Messages

That's because you are on the wrong kernel

Code Select Expand


opnsense-update -fk

opnsense-shell reboot


I'm aware that it's on the wrong kernel version.  I should have included in my original post that I already did the reinstall from the CLI.

I am still seeing kernel panics on a DEC3860 even 24 hours after an upgrade.  The initial upgrade caused kernel panics every hour on the hour.  What's interesting is my kernel version is not the same as the fixed version:

FreeBSD 14.1-RELEASE-p6 stable/24.7-n267979-0d692990122 SMP

I'm using the default mirror for my box.  If I roll back to a previous snapshot that was using 24.7.9_2 prior to the upgrade the box is stable again.

What SFP's are you inserting into that card?  I had a similar issue with Intel X520's and Cisco 10G-SR's recently.  The Intel X520 seems to ONLY take Intel branded SFP's as the Cisco's were not detected at all.

You should be able to switch to community from System -> Firmware -> Settings and select Community from the drop down box.  I have a 3860 that I bought last year and recall doing what you are attempting.  IIRC, doing so does force the box to reboot but should keep your config in tack (firewall rules/nats etc).

Oh boy.  Seems like there are more issues that accurately describe my problem.

https://github.com/opnsense/core/issues/5520

I definitely can do so; however, found this link that describes my issue:

https://github.com/opnsense/core/issues/5592

Should I open another bug or reference this one?  In my testing I noticed even disabling the gateway to withdraw the route and traffic still passes through the gateway regardless of it's state.  The only way to force traffic through another gateway is to delete the route or delete the gateway through which the route would traverse.

So I tested this configuration a little bit further this morning.  Disabling a route in the GUI on OPNsense Version 19.7 produces the desired result.  The route disappears when it's disabled in the GUI and subsequently appears when the route is re-enabled.  Does anyone have any idea what's causing the latest version to not disable routes?

Hello,

I have an interesting issue with static routes.  I have a static route of 10.96.69.0/24 that resides on another device.  The next hop gateway is 10.206.100.100/32.  All's fine so far, except if I try to disable that route in the web ui, the route is not ever pulled from the routing table.  The only way to remove the route is to delete the entry.  I've tried disabling the route and disabling the gateway to the next hop.  My firewall is currently running the latest 22.1.10.  Is this expected behavior?

Thanks,

Paul

Thanks Franco.  That pretty much resolved everything.  Just have a straggler left in the plugins (os-sensei-db) that will not reinstall.  I think it's a leftover from before Zenarmor changed their name from Sensei to Zenarmor.

Just rebooted.  Still same issue.

Yeah it rebooted after the upgrade.  I'll try that later tonight when folks are in bed.

As the title says... cannot add/update/delete any packages via the Web UI since upgrading to 22.1.9_1.  The backend logs have a plethora of entries like this below:

2022-07-03T12:43:53-05:00   Error   configd.py   [1cbda886-7d7c-45a8-98ba-6c7cd24e7d0f] Script action stderr returned "b'Child process pid=46025 terminated abnormally: Abort trap'"   
2022-07-03T12:43:53-05:00   Error   configd.py   [0c75a9d6-7e2d-46ec-83e8-1e8b3b1dc1f3] Script action failed with Command 'pkg rquery "%n|||%v|||%c|||%sh|||0|||0|||%L|||%R|||%o" ' returned non-zero exit status 134. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 478, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.8/subprocess.py", line 364, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command 'pkg rquery "%n|||%v|||%c|||%sh|||0|||0|||%L|||%R|||%o" ' returned non-zero exit status 134.   
2022-07-03T12:41:07-05:00   Error   configd.py   [cf21ddcc-42a5-4bba-9243-7e2c70936480] Script action stderr returned "b'Child process pid=54713 terminated abnormally: Abort trap'"   
2022-07-03T12:41:07-05:00   Error   configd.py   [8a54585d-fb47-423f-b7f7-faf4199ca9fd] Script action failed with Command 'pkg rquery "%n|||%v|||%c|||%sh|||0|||0|||%L|||%R|||%o" ' returned non-zero exit status 134. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 478, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.8/subprocess.py", line 364, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command 'pkg rquery "%n|||%v|||%c|||%sh|||0|||0|||%L|||%R|||%o" ' returned non-zero exit status 134.

Any idea how this can be resolved?  I've tried running a health audit from the frimware status page.  I've tried running a automatic resolver from the same page.  I can install pkg's via the CLI but something is messed up with the UI.

I have a DEC3860 that I've had for about a year now and for the most part it's been rock solid.  The latest firmware update was/is a bit rocky with Zenarmor and a few other issues with aliases in general.  I downloaded the most up to date firmware and loaded it onto a USB disk this afternoon and attempted to re-install the OS.  I could never get the device to fully boot from the USB disk using the serial-to-usb cable attached to the appliance.  I read that I needed to disable legacy UART in the BIOS.

Long story short... I believe I disabled the serial connection all together.  Is there a ways to reset the BIOS settings on this appliance?  I noticed a reset button next to the serial connection on the front of the appliance, but I believe all that does is restart the unit.  I tried holding that button in while powering it on and also pressing it while it was running.  Both attempts just restarts the unit.  I've looked for the hardware documentation and cannot locate it online as there doesn't appear to be anything more than the docs library.

I don't know if this will solve your issue but I had a similar issue with an DEC3860 using 2 10G interfaces in a LAGG configuration connected to a Cisco switch a while back.
You might try this:

Code Select Expand

set net.link.lagg.default_use_flowid = 1 under System->Setting->Tunables

Once I set that tunable the lagg interface never flapped again.

I'm a recent convert from pfSense and had the Web-Gui setup to auth against an external radius (windows server) box.  I noticed with OPNsense that in order to actually log into the OPNsense Web UI that any radius account that needs access has to be also defined as a local account.  Which seems counterproductive to me and doesn't really scale if I have to manager local user accounts in 2 places.

With pfSense I could specify a local group on the firewall and if the radius server returned the exact same name as the local group within the RADIUS AVP Filter-Id then you'd be allowed to log in.  Am I missing something as far as RADIUS is concerned?  If I don't set up a local user, then I get the "No page assigned to this user! Click here to logout." message.