"
I have two firewalls which both are running 1.18 on OPNsense 24.7.7.
Wireguard is working without issues on both systems.
Wireguard is working without issues on both systems.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
24.1, 24.4 Legacy Series / Re: KEA dhcpd not serving all subnets after reboot
February 25, 2024, 09:06:24 AMQuote from: Monviech on February 24, 2024, 08:56:05 PM
Are you running an untagged vlan on the same trunk? Thats not recommended. If you are running vlans all of them should be tagged, even vlan 1. Freebsd doesnt like this.
The untagged parent interface doesnt need to be assigned. If you use a switch with native vlan id (or how its called) use a sacrafice vlan like 2000 or something for the untagged traffic so it doesnt collide with tagged traffic on the connected trunk interface.
Dont know if thats related to the KEA issue.
Thank you! This was indeed the issue. Now all VLANs (including VLAN 1) are tagged and KEA is also working as expected after a system reboot.
KEA does not even issue a warning "em0 is not running" now that VLANs are properly configured (not mixing tagged and untagged).
#3
24.1, 24.4 Legacy Series / [SOLVED] KEA dhcpd not serving all subnets after reboot
February 24, 2024, 08:31:34 PM
I am testing KEA dhcpd on OPNsense 24.1.2_1-amd64.
I have configured five subnets (LAN + four VLANs) for which KEA is the dhcp server:
192.168.22.0/24 (LAN)
192.168.202.0/24 (VLAN 2)
192.168.205.0/24 (VLAN 5)
192.168.210.0/24 (VLAN 10)
192.168.220.0/24 (VLAN 20)
Everything is fine until I reboot the system. After reboot I see the following warning in the KEA log file:
WARN [kea-dhcp4.dhcpsrv.0x835bc5000] DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: the interface em0 is not running
It seems like KEA is starting before the em0 interface (which is the interface for the LAN and VLANs).
However, KEA seems to start and servers fine on the VLAN-intefaces but does not provide DHCP leases for the LAN interface. Once I restart the KEA service, it starts serving on both LAN interface and VLANs.
Again, when I reboot the system, the same issue occurs until I manually restart KEA.
Is this a known issue and is there any workaround for the issue? Is there any information I can provide for inspecting this further?
I have configured five subnets (LAN + four VLANs) for which KEA is the dhcp server:
192.168.22.0/24 (LAN)
192.168.202.0/24 (VLAN 2)
192.168.205.0/24 (VLAN 5)
192.168.210.0/24 (VLAN 10)
192.168.220.0/24 (VLAN 20)
Everything is fine until I reboot the system. After reboot I see the following warning in the KEA log file:
WARN [kea-dhcp4.dhcpsrv.0x835bc5000] DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: the interface em0 is not running
It seems like KEA is starting before the em0 interface (which is the interface for the LAN and VLANs).
However, KEA seems to start and servers fine on the VLAN-intefaces but does not provide DHCP leases for the LAN interface. Once I restart the KEA service, it starts serving on both LAN interface and VLANs.
Again, when I reboot the system, the same issue occurs until I manually restart KEA.
Is this a known issue and is there any workaround for the issue? Is there any information I can provide for inspecting this further?
#4
Zenarmor (Sensei) / Re: os-sensei-db (missing)
February 22, 2024, 05:59:48 PMQuote from: IHK on February 22, 2024, 11:58:35 AM
Please run the following commands
rm -fr /usr/local/opnsense/version/sensei-db
rm -fr /usr/local/sensei-db
Click in System - Firmware - Resolve Plugin Conflicts - Reset All Local Conflicts
Thank you! This did the trick! Rebooted the system to confirm everything is running fine - all good.
#5
Zenarmor (Sensei) / [SOLVED] os-sensei-db (missing)
February 21, 2024, 08:01:46 PM
Just upgraded my OPNsense installation from 23.7.11 to 24.1.2.
I also upgraded Zenarmor from 1.16.1 to 1.16.3.
Now I see red os-sensei-db (missing) line at System -> Firmware -> Plugins.
I have tried both Resolve Plugin Conflicts -> Run the automatic resolver and Reset all local conflicts but the problem remains.
Some old threads suggest to reinstall Zenarmor to solve this issue but I was wondering if there is a way to fix whit problem without reinstalling Zenarmor.
OPNsense 24.1.2_1-amd64
FreeBSD 13.2-RELEASE-p10
OpenSSL 3.0.13
I also upgraded Zenarmor from 1.16.1 to 1.16.3.
Now I see red os-sensei-db (missing) line at System -> Firmware -> Plugins.
I have tried both Resolve Plugin Conflicts -> Run the automatic resolver and Reset all local conflicts but the problem remains.
Some old threads suggest to reinstall Zenarmor to solve this issue but I was wondering if there is a way to fix whit problem without reinstalling Zenarmor.
OPNsense 24.1.2_1-amd64
FreeBSD 13.2-RELEASE-p10
OpenSSL 3.0.13
#6
Zenarmor (Sensei) / Re: Cloud node issue
December 23, 2022, 12:19:53 PMQuote from: athurdent on December 23, 2022, 12:14:48 PMQuote from: sy on December 23, 2022, 12:10:21 PM
Hi,
A network issue is occurred. It should be ok now. Can you confirm?
Thanks!
Looks OK now, had to re-check with the button there though. Did not resolve on it's own.
Thanks! It works now!
In my case both systems show that the status has been UP for about 5 hours. It fixed without any interaction from my side.
#7
Zenarmor (Sensei) / Cloud node issue
December 23, 2022, 06:52:18 AM
Hello all and thanks for the great Zenarmor software!
I am having the following issue with cloude nodes:
Europe & Europe2 are DOWN. When I click "check now" (on Zenarmor status page) they become UP for a while but then eventually down again. Rebooting the system does not help. I have this issue on two separate firewalls. Both are running:
Engine version 1.12.1
DB version 1.12.22112919
OPNsense 22.7.10_2-amd64
FreeBSD 13.1-RELEASE-p5
OpenSSL 1.1.1s 1 Nov 2022
ping 35.198.172.108 and ping 34.65.117.157 seem to be alright.
Any ideas how to analyze this further?
I am having the following issue with cloude nodes:
Europe & Europe2 are DOWN. When I click "check now" (on Zenarmor status page) they become UP for a while but then eventually down again. Rebooting the system does not help. I have this issue on two separate firewalls. Both are running:
Engine version 1.12.1
DB version 1.12.22112919
OPNsense 22.7.10_2-amd64
FreeBSD 13.1-RELEASE-p5
OpenSSL 1.1.1s 1 Nov 2022
ping 35.198.172.108 and ping 34.65.117.157 seem to be alright.
Any ideas how to analyze this further?
#8
22.7 Legacy Series / Re: Congratulations on a job well done
July 28, 2022, 08:17:59 PM
Same here! Congratulations!
#9
Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering
April 04, 2022, 07:42:44 PMQuote from: sy on April 04, 2022, 06:36:41 PM
Hi all,
Please reinstall the package with the following command to solve the Safari browser issue.
pkg install -fy os-sensei
I can confirm that this works on iOS Safari now. Thanks, great work!
#10
Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering
April 03, 2022, 11:58:30 AM #11
Zenarmor (Sensei) / Re: Zenarmor 1.11 Safari "Initializing"
April 01, 2022, 08:56:12 AM
In my case, it appears to be working on Windows machines but not on iOS machines.
#12
Zenarmor (Sensei) / Re: Zenarmor 1.11 Safari "Initializing"
April 01, 2022, 05:51:09 AM
To add my own post. In addition to original poster, I tried the following:
- removed all sensei packages and reinstalled them
- rebooted the firewall and tried access with different browsers
I still hangs at about 50 % on the "Initializing..." page
- removed all sensei packages and reinstalled them
- rebooted the firewall and tried access with different browsers
I still hangs at about 50 % on the "Initializing..." page
#13
Zenarmor (Sensei) / Re: Zenarmor 1.11 Safari "Initializing"
April 01, 2022, 05:44:35 AM
Just to confirm that I have exactly the same issue on OPNsense 22.1.4_1-amd64
#14
Zenarmor (Sensei) / 1.11 release date
March 09, 2022, 07:39:34 PM
I think Zenarmor Sensei is absolutely fantastic product! Any ideas when the 1.11 version will be released?
#15
Zenarmor (Sensei) / Re: Elastic search won't start on 22.1
January 28, 2022, 02:03:31 PM
First, I did:
pkg deinstall elasticsearch5
After that:
pkg install elasticsearch5
You can use pkg info command to check the exact name of the package if the above does not work.
I am not sure if this was too "brute force" approach. I compared the installed packages with other identical systems I have running OK on 22.1 and the packages seem identical.
I upgraded multiple "identical" machines from 21.7 to 22.1 with same procedure. No idea what went differently here...
pkg deinstall elasticsearch5
After that:
pkg install elasticsearch5
You can use pkg info command to check the exact name of the package if the above does not work.
I am not sure if this was too "brute force" approach. I compared the installed packages with other identical systems I have running OK on 22.1 and the packages seem identical.
I upgraded multiple "identical" machines from 21.7 to 22.1 with same procedure. No idea what went differently here...
