Messages

I may be up and running - not sure if the issue is fixed (I am still seeing the stacktrace in the log):

Code Select Expand

$ configctl unbound check
/var/unbound/unbound.conf:105: error: cannot open include file '/var/unbound/private_domains.conf': No such file or directory
read /var/unbound/unbound.conf failed: 1 errors in configuration file


I manually added my local network name to private_domains.conf and clients are able to resolve addresses in spite of the stack trace.

When I run configctl from the command line it reports OK however the traceback in the OP is logged and unbound is not started.

Code Select Expand

# configctl unbound restart
OK


Is there a way to run this verbosely or run the jinja templates from the command line?
I can start hacking on the python code but I don't want to go down that path if possible.

Thanks - that worked.

After installing 22.1.5, unbound failed to start. Below is the traceback (sorry if its a little mangled - it came from my syslog server) and health audit output. Can reproduce it by simply trying to restart the Unbound service.

The health report shows `py37-markupsafe` is missing dependency: python37 ... - I have no idea why any py37 packages are still in the package list.

Also I installed `ddclient` with a view to replacing dyndns and then removed it trying to sort out this issue. Either way it seems to have no bearing on this problem.

Code Select Expand


Apr 10 20:57:19 leia.home.metrak.com configd.py[466]: error generating template
OPNsense/Unbound/core : Traceback (most recent call last):   
File "/usr/local/opnsense/service/modules/template.py", line 270, in _generate
content = j2_page.render(cnf_data)   
File "/usr/local/lib/python3.8/site-packages/jinja2/environment.py", line 1304,
in render     self.environment.handle_exception()   
File "/usr/local/lib/python3.8/site-packages/jinja2/environment.py", line 925,
in handle_exception     raise rewrite_traceback_stack(source=source)   
File
"/usr/local/opnsense/service/modules/../templates/OPNsense/Unbound/core/dot.conf",
line 6, in top-level template code     {%   for type, dots in
all|groupby("type") %}   
File "/usr/local/lib/python3.8/site-packages/jinja2/async_utils.py", line 36,
in wrapper     return normal_func(*args, **kwargs)   
File "/usr/local/lib/python3.8/site-packages/jinja2/filters.py", line 1238, in
sync_do_groupby     for key, values in groupby(sorted(value, key=expr), expr)
jinja2.exceptions.UndefinedError: 'collections.OrderedDict object' has no
attribute 'type' 
During handling of the above exception, another exception occurred: 
Traceback (most recent call last):   
File "/usr/local/opnsense/service/modules/template.py", line 338, in generate     
for filename in self._generate(template_name, create_directory):   
File "/usr/local/opnsense/service/modules/template.py", line 273, in _generate     
raise Exception("%s %s %s" % (module_name, template_filename,
render_exception))
Exception: OPNsense/Unbound/core OPNsense/Unbound/core/dot.conf 'collections.OrderedDict object' has no attribute 'type'


Code Select Expand


***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.1.5 (amd64/OpenSSL) at Sun Apr 10 21:30:03 AEST 2022
>>> Check installed kernel version
Version 22.1.5 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.1.5 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
SunnyValley
OPNsense
>>> Check installed plugins
os-acme-client 3.9
os-api-backup 1.0_1
os-dmidecode 1.1_1
os-etpro-telemetry 1.6_1
os-iperf 1.0_1
os-nginx 1.26
os-nut 1.8.1
os-sensei 1.11
os-sensei-agent 1.11
os-sensei-updater 1.11
os-sunnyvalley 1.2_1
os-wireguard 1.10
>>> Check for missing package dependencies
Checking all packages: .......... done
py37-markupsafe has a missing dependency: python37
py37-markupsafe has a missing dependency: py37-setuptools
py37-markupsafe is missing a required shared library: libpython3.7m.so.1.0
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 65 dependencies to check.
Checking packages: ................................................................... done
***DONE***

tl;dr should I consolidate IoT devices to a single subnet and put them in a vlan?

My opnsense 21.7 home router has 4 nics. I have

• PoE cameras on an "outdoor" subnet, over time this has grown to include wifi IoT devices like garage door controller
• multiple IoT devices connecting to another subnet both wifi and wired. Most of the family's personal devices also share this second network
• a 3rd subnet has several servers and then there is WAN

Keeping the outdoor net separate seemed like a good idea at the time but I would like to manage rules for all IoT devices as a group so I am thinking of consolidating them into one physical network and having a vlan reserved for IoT devices. I can then restrict access from the IoT vlan to the internet for example and I can logically separate IoT from personal devices.

From a bandwidth perspective I don't think consolidating the devices on one NIC is going to be a problem. I will have to make a couple of minor hardware hacks to the house wiring. I have managed switches so for dumb IoT devices I can force them onto vlans.

Does this make sense? Any tips would be appreciated.

I am on 20.7.1 and only been using opnsense for a few weeks so still learning.

I want to push all my logs via syslog-ng to another host and after setting this up they worked fine for a day but since about 3 days ago when I updated/rebooted to 20.7.1 no more logs have appeared remotely.

I am not sure if there was a problem with the update or whether I have misconfigured something. The remote host syslog-ng process is healthy and syslog service port open in firewall.

If anyone has pointers on what to check that would be appreciated.

Local Logging Options
Disable circular logs    🗹
Preserve logs (Days)    
Log Firewall Default Blocks
   🗹 Log packets matched from the default block rules put in the ruleset
       Log packets matched from the default pass rules put in the ruleset
   🗹 Log packets blocked by 'Block Bogon Networks' rules
   🗹 Log packets blocked by 'Block Private Networks' rules
Web Server Log    🗹 Log errors from the web server process.
Local Logging    🗹 Disable writing log files to the local disk