Messages

1

20.1 Legacy Series / Nonsensical rule matching behavior after a reboot

« on: March 06, 2020, 03:41:15 pm »

I've been running OPNsense for about a week and everything was working well until last night.  I noticed the problem some time after the VM host that the router is on rebooted, but I cant say for certain that that was the cause of the problem. The router was running 20.1.1 when the problem occurred. I've since upgraded to 20.1.2 and that hasn't helped.

The initial problem: rules in the DMZ that worked for a week simply stopped working. Checking the logs, the traffic was matching the built-in "Default deny rule". My rules were not disabled.

In attempting to troubleshoot the problem, I've discovered two more oddities, which may be more basic:

* If I create two identical rules to deny all traffic, it's always the second one that is matched, even though they are set to match first.
* Traffic from my LAN to the DMZ shows up in the logs as matching the built-in "let out anything from firewall host itself" even though the traffic is not originating from the router.

I'm stumped. Any help would be appreciated.

2

20.1 Legacy Series / Re: Reproducible kernel panic when config is changed

« on: February 26, 2020, 10:06:47 pm »

I've just tested, and you are quite correct. Removing WireGuard stops the panics, as does disabling shared forwarding. For anyone else encountering this, the problem is described [here][https://github.com/opnsense/src/issues/52]. Thanks for your help!

3

20.1 Legacy Series / Re: Reproducible kernel panic when config is changed

« on: February 26, 2020, 09:24:59 pm »

The help is much appreciated. Can you direct me to some information on the issue? I saw posts about kernel panic problems with WireGuard from several months ago, but had the impression that this had been resolved. Also, despite a web search,  I'm unclear what you mean by "shared forwarding".

4

20.1 Legacy Series / Re: Reproducible kernel panic when config is changed

« on: February 26, 2020, 07:44:20 pm »

I had read of past issues with WireGuard, and at one point in my testing I uninstalled the packages, and was still getting the kernel panic. That was before I isolated the config change causing the problem, so I can't claim that that was reproducible.

5

20.1 Legacy Series / Re: Reproducible kernel panic when config is changed

« on: February 26, 2020, 07:42:34 pm »

I have the wireguard and wireguard-go packages installed, but not the plugin.

6

20.1 Legacy Series / Reproducible kernel panic when config is changed

« on: February 26, 2020, 07:31:43 pm »

I thought I was mere hours away from putting my first OPNsense instance into production, but things don't always work out that way. lol

* OPNsense 20.1.1-amd64
* All updates have been applied
* Hyper-V generation 2 VM
* VM host has mirrored disks and ECC RAM
* No problems with any other VMs on the same host

The file good.xml is a /conf/config.xml that works fine. bad.xml is the next iteration, with hardly any changes, that consistently causes a kernel panic. Kernel dump as attached.

I have no experience interpreting kernel dumps, but it seems very unlikely that this is a hardware problem. Any thoughts or advice appreciated.