

This is a known problem with FreeBSD and older systems.  :-[

It has to do with system mitigations for the old "Meltdown" and "Spectre" issues.  Once I added these parameters to my tunables everything worked fine.

Code Select Expand

hw.ibrs_disable=0
vm.pmap.pti=1


More details can be found here:
* https://github.com/opnsense/core/issues/3177
* https://forum.opnsense.org/index.php?topic=11419.msg52164#msg52164
* https://forum.opnsense.org/index.php?topic=13564.msg62529#msg62529

Possibly - but that is a problem for the FreeBSD kernel developers to address. Hence my recommendation.

Thank you for your recommendation.  The only question I have is that the FreeBSD forums seem to really not like people asking about "derivative" OS installations[0].  Is the mailing list more receptive?

BTW: I'm going to try to install v21.7 (which is what I was running before I think) to see if that makes any difference at all.

• https://forums.freebsd.org/threads/ghostbsd-pfsense-truenas-and-all-other-freebsd-derivatives.7290/

@dpeter, were you able to get this problem resolved?  I'm experiencing similar kernel panics and am looking for some help.

https://forum.opnsense.org/index.php?topic=32728.0

I found another post on this forum that is reporting a very similar error from 9 months ago - https://forum.opnsense.org/index.php?topic=28422.msg138676#msg138676

I've been running OPNSense for years and I really love it.  However, after a recent update my HD activity light was staying on and the CPU meter on the OPNSense dashboard was reading 100%.  After looking for anything obvious and turning off all the services I could, the CPU was still pegged and the HD light was still on constantly.  So I rebooted the machine; it never came back online.

After I attached a monitor to the machine I saw that it had a kernel panic[0].  While unusual I didn't think to much of it.  However, rebooting the machine didn't resolve the issue.  So I removed all the cards, memory, etc. to see if I could get a clean boot.  Nothing helped and I continued to get a kernel panic[0].

I thought it might be a corrupted hard drive or something so I disconnected the drive and booted off of a USB thumb drive with a fresh copy of v23.1 installed on it.  The system booted just fine and ran the live version.  So I turned the machine off, reconnected the drive, rebooted and installed v23.1 on the HD.  The install worked perfectly and the machine rebooted.  Once again, I got the kernel panic[0].

My next thought was that maybe the HD was "bad".  I replaced the HD and again installed a fresh copy of v23.1.  Again, the kernel panic[0] showed up.  Arrggghhh! 

I'm running Memtest86 v6.10 right now and everything is looking good, so I don't think it's memory related.  I've replaced the HD so that's (probably) not the problem.  It seems to work fine booting from the USB flash drive (its just slooooow) so the CPU seems to be OK. 

Any thoughts on what I should do now?  I'm not very good at reading kernel panic output so I thought I was ask here.  The weird thing is that it seems to run fine from a live USB stick but not when I install it on a HD.  Maybe the HD controller is bad?  How would I test this?

BTW: after the kernel panic the machine is locked up completely.  Nothing works.  The keyboard doesn't do anything, the capslock key doesn't even light up.  Even the floppy drive light is stuck on.

• https://imgur.com/a/aaXwkVK

I experimenting with NextDNS as my upstream DNS provider.  So far I like it quite well but I'm having a bit of trouble getting DNS configured.  I was able to set my IPv4 DNS providers in the Services --> DHCPv4 --> [LAN] config but I can't find where to set the IPv6 DNS providers.  The IPv6 Services --> DHCPv6 menu only has "Relay" & "Leases" and neither of those offer DNS configs.

Where can you override the host's IPv6 DNS providers?  Do I need to install a NextDNS plugin or something?

Thanks for the response.  My ISP said that nothing on their side is doing it.  However, they are reselling AT&T gigabit fiber service and it might have something to do with AT&T being headquartered in Texas.  Maybe?

It's just really weird that all 3 systems are responding the same way.  There is no VPN or anything else that really ties them together.  It just kinda feels like some sort of privacy setting somewhere.  You know "Hey, tell everyone that I'm in TX. Thanx!"  Maybe I turned it on somewhere and forgot to turn it off.  Maybe my DNS setting is doing something funny???  I'm using 8.8.8.8 & 8.8.4.4 and UnboundDNS, so that doesn't seem weird.

So, I have a pretty generic OPNSense installation; no weird plugins, no VPN connections, just a normal household LAN/WAN config.  Recently (in the past year?) I've noticed that most sites think I'm in Houston, TX for some reason (ie. Accuweather & Lowes)  Even Apple presents me with a map of Texas whenever I need to authenticate a connection (buying something on the Apple store).

This happens on two different computers (Linux & Mac) with multiple browsers (Safari, Firefox, Chrome) even in "private" mode.  I checked my IP address with several online "checkers" (ie. MaxMind, etc.) and they all get my location correct.  I've reached out to my ISP to see if there is some problem on their end.

Then I thought, "could this be a setting in OPNSense?"  I don't think so but I'm getting a bit desperate.  Is there something in OPNSense that fakes geolocation?  Maybe some sort of privacy setting or filter?

The latest update is 19.1.2 (Feb. 28th) but the release notes don't mention anything about fixing a kernel panic.  :(

Ah, yes, I see it now.  Thank you for the information.

How were you able to determine that this was the cause of the problem?  Was it something in the log files?

Great!  Were you able to modify your system and have the problems go away?  How did you find out this was the problem?  Is there a log file somewhere that is spitting out errors?

You say to set the tuneable parameter "net.link.ether.inet.max_age" but I'm not able to find that in the OPNSense GUI anywhere.  I looked in the System:Settings:Tunables but there is nothing like that in my list.  Is this something you have to edit on the OS itself?  If so, what file should be edited?

Thanx!
Richard

I just upgraded my Acer Aspire AMD machine from 18.7.10 --> 19.1.1 and it threw a kernel panic.  I was able to get back up and running by choosing the old kernel at the boot menu but I don't feel like this is a good solution.

Here's a screenshot of my panic:

I installed and enabled the ntopng plugin and it has the ability to capture and download the most recent packets.  I'm guessing it captures them in a round-robin sort of fashion and allows you to download the last 5 seconds --> 10 minutes of packets captured with pcap.

I think what I'll do is wait until the problem happens and then grab the last 10 minutes of packets.  I should be able to load that up into Wireshark and see what's going on.

Thanx!

What modem hardware are you using?  I'm running an Arris DG1670A cable modem and I'm seeing some weird behavior (disconnects, choking, etc.) as well and I'm wondering if there is a correlation.