Messages

1

22.1 Legacy Series / Re: unbound fails to start after upgrade - traceback in jinja2

« on: April 10, 2022, 11:19:12 pm »

I may be up and running - not sure if the issue is fixed (I am still seeing the stacktrace in the log):

Code: [Select]

$ configctl unbound check
/var/unbound/unbound.conf:105: error: cannot open include file '/var/unbound/private_domains.conf': No such file or directory
read /var/unbound/unbound.conf failed: 1 errors in configuration file

I manually added my local network name to private_domains.conf and clients are able to resolve addresses in spite of the stack trace.

2

22.1 Legacy Series / Re: unbound fails to start after upgrade - traceback in jinja2

« on: April 10, 2022, 10:56:10 pm »

When I run configctl from the command line it reports OK however the traceback in the OP is logged and unbound is not started.

Code: [Select]

# configctl unbound restart
OK

Is there a way to run this verbosely or run the jinja templates from the command line?
I can start hacking on the python code but I don't want to go down that path if possible.

3

22.1 Legacy Series / Re: unbound fails to start after upgrade - traceback in jinja2

« on: April 10, 2022, 10:12:52 pm »

Thanks - that worked.

4

22.1 Legacy Series / unbound fails to start after upgrade - traceback in jinja2

« on: April 10, 2022, 02:59:05 pm »

After installing 22.1.5, unbound failed to start. Below is the traceback (sorry if its a little mangled - it came from my syslog server) and health audit output. Can reproduce it by simply trying to restart the Unbound service.

The health report shows `py37-markupsafe` is missing dependency: python37 ... - I have no idea why any py37 packages are still in the package list.

Also I installed `ddclient` with a view to replacing dyndns and then removed it trying to sort out this issue. Either way it seems to have no bearing on this problem.

Code: [Select]

Apr 10 20:57:19 leia.home.metrak.com configd.py[466]: error generating template
OPNsense/Unbound/core : Traceback (most recent call last):   
File "/usr/local/opnsense/service/modules/template.py", line 270, in _generate
content = j2_page.render(cnf_data)   
File "/usr/local/lib/python3.8/site-packages/jinja2/environment.py", line 1304,
in render     self.environment.handle_exception()   
File "/usr/local/lib/python3.8/site-packages/jinja2/environment.py", line 925,
in handle_exception     raise rewrite_traceback_stack(source=source)   
File
"/usr/local/opnsense/service/modules/../templates/OPNsense/Unbound/core/dot.conf",
line 6, in top-level template code     {%   for type, dots in
all|groupby("type") %}   
File "/usr/local/lib/python3.8/site-packages/jinja2/async_utils.py", line 36,
in wrapper     return normal_func(*args, **kwargs)   
File "/usr/local/lib/python3.8/site-packages/jinja2/filters.py", line 1238, in
sync_do_groupby     for key, values in groupby(sorted(value, key=expr), expr)
jinja2.exceptions.UndefinedError: 'collections.OrderedDict object' has no
attribute 'type' 
During handling of the above exception, another exception occurred: 
Traceback (most recent call last):   
File "/usr/local/opnsense/service/modules/template.py", line 338, in generate     
for filename in self._generate(template_name, create_directory):   
File "/usr/local/opnsense/service/modules/template.py", line 273, in _generate     
raise Exception("%s %s %s" % (module_name, template_filename,
render_exception))
Exception: OPNsense/Unbound/core OPNsense/Unbound/core/dot.conf 'collections.OrderedDict object' has no attribute 'type'


Code: [Select]

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.1.5 (amd64/OpenSSL) at Sun Apr 10 21:30:03 AEST 2022
>>> Check installed kernel version
Version 22.1.5 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.1.5 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
SunnyValley
OPNsense
>>> Check installed plugins
os-acme-client 3.9
os-api-backup 1.0_1
os-dmidecode 1.1_1
os-etpro-telemetry 1.6_1
os-iperf 1.0_1
os-nginx 1.26
os-nut 1.8.1
os-sensei 1.11
os-sensei-agent 1.11
os-sensei-updater 1.11
os-sunnyvalley 1.2_1
os-wireguard 1.10
>>> Check for missing package dependencies
Checking all packages: .......... done
py37-markupsafe has a missing dependency: python37
py37-markupsafe has a missing dependency: py37-setuptools
py37-markupsafe is missing a required shared library: libpython3.7m.so.1.0
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 65 dependencies to check.
Checking packages: ................................................................... done
***DONE***

5

General Discussion / managing IoT devices over multiple subnets

« on: September 27, 2021, 02:00:43 pm »

tl;dr should I consolidate IoT devices to a single subnet and put them in a vlan?

My opnsense 21.7 home router has 4 nics. I have

• PoE cameras on an "outdoor" subnet, over time this has grown to include wifi IoT devices like garage door controller
• multiple IoT devices connecting to another subnet both wifi and wired. Most of the family's personal devices also share this second network
• a 3rd subnet has several servers and then there is WAN

Keeping the outdoor net separate seemed like a good idea at the time but I would like to manage rules for all IoT devices as a group so I am thinking of consolidating them into one physical network and having a vlan reserved for IoT devices. I can then restrict access from the IoT vlan to the internet for example and I can logically separate IoT from personal devices.

From a bandwidth perspective I don't think consolidating the devices on one NIC is going to be a problem. I will have to make a couple of minor hardware hacks to the house wiring. I have managed switches so for dumb IoT devices I can force them onto vlans.

Does this make sense? Any tips would be appreciated.

6

20.7 Legacy Series / syslog-ng - stopped working after recent upgrade?

« on: August 19, 2020, 11:00:26 am »

I am on 20.7.1 and only been using opnsense for a few weeks so still learning.

I want to push all my logs via syslog-ng to another host and after setting this up they worked fine for a day but since about 3 days ago when I updated/rebooted to 20.7.1 no more logs have appeared remotely.

I am not sure if there was a problem with the update or whether I have misconfigured something. The remote host syslog-ng process is healthy and syslog service port open in firewall.

If anyone has pointers on what to check that would be appreciated.

Local Logging Options
Disable circular logs    🗹
Preserve logs (Days)    
Log Firewall Default Blocks
    🗹 Log packets matched from the default block rules put in the ruleset
       Log packets matched from the default pass rules put in the ruleset
   🗹 Log packets blocked by 'Block Bogon Networks' rules
   🗹 Log packets blocked by 'Block Private Networks' rules
Web Server Log    🗹 Log errors from the web server process.
Local Logging    🗹 Disable writing log files to the local disk