Messages

1

24.7 Production Series / NUT doesn't retain settings on upgrades.

« on: October 09, 2024, 08:08:17 pm »

I've noticed today, after upgrading from 24.7.5 to 24.7.6, that NUT on startup is complaining that the UPS is unavailable.

I confirmed the service was running and then from the web UI went to NUT and observed the client was running there according to the settings but it wasn't until I hit the "Apply" button did it start to fully work. I use an SNMP configuration and it seems that during upgrade the ups.conf isn't properly written or something of that nature until I go in an re-apply the settings. They seem to be there from the previous upgrade configuration but I just need to rebuild the ups.conf it seems via the Apply process.

I am more than happy to provide any insight for troubleshooting.

Thanks!

2

24.7 Production Series / Re: Upgrade to 24.7.5 does not automatically reboot

« on: September 26, 2024, 04:49:38 pm »

My bare metal didn't reboot either after update and I have crowds installed.

I also saw a few segfaults from a few daemons on boot up:

Code: [Select]

pid 32801 (squid), jid 0, uid 100: exited on signal 11 (no core dump - bad address)
pid 28907 (ntpd), jid 0, uid 0: exited on signal 11 (no core dump - bad address)
pid 29870 (ntpd), jid 0, uid 0: exited on signal 11 (no core dump - bad address)


3

24.7 Production Series / Re: Gaps of data/reporting in reporting health dashboard

« on: July 28, 2024, 03:04:08 pm »

Still seeing this issue, I also as a tested reset my RRD data via the webUI and it still is happening.

4

24.7 Production Series / Re: Backup API

« on: July 27, 2024, 11:11:50 pm »

So the instructions need to include restarting the webGUI AFTER applying the patch. After doing that I am able to backup now.

5

24.7 Production Series / Re: Backup API

« on: July 27, 2024, 11:09:27 pm »

Thanks, will be hotfixed on Monday.


Cheers,
Franco

I have this same issue and using the same patch but still get the errors in the UI:

Code: [Select]

[26-Jul-2024 14:27:41 America/New_York] ArgumentCountError: Too few arguments to function OPNsense\Mvc\Response::setContentType(), 1 passed in /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/Api/BackupController.php on line 200 and exactly 2 expected in /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Response.php:64
Stack trace:
#0 /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/Api/BackupController.php(200): OPNsense\Mvc\Response->setContentType('application/oct...')
#1 /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Dispatcher.php(165): OPNsense\Core\Api\BackupController->downloadAction('this')
#2 /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Router.php(156): OPNsense\Mvc\Dispatcher->dispatch(Object(OPNsense\Mvc\Request), Object(OPNsense\Mvc\Response), Object(OPNsense\Mvc\Session))
#3 /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Router.php(139): OPNsense\Mvc\Router->performRequest(Object(OPNsense\Mvc\Dispatcher))
#4 /usr/local/opnsense/www/api.php(36): OPNsense\Mvc\Router->routeRequest('/api/core/backu...', Array)
#5 {main}

Do I need to restart anything?

My script:

Code: [Select]

#!/bin/bash

# Since we need curl let's see if it is installed
if cmd=$(command -v curl); then
        CURL=$cmd
else
        echo "$(date "+[%Y-%m-%d - %H:%M:%S%p]"): ERROR: Required binary curl is missing, please install it" > $LOG 2>&1
        exit 1
fi

# Slack notification function
notify () {
        message=$1
        curl -s https://api.pushover.net/1/messages.json -d "token=${apitoken}&user=${userkey}&title=OPNSense%20Backup&message=${message}&timestamp=${ts}&device=${device}"
        echo "$message" | mailx -r opnsense-backup@domain.com -s "OPNsense Backup" user@domain.com
}

# Variables
PINGHOST=192.168.xx.1
HOST=$PINGHOST
PFPATH=/mnt/scripts/opnsense
ts=$(date +%s)

# api access
# Backup user
key="redacted"
secret="redacted"

# pushover settings
userkey="redacted"
apitoken="redacted"
device="redacted"

# Check to make sure firewall is up
ping -c 1 -W 5 $PINGHOST &>/dev/null
if [ $? -ne 0 ] ; then
   echo "$PINGHOST is down! bailing"
   notify "$PINGHOST is down! Check to make sure firewall is online"
   exit
fi

# Clean up old files
find $PFPATH -name "*.xml" -mtime +7 -exec rm -rf {} \;

# Download the config
# Pre 23.7.8, this is now native in the API
#/usr/bin/curl -k -u "$key":"$secret" https://$HOST/api/backup/backup/download -o $PFPATH/$(/bin/date +%Y%m%d).xml
/usr/bin/curl -k -u "$key":"$secret" https://$HOST/api/core/backup/download/this -o $PFPATH/$(/bin/date +%Y%m%d).xml

# Check if the configuration is the right size...
XML_CHECK=$(grep -c "?xml" $PFPATH/`date +%Y%m%d`.xml)
SIZE=$(stat -c %s $PFPATH/`date +%Y%m%d`.xml)


# File must be zero size...
if [ $SIZE -eq 0 ]; then
        notify "Configuration download was ZERO bytes, check the backup process!"
        exit
fi
if [ $XML_CHECK -eq 0 ]; then
        notify "Configuration download did not meet expected XML format, check the backup process!"
        exit
fi
notify "Backup of Firewall completed on $(date)"

I run my script from a Debian 12 host and it worked just fine in 24.1 for every release.

6

24.7 Production Series / Gaps of data/reporting in reporting health dashboard

« on: July 26, 2024, 04:46:35 pm »

So I was doing some other poking around and see what is new in 24.7 and noticed that in the reporting health dashboard there are odd gaps of data even though the firewall was online and running without issues. I checked various sections (e.g., Packets, Traffic, System, etc.) and it is all there. I upgraded my firewall last night starting around 18:44 and you can clearly see in the attachments the data and displaying of that data was rock solid and after the upgrade there are around 30 minutes of data missing every other 30 minutes.

Let me know if any additional information is needed but I thought it was report worthy.

7

24.7 Production Series / Re: Backup API script broke after upgrade

« on: July 26, 2024, 03:59:42 pm »

Changing line 200 in /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/Api/BackupController.php to this fixes the issue:

Code: [Select]

$this->response->setContentType('application/octet-stream', 'UTF-8');
Or just pulling that Git commit haha.

I did but it doesn't touch that file. Also this suggested change doesn't fix the error code I am reporting, I modified the file by hand for line 200 and still doesn't resolve it and throws the same issue. I wonder if my CURL for the backup call needs to be updated to 24.7 so asking that question again.

Code: [Select]

root@firewall:~ # opnsense-patch 897d3cce
Found local copy of 897d3cce, skipping fetch.
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|From 897d3cce3a0b5117450ff6c36db0635cf2e19591 Mon Sep 17 00:00:00 2001
|From: Ad Schellevis <ad@opnsense.org>
|Date: Fri, 26 Jul 2024 10:22:24 +0200
|Subject: [PATCH] MVC: Response->setContentType() default to empty,  closes
| https://github.com/opnsense/core/pull/7655
|
|---
| src/opnsense/mvc/app/library/OPNsense/Mvc/Response.php | 2 +-
| 1 file changed, 1 insertion(+), 1 deletion(-)
|
|diff --git a/src/opnsense/mvc/app/library/OPNsense/Mvc/Response.php b/src/opnsense/mvc/app/library/OPNsense/Mvc/Response.php
|index 4efd7b6069..b003b25b54 100644
|--- a/src/opnsense/mvc/app/library/OPNsense/Mvc/Response.php
|+++ b/src/opnsense/mvc/app/library/OPNsense/Mvc/Response.php
--------------------------
Patching file opnsense/mvc/app/library/OPNsense/Mvc/Response.php using Plan A...
Reversed (or previously applied) patch detected!  Assuming -R.Hunk #1 succeeded at 61.
done
All patches have been applied successfully.  Have a nice day.
root@firewall:~ #


8

24.7 Production Series / Re: Backup API script broke after upgrade

« on: July 26, 2024, 01:40:53 pm »

Maybe applied twice? Worth checking the error log as it mentions...

This is the error reported by the CRASH reporter, there are no other errors in any other logs.

Code: [Select]

[26-Jul-2024 05:02:45 America/New_York] ArgumentCountError: Too few arguments to function OPNsense\Mvc\Response::setContentType(), 1 passed in /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/Api/BackupController.php on line 200 and exactly 2 expected in /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Response.php:64
Stack trace:
#0 /usr/local/opnsense/mvc/app/controllers/OPNsense/Core/Api/BackupController.php(200): OPNsense\Mvc\Response->setContentType('application/oct...')
#1 /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Dispatcher.php(165): OPNsense\Core\Api\BackupController->downloadAction('this')
#2 /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Router.php(156): OPNsense\Mvc\Dispatcher->dispatch(Object(OPNsense\Mvc\Request), Object(OPNsense\Mvc\Response), Object(OPNsense\Mvc\Session))
#3 /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Router.php(139): OPNsense\Mvc\Router->performRequest(Object(OPNsense\Mvc\Dispatcher))
#4 /usr/local/opnsense/www/api.php(36): OPNsense\Mvc\Router->routeRequest('/api/core/backu...', Array)
#5 {main}


9

24.7 Production Series / Re: Backup API script broke after upgrade

« on: July 26, 2024, 01:16:02 pm »

Likely https://github.com/opnsense/core/commit/897d3cce

# opnsense-patch 897d3cce


Cheers,
Franco

Same error after applying the patch. Do I need to restart any services for it to take affect?

10

24.7 Production Series / Backup API script broke after upgrade

« on: July 26, 2024, 11:46:20 am »

I use the backup api to pull a configuration file down and store it elsewhere as a precaution but this stopped working after the upgrade. Here is the command I am using to pull the backup config via API:

Code: [Select]

/usr/bin/curl -k -u "$key":"$secret" https://$HOST/api/core/backup/download/this -o $PFPATH/$(/bin/date +%Y%m%d).xml

I am getting an error back now:

Code: [Select]

{"errorMessage":"Unexpected error, check log for details"}

I can't find anything in any log on the OS level showing anything strange.

Thanks!

11

23.1 Legacy Series / Re: Upgrade to 23.1.5 - No wireguard traffic (empty alias problem?)

« on: March 29, 2023, 06:34:47 pm »

I don't use any Aliases in the NAT section with IPs but do with ports. It seems this is working as expected after upgrading.

I do use IPs in aliases on rules and those are fine for me.

Just different points of data.

12

23.1 Legacy Series / Re: OPNSense 23.1.5 - NTP service fails

« on: March 29, 2023, 06:04:12 pm »

Had the same issue...

I saw running NTP processes listening on the selected interfaces but looks like on initial boot maybe the service checker didn't align?

I was able to force kill the PIDS from the command line and restart NTP from the web UI and its reflected properly now.

13

23.1 Legacy Series / Re: AcmeClient: validation for certificate failed

« on: March 23, 2023, 04:06:37 pm »

Bump, I have the same issue but using DNS01 as the validation.

I was able to go back into each certificate and click on renew/issue to fix the issue.

14

23.1 Legacy Series / Unbound doesn't load blocklist on reboot or dashboard is wrong?

« on: February 15, 2023, 11:15:54 pm »

I've noticed since I've added a blocklist into Unbound to protect the EDGE of DNS queries that it is not loading the blocklist via URL on boot-up or so the new dashboard reflects the "Size of blocklist" is ZERO.

I currently have it configured for https://dbl.oisd.nl/ and I know this list works since when after a reboot I can go in and restart Unbound and the "Size of blocklist" shows properly now.

Not sure if this is a dashboard "quirk" or Unbound is not truly loading the list on boot.

EDIT: Looks like in the logs for today when I rebooted to install 23.1.1 I see this:

Code: [Select]

<163>1 2023-02-15T15:10:53-05:00 firewall.lan unbound 71004 - [meta sequenceId="224"] blocklist download : unable to download file from https://dbl.oisd.nl/ (error : HTTPSConnectionPool(host='dbl.oisd.nl', port=443): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x8027ccf40>: Failed to establish a new connection: [Errno 8] Name does not resolve')))

How do I prevent this?

15

23.1 Legacy Series / Re: NUT (UPS) daemon is unable to start after upgrade

« on: January 27, 2023, 01:00:17 am »

The right fix is likely that the owner:group of /var/db/nut remains nut:nut so that everything works. Unsure why this becomes uucp:uucp at some point.

Changing the permissions to 777 on /var/db/nut makes things work (DP is the UPS name)

Code: [Select]

root@*******:/var/log # ls -al /var/db/nut/
total 20
drwxrwxrwx   2 uucp  uucp    512 Jan 26 18:41 .
drwxr-xr-x  21 root  wheel  1536 Jan 26 18:37 ..
-rw-r--r--   1 nut   uucp      6 Jan 26 18:41 upsd.pid
-rw-r--r--   1 root  uucp      6 Jan 26 18:38 upsmon.pid
srw-rw----   1 nut   uucp      0 Jan 26 18:41 usbhid-ups-DP
-rw-r--r--   1 nut   uucp      6 Jan 26 18:41 usbhid-ups-DP.pid

This is definitely not a good fix in any way, it is very bad and insecure but it gets me going for now until the right solution is found or this is fixed.

Changing to 777 allowed for it to start. Least that is a work around for now.