Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - XabiX

Pages1 2
#1
25.1, 25.4 Series / SOLVED: 25.1.10 to 25.1.11 : chown: wwwonly: illegal user name
July 18, 2025, 01:49:25 PM
Thank you guys. This is a VPS with Freebsb install + OPNsense (not trivial).

I find it strange my passwd file. Here is what I have on the VPS.
Code Select
root:*:0:0:Charlie &:/root:/bin/sh
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13:Games pseudo-user:/:/usr/sbin/nologin
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
unbound:*:59:59:Unbound DNS Resolver:/var/unbound:/usr/sbin/nologin
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
auditdistd:*:78:77:Auditdistd unprivileged user:/var/empty:/usr/sbin/nologin
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
ntpd:*:123:123:NTP Daemon:/var/db/ntp:/usr/sbin/nologin
_ypldap:*:160:160:YP LDAP unprivileged user:/var/empty:/usr/sbin/nologin
hast:*:845:845:HAST unprivileged user:/var/empty:/usr/sbin/nologin
tests:*:977:977:Unprivileged user for tests:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
I am wondering if some of the users are normal like Charlie. Anyway I can loging on the VPS so no issues.

Here is what I have at home:
Code Select
root@OPNsense:~ # cat /etc/passwd
root:*:0:0:System Administrator:/root:/usr/local/sbin/opnsense-shell
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13:Games pseudo-user:/:/usr/sbin/nologin
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
unbound:*:59:59:Unbound DNS Resolver:/var/unbound:/usr/sbin/nologin
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
auditdistd:*:78:77:Auditdistd unprivileged user:/var/empty:/usr/sbin/nologin
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
ntpd:*:123:123:NTP Daemon:/var/db/ntp:/usr/sbin/nologin
_ypldap:*:160:160:YP LDAP unprivileged user:/var/empty:/usr/sbin/nologin
hast:*:845:845:HAST unprivileged user:/var/empty:/usr/sbin/nologin
tests:*:977:977:Unprivileged user for tests:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
_flowd:*:542:542:flowd privilege separation user:/var/empty:/usr/sbin/nologin
dhcpd:*:136:136:ISC DHCP daemon:/nonexistent:/usr/sbin/nologin
openvpn:*:301:301:OpenVPN pseudo-user:/nonexistent:/usr/sbin/nologin
cyrus:*:60:60:the cyrus mail server:/nonexistent:/usr/sbin/nologin
acme:*:169:169:ACME protocol client:/var/db/acme:/bin/sh
redis:*:535:535:Redis Daemon:/nonexistent:/usr/sbin/nologin
git_daemon:*:964:964:git daemon:/nonexistent:/usr/sbin/nologin
ntopng:*:288:288:ntopng daemon user:/nonexistent:/usr/sbin/nologin
wwwonly:*:789:789:World Wide Web Only:/nonexistent:/usr/sbin/nologin
If it s comestic, then we can close as things will change in 26.1
#2
25.1, 25.4 Series / 25.1.10 to 25.1.11 : chown: wwwonly: illegal user name
July 18, 2025, 08:55:05 AM
Hello,

Is there anything to be concerned with this error message?

QuoteMessage from opnsense-25.1.11:

--
What are you looking at?
Checking integrity... done (0 conflicting)
Nothing to do.
Checking all packages: .......... done
The following package files will be deleted:
        /var/cache/pkg/py311-sqlite3-3.11.13_10~e55e642030.pkg
        /var/cache/pkg/py311-cryptography-44.0.3_2,1.pkg
        /var/cache/pkg/py311-sqlite3-3.11.13_10.pkg
        /var/cache/pkg/py311-cryptography-44.0.3_2,1~969d40165f.pkg
        /var/cache/pkg/php83-filter-8.3.23~fba05b5d19.pkg
        /var/cache/pkg/opnsense-update-25.1.11.pkg
        /var/cache/pkg/php83-filter-8.3.23.pkg
        /var/cache/pkg/pciids-20250621~2b974b2fdf.pkg
        /var/cache/pkg/pciids-20250621.pkg
        /var/cache/pkg/opnsense-update-25.1.11~3ff2b4bed0.pkg
        /var/cache/pkg/php83-curl-8.3.23~2fe168c2a4.pkg
        /var/cache/pkg/nettle-3.10.2.pkg
        /var/cache/pkg/lua54-5.4.8~631a2a4a2e.pkg
        /var/cache/pkg/php83-curl-8.3.23.pkg
        /var/cache/pkg/openssl-3.0.17,1~7d343ba685.pkg
        /var/cache/pkg/openssl-3.0.17,1.pkg
        /var/cache/pkg/boost-libs-1.88.0_1~28d1f11855.pkg
        /var/cache/pkg/boost-libs-1.88.0_1.pkg
        /var/cache/pkg/nettle-3.10.2~168866b0ea.pkg
        /var/cache/pkg/lua54-5.4.8.pkg
        /var/cache/pkg/nss-3.113.1~5c9fcf40a1.pkg
        /var/cache/pkg/nss-3.113.1.pkg
        /var/cache/pkg/php83-ldap-8.3.23~ef79a6bfd4.pkg
        /var/cache/pkg/libxml2-2.14.4_1~8f5dbb43be.pkg
        /var/cache/pkg/php83-ldap-8.3.23.pkg
        /var/cache/pkg/dnsmasq-2.91_1,1~bd2e8615b1.pkg
        /var/cache/pkg/libxml2-2.14.4_1.pkg
        /var/cache/pkg/php83-simplexml-8.3.23.pkg
        /var/cache/pkg/dnsmasq-2.91_1,1.pkg
        /var/cache/pkg/php83-simplexml-8.3.23~118de9a413.pkg
        /var/cache/pkg/php83-pdo-8.3.23~1ef0a047bd.pkg
        /var/cache/pkg/php83-sockets-8.3.23.pkg
        /var/cache/pkg/php83-pdo-8.3.23.pkg
        /var/cache/pkg/rrdtool-1.9.0_1~3813cd6934.pkg
        /var/cache/pkg/rrdtool-1.9.0_1.pkg
        /var/cache/pkg/syslog-ng-4.8.2_3~7c6db2c1cb.pkg
        /var/cache/pkg/syslog-ng-4.8.2_3.pkg
        /var/cache/pkg/php83-sockets-8.3.23~ac8ff1ddcb.pkg
        /var/cache/pkg/php83-pcntl-8.3.23~1a3ef7ca12.pkg
        /var/cache/pkg/php83-sqlite3-8.3.23.pkg
        /var/cache/pkg/php83-pcntl-8.3.23.pkg
        /var/cache/pkg/php83-sqlite3-8.3.23~88758a2c99.pkg
        /var/cache/pkg/libinotify-20240724_2~f90a1639a3.pkg
        /var/cache/pkg/libinotify-20240724_2.pkg
        /var/cache/pkg/py311-trio-0.30.0~623ab61933.pkg
        /var/cache/pkg/py311-trio-0.30.0.pkg
        /var/cache/pkg/php83-session-8.3.23~e92e0ed18a.pkg
        /var/cache/pkg/php83-session-8.3.23.pkg
        /var/cache/pkg/php83-mbstring-8.3.23~57b6149796.pkg
        /var/cache/pkg/php83-mbstring-8.3.23.pkg
        /var/cache/pkg/php83-gettext-8.3.23~194dfa91f7.pkg
        /var/cache/pkg/php83-zlib-8.3.23.pkg
        /var/cache/pkg/php83-gettext-8.3.23.pkg
        /var/cache/pkg/php83-zlib-8.3.23~61309bbc93.pkg
        /var/cache/pkg/php83-ctype-8.3.23~dbf759c1bd.pkg
        /var/cache/pkg/php83-ctype-8.3.23.pkg
        /var/cache/pkg/libpci-3.14.0~a550842735.pkg
        /var/cache/pkg/libpci-3.14.0.pkg
        /var/cache/pkg/libuuid-2.41.1_1~3ec093e7b1.pkg
        /var/cache/pkg/php83-8.3.23~a0bd64d8d2.pkg
        /var/cache/pkg/libuuid-2.41.1_1.pkg
        /var/cache/pkg/php83-8.3.23.pkg
        /var/cache/pkg/php83-xml-8.3.23~9622255030.pkg
        /var/cache/pkg/php83-xml-8.3.23.pkg
        /var/cache/pkg/suricata-7.0.11~af75313314.pkg
        /var/cache/pkg/php83-dom-8.3.23~667ef35b31.pkg
        /var/cache/pkg/suricata-7.0.11.pkg
        /var/cache/pkg/php83-dom-8.3.23.pkg
        /var/cache/pkg/sqlite3-3.50.2,1~b9a9061860.pkg
        /var/cache/pkg/sqlite3-3.50.2,1.pkg
        /var/cache/pkg/glib-2.84.1_3,2~f565985c8e.pkg
        /var/cache/pkg/glib-2.84.1_3,2.pkg
        /var/cache/pkg/libucl-0.9.2_1~471f0706ad.pkg
        /var/cache/pkg/libucl-0.9.2_1.pkg
        /var/cache/pkg/opnsense-25.1.11~8f7e8f74f8.pkg
        /var/cache/pkg/opnsense-25.1.11.pkg
        /var/cache/pkg/sudo-1.9.17p1~ff6e51f730.pkg
        /var/cache/pkg/sudo-1.9.17p1.pkg
        /var/cache/pkg/opnsense-lang-25.1.11~6bebbf0519.pkg
        /var/cache/pkg/opnsense-lang-25.1.11.pkg
The cleanup will free 49 MiB
Deleting files: .......... done
All done
Nothing to do.
Starting web GUI...chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
chown: wwwonly: illegal user name
done.
Fetching base-25.1.11-amd64.txz: ................ done
Fetching kernel-25.1.11-amd64.txz: ...... done
!!!!!!!!!!!! ATTENTION !!!!!!!!!!!!!!!
! A critical upgrade is in progress. !
! Please do not turn off the system. !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Installing kernel-25.1.11-amd64.txz... done
Installing base-25.1.11-amd64.txz... done
Cleaning obsolete files... done
Please reboot.
>>> Invoking stop script 'beep'
>>> Invoking stop script 'freebsd'
>>> Invoking stop script 'backup'
>>> Invoking backup script 'captiveportal'
>>> Invoking backup script 'dhcpleases'
>>> Invoking backup script 'duid'
>>> Invoking backup script 'netflow'
>>> Invoking backup script 'rrd'
>>> Invoking stop script 'config'
Shutdown NOW!
shutdown: [pid 41814]
                                                                               
*** FINAL System shutdown message from root@Moldavia.localdomain ***         

System going down IMMEDIATELY                                 

Merci and good holidays to everyone
#3
25.1, 25.4 Series / Re: Resolved: Memory Usage increases up to a point where opnsense stops working
July 17, 2025, 04:21:31 PM
Hello, it s my 1st time that I see my VM 25.11.1 rebooting within my Proxmox. I have not yet been able to understand why (no crash core dump).

I have disabeled IPv6 GW for now but I still see my mem 90% used in Proxmox which is OK but can"t seem to understand why it crashed.

Code Select
root@OPNsense:~ # top -o res
last pid: 18374;  load averages:  0.16,  0.14,  0.15                                                                                                                                            up 0+00:32:05  16:18:44
83 processes:  1 running, 82 sleeping
CPU:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
Mem: 303M Active, 425M Inact, 1448M Wired, 9687M Free
ARC: 613M Total, 121M MFU, 424M MRU, 15M Anon, 4797K Header, 47M Other
     489M Compressed, 1400M Uncompressed, 2.86:1 Ratio

  PID USERNAME    THR PRI NICE   SIZE    RES STATE    C   TIME    WCPU COMMAND
62477 root         15  36    0  1401M   116M kqread   3   0:04   0.00% crowdsec
90642 unbound       4  20    0   120M    64M kqread   2   0:00   0.00% unbound
69639 root         10  20    0  1212M    57M kqread   3   0:01   0.00% crowdsec-firewall-b
98397 root          1  20    0    79M    52M nanslp   1   0:05   0.00% php
  377 root          1  68    0    88M    46M accept   0   0:02   0.00% python3.11
22958 root          1  20    0    66M    40M accept   0   0:00   0.00% php-cgi
83348 root          1  23    0    51M    40M nanslp   1   2:25   0.00% python3.11
28331 root          1  20    0    64M    39M accept   0   0:00   0.00% php-cgi
28026 root          1  20    0    64M    39M accept   2   0:00   0.00% php-cgi
25618 root          1  20    0    68M    36M accept   2   0:00   0.00% php-cgi
22629 root          1  20    0    64M    36M accept   2   0:00   0.00% php-cgi
24001 root          1  20    0    62M    34M accept   0   0:00   0.00% php-cgi
25014 root          1  20    0    62M    34M accept   3   0:00   0.00% php-cgi
26897 root          1  68    0    56M    28M accept   0   0:00   0.00% php-cgi
26019 root          1  68    0    56M    28M accept   0   0:00   0.00% php-cgi
26714 root          1  68    0    56M    28M accept   0   0:00   0.00% php-cgi
26207 root          1  68    0    56M    28M accept   0   0:00   0.00% php-cgi
19937 root          1  68    0    56M    28M wait     0   0:00   0.00% php-cgi
25999 root          1  68    0    56M    28M accept   0   0:00   0.00% php-cgi
25255 root          1  68    0    56M    28M accept   0   0:00   0.00% php-cgi
25367 root          1  68    0    56M    28M accept   1   0:00   0.00% php-cgi
21145 root          1  68    0    56M    28M wait     3   0:00   0.00% php-cgi
23418 root          1  68    0    56M    28M accept   0   0:00   0.00% php-cgi
23220 root          1  68    0    56M    28M accept   0   0:00   0.00% php-cgi
24674 root          1  68    0    56M    28M accept   0   0:00   0.00% php-cgi
20534 root          1  68    0    56M    28M wait     1   0:00   0.00% php-cgi
21377 root          1  68    0    56M    28M wait     3   0:00   0.00% php-cgi
30005 root          1  68    0    56M    28M accept   0   0:00   0.00% php-cgi
29462 root          1  68    0    56M    28M accept   2   0:00   0.00% php-cgi
28931 root          1  68    0    56M    28M accept   0   0:00   0.00% php-cgi
62981 nobody        6  20    0  1233M    21M kqread   0   0:01   0.00% node_exporter
93059 root          1  20    0    32M    18M nanslp   1   0:01   0.00% python3.11
  375 root          1  68    0    27M    15M wait     0   0:00   0.00% python3.11
16232 root          1  20    0    28M    15M select   2   0:00   0.00% python3.11
17419 root          3  20    0    45M    15M kqread   0   0:00   0.00% syslog-ng
15648 root          1  20    0    27M    14M select   2   0:00   0.00% python3.11
71043 redis         4  20    0    37M    12M kqread   1   0:01   0.00% redis-server
36847 dhcpd         1  20    0    28M    10M select   2   0:00   0.00% dhcpd
19715 root          1  20    0    23M    10M kqread   0   0:00   0.00% lighttpd
17134 root          1  68    0    24M    10M wait     0   0:00   0.00% syslog-ng
54091 root          1  20    0    20M  9060K select   2   0:00   0.00% sshd-session
16346 root          1  20    0    20M  9052K select   0   0:00   4.96% sshd-session
77473 root          2  20    0    21M  8756K nanslp   1   0:00   0.00% monit
53631 root          1  37    0    20M  8748K select   2   0:00   0.00% sshd-session
Is there any idea?
#4
24.7, 24.10 Series / Re: Network hang from time to time: not sure why
January 28, 2025, 05:20:10 PM
Thanks!

Yes I run redis, monit, flowd and normally ntopng (I don't use vlan, lag).

Over wifi I am not seeing the issue, so I am suspecting something between the realtek nic .251, opensense .254, my dock mac .3. I noticed that I had my mac set as static IP instead of DHCP. I changed this to DHCP to avoid any conflict.

I also changed the cable, and now things are good. So I will put back things like redis etc....
#5
24.7, 24.10 Series / Re: Network hang from time to time: not sure why
January 10, 2025, 02:37:10 PM
Hello Team,

I have deactivate Unbond, Netflow, Ntopng to reduce the load. But I still have the issue but without any idea of what to look for.

Attached is my VM conf. CPU is AMD Ryzen 7 9700X.

What log could I be looking into OPNSense host to see interrupts or local freezes on the guest?

Maybe an ARP/ IP conflict:
2025-01-08T17:19:45    Error    dhcpd    uid lease 192.168.30.197 for client 6c:7e:67:c5:5f:c1 is duplicate on 192.168.30.0/24
My laptop has Zscaler not sure if this could bring some strange behaviours but normal this mac has a static IP and should not be duplicated ...


Merci
#6
24.7, 24.10 Series / Re: Network hang from time to time: not sure why
January 08, 2025, 05:14:00 PM
Any idea of what could be the issue? Maybe a driver issue on proxmox of r8126 on 6.11 kernel?

FYI a capture from my laptop to Proxmox host through wire. I wonder if this has something to do with OPNSense but my girlfriend does have the same issue on Wifi.

Code Select
dmesg | grep -i r8169
[    0.890543] r8169 0000:0a:00.0: enabling device (0000 -> 0003)
[    0.901128] r8169 0000:0a:00.0 eth0: RTL8126A, 34:5a:60:03:c4:ad, XID 64a, IRQ 58
[    0.901132] r8169 0000:0a:00.0 eth0: jumbo features [frames: 9194 bytes, tx checksumming: ko]
[    3.160413] r8169 0000:0a:00.0 enp10s0: renamed from eth0
[   21.473988] r8169 0000:0a:00.0 enp10s0: entered allmulticast mode
[   21.474024] r8169 0000:0a:00.0 enp10s0: entered promiscuous mode
[   21.500368] RTL8251B 5Gbps PHY r8169-0-a00:00: attached PHY driver (mii_bus:phy_addr=r8169-0-a00:00, irq=MAC)
[   21.940489] r8169 0000:0a:00.0 enp10s0: Link is Down
[   24.815676] r8169 0000:0a:00.0 enp10s0: Link is Up - 2.5Gbps/Full - flow control off
root@Proxmox ~#
#7
24.7, 24.10 Series / Network hang from time to time: not sure why
January 07, 2025, 03:43:35 PM
Hello All,

I have been using OPNsense 24.7.11_2 over Proxmox 8.3 6.11.0-2-pve and before pfsense from a while. I am facing an unstable issue which I can't find any log to help really to troubleshoot the issue. On calls, from time to time it hangs for like 2 to 3s and then keeps going.

Some logs, but what else can I be checking?

If I restart the services, I get:
Code Select
Enter an option: 11

Writing firmware settings: FreeBSD OPNsense
Writing trust files...done.
Scanning /usr/share/certs/untrusted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
certctl: No changes to trust store were made.
Writing trust bundles...done.
Configuring login behaviour...done.
Configuring CRON...done.
Setting timezone: Europe/Paris
Setting hostname: OPNsense.localdomain
Generating /etc/resolv.conf...done.
Generating /etc/hosts...done.
Configuring loopback interface...done.
Configuring LAGG interfaces...done.
Configuring VLAN interfaces...done.
Configuring CAM interface...done.
Configuring Download interface...done.
Configuring LAN interface...done.
Configuring POP interface...done.
Configuring WAN interface...done.
Configuring WIFI interface...done.
Setting up routes...done.
Setting up gateway monitor...done.
Configuring firewall.......done.
Starting DHCPv4 service...done.
Starting DHCPv6 service...done.
Starting router advertisement service...done.
Starting NTP service...done.
Configuring OpenSSH...done.
Starting web GUI...done.
Syncing OpenVPN settings...done.
Stopping ntopng.
Waiting for PIDS: 54790.
Stopping redis.
Waiting for PIDS: 45839.
Stopping node_exporter.
Stopping acme_http_challenge.
Waiting for PIDS: 31589.
Stopping flowd.
Stopping mdns_repeater.
Waiting for PIDS: 19673.
Stopping qemu_guest_agent.
Waiting for PIDS: 15465.
Stopping monit.
Waiting for PIDS: 89582.
Stopping flowd_aggregate...done
setup vtnet1
setup vtnet0 [egress only]
setup vtnet2
Starting flowd_aggregate.
Starting monit.
Starting Monit 5.34.3 daemon with http interface at /var/run/monit.sock
kldload: can't load virtio_console: module already loaded or in kernel
Starting qemu_guest_agent.
Starting mdns_repeater.
Starting flowd.
rmdir: /var/etc/acme-client/home/deploy: Not a directory
rmdir: /var/etc/acme-client/home/dnsapi: Not a directory
rmdir: /var/etc/acme-client/home/notify: Not a directory
Starting acme_http_challenge.
Starting node_exporter.
Starting redis.
Certificates generated /usr/local/share/ntopng/httpdocs/ssl/ntopng-cert.pem
Starting ntopng.
md5sum: invalid option -- q
usage: md5sum [-bctwz] [files ...]
usage: grep [-abcDEFGHhIiLlmnOopqRSsUVvwxz] [-A num] [-B num] [-C num]
        [-e pattern] [-f file] [--binary-files=value] [--color=when]
        [--context=num] [--directories=action] [--label] [--line-buffered]
        [--null] [pattern] [file ...]
06/Jan/2025 15:02:22 [Ntop.cpp:4052] WARNING: Unable to find timezone: using UTC
06/Jan/2025 15:02:22 [Redis.cpp:171] Successfully connected to redis 127.0.0.1@0
06/Jan/2025 15:02:22 [Redis.cpp:171] Successfully connected to redis 127.0.0.1@0
06/Jan/2025 15:02:22 [Ntop.cpp:2642] Parent process is exiting (this is normal)

The client has disconnected from the server.  Reason:
Invalid packet header.  This probably indicates a problem with key exchange or encryption.
What I noticed, is that my client gets disconnected from the host when the issue appears is:
Code Select
root@Proxmox ~# ping 1.1.1.1
64 bytes from 1.1.1.1: icmp_seq=858 ttl=57 time=9.94 ms
64 bytes from 1.1.1.1: icmp_seq=859 ttl=57 time=10.1 ms

The client has disconnected from the server.  Reason:
Invalid packet header.  This probably indicates a problem with key exchange or encryption.

Could this be an issue on Proxmox versus on OPNsense? is there any other log that could make sense to check on OPNSense before checking on Proxmox side?

Is it a key change happening on OPNsense all the time? something to do with the certificate?

Merci
XabiX
#8
24.7, 24.10 Series / Re: Live view filled with plenty of Deny ff02::16 icmp AND udp 3702
September 13, 2024, 04:43:19 PM
I used them when I need to know what is being blocked. I have kept the rules but removed all loging.

Merci

Is there a way to disable IPv6 on my interfaces outside of the POP? Before i never saw these assigned maybe this is linked to an improvement of the Interface Overview :)

I do have: IPv6 Configuration Type to None on those interfaces.
#9
24.7, 24.10 Series / SOLVED: Live view filled with plenty of Deny ff02::16 icmp AND udp 3702
September 13, 2024, 03:28:28 PM
BTW I did remove: Log packets matched from the default block rules

but I still see those msg. I assume these are bc they are captured by my own deny all IPv6 rule?
#10
24.7, 24.10 Series / Re: Live view filled with plenty of Deny ff02::16 icmp AND udp 3702
September 13, 2024, 03:23:50 PM
Thanks Patrick!

My bad as I forgot that I have an internal interface which operates with IPv6 which is the media setup box of my ISP for TV and services like replay/netflix etc...

Therefore, if this is acceptable, should I allow this traffic just towards this LAN interface?

Is your comment also valid for the traffic towards udp 3702?

Merci
#11
24.7, 24.10 Series / Live view filled with plenty of Deny ff02::16 icmp AND udp 3702
September 13, 2024, 08:58:02 AM
Hello Experts,

I don't understand why I am seeing this traffic and if I should either allow it or put a non verbose rule entry to stop it to fill the logs.

Besides I was trying WS and I see udp 3702 too blocked. My setup is IPv4 so not sure if I need those too.

Code Select
[ndp -a
Neighbor                             Linklayer Address  Netif Expire    1s 5s
2a01:e0a:3ba:cb90::2                 92:f5:ca:c9:f3:92 vtnet0 permanent R
fe80::90f5:caff:fec9:f392%vtnet0     92:f5:ca:c9:f3:92 vtnet0 permanent R
fe80::9c90:88ff:fe48:d45b%vtnet1     9e:90:88:48:d4:5b vtnet1 permanent R
fe80::449f:54ff:fe80:6bf1%vtnet2     46:9f:54:80:6b:f1 vtnet2 permanent R
fe80::bc00:eeff:fe5d:31e3%vtnet3     be:00:ee:5d:31:e3 vtnet3 permanent R
2a01:e0a:3ba:cb91::1                 da:dc:fd:fa:f7:7c vtnet4 permanent R
fe80::b9a8:d032:e210:1c2a%vtnet4     dc:00:b0:44:74:64 vtnet4 23h56m0s  S
fe80::d8dc:fdff:fefa:f77c%vtnet4     da:dc:fd:fa:f7:7c vtnet4 permanent R
2a01:e0a:3ba:cb91:61da:fc7d:3083:ed4f dc:00:b0:44:74:64 vtnet4 23h56m0s  S
fe80::8db:32ff:feb9:b45c%vtnet6      0a:db:32:b9:b4:5c vtnet6 permanent R code]

[code]pfctl -s rules | grep "from fe80::/10"
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echoreq keep state label "d147534c4012c8dd65eda59292c0ab90"
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echoreq keep state label "d147534c4012c8dd65eda59292c0ab90"
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state label "d147534c4012c8dd65eda59292c0ab90"
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state label "d147534c4012c8dd65eda59292c0ab90"
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state label "d147534c4012c8dd65eda59292c0ab90"
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state label "d147534c4012c8dd65eda59292c0ab90"
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state label "d147534c4012c8dd65eda59292c0ab90"
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state label "d147534c4012c8dd65eda59292c0ab90"
pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state label "d147534c4012c8dd65eda59292c0ab90"
pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state label "d147534c4012c8dd65eda59292c0ab90"
pass in quick on vtnet4 inet6 proto udp from fe80::/10 to fe80::/10 port = dhcpv6-client keep state label "202cde82e72bc8757ce87db904864c07"
pass in quick on vtnet4 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-client keep state label "202cde82e72bc8757ce87db904864c07"
pass in quick on vtnet4 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-server keep state label "fcfc7f20b012cb13daa2953a063f4f4e"
pass in quick on vtnet4 inet6 proto udp from fe80::/10 to (self) port = dhcpv6-client keep state label "a329a5ad6317f1c72757431e7a8232aa"
pass in quick on vtnet0 inet6 proto udp from fe80::/10 to fe80::/10 port = dhcpv6-client keep state label "4408d4bb3e3b231599822fa8f4546f8d"
pass in quick on vtnet0 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-client keep state label "4408d4bb3e3b231599822fa8f4546f8d"
pass in quick on vtnet0 inet6 proto udp from fe80::/10 to ff02::/16 port = dhcpv6-server keep state label "3e5fbb29b91da43363e550aead699e16"
pass in quick on vtnet0 inet6 proto udp from fe80::/10 to (self) port = dhcpv6-client keep state label "43f521ff1b149fea894c4f31417849bb"
pass in quick on vtnet4 inet6 from fe80::/10 to ! (vtnet1:network) flags S/SA keep state allow-opts label "178c7c3c8c26cb8456b49510389dd6e3"/code]

Any help is more than welcome.

Merci
#12
23.7 Legacy Series / Re: opnsense/diag_logs_settings.php: The command '/bin/kill -'TERM' '17962''
August 09, 2023, 05:56:06 PM
So it s not an ERROR to consider!

Noted and the ticket can be closed. My DNS issue was linked to the GW not available with dpinger but solved.

This thread can be closed. THANKS Franco !!!
#13
23.7 Legacy Series / opnsense/diag_logs_settings.php: The command '/bin/kill -'TERM' '17962''
August 09, 2023, 04:22:06 PM
Hello

After upgrade to OPNsense 23.7.1_3-amd64 I have internet issues and not able to get answers to my DNS queries. Not sure yet why as I have the floating rules there as I had in the past.

I did see this error, is there anything that I should do to solved it? I didn't had the opty to check with my TV and setupbox if it works.

Code Select
2023-08-09T16:08:20 Error opnsense /diag_logs_settings.php: The command '/usr/sbin/daemon -f -p '/var/run/dhcpleases6.pid' '/usr/local/opnsense/scripts/dhcp/prefixes.sh'' returned exit code '3', the output was 'daemon: process already running, pid: 37599'
2023-08-09T16:08:20 Error opnsense /diag_logs_settings.php: The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid vtnet4' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.4.3-P1 Copyright 2004-2022 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Config file: /etc/dhcpdv6.conf Database file: /var/db/dhcpd6.leases PID file: /var/run/dhcpdv6.pid There's already a DHCP server running. If you think you have received this message due to a bug rather than a configuration issue please read the section on submitting bugs on either our web page at www.isc.org or in the README file before submitting a bug. These pages explain the proper process and the information we find helpful for debugging. exiting.'
2023-08-09T16:08:17 Error opnsense /diag_logs_settings.php: The command '/bin/kill -'TERM' '17962''(pid:/var/dhcpd/var/run/dhcpdv6.pid) returned exit code '1', the output was 'kill: 17962: No such process'

Merci
#14
23.7 Legacy Series / Re: Reinstall to 23.7 -> No GUI - Server Error
August 01, 2023, 08:41:44 AM
I was able to solve the issue by changing from HTTP to HTTPs and select a certificate.

Nice and easy re-installation. Great work Franco and the team!
#15
23.7 Legacy Series / Reinstall to 23.7 -> No GUI - Server Error
July 31, 2023, 04:58:41 PM
Hello

I upgrade from 23.1.11_1 (or whatever was the last release before 23.7) and I decided to export my config, reinstall and import my saved config.

OPNsense does work so I have internet etc... btu I can't login in the GUI anymore on the LAN (it does work on the WIFI interface thought). What log file could help? Any insight? could it be that Acme did not re issued the cert automatically?

Code Select
<27>1 2023-07-31T16:48:19+02:00 OPNsense.localdomain lighttpd 18271 - [meta sequenceId="2"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.71/src/server.c.2308) server stopped by UID = 0 PID = 71338
<27>1 2023-07-31T16:48:19+02:00 OPNsense.localdomain lighttpd 71600 - [meta sequenceId="3"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.71/src/server.c.1909) server started (lighttpd/1.4.71)
<27>1 2023-07-31T16:49:23+02:00 OPNsense.localdomain lighttpd 71600 - [meta sequenceId="1"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.71/src/server.c.2308) server stopped by UID = 0 PID = 78885
<27>1 2023-07-31T16:49:54+02:00 OPNsense.localdomain lighttpd 38726 - [meta sequenceId="1"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.71/src/server.c.1909) server started (lighttpd/1.4.71)
<27>1 2023-07-31T16:49:56+02:00 OPNsense.localdomain lighttpd 55593 - [meta sequenceId="2"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.71/src/server.c.1909) server started (lighttpd/1.4.71)

Code Select
2023-07-31 16:48:24 [root:groupadd] acme(169)
2023-07-31 16:48:24 [root:useradd] acme(169):acme(169):ACME protocol client:/var/db/acme:/bin/sh
2023-07-31 16:48:31 [root:groupadd] git_daemon(964)
2023-07-31 16:48:31 [root:useradd] git_daemon(964):git_daemon(964):git daemon:/nonexistent:/usr/sbin/nologin
2023-07-31 16:48:44 [root:groupadd] _lldpd(949)
2023-07-31 16:48:44 [root:useradd] _lldpd(949):_lldpd(949):lldpd user:/nonexistent:/usr/sbin/nologin
2023-07-31 16:49:52 [unknown:groupmod] admins(1999)

Thanks
XabiX
Pages1 2