"
I guess the patch has been rolled out.
I've just upgraded and everything seems likes it's working now.
Thank you,
Jiffy
I've just upgraded and everything seems likes it's working now.
Thank you,
Jiffy
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#1
25.1, 25.4 Production Series / [SOLVED] Re: 25.1.3 breaks ospf over ipsec again, maybe?
March 15, 2025, 10:44:36 AM #2
25.1, 25.4 Production Series / Re: 25.1.3 breaks ospf over ipsec again, maybe?
March 12, 2025, 10:26:21 PM
If it matters, I'm still using "Tunnel Settings [Legacy]" as this VM has just been constantly upgraded.
I know I need to migrate to the new settings. Is there an easy way to do that?
Will this be fixed? It seems to supposed to be supported at least until 26 comes out.
Jiffy
I know I need to migrate to the new settings. Is there an easy way to do that?
Will this be fixed? It seems to supposed to be supported at least until 26 comes out.
Jiffy
#3
25.1, 25.4 Production Series / Re: 25.1.3 breaks ospf over ipsec again, maybe?
March 12, 2025, 02:02:19 PM
Ok, standing by, thank you, Franco!
#4
25.1, 25.4 Production Series / [SOLVED] 25.1.3 breaks ospf over ipsec again, maybe?
March 12, 2025, 12:56:52 PM
It's exactly the same problem I posted quite some time ago: https://forum.opnsense.org/index.php?msg=110647
The differences between this time and the last are
- version 25.1.1. to 25.1.3
- I did do a fresh install before posting this
- and it was after dinner this time. :)
Thank you,
Jiffy
The differences between this time and the last are
- version 25.1.1. to 25.1.3
- I did do a fresh install before posting this
- and it was after dinner this time. :)
QuoteI'm Running OPNsense in a Proxmox VM.
During lunch today, I shut it down, took a snapshot, powered it up and upgraded to 21.1.6.
At that point everything worked except for the ipsec tunnel, the tunnel was up, OSPF neighbors were there and the correct routes were installed too, it just wasn't working.
I couldn't connect to anything nor could I ping anything.
I even went as far as installing an "any any" rule in both directions on my ipsec interface, no joy.
No other changes were made, I had to bring the tunnel back up so I restored the snapshot.
After the restore everything was fine again.
I can upgrade it again, but is there anything else I can check?
Is there something I can do/test/report that will help you help me?
Thank you,
Jiffy
#5
23.7 Legacy Series / Re: Can't seem to get netdata to start on boot
September 09, 2023, 04:41:22 PM
Well, that was it, thank you!
I followed the directions in the web browser about doing this and never thought to look under services.
Working now, thank you very much.
Jiffy
I followed the directions in the web browser about doing this and never thought to look under services.
Code Select
Message from netdata-1.40.1_1:
--
Quick start for local-only use:
1. sysrc netdata_enable="YES"
2. service netdata start
3. Go to http://localhost:19999/
4. <Optional> Connect to Netdata Cloud using the netdata-claim.sh script:
https://learn.netdata.cloud/docs/agent/claim#claiming-script
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***Working now, thank you very much.
Jiffy
#6
23.7 Legacy Series / Re: Can't seem to get netdata to start on boot
September 09, 2023, 03:39:18 PM
I've installed it both ways with the same results.
#7
23.7 Legacy Series / [SOLVED] Can't seem to get netdata to start on boot
September 09, 2023, 02:09:02 PM
Hi,
I've installed netdata and followed the on screen instructions but they do not seem to work.
I've tried things in other posts to no avail, but they were for versions older than 23.7.3.
I've also set netdata_enable="YES" in /etc/rc.conf.d/netdata and that results in it starting but it does not survive a reboot.
I'm not quite sure what other info I can give that will help you help me but here's some output with the instructions I've followed,
Thank you,
Jiffy
I've installed netdata and followed the on screen instructions but they do not seem to work.
I've tried things in other posts to no avail, but they were for versions older than 23.7.3.
I've also set netdata_enable="YES" in /etc/rc.conf.d/netdata and that results in it starting but it does not survive a reboot.
I'm not quite sure what other info I can give that will help you help me but here's some output with the instructions I've followed,
Code Select
Quick start for local-only use:
1. sysrc netdata_enable="YES"
2. service netdata start
3. Go to http://localhost:19999/
4. <Optional> Connect to Netdata Cloud using the netdata-claim.sh script:
https://learn.netdata.cloud/docs/agent/claim#claiming-script
# sysrc netdata_enable="YES"
netdata_enable: -> YES
# service netdata start
Cannot 'start' netdata. Set netdata_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'.
# vi /etc/rc.conf.d/netdata
# service netdata start
Starting netdata.
# service netdata status
netdata is running as pid 65602 65766.
Thank you,
Jiffy
#8
21.1 Legacy Series / Re: [Workaround in place] 21.1.6 possibly broke ipsec
May 29, 2021, 01:13:34 PM
Hi,
I took the latest update and can confirm it is still working.
Thank you again,
Jiffy
I took the latest update and can confirm it is still working.
Thank you again,
Jiffy
#9
21.1 Legacy Series / Re: 21.1.6 possibly broke ipsec
May 29, 2021, 11:36:42 AM
Great, thank you for all your help, Franco.
Jiffy
Jiffy
#10
21.1 Legacy Series / Re: 21.1.6 possibly broke ipsec
May 28, 2021, 11:18:12 PM
# opnsense-revert -r 21.1.5 frr7
That fixed it.
Thank you,
Jiffy
That fixed it.
Thank you,
Jiffy
#11
21.1 Legacy Series / Re: 21.1.6 possibly broke ipsec
May 28, 2021, 08:26:37 PM
I've added static routes to System->Routes->Configuration
Now I can get to things on the other side of the tunnel.
These were normally accessible via OSPF
They (remote ip addresses) are also showing up under Routing->Diagnostics->General and Routing->Diagnostics->OSPF
but when I disable the statics, they are no longer reachable.
Jiffy
Now I can get to things on the other side of the tunnel.
These were normally accessible via OSPF
They (remote ip addresses) are also showing up under Routing->Diagnostics->General and Routing->Diagnostics->OSPF
but when I disable the statics, they are no longer reachable.
Jiffy
#12
21.1 Legacy Series / Re: 21.1.6 possibly broke ipsec
May 28, 2021, 06:16:25 PM
I've reverted to the 21.1.5 snapshot, rebooted, upgraded to 21.1.6, rebooted and no errors during the health audit.
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 21.1.6 (amd64/OpenSSL) at Fri May 28 12:13:38 EDT 2021
>>> Check installed kernel version
Version 21.1.6 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 21.1.6 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 67 dependencies to check.
Checking packages: ..................................................................... done
***DONE***
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 21.1.6 (amd64/OpenSSL) at Fri May 28 12:13:38 EDT 2021
>>> Check installed kernel version
Version 21.1.6 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 21.1.6 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 67 dependencies to check.
Checking packages: ..................................................................... done
***DONE***
#13
21.1 Legacy Series / Re: 21.1.6 possibly broke ipsec
May 28, 2021, 05:53:16 PM
Reverted kernel, still no good.
#14
21.1 Legacy Series / Re: 21.1.6 possibly broke ipsec
May 28, 2021, 04:07:41 PM
Reverted strongswan, still no luck.
#15
21.1 Legacy Series / Re: 21.1.6 possibly broke ipsec
May 28, 2021, 03:08:24 PM
Hi, Cerberus,
I just tried that, didn't work.
My tunnel is up and OSPF neighbors are there, it just won't pass traffic.
Franco,
I started a tcpdump on a node on the inside (LAN) of the firewall and had someone ping it from a node on the other side of the tunnel.
Traffic is coming in but not leaving.
From inside, traceroute stops at the firewall. There aren't any denies in the firewall logs.
Thank you,
Jiffy
I just tried that, didn't work.
My tunnel is up and OSPF neighbors are there, it just won't pass traffic.
Franco,
I started a tcpdump on a node on the inside (LAN) of the firewall and had someone ping it from a node on the other side of the tunnel.
Traffic is coming in but not leaving.
From inside, traceroute stops at the firewall. There aren't any denies in the firewall logs.
Thank you,
Jiffy
