Messages

Historically there are answers when they have time. So are you saying they no longer jump in and help users unless they pay for help?

There seems to be a lot of 0 replies lately. They must be very busy. I do recall in the new "instances" setup for servers, that you can enter the IP address and or subnet to connect to. Instances/local network/Local Network

For some reason, I see all these messages and many people reading, but 0 replies. I do not understand why. I had the same problem. There have been MANY changes to OpenVPN and how it works. You will need to basically start over from what I can see. The old legacy stuff is pretty much gone. Now you have to create instances. The problem I'm running into is the new documentation is pretty lacking. Good luck.

Delete please

I started a fresh install, since every update seemed to cause the system to go down. I suspect legacy things were clashing. Anyhow now there are a couple of issues that I do not understand.

2024-11-12T17:57:06-07:00   Error   ntpd   error resolving pool 3.opnsense.pool.ntp.org: Name does not resolve (8)   
2024-11-12T17:57:06-07:00   Error   ntpd   error resolving pool 2.opnsense.pool.ntp.org: Name does not resolve (8)   
2024-11-12T17:57:06-07:00   Error   ntpd   error resolving pool 1.opnsense.pool.ntp.org: Name does not resolve (8)   
2024-11-12T17:57:06-07:00   Error   ntpd   error resolving pool 0.opnsense.pool.ntp.org: Name does not resolve (8)   
2024-11-12T17:56:54-07:00   Error   ntpd   error resolving pool 3.opnsense.pool.ntp.org: Name does not resolve (8)   
2024-11-12T17:56:53-07:00   Error   ntpd   error resolving pool 2.opnsense.pool.ntp.org: Name does not resolve (8)   
2024-11-12T17:56:52-07:00   Error   ntpd   error resolving pool 1.opnsense.pool.ntp.org: Name does not resolve (8)   
2024-11-12T17:56:51-07:00   Error   ntpd   error resolving pool 0.opnsense.pool.ntp.org: Name does not resolve (8)   
2024-11-09T22:46:40-07:00   Error   ntpd   error resolving pool 3.opnsense.pool.ntp.org: Name does not resolve (8)

This is one issue. Yet, if I ping those addresses they resolve and answer back just fine. I saw that a device was not using these servers, but going to an alternate. I wondered why. This is what I see.

The other issue, I'm guessing related is:
The DNS query name does not exist: <!DOCTYPE. [for Hulu]   
2024-11-13T14:20:04-07:00   Error   firewall   The DNS query name does not exist: if. [for Hulu]   
2024-11-13T14:20:04-07:00   Error   firewall   The DNS query name does not exist: <!--. [for Hulu]   
2024-11-13T14:20:04-07:00   Error   firewall   The DNS query name does not exist: Eyebrow:. [for Hulu]   
2024-11-13T14:20:04-07:00   Error   firewall   The DNS query name does not exist: Headline:. [for Hulu]   
2024-11-13T14:20:04-07:00   Error   firewall   The DNS query name does not exist: <script>. [for Hulu]   
2024-11-13T14:20:04-07:00   Error   firewall   The DNS query name does not exist: <style>. [for Hulu]   
2024-11-13T14:20:04-07:00   Error   firewall   The DNS query name does not exist: \@media. [for Hulu]   
2024-11-13T14:20:04-07:00   Error   firewall   The DNS query name does not exist: }. [for Hulu]   
2024-11-13T14:20:04-07:00   Error   firewall   The DNS query name does not exist: Subscriptions. [for Hulu]   
2024-11-13T14:20:04-07:00   Error   firewall   The DNS query name does not exist: Bundle. [for Hulu]   
2024-11-13T14:20:04-07:00   Error   firewall   The DNS query name does not exist: Enjoy. [for Hulu]   
2024-11-13T14:20:04-07:00   Error   firewall   The DNS query name does not exist: <img. [for Hulu]

It appears that a device is sending some sort of HTML file? So far I have not found which device is blasting this. I guess it IS rejecting the request, but as much as it is hammering the system, I would think this could impact performance.

Any suggestions welcomed. Thanks in advance.

I'm disappointed that no one at the top chooses to followup on this. I gave up on Opnsense because of so many issues almost a year ago, but thought I'd come back and give it another try. Brand new install, with not much special going on yet. Bam, wi-fi calling sporatic. I get the message from AT&T sorry, your call can not be completed, please try again later. Turn off Wi-Fi and poof, it works. So I am thinking a port is blocked. All we need to do is find out which one.

Okay, thanks. Was sure hoping to avoid another expensive switch. I just figured it should be simple to direct connect the two to each other, but apparently not so much.

This thing is driving me nuts.

I'm not totally understanding. Are you saying to add the route to the NAS or the firewall? You can't just add a route in the firewall under system without adding things. For instance, under my gateway selection is just the WAN port. So you must mean on the NAS?

I apparently have a lack of understand on how to make my unbound DNS to do what I want.

I have a unique setup I guess. I have two Synology NAS units. I wanted faster throughput so bought 2 10gbps NICS. I attempted to connect the high speed cable to my switch to only find out that even though it has 2 Fiber ports, they support 1gbps! WHY!? Dumb.. so as a work around, I have connected the cable directly from one NAS to the other. This is when my problems began. So to kind of draw a word picture:
NAS 1 has 2 IP addresses.
NIC 1 is on 192.168.100.x
NIC 5 is on 192.168.1.x (high speed)

NAS 2 has 2 IP addresss.
NIC 1 is on 192.168.100.x
NIC 5 is on 192.168.1.x (high speed)

All of a sudden my SMB server names started dropping out. I can still connect via IP, but when I drop to bash and ping from a workstation on the .100 subnet, NAS1 is is trying to resolve to NIC5!! I do not understand how this is even possible, but, if I ping NAS.FQDN, it resolves properly to NIC1.

So I went and added over rides in Unbound. I gave it the server name with proper IP address  and that did not work. I then added under aliases the server name and still no go.

So what am I doing wrong? How can I get it to properly resolve everytime? I have tried under general to add A record registration, I have tried changing the local Zone Types, but nothing seems to work. I don't even understand how Unbound even knows those NIC5's exist, since they are not connected anywhere except to each other. I also tried making those NIC5 gateways each other.

 :o Really!! Dang... Well thanks for replying and keep up the good work.

At least I have documented a work around above for anyone else suffering from this weird issue. Oh, one thing.. it takes awhile to configure NTOPNG how I want it and it appears that this config data is stored in REDIS. I would very much like to capture/save this config data so when it does down again, I can quickly restore back to my setup. This is the 3rd or 4th this has happened over the last couple of years. Thanks in advance.

Obviously someone finally paid attention and corrected what ever got borked. It is now working after the latest update. You can lock/close this thread now. It would be nice to get an acknowledgement of what was wrong and what was done to fix it in the patch though.

Okay, I suspected as much. Didn't even look at the template one, but how does that help me solve the mystery?  :o

I'm just good enough to be dangerous to myself. I started poking around and there are 2 config files on the firewall.
/usr/local/opnsense/service/templates/OPNsense/Redis/redis.conf
/usr/local/etc/redis.conf


# Redis configuration file.
#
# Note that in order to read the configuration file, Redis must be
# started with the file path as first argument:
#
# ./redis-server /path/to/redis.conf

/usr/local/bin/redis-server

So my question is, which config file is in use, and is the gui properly doing the above? Obviously not, but how do I figure out the bread crumbs from here?

So I got brave and updated to 24.1.3_1 and no issues, other than REDIS. It still does not come up. I was doing some searching and I have found something of interest. I Hope it is ok to paste a link for the whole story in case anyone wants to read it: https://stackoverflow.com/questions/7417232/redis-server-port-already-in-use?rq=4

The relevant  parts are: redis-cli ping, redis-cli shutdown, redis-server. Since I already knew there was no services running, I went straight to redis-server. What do you know, it came right up!!!
redis-server
45155:C 09 Mar 2024 00:23:39.950 * oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
45155:C 09 Mar 2024 00:23:39.950 * Redis version=7.2.4, bits=64, commit=00000000, modified=0, pid=45155, just started
45155:C 09 Mar 2024 00:23:39.950 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
45155:M 09 Mar 2024 00:23:39.956 * monotonic clock: POSIX clock_gettime
                _._
           _.-``__ ''-._
      _.-``    `.  `_.  ''-._           Redis 7.2.4 (00000000/0) 64 bit
  .-`` .-```.  ```\/    _.,_ ''-._
(    '      ,       .-`  | `,    )     Running in standalone mode
|`-._`-...-` __...-.``-._|'` _.-'|     Port: 6379
|    `-._   `._    /     _.-'    |     PID: 45155
  `-._    `-._  `-./  _.-'    _.-'
|`-._`-._    `-.__.-'    _.-'_.-'|
|    `-._`-._        _.-'_.-'    |           https://redis.io
  `-._    `-._`-.__.-'_.-'    _.-'
|`-._`-._    `-.__.-'    _.-'_.-'|
|    `-._`-._        _.-'_.-'    |
  `-._    `-._`-.__.-'_.-'    _.-'
      `-._    `-.__.-'    _.-'
          `-._        _.-'
              `-.__.-'

45155:M 09 Mar 2024 00:23:39.963 # WARNING: The TCP backlog setting of 511 cannot be enforced because kern.ipc.somaxconn is set to the lower value of 128.
45155:M 09 Mar 2024 00:23:39.964 * Server initialized

Opnsense still says it is not running, but I can fire up NTOPNG.

So, I would argue, there is something amiss with how the GUI is implementing it. REDIS DOES work, just not from their GUI. Something in the update borked it.

Edit: as a work around I did redis-server &, and it is running fine for now. Still show red in the Services dashboard, hopefully an admin will see this and help figure out what has gone sideways.

YAY! Thanks for the update.