Messages

Egads.  Thanks for the pointer.  Yes, smart monitoring is failing and networking unhappiness is occurring.  I'll fail over to back up hardware tomorrow if it lasts that long.

Thanks for the insight, appreciated.  Hope you have a good week.

Copied the output from the gui... the two snips look like the only errors.  The system did not auto-reboot.  Any recommendations?  I'm worried about rebooting the router.  Right now opnsense is running fine, no issues.  Thanks in advance!


[36/37] Extracting clamav-1.0.1,1: .......... done
pkg-static: sqlite error while executing COMMIT TRANSACTION  in file pkgdb.c:1144: disk I/O error
pkg-static: sqlite error while executing SELECT script, type  FROM pkg_script    JOIN script USING(script_id)  WHERE package_id = 3249 in file pkgdb_iterator.c:733: disk I/O error
Starting web GUI...done.

...

Installing kernel-23.1.2-amd64.txz.../usr/local/sbin/opnsense-update: kldxref: Input/output error
failed, kldxref error 0
***DONE***

Right after the cut-off time, check the logs and see if his IP's are active.  If active, there's a flaw in your rules/config.  If not active, my bets would be that he's using a neighbors wifi or he's hotspotting from his cell phone.  Maybe you have a cell hotspot left on by accident?

The kids are tech savvy, they brainstorm at school on how to get around us.  They use web proxies to bypass facebook/instagram/snapshat blocks.  My experience was that if they were angry, I was a step ahead of them.  If they weren't angry and were distracted, they had figured out a way past the firewall.  One teenager dug out an old wifi router, plugged it into the spare port on the modem, and built his own private network...  was mad as a hornet when we figured it out and pulled the plug. 

Most effective advice I received:  all mobile comm devices have to be on the kitchen counter at 9pm.  If you go that route, expect a real fight.

Good luck.

I have seen instructions from the opnsense developers that github is the correct place.

Would be nice if someone could post a Monit How-To for core services like unbound. and restart the service.

(See attachment)  Here you go. 

step 1:  rtfm
step 2:  per the manual at https://docs.opnsense.org/manual/unbound.html  ...

Advanced Configurations

Some installations require configuration settings that are not accessible in the UI. To support these, individual configuration files with a .conf extension can be put into the /var/unbound/etc directory. These files will be automatically included by the UI generated configuration. Multiple configuration files can be placed there. But note that

    As it cannot be predicted in which clause the configuration currently takes place, you must prefix the configuration with the required clause. For the concept of "clause" see the unbound.conf(5) documentation.

    The wildcard include processing in unbound is based on glob(7). So the order in which the files are included is in ascending ASCII order.

    Namecollisions with plugins, which use this extension point e. g. unbound-plus, may occur. So be sure to use an unique filename.

    It is a good idea, to check the complete configuration by running the unbound-checkconf utility:

    # check if configuration is valid
    unbound-checkconf /var/unbound/unbound.conf

    This will report errors that prevent unbound from starting.

This is a sample configuration file to add an option in the server clause:

server:
  private-domain: xip.io

I believe that opnsense overwrites resolv.conf every 30 minutes via /usr/local/etc/inc/system.inc

However, I'd like to add the following to resolv.conf:

options ndots:1 timeout:0.3 attempts:1 rotate

My understanding is that the normal timeout to failover from one name server to another in the /etc/resolv.conf file is 5 seconds.  I'd like to change that to 0.3 seconds.

What is the approved method to accomplish this?

Thank you!

bartjsmit, fabian,  thank you very much.

I'm going to google this issue, yet I was hoping that someone here on the forums could give me any tips (or time to explain) what the heck this stuff is about, and more importantly, on how to prevent it on my opnsense implementation.  I would prefer to source my knowledge from here vs the wild web.

Background:  Heard of it, didn't understand it.  Have a work project that discussed arp-spoofing risks, researching it worried me that my home opnsense implementation could be at risk.  I'm vaguely suspicious that the default opnsense configuration is set to block this sort of thing, yet I'd like to know more.

I'll now go read up on this. 

Kind regards to everyone!

good morning everyone, I have a newbie question ... to protect a home network do I need to enable IPS on the LAN or WAN? should I set the wan address in the interfaces? Last thing, what are the standard rules to apply?
my hardware is an apu2c4. Many thanks to everyone for the advice!

I think there's a default, but if there isn't, I'd enable it on LAN.
re: Wan/interaces:  I think you have to enable it.  You can either manually configure the gateway ip or use DHCP.
re:  standard rules ... https://nguvu.org/pfsense/pfsense-baseline-setup/

I have just switched over to OPNsense from an ASUS router.  Right after boot up the speed test returns 360 Mbps download and 24 Mbps upload...

disclaimer:  I am not an expert by any means.  I simply have some experience.

In my opinion, the fact that you get 360Mbps is a clear indication that the opnsense hardware AND the configuration of opnsense is working as desired.  If it works when you turn it on, the basic setup most likely is correct.

The next 2 things which I would research are 1) as chemlud stated, your isp could be doing something wonky.  If they are, I'd guess that they would do it via detecting the different MAC address.  You could have opnsense spoof the Asus MAC.  2) there's a service on the server or in your configuration that has a delayed start, and it's eating bandwidth.  I don't know specifically how to diagnose that, but start with logs.... google it ("freebsd network hog")... be curious.

I get it that it's frustrating, and I have the same Asus router, it's been great.  However, Opnsense is better and it's worth the learning curve.

Kind regards!

Understood that maltrail caused it.  That's an extraordinary amount of cpu utilization for an add-on service... despite it's value, the system resource utilization is too high to consider re-installation.

It wasn't suricata, and I don't know why python2.7 kept eating all four cores cpu %.  I decided to remove plugins I wasn't using but had installed.  I removed: tinc vpn, wireguard, nut, and maltrail.  I apologize, I didn't remove them 1 at a time... I just removed them all, rebooted.  Suricata is running fine, I'm not getting any cpu issues at all.  I will reinstall some if not all of those packages in the future.  I'll post it if I can prove something is misbehaving.

Post 19.7.5.5 > 19.7.7 upgrade:

Noticed 100% cpu utilization (i5-5250u, 4 core), logged into command line, top listed suricata at 98%.  Disabled suricata in the gui, cpu utilization went down below 10% (normal-ish).  Then, cpu utilization spiked back up 100%, this time it's python 2.7 using over 90% on all 4 cores.

Any suggestions on what to do?

Greetings... Have you tried confirming that the Secure Shell options are what you expect them to be?  Just in case:

webgui > System > Settings > Administration > In the middle of that page are the Secure Shell configuration options.