Messages

Any concerns with the following error? There are several in my upgrade log. This is an upgrade from 22.1_10 to 22.7_4.

Code Select Expand


Starting configd.
Reloading plugin configuration

Fatal error: Uncaught Error: Undefined constant "OCSP_REVOKED_STATUS_NOSTATUS" in /usr/local/etc/inc/certs.inc:33
Stack trace:
#0 /usr/local/etc/inc/config.inc(41): require_once()
#1 /usr/local/etc/rc.configure_plugins(35): require_once('/usr/local/etc/...')
#2 {main}
thrown in /usr/local/etc/inc/certs.inc on line 33
pkg-static: POST-INSTALL script failed
[220/230] Reinstalling os-siproxd-1.3_1...
[220/230] Extracting os-siproxd-1.3_1: .......... done
Stopping configd...done
Starting configd.
Reloading plugin configuration

Fatal error: Uncaught Error: Undefined constant "OCSP_REVOKED_STATUS_NOSTATUS" in /usr/local/etc/inc/certs.inc:33
Stack trace:
#0 /usr/local/etc/inc/config.inc(41): require_once()
#1 /usr/local/etc/rc.configure_plugins(35): require_once('/usr/local/etc/...')
#2 {main}
thrown in /usr/local/etc/inc/certs.inc on line 33
Reloading template OPNsense/Siproxd: OK
[221/230] Reinstalling os-rspamd-1.12...
[221/230] Extracting os-rspamd-1.12: .......... done
Stopping configd...done
Starting configd.
Reloading plugin configuration

Fatal error: Uncaught Error: Undefined constant "OCSP_REVOKED_STATUS_NOSTATUS" in /usr/local/etc/inc/certs.inc:33
Stack trace:
#0 /usr/local/etc/inc/config.inc(41): require_once()
#1 /usr/local/etc/rc.configure_plugins(35): require_once('/usr/local/etc/...')
#2 {main}
thrown in /usr/local/etc/inc/certs.inc on line 33
Reloading template OPNsense/Rspamd: OK
[222/230] Upgrading os-postfix from 1.23 to 1.23_1...
[222/230] Extracting os-postfix-1.23_1: .......... done
Stopping configd...done


What is a path to the upgrade log file?

You can try to repair netflow database thru: Reporting -> Settings -> "Repaire Netflow Database".
Take into consideration that this process may take hours.
I monitor sqlighte DB repairing process by periodically running "ls -halt /var/netflow" thru ssh to opnsense

CrowdSec arrives on OPNsense

yes I've tested it and logging can be done.
1. Stop the service from the plugin UI.
I didn't find it possible to control it from the command line as per AdGuard docs ie. ./AdGuardHome -s --service VALUE
https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#configuration-file maybe I misread the command syntax.
2. Modify your yaml: /usr/local/AdGuardHome/AdGuardHome.yaml
Pupulate the parameter log_file:
I used log_file: /var/log/AdGuard.log
3. Start the service from the plugin UI.
Note: by default the parameter and value "verbose: false" gives some logging but not a lot. Changing it to true is the oppossite, as the name implies, verbose. So you might want to only keep it to true for a short time.

Thank you cookiemonster. That's what I'm talking about - Team work!
I descovered thet my  /usr/local/AdGuardHome/AdGuardHome.yaml were empty.
Beside it I found :

Code Select Expand

# ls -hal /usr/local/AdGuardHome/.AdGuardHome.yaml943720732
-rw-r--r--  1 root  wheel   3.7K Feb  5 07:21 /usr/local/AdGuardHome/.AdGuardHome.yaml943720732

I have added AdGuard logging line to AdGuardHome.yaml according to your instructions...

Code Select Expand


# cat /usr/local/AdGuardHome/AdGuardHome.yaml
log_file: /var/log/AdGuard.log

And launched adguard service:

Code Select Expand

service adguardhome onestatus

I'v got the following log:

Code Select Expand

# cat /var/log/AdGuard.log
2022/02/11 18:44:17.210037 [info] AdGuard Home, version v0.107.2
2022/02/11 18:44:17.210075 [info] AdGuard Home is running as a service
2022/02/11 18:44:17.210171 [info] home.upgradeSchema0to1(): called
2022/02/11 18:44:17.210179 [info] deleting /usr/local/AdGuardHome/dnsfilter.txt as we don't need it anymore
2022/02/11 18:44:17.210198 [info] home.upgradeSchema1to2(): called
2022/02/11 18:44:17.210204 [info] deleting /usr/local/AdGuardHome/Corefile as we don't need it anymore
2022/02/11 18:44:17.210220 [info] home.upgradeSchema2to3(): called
2022/02/11 18:44:17.210234 [fatal] dns configuration is not a map

So I renamed .AdGuardHome.yaml943720732 back to AdGuardHome.yaml and now I can launch adguard!

There is a link to a corresponding issue at https://github.com/mimugmail/opn-repo/issues/93

Maybe Firewall just needs an additional reboot

Unfortunately, an additional reboot didn't help AdGuard to start. It seems that the issue calls for a much more thorough investigation. Although I am competent enough to ssh into the Opnsense box I don't know which logs I can check in order to discover the issue's root cause.
And I'll much appreciate it if you could explain to me how can I backup Adguards configs in case I'll reinstall it or the entire Opnsense.

Is it just me or others can't start AdGuard after opnsense 22.1 upgrade too?
AdGuardHome (os-adguardhome-maxit) from https://www.routerperformance.net/opnsense-repo/ worked fine immediately after upgrade to Opnsense 22.1. But after a couple of hours, adguard crashed and I can't start it anymore.
ref: https://github.com/mimugmail/opn-repo/issues/93

It's always twice for on my system.

Hey guys, just reading up on this. I just reverted to. Been having issues with interfaces this way to, after upgrading to 21.7.6.

Did you guys perhaps have suricata running on those interfaces? My issues seem to be resolved when i disable suricata or taking the interface out of the config.

I was experiencing this on the lan side btw, since i dont have suricata on wan side. My lagg interface seems to be doing just fine with suricata enabled.
Sidenote: rss enabled. intel i210.

I suspect this issue to have something to do with.
Suricata 6.0.4 with an additional change for the Netmap API version 14. not sure  :-X

Yep. I have Suricata on LAN side interfaces.

Don't now what exactly the problem was....
But rolling back to 21.7.5 from a console resolved the issue.

Code Select Expand

opnsense-revert -r 21.7.5 opnsense
https://docs.opnsense.org/manual/opnsense_tools.html#opnsense-revert
So far so good....

Same here after upgrade to 21.7.6.
Thinking of rolling back to previous version.

@opnfwb thank you for making me double-check everything and not letting me give up.

Finally I been able to launch unbound after removing appropriate lines mentioning the problematic hostname from: /var/unbound/dhcpleases.conf

Rerun of "unbound-checkconf /var/unbound/unbound.conf" provides exactly the same output. Аlthoug hostname of `RedmiNote8Pro-Re?` have been changed and received a new IP by DHCP.
I think that it is some case of dad lock. Unbound can't start because of bad record in it's old configuration. But unbound can't update that config and fix it because it cant start.
So my next question is: How to purge / reset to default Unbound DNS settings?

Hi @opnfwb

Can you elaborate on this some more? I don't sure I understand do you mean.