Messages

1

General Discussion / Re: Fatal trap 12: page fault while in kernel mode

« on: May 03, 2021, 06:30:16 pm »

Im also getting this fault.

Also this:

PHP Warning:  in_array() expects parameter 2 to be array, null given in /usr/local/www/system_general.php on line 434

Also ever since the last update Zoom cant connect, even after disabling IDS/IPS and DNSEC

OPNsense 21.1.5-amd64
FreeBSD 12.1-RELEASE-p16-HBSD
OpenSSL 1.1.1k 25 Mar 2021

Fatal trap 1: privileged instruction fault while in kernel mode
cpuid = 3; apic id = 03
instruction pointer   = 0x20:0xffffffff80d23e40
stack pointer           = 0x28:0xfffffe004b809678
frame pointer           = 0x28:0xfffffe004b809750
code segment      = base 0x0, limit 0xfffff, type 0x1b
         = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags   = interrupt enabled, resume, IOPL = 0
current process      = 34707 (sysctl)
trap number      = 1
panic: privileged instruction fault
cpuid = 3
time = 1620042507
__HardenedBSD_version = 1200059 __FreeBSD_version = 1201000
version = FreeBSD 12.1-RELEASE-p16-HBSD #0  b531d3958f5(stable/21.1)-dirty: Tue Apr 20 11:00:08 CEST 2021
    root@sensey:/usr/obj/usr/src/amd64.amd64/sys/SMP
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe004b809380
vpanic() at vpanic+0x1a2/frame 0xfffffe004b8093d0
panic() at panic+0x43/frame 0xfffffe004b809430
trap_fatal() at trap_fatal+0x39c/frame 0xfffffe004b809490
trap() at trap+0x6c/frame 0xfffffe004b8095a0
calltrap() at calltrap+0x8/frame 0xfffffe004b8095a0
--- trap 0x1, rip = 0xffffffff80d23e40, rsp = 0xfffffe004b809678, rbp = 0xfffffe004b809750 ---
sysctl_sysctl_next() at sysctl_sysctl_next+0x20/frame 0xfffffe004b809750
sysctl_root_handler_locked() at sysctl_root_handler_locked+0x8b/frame 0xfffffe004b809790
sysctl_root() at sysctl_root+0x293/frame 0xfffffe004b809810
userland_sysctl() at userland_sysctl+0x17a/frame 0xfffffe004b8098c0
sys___sysctl() at sys___sysctl+0x5f/frame 0xfffffe004b809970
amd64_syscall() at amd64_syscall+0x364/frame 0xfffffe004b809ab0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe004b809ab0
--- syscall (202, FreeBSD ELF64, sys___sysctl), rip = 0x46f14e08cda, rsp = 0x700f97dd8e78, rbp = 0x700f97dd8eb0 ---
KDB: enter: panic

2

18.1 Legacy Series / Re: Can I set lagg LAN ip4 to None and have ip4 set on VLANs only

« on: July 19, 2018, 09:15:16 pm »

Awesome Redguy that worked! Case closed.

3

18.1 Legacy Series / Re: Can I set lagg LAN ip4 to None and have ip4 set on VLANs only

« on: July 19, 2018, 08:37:48 am »

I must admit Im a bit hesitant to do as you suggest because last time I hosed my system. It's taken me literally days to get to this point.

Backing up helps I know.

Its just that the LAN interface is so fundamental to opnsense and I thought it shouldn't be a child of a vlan.

Well here I go! see you on the other side....any last words, gotchas or caveats Redguy?

PS: If I dont report back here in days its because it failed. OPNsense is now completely hooked in to my network.

4

18.1 Legacy Series / Re: Can I set lagg LAN ip4 to None and have ip4 set on VLANs only

« on: July 19, 2018, 08:29:17 am »

Ok thanks! that seems simple enough. I had it in my head that the LAN was at the top of the tree and that vlans had to sit under it.

What led me to that conclusion was that I couldn't do it without a lagg involved. There was no other interface type I could see that would host vlans and sit atr the top of the tree. Luckily my box has 4 igb ports so I could make a lagg.

What your saying is that the lagg is at the top and the lan can sit aside the other vlans.

To help me understand, If you only had 2 physical ports, one for WAN and ONE for LAN how would you do this without lagg at the top?

5

18.1 Legacy Series / [solved] Can I set lagg LAN ip4 to None and have ip4 set on VLANs only

« on: July 19, 2018, 08:06:49 am »

Hi
I am trying to work out how to set up my management vlan.
Initially, before I put various hosts on their own subnet/VLANs, I had everything set to the same subnet with no VLANs, 192.168.110.x/24 including all routers, switches, hosts and APs in a bid to finally (after creating the others first) create a management VLAN110 with that subnet.

On top of a lagg interface set as LAN, I now have set up all the VLANS (except management vlan) with static IP interfaces assigned and their own DHCP server all to a common gateway on LAN. My hosts are now all working in their own tagged VLANs as they should.

But the last step, getting my switches, opnsense router and APs on to VLAN110 I cant achieve yet. I already have a static ip set on LAN 192.168.110.1 (the initial subnet) from the beginning. All my switches have their management ip in that subnet as well.

I guess part of the issue is: opnsense LAN is set to 192.168.110.1, so I cant assign VLAN110 interface to that ip. I have it set to 192.168.110.240 and from a host on a dedicated management tagged vlan110 physical port I cant reach opnsense gui.

I would like to be able to have my opnsense LAN set to None in the IPv4 config type so that I can have VLAN110 interface ip set to 192.168.110.1 but when I tried to set LAN interface to None opnsense locked up and got a startup loop from a boot script (froze at loading Squid). I didnt know how to circumvent that so I had to re-install and start again.

Can I do this without hosing my install? If not what should I be doing with VLAN110/LAN interface ip assignments to get my management vlan happening?

Sidenote: I dont want VLAN110 - 192.168.110.0/24 to be the default vlan if untagged. I have VLAN1 192.168.1.0/24 for that.

6

18.1 Legacy Series / Re: [SOLVED] .localdomain not being picked up by unbound DNS

« on: July 18, 2018, 10:20:53 am »

Hi I am trying to get this working. I've followed what you did and get this issue when I try to change the host from WORKGROUP to a domain in Windows 10pro settings.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "localdomain":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.localdomain

Common causes of this error include the following:

- The DNS SRV records required to locate an AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when an AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

192.168.90.1

- One or more of the following zones do not include delegation to its child zone:

localdomain
. (the root zone)

any ideas would be much appreciated

A bit more info:
I have multiple VLANS sitting on a lagg defined as LAN interface that has its own static ip (and I'm not sure if I can remove that ip and have ip4 config set to none. I'd prefer to do that, so that all ip interfaces are solely defined in VLANS. Except last time I tried opnsense crashed badly. I had to re-install)
Each VLAN has a static ip and DHCP server (but I mostly set a host to fixed ip), Im using unbound for DNS and all default assignments, there's only one gateway on the ppoe wan side

All pcs in all VLANS have this issue of not being able to change from workgroup to a domain. Sorry if these are newb questions.

7

Tutorials and FAQs / Re: Absolute beginner. Documentation & Wizard question.

« on: July 15, 2018, 08:00:01 am »

+1
I'm also an OPNsense newb, an asus-merlin refugee with tech experience (sound designer with studio) and between jobs, on the bench, after days of attempts to get it right I finally navigated my way through the wizard with the results I was after. Only because my setup is pretty complex and I tried to jump the gun a bit.

Full-forward a few weeks, I'm facing a new challenge - how to vlan everything without creating bad firewall rules and without locking myself out. I wont hijack this thread. Only wanted to plus-one the need for more documentation

There is no documentation on vlans, bridging, firewall and nat to suite. There's some at pfsense but not enough either.

I already love opnsense and the open source community but am looking forward to the documentation being better. You will no doubt be seeing me a lot on this forum...probably saying "not this guy again"  I hope we get some help. I will always help others if I can, but I am a newb for now.