1
Zenarmor (Sensei) / Re: Zenarmor GUI doesnt work after upgrade to Opnsense 23.7.8_1
« on: November 18, 2023, 09:46:44 pm »
Hi,
That seems to have worked. Thank you.
Alex
That seems to have worked. Thank you.
Alex
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
2
Zenarmor (Sensei) / Zenarmor GUI doesnt work after upgrade to Opnsense 23.7.8_1
« on: November 18, 2023, 11:22:19 am »
Hi All,
After upgrading Opnsense to version 23.7.8_1 the zenarmor GUI no longer works.
If you click any menu there you are left with a spinning wheel as below screen shot. Any ideas?
|Thanks,
Alex
After upgrading Opnsense to version 23.7.8_1 the zenarmor GUI no longer works.
If you click any menu there you are left with a spinning wheel as below screen shot. Any ideas?
|Thanks,
Alex
3
Web Proxy Filtering and Caching / Make NGINX Reverse Proxy bind to virtual IP on WAN
« on: May 29, 2021, 05:04:06 pm »
Hi,
I have a number of virtual IPs on my WAN interface, can I make NGINX in reverse proxy mode bind to only one specific IP?
If so please point me in the direction.
Many thanks,
Alex
I have a number of virtual IPs on my WAN interface, can I make NGINX in reverse proxy mode bind to only one specific IP?
If so please point me in the direction.
Many thanks,
Alex
4
20.7 Legacy Series / Re: [SOLVED] upgrade from 20.1.9 to 20.7 failed
« on: August 10, 2020, 10:35:46 pm »
@chris42 I like your solution much better.
I guess when you select or reselct the mirror the repo file gets written again, thereby fixing the issue i noted above. All in all a much safer easier solution than editing the repo file.
Best,
Alex
I guess when you select or reselct the mirror the repo file gets written again, thereby fixing the issue i noted above. All in all a much safer easier solution than editing the repo file.
Best,
Alex
5
20.7 Legacy Series / Re: [SOLVED] upgrade from 20.1.9 to 20.7 failed
« on: August 03, 2020, 10:04:59 pm »
Dear Franco,
Please don't take any of my "why does it" comments negatively. For me thats always a genuine technical curiosity as to what could have happened and not a frustration that things arent working as expected. This is actually the main reason why I run FOSS software, and its a fun process.
You have helped me directly before (was a newbie and didnt understand the FRR integration), for which I am grateful.
I do know that moderating fora can be a thankless task, so I thank you for doing it.
I didn't manage to upload the file due to time constraints, but here it is now. I haven't looked at it and dont know how useful it is now that the system upgraded ok, I did include some debug output in the original posts, but maybe not enough, so apologies for that.
Reading the other thread about long running "python37-3.7.8_1 and ruby can take ages" I guess I may be a victim of that (prematurely restarting the host) but, as I am running on an old ESXI host of mine with a quad core Intel(R) Xeon(R) CPU L5420 @ 2.50GHz (4 cores) on a hardware RAID controller with a RAID10 SAS mirror I figured it had had enough time... Lesson learned.
Anyway, thanks again for all the support.
Alex
Please don't take any of my "why does it" comments negatively. For me thats always a genuine technical curiosity as to what could have happened and not a frustration that things arent working as expected. This is actually the main reason why I run FOSS software, and its a fun process.
You have helped me directly before (was a newbie and didnt understand the FRR integration), for which I am grateful.
I do know that moderating fora can be a thankless task, so I thank you for doing it.
I didn't manage to upload the file due to time constraints, but here it is now. I haven't looked at it and dont know how useful it is now that the system upgraded ok, I did include some debug output in the original posts, but maybe not enough, so apologies for that.
Reading the other thread about long running "python37-3.7.8_1 and ruby can take ages" I guess I may be a victim of that (prematurely restarting the host) but, as I am running on an old ESXI host of mine with a quad core Intel(R) Xeon(R) CPU L5420 @ 2.50GHz (4 cores) on a hardware RAID controller with a RAID10 SAS mirror I figured it had had enough time... Lesson learned.
Anyway, thanks again for all the support.
Alex
6
20.7 Legacy Series / Re: BGP Dead after upgrade to 20.7
« on: August 02, 2020, 12:17:12 pm »
Hi,
I was about to upgrade 2 of my firewalls that have FRR for BGP. So Iĺl wait a bit.
Could you use the CLI to run vtysh which is the cli tool for frr and enable debug and see if frr is reporting anything directly?
Also can you share output (from within vtysh) of show bgp neighbours and show ip bgp statistics
Thanks,
Alex
I was about to upgrade 2 of my firewalls that have FRR for BGP. So Iĺl wait a bit.
Could you use the CLI to run vtysh which is the cli tool for frr and enable debug and see if frr is reporting anything directly?
Also can you share output (from within vtysh) of show bgp neighbours and show ip bgp statistics
Thanks,
Alex
7
20.7 Legacy Series / Re: Upgrade from 20.1.9_1 to 20.7 failed - no sig file found
« on: August 02, 2020, 11:53:01 am »
@Franco, yes you are right, and the reason, if you look at my other thread, is that the Repo file in /usr/local/etc/pkg/repos/OPNsense.conf gets borked.
Its requesting OPNsense 20.1 with FreeBSD (HBSD) version 12.... Which doesnt exist.
Why is this happening? (EDIT: Genuine Technical Curiosity question, not frustration)
Alex
See this post: https://forum.opnsense.org/index.php?topic=18361.0
Its requesting OPNsense 20.1 with FreeBSD (HBSD) version 12.... Which doesnt exist.
Why is this happening? (EDIT: Genuine Technical Curiosity question, not frustration)
Alex
See this post: https://forum.opnsense.org/index.php?topic=18361.0
8
20.7 Legacy Series / Re: [SOLVED] upgrade from 20.1.9 to 20.7 failed
« on: August 02, 2020, 11:23:18 am »
You can find the repo file in:
/usr/local/etc/pkg/repos/OPNsense.conf
Good luck.
/usr/local/etc/pkg/repos/OPNsense.conf
Good luck.
9
20.7 Legacy Series / WAN Interface down on reboot
« on: August 01, 2020, 07:27:25 pm »
Hi Everyone,
Whenever I reboot my firewall (Dell Server) the WAN interface does not work. I cannot ping or pass anytraffic on that interface.
If I log in to the GUI from LAN side, disable and then re-enable the WAN then everything works normally.
Why is this, and what can I do to prevent this?
Help appreciated,
Alex
Whenever I reboot my firewall (Dell Server) the WAN interface does not work. I cannot ping or pass anytraffic on that interface.
If I log in to the GUI from LAN side, disable and then re-enable the WAN then everything works normally.
Why is this, and what can I do to prevent this?
Help appreciated,
Alex
10
20.7 Legacy Series / Re: upgrade from 20.1.9 to 20.7 failed
« on: August 01, 2020, 07:08:19 pm »
Hmmm....
Very odd. The contents of the repo file were:
So I edited the line to url: "pkg+https://pkg.opnsense.org/${ABI}/20.7/latest",
ran pkg update which produced (which is good):
I then triggered option 12 from the root menu to update which produced (which also looks good):
All of this was only 4 meg download, and now my dashboard says version 20.7 without any reboot or anything, and took only seconds.
I am rebooting for comfort anyway though.
So, how did I end up with a borked repo file, that tried to merge 20.1 with HBSD 12?
Thoughts appreciated,
Alex
Very odd. The contents of the repo file were:
Code: [Select]
# cat OPNsense.conf
OPNsense: {
fingerprints: "/usr/local/etc/pkg/fingerprints/OPNsense",
url: "pkg+https://pkg.opnsense.org/${ABI}/20.1/latest",
signature_type: "fingerprints",
mirror_type: "srv",
priority: 11,
enabled: yes
}
So I edited the line to url: "pkg+https://pkg.opnsense.org/${ABI}/20.7/latest",
ran pkg update which produced (which is good):
Code: [Select]
pkg update -f
Updating OPNsense repository catalogue...
Fetching meta.txz: 100% 1 KiB 1.5kB/s 00:01
Fetching packagesite.txz: 100% 186 KiB 47.6kB/s 00:04
Processing entries: 100%
OPNsense repository update completed. 704 packages processed.
All repositories are up to date.
I then triggered option 12 from the root menu to update which produced (which also looks good):
Code: [Select]
Enter an option: 12
Fetching change log information, please wait... fetch: https://pkg.opnsense.org/FreeBSD:12:amd64/20.1/sets/changelog.txz.sig: Not Found
This will automatically fetch all available updates, apply them,
and reboot if necessary.
Proceed with this action? [y/N]: y
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (1 candidates): . done
Processing candidates (1 candidates): . done
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
opnsense: 20.1.9_1 -> 20.7
Number of packages to be upgraded: 1
4 MiB to be downloaded.
[1/1] Fetching opnsense-20.7.txz: .......... done
Checking integrity... done (0 conflicting)
[1/1] Upgrading opnsense from 20.1.9_1 to 20.7...
[1/1] Extracting opnsense-20.7: .......... done
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
opnsense-20.1.9_1: missing file /usr/local/opnsense/firmware-message
opnsense-20.1.9_1: missing file /usr/local/opnsense/firmware-upgrade
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
Keep version OPNsense\Monit\Monit (1.0.8)
Keep version OPNsense\Firewall\Alias (1.0.0)
Keep version OPNsense\OpenVPN\Export (0.0.1)
Keep version OPNsense\CaptivePortal\CaptivePortal (1.0.0)
Keep version OPNsense\Interfaces\Loopback (1.0.0)
Migrated OPNsense\Interfaces\VxLan from 0.0.0 to 1.0.1
Keep version OPNsense\Cron\Cron (1.0.1)
Keep version OPNsense\IPsec\IPsec (0.0.0)
Keep version OPNsense\Backup\NextcloudSettings (1.0.0)
Keep version OPNsense\TrafficShaper\TrafficShaper (1.0.3)
Keep version OPNsense\Syslog\Syslog (1.0.0)
Migrated OPNsense\IDS\IDS from 1.0.3 to 1.0.5
Keep version OPNsense\Proxy\Proxy (1.0.3)
Keep version OPNsense\Diagnostics\Netflow (1.0.1)
Migrated OPNsense\Routes\Route from <unversioned> to 1.0.0
Keep version OPNsense\Unboundplus\Miscellaneous (0.0.2)
Keep version OPNsense\Unboundplus\Dnsbl (0.0.1)
Writing firmware setting...done.
Writing trust files...done.
Configuring login behaviour...done.
Configuring system logging...done.
=====
Message from opnsense-20.7:
--
The lion sleeps tonight
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 1 packages:
Installed packages to be REMOVED:
sshlockout_pf-0.0.2_2
Number of packages to be removed: 1
[1/1] Deinstalling sshlockout_pf-0.0.2_2...
[1/1] Deleting files for sshlockout_pf-0.0.2_2: .... done
The following package files will be deleted:
/var/cache/pkg/opnsense-20.7-97385e5a92.txz
/var/cache/pkg/opnsense-20.7.txz
The cleanup will free 4 MiB
Deleting files: .. done
All done
Starting web GUI...done.
Generating RRD graphs...done.
All of this was only 4 meg download, and now my dashboard says version 20.7 without any reboot or anything, and took only seconds.
I am rebooting for comfort anyway though.
So, how did I end up with a borked repo file, that tried to merge 20.1 with HBSD 12?
Thoughts appreciated,
Alex
11
20.7 Legacy Series / Re: upgrade from 20.1.9 to 20.7 failed
« on: August 01, 2020, 06:58:24 pm »
Here is some debug output from pkg:
Code: [Select]
root@gw:~ # pkg -d update -f
DBG(1)[4764]> pkg initialized
Updating OPNsense repository catalogue...
DBG(1)[4764]> PkgRepo: verifying update for OPNsense
DBG(1)[4764]> PkgRepo: need forced update of OPNsense
DBG(1)[4764]> Pkgrepo, begin update of '/var/db/pkg/repo-OPNsense.sqlite'
DBG(1)[4764]> Fetch: fetching from: https://pkg.opnsense.org/FreeBSD:12:amd64/20.1/latest/meta.txz with opts "i"
pkg: https://pkg.opnsense.org/FreeBSD:12:amd64/20.1/latest/meta.txz: Not Found
repository OPNsense has no meta file, using default settings
DBG(1)[4764]> Fetch: fetching from: https://pkg.opnsense.org/FreeBSD:12:amd64/20.1/latest/packagesite.txz with opts "i"
pkg: https://pkg.opnsense.org/FreeBSD:12:amd64/20.1/latest/packagesite.txz: Not Found
Unable to update repository OPNsense
Error updating repositories!
root@gw:~ #
12
20.7 Legacy Series / [SOLVED] upgrade from 20.1.9 to 20.7 failed
« on: August 01, 2020, 06:52:00 pm »
Hi,
I have a freshly installed hardware firewall (Dell Server). I installed and configured 20.1.9.
A couple of days later the new 20.7 was released. I checked for updates, and unlocked the 20.7 upgrade, and proceeded to upgrade from GUI.
Something was downloaded and the firewall rebooted. "EDIT: Really a very poor report of the problem by me. Sorry. I didnt pay proper attention, and left the thing to run while I went for "coffee", well it was the weekend."
Now, its stuck on 20.1.9_1 with following errors:
Why is it still looking for 20.1 files and not 20.7?
When I try that URL on my laptop web browser, I get File Not Found.
I notice that the URL says FreeBSD:12 and then Opnsense 20.1 That cant be right.
If I try to download https://pkg.opnsense.org/FreeBSD:12:amd64/20.7/latest/packagesite.txz manually I get a file.
How can I manually update this URL or reset the updates database so it can download afresh?
Help appreciated, thanks,
Alex
I have a freshly installed hardware firewall (Dell Server). I installed and configured 20.1.9.
A couple of days later the new 20.7 was released. I checked for updates, and unlocked the 20.7 upgrade, and proceeded to upgrade from GUI.
Something was downloaded and the firewall rebooted. "EDIT: Really a very poor report of the problem by me. Sorry. I didnt pay proper attention, and left the thing to run while I went for "coffee", well it was the weekend."
Now, its stuck on 20.1.9_1 with following errors:
Code: [Select]
# opnsense-update
Updating OPNsense repository catalogue...
pkg-static: https://pkg.opnsense.org/FreeBSD:12:amd64/20.1/latest/meta.txz: Not Found
repository OPNsense has no meta file, using default settings
pkg-static: https://pkg.opnsense.org/FreeBSD:12:amd64/20.1/latest/packagesite.txz: Not Found
Unable to update repository OPNsense
Error updating repositories!
root@gw:/home/alex_rhys-hurn #
Why is it still looking for 20.1 files and not 20.7?
When I try that URL on my laptop web browser, I get File Not Found.
I notice that the URL says FreeBSD:12 and then Opnsense 20.1 That cant be right.
If I try to download https://pkg.opnsense.org/FreeBSD:12:amd64/20.7/latest/packagesite.txz manually I get a file.
How can I manually update this URL or reset the updates database so it can download afresh?
Help appreciated, thanks,
Alex
13
18.7 Legacy Series / [SOLVED] Re: How does opnsense select gateway when OSPF
« on: October 02, 2018, 02:50:48 pm »
I can confirm that deleteing all gateways, and setting gateway to auto in interfaces for my wan links, causes opnsense to use the OSPF injected default routes.
Failover between them is very fast, and it is load balancing via ECMP
Thanks,
Alex
Failover between them is very fast, and it is load balancing via ECMP
Thanks,
Alex
14
18.7 Legacy Series / Re: How does opnsense select gateway when OSPF
« on: September 23, 2018, 11:42:23 pm »
Hi Fabian,
So, to answer my own question is the sequence for route selection something like this?
1st: Policy Based Routes via Firewall Rules
2nd: Static ROutes with cost lower than dymanic routes (I dont think you can modigy static route cost in the gui, which is a shame)
3: Dynamic Routing?
So given that I want to use dynamic routing as my primary default route path, I must be careful how things are configured.
Alex
So, to answer my own question is the sequence for route selection something like this?
1st: Policy Based Routes via Firewall Rules
2nd: Static ROutes with cost lower than dymanic routes (I dont think you can modigy static route cost in the gui, which is a shame)
3: Dynamic Routing?
So given that I want to use dynamic routing as my primary default route path, I must be careful how things are configured.
Alex
15
18.7 Legacy Series / Re: Block bogons breaks OSPFv3
« on: September 23, 2018, 11:39:18 pm »
Hi Guys,
Thanks for the feedback. Its helpful to see how to run OPNSense as I am new to it.
I am all working now.
Alex
Thanks for the feedback. Its helpful to see how to run OPNSense as I am new to it.
I am all working now.
Alex
Pages: [1] 2