Messages

1

22.7 Legacy Series / Re: SFP's not detected on dell appliance

« on: December 07, 2022, 04:58:11 pm »

What SFP's are you inserting into that card?  I had a similar issue with Intel X520's and Cisco 10G-SR's recently.  The Intel X520 seems to ONLY take Intel branded SFP's as the Cisco's were not detected at all.

2

22.1 Legacy Series / Re: commercial to community on opnsense 3850 appliance

« on: July 21, 2022, 05:15:52 am »

You should be able to switch to community from System -> Firmware -> Settings and select Community from the drop down box.  I have a 3860 that I bought last year and recall doing what you are attempting.  IIRC, doing so does force the box to reboot but should keep your config in tack (firewall rules/nats etc).

3

22.1 Legacy Series / Re: Disable Static Route

« on: July 18, 2022, 08:02:49 pm »

Oh boy.  Seems like there are more issues that accurately describe my problem.

https://github.com/opnsense/core/issues/5520

4

22.1 Legacy Series / Re: Disable Static Route

« on: July 18, 2022, 07:53:36 pm »

I definitely can do so; however, found this link that describes my issue:

https://github.com/opnsense/core/issues/5592

Should I open another bug or reference this one?  In my testing I noticed even disabling the gateway to withdraw the route and traffic still passes through the gateway regardless of it's state.  The only way to force traffic through another gateway is to delete the route or delete the gateway through which the route would traverse.

5

22.1 Legacy Series / Re: Disable Static Route

« on: July 18, 2022, 06:13:33 pm »

So I tested this configuration a little bit further this morning.  Disabling a route in the GUI on OPNsense Version 19.7 produces the desired result.  The route disappears when it's disabled in the GUI and subsequently appears when the route is re-enabled.  Does anyone have any idea what's causing the latest version to not disable routes?

6

22.1 Legacy Series / Disable Static Route

« on: July 16, 2022, 08:32:34 pm »

Hello,

I have an interesting issue with static routes.  I have a static route of 10.96.69.0/24 that resides on another device.  The next hop gateway is 10.206.100.100/32.  All's fine so far, except if I try to disable that route in the web ui, the route is not ever pulled from the routing table.  The only way to remove the route is to delete the entry.  I've tried disabling the route and disabling the gateway to the next hop.  My firewall is currently running the latest 22.1.10.  Is this expected behavior?

Thanks,

Paul

7

22.1 Legacy Series / Re: Cannot add/update/delete packages via Web UI after upgrade to 22.1.9_1

« on: July 04, 2022, 06:53:21 pm »

Thanks Franco.  That pretty much resolved everything.  Just have a straggler left in the plugins (os-sensei-db) that will not reinstall.  I think it's a leftover from before Zenarmor changed their name from Sensei to Zenarmor.

8

22.1 Legacy Series / Re: Cannot add/update/delete packages via Web UI after upgrade to 22.1.9_1

« on: July 03, 2022, 11:38:28 pm »

Just rebooted.  Still same issue.

9

22.1 Legacy Series / Re: Cannot add/update/delete packages via Web UI after upgrade to 22.1.9_1

« on: July 03, 2022, 11:32:48 pm »

Yeah it rebooted after the upgrade.  I'll try that later tonight when folks are in bed.

10

22.1 Legacy Series / Cannot add/update/delete packages via Web UI after upgrade to 22.1.9_1

« on: July 03, 2022, 07:47:47 pm »

As the title says... cannot add/update/delete any packages via the Web UI since upgrading to 22.1.9_1.  The backend logs have a plethora of entries like this below:

2022-07-03T12:43:53-05:00   Error   configd.py   [1cbda886-7d7c-45a8-98ba-6c7cd24e7d0f] Script action stderr returned "b'Child process pid=46025 terminated abnormally: Abort trap'"   
2022-07-03T12:43:53-05:00   Error   configd.py   [0c75a9d6-7e2d-46ec-83e8-1e8b3b1dc1f3] Script action failed with Command 'pkg rquery "%n|||%v|||%c|||%sh|||0|||0|||%L|||%R|||%o" ' returned non-zero exit status 134. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 478, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.8/subprocess.py", line 364, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command 'pkg rquery "%n|||%v|||%c|||%sh|||0|||0|||%L|||%R|||%o" ' returned non-zero exit status 134.   
2022-07-03T12:41:07-05:00   Error   configd.py   [cf21ddcc-42a5-4bba-9243-7e2c70936480] Script action stderr returned "b'Child process pid=54713 terminated abnormally: Abort trap'"   
2022-07-03T12:41:07-05:00   Error   configd.py   [8a54585d-fb47-423f-b7f7-faf4199ca9fd] Script action failed with Command 'pkg rquery "%n|||%v|||%c|||%sh|||0|||0|||%L|||%R|||%o" ' returned non-zero exit status 134. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 478, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.8/subprocess.py", line 364, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command 'pkg rquery "%n|||%v|||%c|||%sh|||0|||0|||%L|||%R|||%o" ' returned non-zero exit status 134.

Any idea how this can be resolved?  I've tried running a health audit from the frimware status page.  I've tried running a automatic resolver from the same page.  I can install pkg's via the CLI but something is messed up with the UI.

11

Hardware and Performance / DEC3860 / BIOS Settings

« on: May 29, 2022, 12:14:37 am »

I have a DEC3860 that I've had for about a year now and for the most part it's been rock solid.  The latest firmware update was/is a bit rocky with Zenarmor and a few other issues with aliases in general.  I downloaded the most up to date firmware and loaded it onto a USB disk this afternoon and attempted to re-install the OS.  I could never get the device to fully boot from the USB disk using the serial-to-usb cable attached to the appliance.  I read that I needed to disable legacy UART in the BIOS.

Long story short... I believe I disabled the serial connection all together.  Is there a ways to reset the BIOS settings on this appliance?  I noticed a reset button next to the serial connection on the front of the appliance, but I believe all that does is restart the unit.  I tried holding that button in while powering it on and also pressing it while it was running.  Both attempts just restarts the unit.  I've looked for the hardware documentation and cannot locate it online as there doesn't appear to be anything more than the docs library.

12

21.7 Legacy Series / Re: LAGG interface working fine but shown as "flapping"?

« on: January 10, 2022, 03:54:30 am »

I don't know if this will solve your issue but I had a similar issue with an DEC3860 using 2 10G interfaces in a LAGG configuration connected to a Cisco switch a while back.
You might try this:

Code: [Select]

set net.link.lagg.default_use_flowid = 1 under System->Setting->Tunables
Once I set that tunable the lagg interface never flapped again.

13

21.1 Legacy Series / External RADIUS Auth w/Filter-ID for AD Group Membership

« on: August 07, 2021, 12:46:33 am »

I'm a recent convert from pfSense and had the Web-Gui setup to auth against an external radius (windows server) box.  I noticed with OPNsense that in order to actually log into the OPNsense Web UI that any radius account that needs access has to be also defined as a local account.  Which seems counterproductive to me and doesn't really scale if I have to manager local user accounts in 2 places.

With pfSense I could specify a local group on the firewall and if the radius server returned the exact same name as the local group within the RADIUS AVP Filter-Id then you'd be allowed to log in.  Am I missing something as far as RADIUS is concerned?  If I don't set up a local user, then I get the "No page assigned to this user! Click here to logout." message.

14

21.1 Legacy Series / Re: OPNsense DEC3860 10G-SFP's LACP Issue

« on: August 05, 2021, 02:44:18 am »

The version I am running on the DEC3860 is 21.1.9_1.

I spoke with support @ deciso and they had me issue the following:

set net.link.lagg.default_use_flowid = 1 under System->Setting->Tunables

This was the setting that allowed me to bond the 2 10G interfaces into a port-channel.

15

21.1 Legacy Series / Re: OPNsense DEC3860 10G-SFP's LACP Issue

« on: July 29, 2021, 09:34:04 pm »

Something worth noting here.  I CAN bond two igb (Intel 1 Gig Copper) into an LACP port channel and pass traffic.  Just not with the 10G links.  I'm still looking for official documentation on the 10g ports from either AMD or OPNsense that details out the capabilities of these interfaces.