Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - gpac

Pages: [1] 2

16.1 Legacy Series / Few issues with schedules on firewall

« on: June 12, 2016, 08:49:14 am »

Issue no 1 : i recently discovered that during one of the upgrade, configs of schedule blocks have been lost. Schedule aliases still appear in firewall rules, but they don't in schedule list which is completely empty. When you click on the schedule name in the rule page, you end up in a blank schedule sheet (the schedule creation page with all fields empty).

Issue no 2 : when you want to create several time blocks on the same schedule page if you don't change the 4 time items (start H, start M, end H, end M), then whatever is shown on the screen before click on add item, is not taken into account. Ie : you created a rule for Monday from 08:30 to 20:00, Now you want to add another block for Tuesday from 09:30 to 20:00 => you select Tuesday, you change the 08 to 09 and click add-time => you get a rule from 09:00 to 23:59.

Issue no 3 : in the situation where a scheduled 8:00-21:00 was created just before and you want to create one 09:00-23:00. When you try to change the 21 to 23, you can choose the 23 in the list, but after clicking on the hour, the box stays at 21. If you reclick on the 21, you can see that in the list the 23 is highlighted (and not the 21).

Best regards

version : 16.1.16 / nano
browser : firefox

16.1 Legacy Series / Re: [SOLVED] Update failed on ALIX OPNsense 16.1.8-i386

« on: June 11, 2016, 07:04:29 pm »

As mentionned in 15.7 forum (https://forum.opnsense.org/index.php?topic=1241.30) there is a workaround with an additionnal USB stick used to cope with larger update.

Please note I had to change my batch file on 16.1.14 with the last 2 lines (since now upgrades seems to use also /var/cache/opnsense-update) :

mkdir -p /var/cache/pkg
fsck -y -t ufs /dev/da0p1
mount /dev/da0p1 /var/cache/pkg
mkdir -p /tmp/opnsense-update
fsck -y -t ufs /dev/da0p2
mount /dev/da0p2 /tmp/opnsense-update
mkdir -p /var/cache/opnsense-update
mount -t nullfs /tmp/opnsense-update /var/cache/opnsense-update

Best regards.

15.7 Legacy Series / Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX

« on: January 23, 2016, 10:13:57 am »

Hello,

Please note that it doesn't seem t o work (ie rc.syshook not launched at startup).

Per you instructions I've created a symlink called mymount.early in /usr/local/etc/rc.syshook.d
Launching /usr/local/etc/rc.syshook.d/mymount.early from command line works, but when booting the alix the mounts are not done and I have no error messages in /var/log/system.log.

Credentials are the following :
-rwxr-xr-x 1 root wheel 1912 Jan 18 10:59 rc.syshook
drwxr-xr-x 2 root wheel 512 Jan 13 20:57 rc.syshook.d

and
/usr/local/etc/rc.syshook.d:
total 4
drwxr-xr-x 2 root wheel 512 Jan 13 20:57 .
drwxr-xr-x 27 root wheel 3584 Jan 23 09:38 ..
lrwxr-xr-x 1 root wheel 29 Jan 13 20:57 mymount.early -> /root/var_cache_pkg_by_FXL.sh

and content of the batch file is :
mkdir -p /var/cache/pkg
fsck -y -t ufs /dev/da0p1
mount /dev/da0p1 /var/cache/pkg
mkdir -p /tmp/opnsense-update
fsck -y -t ufs /dev/da0p2
mount /dev/da0p2 /tmp/opnsense-update

If have an idea of the problem that would be very helpfull.

Best regards.

15.7 Legacy Series / [SOLVED] "Log packets matched from the default pass rules" works the opposite

« on: January 16, 2016, 12:17:40 pm »

Hello,

I've found a small bug :
The "Log packets matched from the default pass rules put in the ruleset" check box from diag_logs_settings.php works the opposite way : when enabled there is no logging, and when disabled logging is active.

Best regards.

15.7 Legacy Series / webpages damn slow when firewall log empty for this interface

« on: January 16, 2016, 08:46:51 am »

Hello,

I discovered that dashboard page (when firewall log widget is activated) & firewall log page are verrrryyy long to load when it is requested to display log on an interface that has no entry in log.

In my case I have many entries logged for LAN and OPT1 but none for WAN (behind another fw) => if i try to display / filter firewall log entries for WAN it takes several minutes before displaying web page.

nota : "cat /var/log/filter.log | grep vr1" provides an instantaneous (and blank) answer.

Best regards.

15.7 Legacy Series / Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX

« on: January 09, 2016, 12:52:21 pm »

Sorry for late feedback.

With recent upgrades I had to create 2 partitions on my USB key
/dev/da0p1 on /var/cache/pkg (ufs, local)
/dev/da0p2 on /tmp/opnsense-update (ufs, local)

Nota an unclean shutdown of my Alix recently corrupted the file system on /var/da0p1 => adding an fsck in the small batch who mounts those seems usefull.

I mounting them manuall through a simple batch file I'm launching via ssh. For sure it would be better to be able to add something in a rc file to have it launched at startup. But I don't know exactly where / how to do that (in regular linux adding a Sxx and a Kxx file in the init.d would to the trick but on freebsd I don't how to do that), nor how to do that in a location / file not touched by future upgrades.

Best regards.

15.7 Legacy Series / Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX

« on: November 28, 2015, 08:42:40 pm »

Now it works, thanks a lot (kernel updates are going to /tmp/opnsense-update/...)

So I re-formated by USB key with 2 partitions (one for /var/cache/pkg et the other one for /tmp/opnsense-update), and my alix is now updating the kernel very slooooooowly.

Finally it took 21 minutes for the kernel upgrade stage followed by a 6 minutes reboot !

15.7 Legacy Series / Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX

« on: November 11, 2015, 08:20:23 am »

OK I understand.

Then another idea could be to have a different directory name while staying in /tmp :

If you would use /tmp/opnsense-update/${$} instead of /tmp/opnsense-update.${$}, then one could create a mount to a permanent slice of a USB stick for /tmp/opnsense-update

15.7 Legacy Series / Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX

« on: November 07, 2015, 12:19:37 pm »

OK Thanks a lot for the reply.

Basically changing the lines
rm -rf /tmp/opnsense-update.* (somewhere at the beginning of the file)
and
WORKDIR=/tmp/opnsense-update.${$} (somewhere in the middle of the file after the KERNEL UPDATE warning)

by
rm -rf /var/cache/pkg/opnsense-update.*
WORKDIR=/var/cache/pkg/opnsense-update.${$}

would be great help for me while staying consistent with what the updater is doing for other packages (fetching them in /var/cache/pkg).

Regards.

15.7 Legacy Series / Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX

« on: November 07, 2015, 08:45:52 am »

Hello,

I'm back with my poor 256 Mb Alix...

To have automatic updates working, I'v plugged a 2 Gb USB key on the alix and mounted that USB key on /var/cache/pkg.

Now the point is when a kernel update is required opnsense-update uses /tmp to fetch its .txz and .obsolete files.
+ Why aren't they going in /var/cache/pkg like other .txz files ?
+ Is there a way to pass a parameter to opnsense-update to use another directory as working directory ?

Thanks for your kind advice.

Best regards.

15.7 Legacy Series / Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX

« on: September 13, 2015, 08:18:32 am »

Thanks a lot for your feedback.

Based on your advice I just switched off suricata (who any way never achieved to start completely and was failing while loading). After rebooting, df -h brings :
Filesystem Size Used Avail Capacity Mounted on
/dev/ufs/OPNsense0 1.8G 783M 919M 46% /
devfs 1.0K 1.0K 0B 100% /dev
tmpfs 97M 48K 97M 0% /tmp
tmpfs 110M 13M 97M 12% /var
devfs 1.0K 1.0K 0B 100% /var/dhcpd/dev

From you point of view what kind of minimum hardware would be required for a "nano" type of system able to run IDS ?

Thanks for your advice.

Best regards.

15.7 Legacy Series / Re: [SOLVED] Can't upgrade freshly installed nano 15.7 to 15.7.7 on ALIX

« on: September 12, 2015, 07:00:22 pm »

RAM : based on dmesg.today : "real memory = 268435456 (256 MB)" / "avail memory = 226619392 (216 MB)"

IDS : I tried but it always fail with "kernel: pid 62902 (suricata), uid 0, was killed: out of swap space"

As far as disk space, root filesystem has 38% free / 645 Mb available which is quite large for what I'm exepcting to do (no squid cache or things like that, just firewall / dchp / dns / ntp and possibly IDS.

=> To upgrade sucessfully I had to
1) disable the "/var /mem in memory" parameter
2) reboot
3) upgrade
4) re-enable the "/var /mem in memory" parameter
5) reboot

Nota : at step 2 I had to play with my .ssh/known_host since the RSA fingerprint of the OPNsens had changed...

Suggestion : why not putting the /var/cache/pkg on disk rather than memory to ensure upgrade will work ? (this should not be written frequently ?).

15.7 Legacy Series / Can't upgrade freshly installed nano 15.7.11 to 15.7.12 on ALIX

« on: September 12, 2015, 02:24:39 pm »

Hello,

I have a recently reflashed 4 GB CF (reflashed with 15.7.11 nano 386 image). When trying to upgrade to 15.7.12 it fails with :

"pkg: Not enough space in /var/cache/pkg, needed 25 MiB available 5300 KiB"

df -h brings :
Filesystem Size Used Avail Capacity Mounted on
/dev/ufs/OPNsense0 1.8G 645M 1.0G 38% /
devfs 1.0K 1.0K 0B 100% /dev
tmpfs 11M 3.5M 7.7M 31% /tmp
tmpfs 25M 17M 7.7M 69% /var
devfs 1.0K 1.0K 0B 100% /var/dhcpd/dev

What should i do ??

Thanks for your help.

Regards

15.7 Legacy Series / Update to 15.7.5 failed on alix

« on: July 28, 2015, 09:01:13 pm »

Hello,

Upgrading to 15.7.5 doesn't seem to work on Alix with 4 Gb compact flash :

From GUI :

***GOT REQUEST TO UPGRADE: all***
***STARTING UPGRADE***
Updating OPNsense repository catalogue...
OPNsense repository is up-to-date.
All repositories are up-to-date.
Updating OPNsense repository catalogue...
OPNsense repository is up-to-date.
All repositories are up-to-date.
Checking for upgrades (61 candidates): .......... done
Processing candidates (61 candidates): . done
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
   opnsense: 15.7.4 -> 15.7.5

The process will require 4 KiB more space.
9 MiB to be downloaded.
Fetching opnsense-15.7.5.txz: .......... done
Checking integrity... done (0 conflicting)
[1/1] Upgrading opnsense from 15.7.4 to 15.7.5...
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Removing OPNsense version
You may need to manually remove /usr/local/etc/config.xml if it's no longer needed.
[1/1] Extracting opnsense-15.7.5: .......... done
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Writing OPNsense version
Stopping configd...done
Starting configd.
Flush Phalcon volt templates
Message for opnsense-15.7.5:
Follow the brave badger!
Checking integrity... done (0 conflicting)
Nothing to do.
The following package files will be deleted:
   /var/cache/pkg/opnsense-15.7.4-ddec3dfa3d.txz
   /var/cache/pkg/opnsense-15.7.4.txz
The cleanup will free 9 MiB
Deleting files: .. done
All done
Restarting webConfigurator....done.
!!!!!!!!!!!!! ATTENTION !!!!!!!!!!!!!!!!!
! A kernel/base upgrade is in progress. !
! Please do not turn off the system. !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Fetching kernel-15.7.4-i386.txz... ok
Fetching base-15.7.4-i386.txz... failed
***DONE***

Then retried from Console :

Updating OPNsense repository catalogue...
OPNsense repository is up-to-date.
All repositories are up-to-date.
Updating OPNsense repository catalogue...
OPNsense repository is up-to-date.
All repositories are up-to-date.
Checking for upgrades (60 candidates): 100%
Processing candidates (60 candidates): 100%
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking integrity... done (0 conflicting)
Nothing to do.
Nothing to do.

Restarting webConfigurator...done.

There are updates available.
!!!!!!!!!!!!! ATTENTION !!!!!!!!!!!!!!!!!
! A kernel/base upgrade is in progress. !
! Please do not turn off the system. !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Fetching kernel-15.7.4-i386.txz... ok
Fetching base-15.7.4-i386.txz... fetch: /tmp/opnsense-update.56118/base-15.7.4-i386.txz: No space left on device
failed

df -H in shell gives :
Filesystem Size Used Avail Capacity Mounted on
/dev/ufs/OPNsense0 981M 693M 210M 77% /
devfs 1.0k 1.0k 0B 100% /dev
tmpfs 35M 24M 11M 68% /tmp
tmpfs 42M 31M 11M 73% /var
devfs 1.0k 1.0k 0B 100% /var/dhcpd/dev

It's quite a fresh install (CF re-formated for installing 15.7.2). I don't understand why various partitions (and especially /tmp) are so small by default. Is there something I could do to increase their sizes ?

Thanks for advice.

Best regards

15.7 Legacy Series / Re: Upgrade from 15.1.12 not working on Alix with 4Gb CF

« on: July 15, 2015, 08:01:09 pm »

Thanks for reply. Basically I did a brand new fresh install based on new nano image.

Pages: [1] 2