Messages

Similar issue here. I just did several virgin installs of 23.1 on some backup units here at work, and all are fine. I then upgraded our production box from 22.7 (working webgui,) to 23.1_6, and suddenly no webgui. SSH is fine. All other functions appear to be working fine. No gui makes me nervous, though.

I tried a few simple tricks mentioned elsewhere on here, like;

Code Select Expand

configctl webgui restart
configctl webgui restart renew

None of these helped. I then followed advice from Reply #18 on the following post, and removed specific port bindings from the config;

https://forum.opnsense.org/index.php?topic=9128.15

That seems to have helped. I'm back in. However, I'm not sure this wasn't a coincidence. YMMV.

I think I know what happened. I'm using mfs for var and tmp to spare my SSD from being trampled by a Squid. Looks like ZT stores config in /var/db, so I guess I would expect it to be completely obliterated on every reboot. Sigh. Time to get creative...

OK - so I updated my 20.7 to the latest this morning, which handily cleared up my issues with ClamAV, but an odd thing happened.

My ZeroTier interface was down after the update. I noticed this hours later, since my workday had me inside our LAN, and I had no need of ZT. I saw nothing much in the logs. I tried restarting the service. I tried deactivating/reactivating the interface itself. When I did this, I noticed that my assignment (named ZT1) appeared to be assigned to a physical interface on my 4-port NIC, not to the ZT software interface. "Prevent interface removal" was still checked. VERY odd. I wish I'd had the presence of mind to screen shot it. Next, I checked all the settings under VPN for ZT. Either it was a coincidence, or something I did there brought it back up. Not sure which. So, the Dashboard showed the interface was up. The assignment pointed to a ZT interface, but nothing worked. There was no IP assigned. I checked ZeroTier Central, and it said the box hadn't been seen since about the same time as my updates, so that tracked. It was then that I noticed ZT on the OPNSense box suddenly had a completely different node ID, as if it had been set up from scratch. I had to go to ZT Central, remove all trace of the old auth and assignments, and authorize/configure this new node ID.

It's all working fine now, but YIKES. Hopefully this won't be a pattern. We pay for and rely on ZT. It may not have been the biggest, but it was still a significant factor in choosing OPNSense. I'm kind of worried about doing the next update now. I certainly won't try to do it remotely.

Has anyone else had this happen? Is there something I can do to avoid having to completely reconfigure ZT after every update?

Yeah, that cleared it up. I should have checked first. Sorry for the noise.

Fresh install of 20.7, running for just over 24 hours. I installed the clam plugin, and trying to start it gives this result;

configd.py[51614]: [5d22a04e-6353-4be7-838d-4b26cb5b123f] Script action stderr returned "b'ld-elf.so.1: /usr/local/lib/libjson-c.so.5: version JSONC_0.14 required by /usr/local/lib/libclamav.so.9 not defined\nld-elf.so.1: /usr/local/lib/libjson-c.so.5: version JSONC_0.14 required by /usr/local/lib/libclamav.so.9 not defined'"

Neither ClamAV nor Freshclam will start. JSONC 0.14 appears to be installed. I tried google, and searched here, with no results.

Any clues? Did I miss something obvious? Clam is kind of an important feature.

Just dipping my toes into OPNsense. My small company has used Fortigate products for many years. That decision was sensible when we made it. I knew a lot less, and the products were well thought of.

Here in 2020, the math is very different. The ongoing costs of a commercial firewall appliance are hard to justify to an embattled bean-counter. I studied a variety of options and wound up with OPNsense at the top of my list.

I'm a huge fan of self-experimentation, so I've begun by building myself a new router at home with an HP T730 thin client, since these seem to be dirt cheap and readily available on the used market. I've been at it a week, and I'm seriously impressed. So far, everything functions flawlessly - even ZeroTier.

The only thing I miss so far is the ability to back up the config to an inserted USB stick, and potentially recover that stored config at boot time. That was a comforting feature that Fortinet offered in the GUI. I'm sure I could cobble something together on the command line if I really needed to. But seriously - if that's all I can think of to nitpick, then things are going well indeed.

Thanks for changing my game, OPNsense.