Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - tudou

Pages: [1] 2

21.7 Legacy Series / ntpdNetwork Time Daemon :error

« on: August 15, 2021, 02:00:44 am »

Versions
OPNsense 21.7.1-amd64
FreeBSD 12.1-RELEASE-p19-HBSD
OpenSSL 1.1.1k 25 Mar 2021

ntpd   Network Time Daemon

2021-08-15T06:41:00   ntpd[93468]   daemon child exited with code 1
2021-08-15T06:41:00   ntpd[18732]   unable to bind to wildcard address :: - another process may be running - EXITING
2021-08-15T06:41:00   ntpd[18732]   restrict: 'monitor' cannot be disabled while 'limited' is enabled
2021-08-15T06:41:00   ntpd[18732]   gps base set to 2021-07-25 (week 2168)
2021-08-15T06:41:00   ntpd[18732]   basedate set to 2021-07-22
2021-08-15T06:41:00   ntpd[18732]   proto: precision = 0.153 usec (-23)
2021-08-15T06:41:00   ntpd[93468]   ----------------------------------------------------
2021-08-15T06:41:00   ntpd[93468]   available at https://www.nwtime.org/support
2021-08-15T06:41:00   ntpd[93468]   corporation. Support and training for ntp-4 are
2021-08-15T06:41:00   ntpd[93468]   Inc. (NTF), a non-profit 501(c)(3) public-benefit
2021-08-15T06:41:00   ntpd[93468]   ntp-4 is maintained by Network Time Foundation,
2021-08-15T06:41:00   ntpd[93468]   ----------------------------------------------------
2021-08-15T06:41:00   ntpd[93468]   Command line: /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
2021-08-15T06:41:00   ntpd[93468]   ntpd 4.2.8p15@1.3728-o Tue Aug 3 09:54:13 UTC 2021 (1): Starting
2021-08-15T06:40:28   ntpd[13032]   daemon child exited with code 1
2021-08-15T06:40:28   ntpd[34945]   unable to bind to wildcard address :: - another process may be running - EXITING
2021-08-15T06:40:28   ntpd[34945]   restrict: 'monitor' cannot be disabled while 'limited' is enabled
2021-08-15T06:40:28   ntpd[34945]   gps base set to 2021-07-25 (week 2168)
2021-08-15T06:40:28   ntpd[34945]   basedate set to 2021-07-22
2021-08-15T06:40:28   ntpd[34945]   proto: precision = 0.123 usec (-23)

21.7 Legacy Series / Re: update error

« on: August 15, 2021, 01:59:59 am »

I am in China, so change update server to mirror CN.

21.7 Legacy Series / update error

« on: August 14, 2021, 10:27:15 am »

opnsense
Version   21.7.1
Architecture   amd64
Flavour   OpenSSL
Commit   ec466867c
Mirror   https://opnsense.aivian.org/FreeBSD:12:amd64/21.7
Repositories   OPNsense, SunnyValley, mimugmail
Updated on   Wed Aug 4 16:35:02 CST 2021
Checked on   N/A

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 21.7.1 (amd64/OpenSSL) at Sat Aug 14 16:17:47 CST 2021
Fetching changelog information, please wait... Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
4764836020224:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
fetch: transfer timed out
Updating OPNsense repository catalogue...
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
4016512311296:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Certificate verification failed for /CN=OPNsense.localdomain/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense self-signed web certificate
4016512311296:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:

21.1 Legacy Series / Error

« on: February 15, 2021, 03:21:33 am »

When upgrade 21.1 to 21.1.1,th UI is show me :400 Bad Request,need to check!
I am refresh to fix the problem.

Intrusion Detection and Prevention / system error log

« on: November 15, 2020, 11:25:31 am »

OPNsense 20.7.4-amd64
FreeBSD 12.1-RELEASE-p10-HBSD
OpenSSL 1.1.1h 22 Sep 2020
Updates   Click to check for updates.
CPU Type   AMD FX-9800P RADEON R7, 12 COMPUTE CORES 4C+8G (4 cores)
CPU usage
0
100
0
100
Load average   1.57, 1.59, 1.51
Uptime   04:24:32
Current date/time   Sun Nov 15 18:24:26 CST 2020
Last config change   Sun Nov 15 14:05:38 CST 2020
State table size
0 % ( 339/1578000 )
MBUF Usage
0 % ( 1780/983846 )
Memory usage
26 % ( 4170/15780 MB )
Disk usage
2% / [ufs] (3.2G/217G)

2020-11-15T18:19:01   configd.py[24146]   unable to sendback response [OK ] for [sensei][periodicals][None] {ef8a7db5-db0a-491e-b1e0-b759d1c3a0e7}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 202, in run self.connection.sendall(('%s\n' % result).encode()) BrokenPipeError: [Errno 32] Broken pipe

2020-11-15T18:19:00   configctl[83343]   error in configd communication Traceback (most recent call last): File "/usr/local/opnsense/service/configd_ctl.py", line 68, in exec_config_cmd line = sock.recv(65536).decode() socket.timeout: timed out
2020-11-15T18:17:36   /send_heartbeat.py[55752]   unexpected result from https://opnsense.emergingthreats.net/api/v1/telemetry (http_code 403)
2020-11-15T18:09:00   configctl[68845]   error in configd communication Traceback (most recent call last): File "/usr/local/opnsense/service/configd_ctl.py", line 68, in exec_config_cmd line = sock.recv(65536).decode() socket.timeout: timed out
2020-11-15T18:09:00   configctl[53986]   error in configd communication Traceback (most recent call last): File "/usr/local/opnsense/service/configd_ctl.py", line 68, in exec_config_cmd line = sock.recv(65536).decode() socket.timeout: timed out
2020-11-15T18:02:00   configctl[17350]   error in configd communication Traceback (most recent call last): File "/usr/local/opnsense/service/configd_ctl.py", line 68, in exec_config_cmd line = sock.recv(65536).decode() socket.timeout: timed out
2020-11-15T18:02:00   configctl[61985]   error in configd communication Traceback (most recent call last): File "/usr/local/opnsense/service/configd_ctl.py", line 68, in exec_config_cmd line = sock.recv(65536).decode() socket.timeout: timed out
2020-11-15T17:59:00   configctl[95376]   error in configd communication Traceback (most recent call last): File "/usr/local/opnsense/service/configd_ctl.py", line 68, in exec_config_cmd line = sock.recv(65536).decode() socket.timeout: timed out
2020-11-15T17:59:00   configctl[90731]   error in configd communication Traceback (most recent call last): File "/usr/local/opnsense/service/configd_ctl.py", line 68, in exec_config_cmd line = sock.recv(65536).decode() socket.timeout: timed out
2020-11-15T17:58:05   syslog-ng[9596]   syslog-ng starting up; version='3.29.1'
2020-11-15T17:58:05   syslogd   kernel boot file is /boot/kernel/kernel
2020-11-15T17:58:04   syslogd   exiting on signal 15
2020-11-15T17:58:04   syslog-ng[53888]   Configuration reload finished;
2020-11-15T17:58:04   syslog-ng[53888]   Configuration reload request received, reloading configuration;

suricata   Intrusion Detection could not running very well

2020-11-15T18:26:47   suricata[68475]   [100451] <Notice> -- This is Suricata version 5.0.4 RELEASE running in SYSTEM mode
2020-11-15T18:25:10   suricata[57041]   [100662] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:re0/R failed: Device busy
2020-11-15T18:25:10   suricata[57041]   [100988] <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Unable to find the sm in any of the sm lists
2020-11-15T18:20:17   suricata[57041]   [100988] <Warning> -- [ERRCODE: SC_WARN_POOR_RULE(276)] - rule 2016763: SYN-only to port(s) 22:22 w/o direction specified, disabling for toclient direction
2020-11-15T18:20:17   suricata[57041]   [100988] <Warning> -- [ERRCODE: SC_WARN_POOR_RULE(276)] - rule 50919: SYN-only to port(s) 8009:8009 w/o direction specified, disabling for toclient direction
2020-11-15T18:20:17   suricata[57041]   [100988] <Warning> -- [ERRCODE: SC_WARN_POOR_RULE(276)] - rule 5323: SYN-only to port(s) 37:37 w/o direction specified, disabling for toclient direction
2020-11-15T18:20:17   suricata[57041]   [100988] <Warning> -- [ERRCODE: SC_WARN_POOR_RULE(276)] - rule 5322: SYN-only to port(s) 37:37 w/o direction specified, disabling for toclient direction
2020-11-15T18:20:17   suricata[57041]   [100988] <Warning> -- [ERRCODE: SC_WARN_POOR_RULE(276)] - rule 5321: SYN-only to port(s) 37:37 w/o direction specified, disabling for toclient direction
2020-11-15T18:20:17   suricata[57041]   [100988] <Warning> -- [ERRCODE: SC_WARN_POOR_RULE(276)] - rule 620: SYN-only to port(s) 8080:8080 w/o direction specified, disabling for toclient direction
2020-11-15T18:20:17   suricata[57041]   [100988] <Warning> -- [ERRCODE: SC_WARN_POOR_RULE(276)] - rule 618: SYN-only to port(s) 3128:3128 w/o direction specified, disabling for toclient direction
2020-11-15T18:20:17   suricata[57041]   [100988] <Warning> -- [ERRCODE: SC_WARN_POOR_RULE(276)] - rule 615: SYN-only to port(s) 1080:1080 w/o direction specified, disabling for toclient direction
2020-11-15T18:20:17   suricata[57041]   [100988] <Warning> -- [ERRCODE: SC_WARN_POOR_RULE(276)] - rule 504: SYN-only to port(s) 0:1023 w/o direction specified, disabling for toclient direction
2020-11-15T18:20:17   suricata[57041]   [100988] <Warning> -- [ERRCODE: SC_WARN_POOR_RULE(276)] - rule 503: SYN-only to port(s) 0:1023 w/o direction specified, disabling for toclient direction
2020-11-15T18:20:17   suricata[57041]   [100988] <Warning> -- [ERRCODE: SC_WARN_POOR_RULE(276)] - rule 249: SYN-only to port(s) 15104:15104 w/o direction specified, disabling for toclient direction
2020-11-15T18:20:14   suricata[57041]   [100988] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'file.zip|file.apk' is checked but not set. Checked in 29382 and 1 other sigs
2020-11-15T18:20:14   suricata[57041]   [100988] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'itunes.serverinfo.request' is checked but not set. Checked in 13899 and 0 other sigs
2020-11-15T18:20:14   suricata[57041]   [100988] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'kindle.request' is checked but not set. Checked in 23617 and 0 other sigs
2020-11-15T18:20:14   suricata[57041]   [100988] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'smb.small.packet' is checked but not set. Checked in 17127 and 0 other sigs
2020-11-15T18:20:14   suricata[57041]   [100988] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'zip_in_uri_java' is checked but not set. Checked in 27740 and 0 other sigs
2020-11-15T18:20:14   suricata[57041]   [100988] <Warning> -- [ERRCODE: SC_WARN_FLOWBIT(306)] - flowbit 'RTMP.sysMemCall' is checked but not set. Checked in 22067 and 0 other sigs

Intrusion Detection and Prevention / feedback error log

« on: November 15, 2020, 09:05:29 am »

feedback error log with Services: Intrusion Detection
add more rule lists in,most could not download ,so add by myself.
hope to running always and ignore errors.
Thank you !

20.7 Legacy Series / hope firmware files updated

« on: September 27, 2020, 05:41:47 am »

Hope firmware files updated half a month.
In China, the Internet is not very good.
Hope supports more hardware.
Thank you.

20.7 Legacy Series / Re: PPPOE dial problem

« on: September 22, 2020, 12:30:28 am »

Thank you!

20.7 Legacy Series / Re: PPPOE dial problem

« on: September 21, 2020, 11:03:42 am »

Example: The gateway address 223.156.140.1 obtained by dial-up Internet, the subnet mask is always 255.255.255.0, but the client address becomes 223.156.143.82, this is a problem, the normal client address should be 225.156.140.2- 255.156.140.154, sometimes it is a normal address, but most of the time the address obtained is offset, 140+2 or 140+3, this is wrong, I don’t know how to solve it, the OPENWRT system also has this problem , Please check to see if the upgrade can be resolved, thank you!
With many different devices, OPNSENSE can dial correctly occasionally, and I hope it can be resolved.

20.7 Legacy Series / PPPOE dial problem

« on: September 19, 2020, 12:27:20 pm »

PPPOE dial
Subnet mask is 255.255.255.0,but interface wan is no correct,so need to check.
Maybe upgrade to deal with ISP hijacking or ISP servers have loophole or leak.
Thank you!

Intrusion Detection and Prevention / Change rules action problem

« on: September 15, 2020, 05:33:34 am »

opnsense x64
Services: Intrusion Detection: Administration
Download:enabled all rules and make them to drop
but to
Rules:could not changed to drop ,over 10000 rules,I only to Rules menu to changed them and very slow,hope have a quicly way to deal with.
Thank you!

20.7 Legacy Series / Tor UI upgrade idea

« on: September 13, 2020, 04:47:12 am »

In China,I is used Tor by myself to write the config file:torrc,but could not used this way to opnsense,so need Tor UI upgrade like this picture,and add obfs4proxy/meek/snowflake.

The opnsense system could used Tor auto way to deal with network problem.
Thank you very much!

https://xiaoxiaobai.ga/28/07/2020/%e7%9b%b8%e5%af%b9%e5%ae%89%e5%85%a8%e7%9a%84%e6%b5%8f%e8%a7%88%e5%99%a8tor%e4%bd%bf%e7%94%a8%e6%95%99%e7%a8%8b/

20.7 Legacy Series / os-shadowsocks upgrade idea

« on: September 06, 2020, 03:09:26 pm »

os-shadowsocks is only a Secure socks5 proxy server,hope support client,need upgrade to support shadowsocksr\v2ray,for open a tunnel to download and update in China.
Need installed default.
More information:
https://github.com/coolsnowwolf/openwrt
https://github.com/2dust/v2rayN
https://github.com/yanue/V2rayU
https://github.com/v2ray/v2ray-core

If not true, I am very sorry.
Thank you!

20.7 Legacy Series / Re: Unbound - URLs of Blacklists bug

« on: September 06, 2020, 02:44:51 pm »

Unbound - URLs of Blacklists
I add more lists in ,hope upgrade like adblock plus extension in Chrome.
The same with IDS/IPS download.
Which is failed ,click it do download and installed.
ET Pro/rules and Snort VRT/rules could not installed.
If have a handbook told me how to do it,that is very useful.
In China ,the Internet is very slow.
Thank you!

Intrusion Detection and Prevention / Re: Snort Rules - not installed

« on: September 05, 2020, 02:25:11 pm »

The Snort Rules:ET Pro and Snort VRT are not installed
Error info:
Error reconfiguring IDS
Error(1)

The same with me ,need latest config for Intrusion Detection and Prevention.
Thank you!

Pages: [1] 2