Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - zauopn

Pages: [1]

22.1 Legacy Series / Multiple missing dependency and iflib_netmap_config errors after update to 22.1

« on: January 30, 2022, 08:15:34 am »

I'm getting the following dependency errors after upgrading to 22.1, does any one know how to fix those issues? Also, internet is no longer working. Any help would be appreciated . Thanks.

Code: [Select]

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.1 (amd64/OpenSSL) at Sat Jan 29 22:48:14 PST 2022
>>> Check installed kernel version
Version 22.1 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.1 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
py37-markupsafe has a missing dependency: python37
py37-markupsafe has a missing dependency: py37-setuptools
py37-markupsafe is missing a required shared library: libpython3.7m.so.1.0
py37-pymongo has a missing dependency: python37
py37-pymongo has a missing dependency: py37-setuptools
py37-pymongo is missing a required shared library: libpython3.7m.so.1.0
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 65 dependencies to check.
Checking packages: ................................................................... done
***DONE***

Also, the following errors show up in the console / terminal:

Code: [Select]

FreeBSD/amd64 (OPNsense.localdomain) (ttgv8)

login: [ 849] iflib_netmap_config txr 1 rxr 1 txd 1824 rxd 1824
rbufsz 2848

[ 849] iflib_netmap_config txr 1 rxr 1 txd 1824 rxd 1824 rbufsz
2848

-m8: link state changed to DUNN

[ 849] iflib_netmap_config txr 1 rxr 1 txd 1824 rxd 1824 rbufsz
2848

-m8: link state changed to UP

reeBSDIamd64 (OPNsense.localdomain) (ttgv8)

login: 7

22.1 Legacy Series / Re: My Experience

« on: January 30, 2022, 08:00:52 am »

I'm also getting the same dependency errors after upgrading to 22.1, does any one know how to fix those issues?

Code: [Select]

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.1 (amd64/OpenSSL) at Sat Jan 29 22:48:14 PST 2022
>>> Check installed kernel version
Version 22.1 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.1 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
py37-markupsafe has a missing dependency: python37
py37-markupsafe has a missing dependency: py37-setuptools
py37-markupsafe is missing a required shared library: libpython3.7m.so.1.0
py37-pymongo has a missing dependency: python37
py37-pymongo has a missing dependency: py37-setuptools
py37-pymongo is missing a required shared library: libpython3.7m.so.1.0
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 65 dependencies to check.
Checking packages: ................................................................... done
***DONE***

21.7 Legacy Series / Updated to 21.7.3_3 and now it shows freeze erros on iflib_netmap_config

« on: October 02, 2021, 10:47:03 am »

Hello,

I updated to latest release 21.7.3_3 via WEB GUI and now it shows freeze errors on iflib_netmap_config
The internet connection for all devices no longer works either, somehow this bug is blocking internet access as well.

I did follow Franco advise for a similar report but even after reinstalling the kernel the issue still continues, very similar errors appear now in the console: https://forum.opnsense.org/index.php?topic=24136.msg115364#msg115364

any help to resolve this issue would be appreciated. thanks

Quote

Re: 21.7 freeze on netmap on APU4C
« Reply #5 on: July 31, 2021, 02:30:17 pm »

Quote

What I mean was after 21.7 installation go to System: Firmware: GUI, "Packages" tab and under "kernel" in the right click "reinstall" button and let the system reboot. It will replace the bad kernel.

Cheers,
Franco

Logs: General ->
---------------------------
Date

Process

Line

2021-10-02T01:18:46   kernel   726.557971 [ 853] iflib_netmap_config txr 1 rxr 1 txd 1024 rxd 1024 rbufsz 2048
2021-10-02T01:18:44   kernel   723.977224 [ 853] iflib_netmap_config txr 1 rxr 1 txd 1024 rxd 1024 rbufsz 2048
2021-10-02T01:18:44   kernel   723.975628 [ 853] iflib_netmap_config txr 1 rxr 1 txd 1024 rxd 1024 rbufsz 2048
2021-10-02T01:18:02   kernel   682.446938 [ 853] iflib_netmap_config txr 1 rxr 1 txd 1024 rxd 1024 rbufsz 2048
2021-10-02T01:18:01   kernel   681.205899 [ 853] iflib_netmap_config txr 1 rxr 1 txd 1024 rxd 1024 rbufsz 2048
2021-10-02T01:17:24   kernel   em1: netmap queues/slots: TX 1/1024, RX 1/1024
2021-10-02T01:17:24   kernel   em0: netmap queues/slots: TX 1/1024, RX 1/1024
2021-10-02T01:17:24   kernel   000.000052 [4344] netmap_init netmap: loaded module
2021-10-02T01:15:03   kernel   503.089146 [ 853] iflib_netmap_config txr 1 rxr 1 txd 1024 rxd 1024 rbufsz 2048
2021-10-02T01:15:00   kernel   500.131428 [ 853] iflib_netmap_config txr 1 rxr 1 txd 1024 rxd 1024 rbufsz 2048

Zenarmor (Sensei) / Re: Sensei ongoing unresolved bugs and service not as claimed

« on: March 30, 2021, 05:11:29 pm »

Hi @mb,

Since I haven't received a response, I had to post the questions here, some of the tickets numbers below:

March/4/2021
Your request (2262) has been received and is being reviewed by our support staff.

Your request (1282) has been updated
Request #1281 "MongoDB error" was closed and merged into this request #1282

Zenarmor (Sensei) / Sensei ongoing unresolved bugs and service not as claimed

« on: March 30, 2021, 05:35:01 am »

I've been waiting for months to see if Sensei finally has the common courtesy to reply to my tickets and to fix the ongoing bugs and releases basic features advertised in the paid subscription. Sensei support closed tickets as resolved but there was no resolution and you never provided a clear response.

what is the status of the following issues? MongoDB continues crashing even with latest Sensei release.

I agree with Matt about the following: there is no software free of bugs. However, I haven't been the only user who has reported issues with mongodb and basic functionalities. In the opnsense / sensei forum there are other users who have reported MongoDB issues.
Your response doesn't provide clear responses regarding the major Sensei bugs and basic missing features that are being advertised in the paid subscription and are still not fully working. There is another ticket about that and as shown below response was that it was going to be added in a future release..

1) The ongoing mongodb issues, that makes the Sensei reporting unreliable as it only logs a few days, and after logs increase then mongodb error shows up and user has to reset logs to get the Sensei reporting to work again.
2) Customized Landing Pages for Blocked Sessions with Sensei Premium for HTTP AND HTTPS.
3) Fully working Sensei with latest version of OPNSense.

When are at least these ongoing issues/bugs going to be fully resolved?

Also in regards to item 3) about working landing pages you claimed it was going to be available on Q3 2020, it is already Q1 2021 and the issue is still unresolved:

"Thanks for reaching out and letting us know about your problem.

This occurs in the https connection. Https connections can be only resetting, can not be redirecting a landing page without TLS inspection. Full TLS inspection has been implemented in the packet engine. It'll take some time for us to roll out this functionality.

We hope to make it available in Q3 2020."

21.1 Legacy Series / Unbound service routinely stopping/crashing following 21.1.3 and 21.1.4 updates

« on: March 30, 2021, 05:13:55 am »

Pretty much as the subject states.
Update: Installed latest update and issue is still happening with both versions 21.1.3 and 21.1.4 updates.
After the updates it hasn't been possible to start Outbound service.

Unbound was working fine before update, updated fine, but then noticed that Unbound service stops more details below, it seems that crash happened at 2021-03-29T11:56:32. I tried to restart Unbound service via the GUI and also via the command line but it does not start it keeps showing the same errors in the logs. There could be a bug or a change introduced in: 21.1.X.
Anybody else experiencing these Unbound issues? Any help would be appreciated . Thanks.

Relevant logs:

--------------System: Log Files: General

2021-03-29T11:56:48   opn[51204]   plugins_configure dns (execute task : unbound_configure_do())
2021-03-29T11:56:48   opn[51204]   plugins_configure dns (execute task : dnsmasq_configure_do())
2021-03-29T11:56:48   opn[51204]   plugins_configure dns ()

2021-03-28T08:40:22   opn[74115]   /status_services.php: The command '/usr/local/opn/scripts/dns/unbound_dhcpd.py --domain 'localdomain'' returned exit code '1', the output was 'Unable to lock on the pidfile.'
2021-03-28T08:40:10   opn[37810]   plugins_configure local (execute task : unbound_configure_do(1))

--------------Services: Unbound DNS: Log File

2021-03-29T11:56:34   unbound[50553]   [50553:0] info: server stats for thread 0: requestlist max 16 avg 0.116428 exceeded 0 jostled 0
2021-03-29T11:56:34   unbound[50553]   [50553:0] info: server stats for thread 0: 7886 queries, 2568 answers from cache, 5318 recursions, 136 prefetch, 0 rejected by ip ratelimiting
2021-03-29T11:56:32   unbound[50553]   [50553:0] info: service stopped (unbound 1.13.1).
2021-03-29T11:55:57   unbound[50553]   [50553:0] debug: outnettcp got tcp error -1
2021-03-29T11:55:55   unbound[50553]   [50553:1] debug: outnettcp got tcp error -1
2021-03-29T11:55:47   unbound[50553]   [50553:0] debug: cache memory msg=527014 rrset=786732 infra=8306 val=188403

--------------System: Log Files: Backend
021-03-29T11:56:47   configd.py[25356]   [38cc3306-075e-44ec-b0fe-734656d56e9a] generate template opn/Filter
2021-03-29T11:56:47   configd.py[25356]   [9526cb0d-6f86-4d0b-9ba5-20ed2131174d] Reloading filter
2021-03-29T11:56:45   configd.py[25356]   [f956f100-e7ac-4a49-87f0-81f268c930f6] Linkup stopping em1
2021-03-29T11:56:39   configd.py[25356]   message 28987af7-4113-4827-a230-21924c2a5e6d [unbound.start] returned Error (1)
2021-03-29T11:56:39   configd.py[25356]   [28987af7-4113-4827-a230-21924c2a5e6d] returned exit status 1
2021-03-29T11:56:37   configd.py[25356]   message b3fa47bd-a9a5-4742-acd0-ef4bf7866755 [filter.refresh_aliases] returned {"status": "ok"}
2021-03-29T11:56:37   configd.py[25356]   [b3fa47bd-a9a5-4742-acd0-ef4bf7866755] refresh url table aliases
2021-03-29T11:56:37   configd.py[25356]   opn/Filter generated //usr/local/etc/filter_geoip.conf
2021-03-29T11:56:37   configd.py[25356]   opn/Filter generated //usr/local/etc/filter_tables.conf
2021-03-29T11:56:37   configd.py[25356]   generate template container opn/Filter
2021-03-29T11:56:37   configd.py[25356]   [36546d50-6d27-46b9-9352-4d5ec7290f11] generate template opn/Filter
2021-03-29T11:56:36   configd.py[25356]   [73af3980-9bdf-4c26-91e0-e47479200ed8] Reloading filter
2021-03-29T11:56:34   configd.py[25356]   [28987af7-4113-4827-a230-21924c2a5e6d] Start Unbound
2021-03-29T11:56:32   configd.py[25356]   opn/Unbound/* generated //var/unbound/root.hints
2021-03-29T11:56:32   configd.py[25356]   opn/Unbound/* generated //var/unbound/etc/miscellaneous.conf
2021-03-29T11:56:32   configd.py[25356]   opn/Unbound/* generated //var/unbound/etc/dot.conf
2021-03-29T11:56:32   configd.py[25356]   opn/Unbound/* generated //var/unbound/etc/blacklists.ini
2021-03-29T11:56:32   configd.py[25356]   generate template container opn/Unbound/core
2021-03-29T11:56:32   configd.py[25356]   [13fb3116-b6d8-4544-ad8b-57845529430a] generate template opn/Unbound/*
2021-03-29T11:56:31   configd.py[25356]   message ace7adae-a5de-406b-a861-fd658c573f9d [filter.refresh_aliases] returned {"status": "ok"}

Intrusion Detection and Prevention / Sensei and IPS/IDS issues.

« on: July 23, 2020, 08:43:56 pm »

Hello, I have latest version of opnsense already installed in a VirtualBox VM and it is working.

Internet WAN -> Modem -> Opnsense device (Ethernet port) LAN -> USB Ethernet adapter (usb connected to Opnsense device and Ethernet to WAN Ethernet port of router) -> Router ( multiple devices connected to it via Ethernet LAN ports and WiFi)

However, there are some issues with Sensei and IDS/IPS that need to be fixed:

1) All the web traffic in opnsense has the same WAN IP from router, so it makes it look that there is only one device connected to the network. I need to see in the Sensei and IDS traffic logs exactly the IP of the device in the network (I.e printer, PC etc..) that generates the traffic. For example, if a user using a smartphone goes to Facebook, I need to see the IP of the smartphone, not the WAN IP of the router.
2) Snort rules are not getting triggered, there are several ERR INVALID SIGNATURE in the IDS logs. Also, the GeoIP settings have an issue, the country flags are not showing up in the logs maxmind was already added to the geoip settings. $:-\$
I also have ET telemetry and some of the rules work but many of those rules are empty, it seems that ET Telemetry doesn't have the same rulesets as ET PRO.

Does anyone know how fix these issues? I'd appreciate your help. Thanks

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: July 23, 2020, 08:30:09 pm »

Pages: [1]