Messages

I did a recent fresh install, and got the option to use ZFS. However, it wouldn't do it and complained that I needed two disks, iirc. What am I missing?

Code Select Expand

Error opnsense /xmlrpc.php: Unable to retrieve authenticator for PW/4...

I don't (yet) have anything set up for high availability.

I took the drive out and did a smartctl long check, but nothing showed up. I just did a fresh install, and the problem seems to be gone, so I I should mark this as SOLVED.

I am afraid that you are probably correct. I am trying to be in denial. It might be best to swap in my backup and do a fresh install after a disk check. Thanks for your help.

After some more research, I tried git pull --prune. This mostly worked, but there are some unexpected local audio commits:

Code Select Expand

error: Your local changes to the following files would be overwritten by merge:
        audio/vban/Makefile
        audio/virtual_oss/Makefile
        audio/virtual_oss/distinfo
        audio/virtual_oss_ctl/Makefile
        audio/virtual_oss_ctl/distinfo
        audio/visp-go/Makefile
        audio/vmpk/Makefile
        audio/vmpk/distinfo
        audio/vmpk/pkg-plist
        audio/vst3sdk/Makefile
        audio/vst3sdk/distinfo
        audio/vst3sdk/files/patch-cmake_modules_SMTG__AddSMTGLibrary.cmake
        audio/vst3sdk/files/patch-cmake_modules_SMTG__PlatformToolset.cmake
        audio/vst3sdk/files/patch-pluginterfaces_base_fplatform.h
        audio/vst3sdk/files/patch-pluginterfaces_base_funknown.cpp
        audio/vst3sdk/files/patch-public.sdk_source_vst_auwrapper_again_CMakeLists.txt
        audio/vst3sdk/files/patch-vstgui4_vstgui_lib_platform_linux_x11fileselector.cpp
        audio/vst3sdk/files/patch-vstgui4_vstgui_tests_unittest_CMakeLists.txt
Please commit your changes or stash them before you merge.
Aborting
Since I don't know anything about these files, I don't know where to discard or merge them. I may have already done enough damage.

Wow, that was fast---thanks! Your guess was close, it is in /usr/tools/.git
I removed the index, and made progress, but with a new error. I removed that index, and ran

Code Select Expand


root@OPNsense:/usr/ports/.git # git reset HEAD
root@OPNsense:/usr/ports/.git # opnsense-code ports
remote: Enumerating objects: 2279, done.
remote: Counting objects: 100% (1829/1829), done.
remote: Compressing objects: 100% (582/582), done.
remote: Total 2279 (delta 1190), reused 1512 (delta 1111), pack-reused 450
Receiving objects: 100% (2279/2279), 711.82 KiB | 2.88 MiB/s, done.
Resolving deltas: 100% (1401/1401), completed with 56 local objects.
fatal: bad object refs/heads/master
error: https://github.com/opnsense/tools did not send all necessary objects
There is also /usr/ports/.git/index, which I moved and ran the above again, with the same results.  I don't know what /usr/ports/.git/refs/heads should look like but it is just some hex number, like a hash.

Am running the latest firmware on OPNsense on bare metal, but this problem might have existed earlier, unnoticed. I am updating my tailscale installation with

Code Select Expand

root@OPNsense:/home # opnsense-code src
fatal: .git/index: index file smaller than expected


This typically indicates a corrupt index file which can be removed and rebuilt.  However, the index does not exist in the usual place

Code Select Expand

root@OPNsense:/home # git status
fatal: not a git repository (or any of the parent directories): .git
, though I am not sufficiently familiar with freeBSD to know.  The OPNsense documentation (https://docs.opnsense.org/manual/software_included.html#the-ports-tree) does suggest that this should be the usual place.

Am hoping that anyone more knowledgeable than I knows how to find the index and fix this. Thanks.

Because it believes that it is a parked domain. However, the solution is fairly easy.
Go to Zenarmor -> Policies -> Default -> Exclusion.  Whitelist the domain services.generalmagic.com
Just in case anyone else runs into this problem.

My OPNsense box has started crashing (seemingly) randomly every couple of days. It is difficult to debug without logs from the time of the crash.  When it crashes there is no responsiveness from pings or ssh or webUI, so I have to reboot.  However, after I reboot, all the logs I can find (e.g., /var/log/system) are from times after the reboot.

How can I get info from the crash to debug?  Any help appreciated.

Adding this to the thread to help out other users of freemyip.com and to inform the developers of the current issue that requires workaround with this dynamic DDS provider.

freemyip.com doesn't require a username and password.  At the time your custom domain is created you are provided a token which is used to refresh your ip address when properly accessed.  freemyip.com supports ddclient and they provide a configuration (below) where you populate the username and password fields with your custom token

# Configuration for freemyip.com
custom=yes
server=freemyip.com
protocol=dyndns2
login=YOUR_TOKEN
password=YOUR_TOKEN
YOUR_DOMAIN.freemyip.com

Currently you cannot populate these values through the Opnsense web interface as the token includes an ampersand character and Opnsense restricts entry of an ampersand in the username field (see below)



You must edit the ddclient.conf file directly to enter your token in the two fields after which it works fine.

I don't think this works. At least, there is never a confirmation in the logs that it has connected.

Thanks for that. It was not blocked, but it did need to be explicitly allowed. I think that there was a change a couple versions back to OPNsense that changed that, because the gateway maltrail or something also stopped working until a rule was added.

I am running  21.7.3_3-amd64 on a Protectli box. I don't think I have anything too strange in my setup. But for some time, the netdata web ui has been unavailable, and I finally tried today to see what might be going wrong. I uninstalled the os-netdata plugin and reinstalled it. Made sure that it was enabled, and checked that the daemon is running according the OPNsense dashboard. But still not available. I checked the General System logfiles, but did not find anything. I use the IP address of the box to make sure that there is not a DNS issue. Double-checked the correct port and checked CLI:

Code Select Expand

root@OPNsense:~ # sockstat | grep 19999
netdata  netdata    92292 5  tcp4   192.168.yy.yy:19999    *:*


But trying to load the UI just times out. Tried different browsers.

I would appreciate any pointers for where else to investigate. If there is anything else in the forum, I haven't been able to find it.

Yeah, it was ICMP. I made a pass rule in LAN like response#6 here: https://forum.opnsense.org/index.php?topic=10718.msg48955#msg48955

Thank you!

Thanks for the response. This indeed looks useful. To answer your question: I don't! But a device on my network does. It checks that it is connected this way very frequently, and reboots the wifi connection if the ping comes back empty. Stupid, I know, but cannot be changed.

So, I think that I found the proper place: Firewall-> Settings->Advanced. There are three radio buttons dealing with reflection. I tried every permutation of enabling these, and saving settings, but none worked. I even tried enabling all three and rebooting, but still no success. Any ideas what I am missing?

I read problems in the forum involving dual WAN setups, but mine is not dual and pretty simple. The 'block private network' switch on WAN is not checked. Yet, I cannot ping the gateway from inside the LAN.  I must be missing something stupid, so any suggestions are likely to be useful, and certainly appreciated.