Messages

1

24.7 Production Series / Re: NUT / TrippLite / Permission problems?

« on: September 11, 2024, 06:38:09 pm »

Come to think of it I have an HP DL360 G7 collecting dust, but that thing sounds like a jet. IDK if i can sit next to it long enough to test, and racking it would be a pain for a quick test.

2

24.7 Production Series / Re: NUT / TrippLite / Permission problems?

« on: September 11, 2024, 06:33:20 pm »

All my "fix'" does is start NUT as root, kill, start NUT as nut. A full reinstall isn't really an option. I might just get a Rpi to do all the NUT stuff. If OPNsense's NUT continues to fail with the SNMP-driver or in client mode I'll just schedule remote backups and let it die with a power loss. Im done banging my head against the wall with this for a while. I'm going to leave it for a couple of days. Maybe try to scrounge up the parts for a test machine.   

3

24.7 Production Series / Re: NUT / TrippLite / Permission problems?

« on: September 11, 2024, 05:38:47 pm »

Woke up this morning to NUT broken again. This is getting really annoying.  I give up, I'll just schedule a restart of the service with my script every 6 hours and cross my fingers that a power outage doesn't happen at a time NUT is broken.

4

24.7 Production Series / Re: VLAN Issue?

« on: September 11, 2024, 04:25:13 pm »

Check your overview for all your interfaces. "Interfaces-Overview". Your 10Gbe NICs should work with no problems with included drivers, same thing with the I226 NICs.

ix0 and ix1 are your 10G NICs and igc1 and igc2 are your 2.5G NICs. Vlans go on the hardware interface, do not assign the physical interface in the assignments menu and they will show up in the "Interfaces-Other Types-VLAN" for VLAN assignment. If you want to LAG any of interface the VLANS go on the LAG interface not the physical interfaces.


edit:
Assigning the interface shouldn't remove it from the vlan menu, but it used to. There in no need to assign the parent (physical) interface unless your using some form of Intrusion Detection or Prevention.

edit 2:
The SFP+ ports are basically a "Intel® Ethernet Converged Network Adapter X520-DA2" under a different form factor. A pretty old and well-established card with drivers built to most OSs these days. I have 1 in Windows, 1 in Ubuntu, and 1 in OPNsense. Never have I run across a problem with these NICs.

5

24.7 Production Series / Re: IPS/IDS filling my log file

« on: September 10, 2024, 08:47:14 pm »

  🎉

6

24.7 Production Series / Re: IPS/IDS filling my log file

« on: September 10, 2024, 08:06:13 pm »

I looked for a PR before I responded before. I see it now. I really don't care how often they send the data. Just make the logs sensible. Maybe collate the data and log it every hour.

Thankyou for your help and the PR.

7

24.7 Production Series / Re: IPS/IDS filling my log file

« on: September 10, 2024, 07:54:48 pm »

AdSchellevis' attitude seems to be fix it yourself and give us your code or deal with it. It's kinda feeling like pfSense over here. I understand they are in the middle of a major GUI transition, but this seems like a sensible change and something the someone that works on OPNsense often could do one-handed in a few minutes. I wouldn't know where to start. I love OPNsense and I'm not going anywhere, but that interaction leaves a bad taste in my mouth.

8

24.7 Production Series / IPS/IDS filling my log file

« on: September 10, 2024, 07:01:21 pm »

I enable IPS/IDS last night using "ETPRO Telemetry edition". I assume this is causing the log to fill with:

Notice   send_telemetry.py   telemetry data collected 16 records in 0.01 seconds

every 60 seconds. Is there a way to keep this from getting logged? It makes the "Live Log" widget absolutely useless.

9

24.7 Production Series / Re: NUT / TrippLite / Permission problems?

« on: September 10, 2024, 04:18:29 pm »

IDK what or how it really broke. It seems like a one-off or edge case. I couldn't find any others with the problem, but my google fu has been a bit off since AI got involved. Its fixed so I'm happy.

Do you happen to know what NUT is looking for to initiate a shutdown. Is it just looking for the low power warning? I want to configure a 2nd nut instance (using the SNMP driver, on a 2nd system) for the rest of the stuff covered by the UPS. With more control over that instance I can define the shutdown parameters to be something like 50% or remaining battery (low battery warning should trip at 25% for my UPS). Im trying to keep my WIFI up as long a possible while shutting down the rest of the network.

10

24.7 Production Series / Re: NUT / TrippLite / Permission problems?

« on: September 10, 2024, 03:14:49 pm »

Thanks for the reply. This was a somewhat fresh install, but I did try removing and reinstalling a couple of times to no effect.

For a sanity check, I uninstalled and removed users nut, messagebus, and avahi as the output of the uninstall process said. Rebooted, installed, rebooted, setup, rebooted. This fixed it. I think something was broken with the users/groups, I always ignored the output or the uninstall process and left the users/groups each reinstall. 3 extra commands in the console fixed it.
sudo rmuser nut
sudo rmuser avahi
sudo rmuser messagebus

I think it might be useful to send a popup message when extra actions are needed to finish an uninstall. Or give the uninstaller permission to remove the users after a confirmation popup. I can't be in the minority, most people at best skim the last couple of lines. "DONE" at the end maybe should be more specific. Like "Sucess" when no extra actions are needed and "DONE, some extra actions may be needed, read the entire output."

11

24.7 Production Series / Re: Kea and Unbound

« on: September 10, 2024, 02:15:49 pm »

Thanks for the reply. Static mappings are all i want/need. If there is something on my network that doesn't have its IP reserved then its a guest device, something new, or something that should be there.

12

24.7 Production Series / Kea and Unbound

« on: September 10, 2024, 12:05:46 am »

Does the Unbound option to "Register DHCP Static Mappings" work yet? I remember when it was first added it didn't. I found a script to import my ISC mappings into Kea :
https://github.com/EasyG0ing1/Migration/

It seemed to work fine, but I haven't enabled Kea yet. Thats a midnight task or I'll piss people off. The "Register DHCP Static Mappings" option has been the only thing keeping me with ISC.

13

24.7 Production Series / NUT / TrippLite / Permission problems?

« on: September 09, 2024, 11:55:20 pm »

 I have a TrippLite su1000rtxl2ua UPS setup with NUT.

General Settings
  Service Mode = standalone
  Name = TrippLiteTest
  Listen Address 127.0.0.1
UPS Type
  Driver: USBHID-Driver
    port=auto vendorid=09ae productis=40004 (values found on the console)



I don't ever get an output on the diagnostics page, so i check the logs and see.

Notice   usbhid-ups   writepid: fopen /var/db/nut/usbhid-ups-TrippliteTest.pid: Permission denied


So I stop the services and jup on the console and google. I manage to start the services as root no problem. So I stop them and try to start them as the "nut" user. Everything starts, I hop on the UI and boom UPS stats! So I reboot. 95% sure its going to break, and i was right. So I try modifying the service to do this for me by changing the nut-prestar to start it with root, kill it, and start it the second time as nut.

nut_prestart() {
        #
        # As of PR/268960 UID/GID uucp is no longer used by nut.
        # Instead UID/GID nut is used. Make sure preexisting nut files
        # and directories are owned by nut instead of uucp.
        #
        if [ "${nut_file_fixup}" == "YES" ]; then
                find ${nut_prefix}/etc/nut -user uucp -exec chown nut {} \;
                find ${nut_prefix}/etc/nut -group uucp -exec chgrp nut {} \;
                find /var/db/nut -user uucp -exec chown nut {} \;
                find /var/db/nut -group uucp -exec chgrp nut {} \;
        fi

        # Start the driver as root first
        /usr/local/libexec/nut/usbhid-ups -a TrippliteTest -u root
        # Give it a moment to initialize
        sleep 2
        # Kill the root instance
        pkill -f "/usr/local/libexec/nut/usbhid-ups -a TrippliteTest -u root"

        # Now start the driver normally
        ${nut_prefix}/sbin/upsdrvctl start
}

This works but of course gets nuked with reboots, updates, and sometimes seemingly at random. I assume there is a proper way of editing services and this isn't it. So instead of learning the right way i save a copy in my home folder and create a script to copy the file and restart the service.

#!/bin/sh

# Define the source and destination paths
SOURCE="/home/tekgeek/nut"
DESTINATION="/usr/local/etc/rc.d/nut"

# Move the file from the source to the destination
cp -p "$SOURCE" "$DESTINATION"

# Restart the NUT service to apply changes
service nut restart


I also put the script here /usr/local/opnsense/scripts/fixNUT/fixNUT.sh, and an action for the script to gain UI access to setup a cron job.

[run]
command:/usr/local/opnsense/scripts/fixNUT/fixNUT.sh
parameters:
type:script
message:Fixing NUT
description: Fix NUT


This still breaks so I need to occasionally run the script in my home folder manually?

This seems like a permissions bug in one of the startup scrips, but I don't know where or how to fix it. I would really like to not have this kludgy, fragile config. ChatGPT was used to modify the service and create the scripts.

14

24.1 Legacy Series / Error in logs I can't google away.

« on: February 21, 2024, 08:34:52 pm »

[Error]
opnsense

/xmlrpc.php: Unable to retrieve authenticator for ec+/VzE7xRr3xhGzFyZJk0n1PgAg+ZriD2Ty3SFq/4PtAhLpdOj0RZxeDorEKMKE2l47/1L4OAKZy+Po

I cant find this key aynwhere. Its not related to any VPN, the self-signed https cert, my lets-encrypt https cert. I don't have "High Availability" so CARP (where google pointed me) shouldn't be running. The error repeats about every 80 seconds.

15

23.7 Legacy Series / Typo: Services - Unbound DNS - Advanced - Cache Settings - Message Cache Size

« on: January 20, 2024, 11:53:05 pm »

"DNS rcords" should probably be "DNS records".


Checked for an update, seems its the current build. OPNsense 23.7.12-amd64

Check the picture