Messages

1

24.7 Production Series / Re: Live view filled with plenty of Deny ff02::16 icmp AND udp 3702

« on: September 13, 2024, 04:43:19 pm »

I used them when I need to know what is being blocked. I have kept the rules but removed all loging.

Merci

Is there a way to disable IPv6 on my interfaces outside of the POP? Before i never saw these assigned maybe this is linked to an improvement of the Interface Overview

I do have: IPv6 Configuration Type to None on those interfaces.

2

24.7 Production Series / SOLVED: Live view filled with plenty of Deny ff02::16 icmp AND udp 3702

« on: September 13, 2024, 03:28:28 pm »

BTW I did remove: Log packets matched from the default block rules

but I still see those msg. I assume these are bc they are captured by my own deny all IPv6 rule?

3

24.7 Production Series / Re: Live view filled with plenty of Deny ff02::16 icmp AND udp 3702

« on: September 13, 2024, 03:23:50 pm »

Thanks Patrick!

My bad as I forgot that I have an internal interface which operates with IPv6 which is the media setup box of my ISP for TV and services like replay/netflix etc...

Therefore, if this is acceptable, should I allow this traffic just towards this LAN interface?

Is your comment also valid for the traffic towards udp 3702?

Merci

4

24.7 Production Series / Live view filled with plenty of Deny ff02::16 icmp AND udp 3702

« on: September 13, 2024, 08:58:02 am »

Hello Experts,

I don't understand why I am seeing this traffic and if I should either allow it or put a non verbose rule entry to stop it to fill the logs.

Besides I was trying WS and I see udp 3702 too blocked. My setup is IPv4 so not sure if I need those too.

Code: [Select]

[ndp -a
Neighbor                             Linklayer Address  Netif Expire    1s 5s
2a01:e0a:3ba:cb90::2                 92:f5:ca:c9:f3:92 vtnet0 permanent R
fe80::90f5:caff:fec9:f392%vtnet0     92:f5:ca:c9:f3:92 vtnet0 permanent R
fe80::9c90:88ff:fe48:d45b%vtnet1     9e:90:88:48:d4:5b vtnet1 permanent R
fe80::449f:54ff:fe80:6bf1%vtnet2     46:9f:54:80:6b:f1 vtnet2 permanent R
fe80::bc00:eeff:fe5d:31e3%vtnet3     be:00:ee:5d:31:e3 vtnet3 permanent R
2a01:e0a:3ba:cb91::1                 da:dc:fd:fa:f7:7c vtnet4 permanent R
fe80::b9a8:d032:e210:1c2a%vtnet4     dc:00:b0:44:74:64 vtnet4 23h56m0s  S
fe80::d8dc:fdff:fefa:f77c%vtnet4     da:dc:fd:fa:f7:7c vtnet4 permanent R
2a01:e0a:3ba:cb91:61da:fc7d:3083:ed4f dc:00:b0:44:74:64 vtnet4 23h56m0s  S
fe80::8db:32ff:feb9:b45c%vtnet6      0a:db:32:b9:b4:5c vtnet6 permanent R code]

[code]pfctl -s rules | grep "from fe80::/10"
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echoreq keep state label "d147534c4012c8dd65eda59292c0ab90"
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echoreq keep state label "d147534c4012c8dd65eda59292c0ab90"
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state label "d147534c4012c8dd65eda59292c0ab90"
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state label "d147534c4012c8dd65eda59292c0ab90"
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state label "d147534c4012c8dd65eda59292c0ab90"
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state label "d147534c4012c8dd65eda59292c0ab90"
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state label "d147534c4012c8dd65eda59292c0ab90"
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state label "d147534c4012c8dd65eda59292c0ab90"
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state label "d147534c4012c8dd65eda59292c0ab90"
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state label "d147534c4012c8dd65eda59292c0ab90"
pass in quick on vtnet4 inet6 proto udp from fe80::/10 to fe80::/10 port = dhcpv6-client keep state label "202cde82e72bc8757ce87db904864c07"
pass in quick on vtnet4 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-client keep state label "202cde82e72bc8757ce87db904864c07"
pass in quick on vtnet4 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-server keep state label "fcfc7f20b012cb13daa2953a063f4f4e"
pass in quick on vtnet4 inet6 proto udp from fe80::/10 to (self) port = dhcpv6-client keep state label "a329a5ad6317f1c72757431e7a8232aa"
pass in quick on vtnet0 inet6 proto udp from fe80::/10 to fe80::/10 port = dhcpv6-client keep state label "4408d4bb3e3b231599822fa8f4546f8d"
pass in quick on vtnet0 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-client keep state label "4408d4bb3e3b231599822fa8f4546f8d"
pass in quick on vtnet0 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-server keep state label "3e5fbb29b91da43363e550aead699e16"
pass in quick on vtnet0 inet6 proto udp from fe80::/10 to (self) port = dhcpv6-client keep state label "43f521ff1b149fea894c4f31417849bb"
pass in quick on vtnet4 inet6 from fe80::/10 to ! (vtnet1:network) flags S/SA keep state allow-opts label "178c7c3c8c26cb8456b49510389dd6e3"/code]

Any help is more than welcome.

Merci

5

23.7 Legacy Series / Re: opnsense/diag_logs_settings.php: The command '/bin/kill -'TERM' '17962''

« on: August 09, 2023, 05:56:06 pm »

So it s not an ERROR to consider!

Noted and the ticket can be closed. My DNS issue was linked to the GW not available with dpinger but solved.

This thread can be closed. THANKS Franco !!!

6

23.7 Legacy Series / opnsense/diag_logs_settings.php: The command '/bin/kill -'TERM' '17962''

« on: August 09, 2023, 04:22:06 pm »

Hello

After upgrade to OPNsense 23.7.1_3-amd64 I have internet issues and not able to get answers to my DNS queries. Not sure yet why as I have the floating rules there as I had in the past.

I did see this error, is there anything that I should do to solved it? I didn't had the opty to check with my TV and setupbox if it works.

Code: [Select]

2023-08-09T16:08:20 Error opnsense /diag_logs_settings.php: The command '/usr/sbin/daemon -f -p '/var/run/dhcpleases6.pid' '/usr/local/opnsense/scripts/dhcp/prefixes.sh'' returned exit code '3', the output was 'daemon: process already running, pid: 37599'
2023-08-09T16:08:20 Error opnsense /diag_logs_settings.php: The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid vtnet4' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.4.3-P1 Copyright 2004-2022 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Config file: /etc/dhcpdv6.conf Database file: /var/db/dhcpd6.leases PID file: /var/run/dhcpdv6.pid There's already a DHCP server running. If you think you have received this message due to a bug rather than a configuration issue please read the section on submitting bugs on either our web page at www.isc.org or in the README file before submitting a bug. These pages explain the proper process and the information we find helpful for debugging. exiting.'
2023-08-09T16:08:17 Error opnsense /diag_logs_settings.php: The command '/bin/kill -'TERM' '17962''(pid:/var/dhcpd/var/run/dhcpdv6.pid) returned exit code '1', the output was 'kill: 17962: No such process'
Merci

7

23.7 Legacy Series / Re: Reinstall to 23.7 -> No GUI - Server Error

« on: August 01, 2023, 08:41:44 am »

I was able to solve the issue by changing from HTTP to HTTPs and select a certificate.

Nice and easy re-installation. Great work Franco and the team!

8

23.7 Legacy Series / Reinstall to 23.7 -> No GUI - Server Error

« on: July 31, 2023, 04:58:41 pm »

Hello

I upgrade from 23.1.11_1 (or whatever was the last release before 23.7) and I decided to export my config, reinstall and import my saved config.

OPNsense does work so I have internet etc... btu I can't login in the GUI anymore on the LAN (it does work on the WIFI interface thought). What log file could help? Any insight? could it be that Acme did not re issued the cert automatically?

Code: [Select]

<27>1 2023-07-31T16:48:19+02:00 OPNsense.localdomain lighttpd 18271 - [meta sequenceId="2"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.71/src/server.c.2308) server stopped by UID = 0 PID = 71338
<27>1 2023-07-31T16:48:19+02:00 OPNsense.localdomain lighttpd 71600 - [meta sequenceId="3"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.71/src/server.c.1909) server started (lighttpd/1.4.71)
<27>1 2023-07-31T16:49:23+02:00 OPNsense.localdomain lighttpd 71600 - [meta sequenceId="1"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.71/src/server.c.2308) server stopped by UID = 0 PID = 78885
<27>1 2023-07-31T16:49:54+02:00 OPNsense.localdomain lighttpd 38726 - [meta sequenceId="1"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.71/src/server.c.1909) server started (lighttpd/1.4.71)
<27>1 2023-07-31T16:49:56+02:00 OPNsense.localdomain lighttpd 55593 - [meta sequenceId="2"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.71/src/server.c.1909) server started (lighttpd/1.4.71)

Code: [Select]

2023-07-31 16:48:24 [root:groupadd] acme(169)
2023-07-31 16:48:24 [root:useradd] acme(169):acme(169):ACME protocol client:/var/db/acme:/bin/sh
2023-07-31 16:48:31 [root:groupadd] git_daemon(964)
2023-07-31 16:48:31 [root:useradd] git_daemon(964):git_daemon(964):git daemon:/nonexistent:/usr/sbin/nologin
2023-07-31 16:48:44 [root:groupadd] _lldpd(949)
2023-07-31 16:48:44 [root:useradd] _lldpd(949):_lldpd(949):lldpd user:/nonexistent:/usr/sbin/nologin
2023-07-31 16:49:52 [unknown:groupmod] admins(1999)
Thanks
XabiX

9

22.7 Legacy Series / Re: after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: December 07, 2022, 11:02:20 am »

Thanks all, I had the same issue and disabled IPS for now.

10

22.1 Legacy Series / Re: IPv6 working properly???

« on: February 01, 2022, 09:38:08 pm »

i would be happy to share my remote connexion

11

22.1 Legacy Series / Re: IPv6 working properly???

« on: January 30, 2022, 09:31:48 pm »

Hello all,

I am dissappointed as I am facing also issue since the upgrade on IPv6. Not sure why but can t even get to ping ipv6.google.com.

root@OPNsense:~ # ping6 -I vtnet4 2a00:1450:400a:804::2004
PING6(56=40+8+8 bytes) 2a01:e0a:3ba:cb90::2 --> 2a00:1450:400a:804::2004

vtnet4: flags=8a63<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: POP
        options=800a8<VLAN_MTU,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
        ether da:dc:fd:fa:f7:7c
        inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255
        inet6 2a01:e0a:3ba:cb90::2 prefixlen 64
        inet6 fe80::d8dc:fdff:fefa:f77c%vtnet4 prefixlen 64 scopeid 0x5

Routing tables
Internet6:
Destination                       Gateway                       Flags   Nhop#    Mtu    Netif Expire
default                           fe80::72fc:8fff:fe6a:95d%vtnet4 UGS       6   1500   vtnet4
::1                               link#7                        UHS         1  16384      lo0
2000::/3                          fe80::72fc:8fff:fe6a:95d%vtnet4 UGS       7   1500   vtnet4
2a01:e0a:3ba:cb90::/64            link#5                        U           5   1500   vtnet4
2a01:e0a:3ba:cb90::2              link#5                        UHS         4  16384      lo0
fe80::%vtnet4/64                  link#5                        U           5   1500   vtnet4
fe80::d8dc:fdff:fefa:f77c%vtnet4  link#5                        UHS         4  16384      lo0
fe80::%lo0/64                     link#7                        U           3  16384      lo0
fe80::1%lo0                       link#7                        UHS         2  16384      lo0

traceroute6 to 2a00:1450:400a:804::2004 (2a00:1450:400a:804::2004) from 2a01:e0a:3ba:cb90::2, 64 hops max, 28 byte packets
 1  2a01:e0a:3ba:cb90::2  3048.035 ms !A  3014.750 ms !A  2999.995 ms !A

2022-01-30T21:14:52   Error   opnsense   /system_gateways.php: ROUTING: setting IPv6 default route to fe80::72fc:8fff:fe6a:95d   
2022-01-30T21:14:52   Error   opnsense   /system_gateways.php: ROUTING: IPv6 default gateway set to opt3

interface FW allow all ipv4 and ipv6 to go out.

Any idea?

Merci

12

Web Proxy Filtering and Caching / Firewall rule blocking some outgoing traffic to 443

« on: November 23, 2021, 09:25:19 am »

Hello,

I have some outgoing traffic be block from my LAN called POP to my Internet called WAN. I can't understand why sometimes it's OK and why sometimes it's blocked.

Any idea? Is it based on the tcpflags or out of band packet? Is it anything to be worried about or it s normal if the client is not well developped?

Thanks
XabiX

13

Intrusion Detection and Prevention / Re: Suricata giving strange messages when enabling

« on: May 17, 2020, 10:15:05 pm »

Any update on this, how to get rid of the warning?

When is the new Suricata supposed to come in OPNSense?

14

20.1 Legacy Series / Re: Since upgrade to 20.1.5 high CPU usage because of netflow/flowd_aggregate.py

« on: April 24, 2020, 11:49:50 am »

Looking better this morning 

Code: [Select]

PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND
11 root 155 ki31 0 32K CPU1 1 81:05 100.00% [idle{idle: cpu1}]
0 root -16 - 0 880K swapin 0 669:39 0.00% [kernel{swapper}]
17217 root 20 0 26M 23M select 1 2:21 0.00% /usr/local/bin/python3 /usr/local/opnsense/scripts/netflow/flowd_aggregate.py (python3.7)
57611 root 20 0 2750M 664M nanslp 1 0:38 0.00% /usr/local/bin/suricata -D --netmap --pidfile /var/run/suricata.pid -c /usr/local/etc/suricata/suricata.yaml{suricata}

15

20.1 Legacy Series / Since upgrade to 20.1.5 high CPU usage because of netflow/flowd_aggregate.py

« on: April 23, 2020, 11:13:20 pm »

Hello Team and Experts,

I am happy to have joined OPNsense since a long time on PFsense !

I was running 20.1.2 without any issue and since the upgrade to 20.1.5 my AMD Ryzen 7 3700X 8-Core Processor (2 cores) are at 100% because of Netflow. I tried removing the interfaces (clear all) to deactivate Netflow but still the same (so I put it back as it was).

Any idea of what can be the issue?
100.00%   /usr/local/bin/python3 /usr/local/opnsense/scripts/netflow/flowd_aggregate.py (python3.7)

Code: [Select]

ls -lah /var/netflow/*
-rw-r-----  1 root  wheel   3.1M Apr 23 22:41 /var/netflow/dst_port_000300.sqlite
-rw-r-----  1 root  wheel    61K Apr 23 22:41 /var/netflow/dst_port_000300.sqlite-journal
-rw-r-----  1 root  wheel   848K Apr 23 22:41 /var/netflow/dst_port_003600.sqlite
-rw-r-----  1 root  wheel    33K Apr 23 22:41 /var/netflow/dst_port_003600.sqlite-journal
-rw-r-----  1 root  wheel   2.5M Apr 23 22:41 /var/netflow/dst_port_086400.sqlite
-rw-r-----  1 root  wheel    61K Apr 23 22:41 /var/netflow/dst_port_086400.sqlite-journal
-rw-r-----  1 root  wheel   7.1M Apr 23 22:41 /var/netflow/interface_000030.sqlite
-rw-r-----  1 root  wheel    93K Apr 23 22:41 /var/netflow/interface_000030.sqlite-journal
-rw-r-----  1 root  wheel   2.5M Apr 23 22:41 /var/netflow/interface_000300.sqlite
-rw-r-----  1 root  wheel    37K Apr 23 22:41 /var/netflow/interface_000300.sqlite-journal
-rw-r-----  1 root  wheel   680K Apr 23 22:41 /var/netflow/interface_003600.sqlite
-rw-r-----  1 root  wheel    33K Apr 23 22:41 /var/netflow/interface_003600.sqlite-journal
-rw-r-----  1 root  wheel    56K Apr 23 22:41 /var/netflow/interface_086400.sqlite
-rw-r-----  1 root  wheel   8.5K Apr 23 22:41 /var/netflow/interface_086400.sqlite-journal
-rw-r-----  1 root  wheel    12K Apr 23 22:41 /var/netflow/metadata.sqlite
-rw-r-----  1 root  wheel    12M Apr 23 22:41 /var/netflow/src_addr_000300.sqlite
-rw-r-----  1 root  wheel   145K Apr 23 22:41 /var/netflow/src_addr_000300.sqlite-journal
-rw-r-----  1 root  wheel   4.9M Apr 23 22:41 /var/netflow/src_addr_003600.sqlite
-rw-r-----  1 root  wheel    61K Apr 23 22:41 /var/netflow/src_addr_003600.sqlite-journal
-rw-r-----  1 root  wheel    18M Apr 23 22:41 /var/netflow/src_addr_086400.sqlite
-rw-r-----  1 root  wheel   321K Apr 23 22:41 /var/netflow/src_addr_086400.sqlite-journal
-rw-r-----  1 root  wheel    98M Apr 23 22:41 /var/netflow/src_addr_details_086400.sqlite
-rw-r-----  1 root  wheel   1.1M Apr 23 22:41 /var/netflow/src_addr_details_086400.sqlite-journal

Code: [Select]

root@OPNsense:/home/xabix # ls -lah /var/log/flowd*
-rw-------  1 root  wheel    77K Apr 23 22:58 /var/log/flowd.log
-rw-------  1 root  wheel   258M Apr 23 22:56 /var/log/flowd.log.000001
-rw-------  1 root  wheel    10M Apr 20 15:35 /var/log/flowd.log.000002
-rw-------  1 root  wheel    10M Apr 20 13:05 /var/log/flowd.log.000003
-rw-------  1 root  wheel    10M Apr 20 09:55 /var/log/flowd.log.000004
-rw-------  1 root  wheel    10M Apr 20 06:24 /var/log/flowd.log.000005
-rw-------  1 root  wheel    10M Apr 20 02:35 /var/log/flowd.log.000006
-rw-------  1 root  wheel    10M Apr 19 23:00 /var/log/flowd.log.000007
-rw-------  1 root  wheel    10M Apr 19 20:11 /var/log/flowd.log.000008
-rw-------  1 root  wheel    10M Apr 19 16:58 /var/log/flowd.log.000009
-rw-------  1 root  wheel    10M Apr 19 13:46 /var/log/flowd.log.000010

Code: [Select]

root@OPNsense:/home/xabix # df -h
Filesystem         Size    Used   Avail Capacity  Mounted on
/dev/gpt/rootfs     15G    3.1G     10G    23%    /
devfs              1.0K    1.0K      0B   100%    /dev
fdescfs            1.0K    1.0K      0B   100%    /dev/fd
procfs             4.0K    4.0K      0B   100%    /proc
devfs              1.0K    1.0K      0B   100%    /var/dhcpd/dev
devfs              1.0K    1.0K      0B   100%    /var/unbound/dev
I am launching a repair of the Netflow database to see if this fixes something. Anyway, it seems that in the past there were similar issues/patchs depending on the python releases.

Am I the only one facing the issue? Is there a way without reinstalling to reset this netflow part? I assume with a delete the netflow database but would that be enough.

Merci
XabiX