OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Jiffy »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - Jiffy

Pages: [1] 2
1
23.7 Legacy Series / Re: Can't seem to get netdata to start on boot
« on: September 09, 2023, 04:41:22 pm »
Well, that was it, thank you!
I followed the directions in the web browser about doing this and never thought to look under services.
Code: [Select]
Message from netdata-1.40.1_1:

--
Quick start for local-only use:

1. sysrc netdata_enable="YES"
2. service netdata start
3. Go to http://localhost:19999/
4. <Optional> Connect to Netdata Cloud using the netdata-claim.sh script:
   https://learn.netdata.cloud/docs/agent/claim#claiming-script
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***
Working now, thank you very much.
Jiffy

2
23.7 Legacy Series / Re: Can't seem to get netdata to start on boot
« on: September 09, 2023, 03:39:18 pm »
I've installed it both ways with the same results.

3
23.7 Legacy Series / [SOLVED] Can't seem to get netdata to start on boot
« on: September 09, 2023, 02:09:02 pm »
Hi,

I've installed netdata and followed the on screen instructions but they do not seem to work.
I've tried things in other posts to no avail, but they were for versions older than 23.7.3.
I've also set netdata_enable="YES" in /etc/rc.conf.d/netdata and that results in it starting but it does not survive a reboot.

I'm not quite sure what other info I can give that will help you help me but here's some output with the instructions I've followed,

Code: [Select]
Quick start for local-only use:

1. sysrc netdata_enable="YES"
2. service netdata start
3. Go to http://localhost:19999/
4. <Optional> Connect to Netdata Cloud using the netdata-claim.sh script:
   https://learn.netdata.cloud/docs/agent/claim#claiming-script

# sysrc netdata_enable="YES"
netdata_enable:  -> YES

# service netdata start
Cannot 'start' netdata. Set netdata_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'.

# vi /etc/rc.conf.d/netdata

# service netdata start
Starting netdata.

# service netdata status
netdata is running as pid 65602 65766.

Thank you,
Jiffy

4
21.1 Legacy Series / Re: [Workaround in place] 21.1.6 possibly broke ipsec
« on: May 29, 2021, 01:13:34 pm »
Hi,
I took the latest update and can confirm it is still working.

Thank you again,
Jiffy

5
21.1 Legacy Series / Re: 21.1.6 possibly broke ipsec
« on: May 29, 2021, 11:36:42 am »
Great, thank you for all your help, Franco.

Jiffy

6
21.1 Legacy Series / Re: 21.1.6 possibly broke ipsec
« on: May 28, 2021, 11:18:12 pm »
# opnsense-revert -r 21.1.5 frr7

That fixed it.

Thank you,
Jiffy

7
21.1 Legacy Series / Re: 21.1.6 possibly broke ipsec
« on: May 28, 2021, 08:26:37 pm »
I've added static routes to System->Routes->Configuration
Now I can get to things on the other side of the tunnel.
These were normally accessible via OSPF

They (remote ip addresses) are also showing up under Routing->Diagnostics->General and Routing->Diagnostics->OSPF
 but when I disable the statics, they are no longer reachable.

Jiffy



8
21.1 Legacy Series / Re: 21.1.6 possibly broke ipsec
« on: May 28, 2021, 06:16:25 pm »
I've reverted to the 21.1.5 snapshot, rebooted, upgraded to 21.1.6, rebooted and no errors during the health audit.

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 21.1.6 (amd64/OpenSSL) at Fri May 28 12:13:38 EDT 2021
>>> Check installed kernel version
Version 21.1.6 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 21.1.6 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 67 dependencies to check.
Checking packages: ..................................................................... done
***DONE***

9
21.1 Legacy Series / Re: 21.1.6 possibly broke ipsec
« on: May 28, 2021, 05:53:16 pm »
Reverted kernel, still no good.

10
21.1 Legacy Series / Re: 21.1.6 possibly broke ipsec
« on: May 28, 2021, 04:07:41 pm »
Reverted strongswan, still no luck.

11
21.1 Legacy Series / Re: 21.1.6 possibly broke ipsec
« on: May 28, 2021, 03:08:24 pm »
Hi, Cerberus,

I just tried that, didn't work.
My tunnel is up and OSPF neighbors are there, it just won't pass traffic.

Franco,

I started a tcpdump on a node on the inside (LAN) of the firewall and had someone ping it from a node on the other side of the tunnel.
Traffic is coming in but not leaving.
From inside, traceroute stops at the firewall. There aren't any denies in the firewall logs.

Thank you,
Jiffy

12
21.1 Legacy Series / Re: 21.1.6 possibly broke ipsec
« on: May 28, 2021, 02:39:02 pm »
Hi, Franco,

Copy and pasted the output of the revert into the attached revert-log.txt.
Still not working.

I'm not using OSPF6, RIP or BGP, so I'm guessing these are safe to ignore:
*** OPNsense\Quagga\OSPF6 Migration failed, check log for details
*** OPNsense\Quagga\RIP Migration failed, check log for details
*** OPNsense\Quagga\BGP Migration failed, check log for details

Thank you,
Jiffy

13
21.1 Legacy Series / Re: 21.1.6 possibly broke ipsec
« on: May 28, 2021, 12:45:05 pm »
Hi,

I've upgraded and reverted those patches, still no luck.
I'll snapshot this and restore the 21.1.5 snapshot for now.
Standing by for further instructions.

Thank you,
Jiffy

14
21.1 Legacy Series / Re: 21.1.6 possibly broke ipsec
« on: May 28, 2021, 12:15:35 pm »
Hi,

Yes, I did reboot, twice. I don't blame you for asking.
I'll try to revert those patches and report back.

The previous good version is 21.1.5 and I'm running it with OpenSSL.

Thank you,
Jiffy

15
21.1 Legacy Series / [SOLVED] 21.1.6 possibly broke ipsec
« on: May 27, 2021, 09:08:38 pm »
** EDIT **
The workaround below is no longer needed.
A new FRR package has fixed it.
** EDIT **

** EDIT **
Routing was actually broken.
Reverting to an older version of FRR resolved this.

# opnsense-revert -r 21.1.5 frr7

Franco has mentioned that the FRR package in 21.1.6 will be replaced to prevent others from having this issue.
** EDIT **

Hi,

I'm Running OPNsense in a Proxmox VM.
During lunch today, I shut it down, took a snapshot, powered it up and upgraded to 21.1.6.
At that point everything worked except for the ipsec tunnel, the tunnel was up, OSPF neighbors were there and the correct routes were installed too, it just wasn't working.
I couldn't connect to anything nor could I ping anything.
I even went as far as installing an "any any" rule in both directions on my ipsec interface, no joy.
No other changes were made, I had to bring the tunnel back up so I restored the snapshot.
After the restore everything was fine again.
I can upgrade it again, but is there anything else I can check?
Is there something I can do/test/report that will help you help me?

Thank you,
Jiffy

Pages: [1] 2
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2