Messages

to me it looks like the ufs filesystem seems corrupted after the crash and/or there is a hardware problem. It could be a combination

At least Memtest doesn't show any errors.

Suggestion: check your last saved config if can be used and re-install OS + restore config.
There is more than Zenarmor broken. Next install, consider using ZFS instead of UFS.

Ok, thank you.

I think there might be no other solution, now I even can't access the web interface anymore.
I have a backup form some month ago, that should probably work out.

(Since this was my first and only OPNsense install ever, I was hesitating doing this. Don't know yet if it's more or "click and go" or if there is still some troubleshooting to expect while using the backup, etc.)

BTW how are you using those two storage disks?

I'm using it as a RAID 1.

Actually now my OPNsense is crashing all the time:

System Information:

User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
FreeBSD 14.1-RELEASE-p6 stable/24.7-n267992-a8a728bd015 SMP amd64
OPNsense 24.7.12_2 e26c37ac9
Plugins os-c-icap-1.7_5 os-clamav-1.8_2 os-crowdsec-1.0.8_1 os-ddclient-1.26 os-dmidecode-1.1_1 os-dnscrypt-proxy-1.15_2 os-freeradius-1.9.27 os-hw-probe-1.0_1 os-iperf-1.0_2 os-netdata-1.2_1 os-ntopng-1.3 os-nut-1.9 os-redis-1.1_2 os-sensei-1.18.5 os-sensei-agent-1.18.5 os-sensei-updater-1.17 os-smart-2.3 os-squid-1.1_1 os-sunnyvalley-1.4_3 os-theme-cicada-1.38 os-theme-rebellion-1.9.2 os-theme-tukan-1.28 os-theme-vicuna-1.48 os-upnp-1.7
Time Tue, 28 Jan 2025 16:36:35 +0100
OpenSSL 3.0.15
Python 3.11.11
PHP 8.2.27

PHP Errors:

[28-Jan-2025 16:36:35 Europe/Luxembourg] OPNsense\Base\Menu\MenuInitException: Menu xml /usr/local/opnsense/mvc/app/config/../../app/models/OPNsense/Zenarmor/Menu/Menu.xml not valid in /usr/local/opnsense/mvc/app/models/OPNsense/Base/Menu/MenuSystem.php:70
Stack trace:
#0 /usr/local/opnsense/mvc/app/models/OPNsense/Base/Menu/MenuSystem.php(134): OPNsense\Base\Menu\MenuSystem->addXML('/usr/local/opns...')
#1 /usr/local/opnsense/mvc/app/models/OPNsense/Base/Menu/MenuSystem.php(187): OPNsense\Base\Menu\MenuSystem->persist()
#2 /usr/local/www/head.inc(4): OPNsense\Base\Menu\MenuSystem->__construct()
#3 /usr/local/www/crash_reporter.php(85): include('/usr/local/www/...')
#4 {main}

dmesg.boot:

---<<BOOT>>---
Copyright (c) 1992-2023 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
   The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 14.1-RELEASE-p6 stable/24.7-n267992-a8a728bd015 SMP amd64
FreeBSD clang version 18.1.5 (https://github.com/llvm/llvm-project.git llvmorg-18.1.5-0-g617a15a9eac9)
VT(efifb): resolution 800x600
CPU: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz (2000.00-MHz K8-class CPU)
  Origin="GenuineIntel"  Id=0x806ec  Family=0x6  Model=0x8e  Stepping=12
  Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x7ffafbbf<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,SDBG,FMA,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND>
  AMD Features=0x2c100800<SYSCALL,NX,Page1GB,RDTSCP,LM>
  AMD Features2=0x121<LAHF,ABM,Prefetch>
  Structured Extended Features=0x29c67af<FSGSBASE,TSCADJ,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,NFPUSG,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PROCTRACE>
  Structured Extended Features3=0xbc000400<MD_CLEAR,IBPB,STIBP,L1DFL,ARCH_CAP,SSBD>
  XSAVE Features=0xf<XSAVEOPT,XSAVEC,XINUSE,XSAVES>
  IA32_ARCH_CAPS=0x2b<RDCL_NO,IBRS_ALL,SKIP_L1DFL_VME,MDS_NO>
  VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID
  TSC: P-state invariant, performance statistics
real memory  = 17179869184 (16384 MB)
avail memory = 16496967680 (15732 MB)
Event timer "LAPIC" quality 600
ACPI APIC Table: <ALASKA A M I >
FreeBSD/SMP: Multiprocessor System Detected: 8 CPUs
FreeBSD/SMP: 1 package(s) x 4 core(s) x 2 hardware threads
random: registering fast source Intel Secure Key RNG
random: fast provider: "Intel Secure Key RNG"
random: unblocking device.
ioapic0 <Version 2.0> irqs 0-119
Launching APs: 1 3 5 6 7 2 4
random: entropy device external interface
wlan: mac acl policy registered
kbd1 at kbdmux0
WARNING: Device "spkr" is Giant locked and may be deleted before FreeBSD 15.0.
efirtc0: <EFI Realtime Clock>
efirtc0: registered as a time-of-day clock, resolution 1.000000s
smbios0: <System Management BIOS> at iomem 0x8cce1000-0x8cce101e
smbios0: Version: 3.2, BCD Revision: 3.2
aesni0: <AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS>
acpi0: <ALASKA A M I >
acpi0: Power Button (fixed)
cpu0: <ACPI CPU> on acpi0
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 24000000 Hz quality 950
Event timer "HPET" frequency 24000000 Hz quality 550
atrtc1: <AT realtime clock> on acpi0
atrtc1: Warning: Couldn't map I/O.
atrtc1: registered as a time-of-day clock, resolution 1.000000s
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: <AT timer> port 0x40-0x43,0x50-0x53 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1808-0x180b on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
vgapci0: <VGA-compatible display> port 0x9000-0x903f mem 0xa0000000-0xa0ffffff,0x90000000-0x9fffffff irq 16 at device 2.0 on pci0
vgapci0: Boot video device
xhci0: <XHCI (generic) USB 3.0 controller> mem 0xa1800000-0xa180ffff irq 16 at device 20.0 on pci0
xhci0: 32 bytes context size, 64-bit DMA
usbus0 on xhci0
usbus0: 5.0Gbps Super Speed USB v3.0
pci0: <memory, RAM> at device 20.2 (no driver attached)
pci0: <simple comms> at device 22.0 (no driver attached)
ahci0: <AHCI SATA controller> port 0x9090-0x9097,0x9080-0x9083,0x9060-0x907f mem 0xa181c000-0xa181dfff,0xa1822000-0xa18220ff,0xa1821000-0xa18217ff irq 16 at device 23.0 on pci0
ahci0: AHCI v1.31 with 2 6Gbps ports, Port Multiplier not supported
ahcich0: <AHCI channel> at channel 0 on ahci0
ahcich1: <AHCI channel> at channel 1 on ahci0
pcib1: <ACPI PCI-PCI bridge> irq 16 at device 28.0 on pci0
pci1: <ACPI PCI bus> on pcib1
igb0: <Intel(R) I211 (Copper)> port 0x8000-0x801f mem 0xa1700000-0xa171ffff,0xa1720000-0xa1723fff irq 16 at device 0.0 on pci1
igb0: NVM V0.6 imgtype2
igb0: Using 1024 TX descriptors and 1024 RX descriptors
igb0: Using 2 RX queues 2 TX queues
igb0: Using MSI-X interrupts with 3 vectors
igb0: Ethernet address: 00:e2:69:3b:42:58
igb0: netmap queues/slots: TX 2/1024, RX 2/1024
pcib2: <ACPI PCI-PCI bridge> irq 17 at device 28.5 on pci0
pci2: <ACPI PCI bus> on pcib2
igb1: <Intel(R) I211 (Copper)> port 0x7000-0x701f mem 0xa1600000-0xa161ffff,0xa1620000-0xa1623fff irq 17 at device 0.0 on pci2
igb1: NVM V0.6 imgtype2
igb1: Using 1024 TX descriptors and 1024 RX descriptors
igb1: Using 2 RX queues 2 TX queues
igb1: Using MSI-X interrupts with 3 vectors
igb1: Ethernet address: 00:e2:69:3b:42:59
igb1: netmap queues/slots: TX 2/1024, RX 2/1024
pcib3: <ACPI PCI-PCI bridge> irq 18 at device 28.6 on pci0
pci3: <ACPI PCI bus> on pcib3
igb2: <Intel(R) I211 (Copper)> port 0x6000-0x601f mem 0xa1500000-0xa151ffff,0xa1520000-0xa1523fff irq 18 at device 0.0 on pci3
igb2: NVM V0.6 imgtype1
igb2: Using 1024 TX descriptors and 1024 RX descriptors
igb2: Using 2 RX queues 2 TX queues
igb2: Using MSI-X interrupts with 3 vectors
igb2: Ethernet address: 00:e2:69:1b:be:1c
igb2: netmap queues/slots: TX 2/1024, RX 2/1024
pcib4: <ACPI PCI-PCI bridge> irq 19 at device 28.7 on pci0
pci4: <ACPI PCI bus> on pcib4
igb3: <Intel(R) I211 (Copper)> port 0x5000-0x501f mem 0xa1400000-0xa141ffff,0xa1420000-0xa1423fff irq 19 at device 0.0 on pci4
igb3: NVM V0.6 imgtype1
igb3: Using 1024 TX descriptors and 1024 RX descriptors
igb3: Using 2 RX queues 2 TX queues
igb3: Using MSI-X interrupts with 3 vectors
igb3: Ethernet address: 00:e2:69:1b:be:1d
igb3: netmap queues/slots: TX 2/1024, RX 2/1024
pcib5: <ACPI PCI-PCI bridge> irq 16 at device 29.0 on pci0
pci5: <ACPI PCI bus> on pcib5
igb4: <Intel(R) I211 (Copper)> port 0x4000-0x401f mem 0xa1300000-0xa131ffff,0xa1320000-0xa1323fff irq 16 at device 0.0 on pci5
igb4: NVM V0.6 imgtype1
igb4: Using 1024 TX descriptors and 1024 RX descriptors
igb4: Using 2 RX queues 2 TX queues
igb4: Using MSI-X interrupts with 3 vectors
igb4: Ethernet address: 00:e2:69:1b:be:1e
igb4: netmap queues/slots: TX 2/1024, RX 2/1024
pcib6: <ACPI PCI-PCI bridge> irq 17 at device 29.5 on pci0
pci6: <ACPI PCI bus> on pcib6
igb5: <Intel(R) I211 (Copper)> port 0x3000-0x301f mem 0xa1200000-0xa121ffff,0xa1220000-0xa1223fff irq 17 at device 0.0 on pci6
igb5: NVM V0.6 imgtype1
igb5: Using 1024 TX descriptors and 1024 RX descriptors
igb5: Using 2 RX queues 2 TX queues
igb5: Using MSI-X interrupts with 3 vectors
igb5: Ethernet address: 00:e2:69:1b:be:1f
igb5: netmap queues/slots: TX 2/1024, RX 2/1024
pcib7: <ACPI PCI-PCI bridge> irq 18 at device 29.6 on pci0
pci7: <ACPI PCI bus> on pcib7
pci7: <network> at device 0.0 (no driver attached)
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
hdac0: <Intel Cannon Lake HDA Controller> mem 0xa1818000-0xa181bfff,0xa1000000-0xa10fffff irq 16 at device 31.3 on pci0
pci0: <serial bus> at device 31.5 (no driver attached)
acpi_button0: <Sleep Button> on acpi0
acpi_button1: <Power Button> on acpi0
ns8250: UART FCR is broken
ns8250: UART FCR is broken
uart0: <16950 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
uart0: console (115200,n,8,1)
ns8250: UART FCR is broken
ns8250: UART FCR is broken
uart1: <16950 or compatible> port 0x2f8-0x2ff irq 3 on acpi0
acpi_syscontainer0: <System Container> on acpi0
orm0: <ISA Option ROM> at iomem 0xc0000-0xcffff pnpid ORM0000 on isa0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atrtc0: <AT realtime clock> at port 0x70 irq 8 on isa0
atrtc0: Warning: Couldn't map I/O.
atrtc0: registered as a time-of-day clock, resolution 1.000000s
atrtc0: Can't map interrupt.
hwpstate_intel0: <Intel Speed Shift> on cpu0
hwpstate_intel1: <Intel Speed Shift> on cpu1
hwpstate_intel2: <Intel Speed Shift> on cpu2
hwpstate_intel3: <Intel Speed Shift> on cpu3
hwpstate_intel4: <Intel Speed Shift> on cpu4
hwpstate_intel5: <Intel Speed Shift> on cpu5
hwpstate_intel6: <Intel Speed Shift> on cpu6
hwpstate_intel7: <Intel Speed Shift> on cpu7
Timecounter "TSC" frequency 1992015573 Hz quality 1000
Timecounters tick every 1.000 msec
hdacc0: <Realtek ALC662 rev3 HDA CODEC> at cad 0 on hdac0
hdaa0: <Realtek ALC662 rev3 Audio Function Group> at nid 1 on hdacc0
pcm0: <Realtek ALC662 rev3 (Rear Analog)> at nid 20 and 24 on hdaa0
hdacc1: <Intel Kaby Lake HDA CODEC> at cad 2 on hdac0
hdaa1: <Intel Kaby Lake Audio Function Group> at nid 1 on hdacc1
pcm1: <Intel Kaby Lake (HDMI/DP 8ch)> at nid 3 on hdaa1
Trying to mount root from ufs:/dev/gpt/rootfs [rw]...
ugen0.1: <Intel XHCI root HUB> at usbus0
uhub0 on usbus0
uhub0: <Intel XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0
ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0: <KINGSTON SKC600MS512G S4500105> ACS-3 ATA SATA 3.x device
ada0: Serial Number 50026B7784069228
ada0: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 512bytes)
ada0: Command Queueing enabled
ada0: 488386MB (1000215216 512 byte sectors)
ada1 at ahcich1 bus 0 scbus1 target 0 lun 0
ada1: <Samsung SSD 860 PRO 512GB RVM02B6Q> ACS-4 ATA SATA 3.x device
ada1: Serial Number S42YNX0R505482B
ada1: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 512bytes)
ada1: Command Queueing enabled
ada1: 488386MB (1000215216 512 byte sectors)
ada1: quirks=0x3<4K,NCQ_TRIM_BROKEN>
GEOM: ada0: the secondary GPT header is not in the last LBA.
GEOM: ada1: the secondary GPT header is not in the last LBA.
GEOM_MIRROR: Device mirror/OPNsense launched (1/2).
GEOM_MIRROR: Device OPNsense: rebuilding provider ada0.
uhub0: 18 ports with 18 removable, self powered
Root mount waiting for: usbus0
usb_alloc_device: set address 2 failed (USB_ERR_TIMEOUT, ignored)
Root mount waiting for: usbus0
Root mount waiting for: usbus0
Root mount waiting for: usbus0
usbd_setup_device_desc: getting device descriptor at addr 2 failed, USB_ERR_IOERROR
Root mount waiting for: usbus0
usbd_req_re_enumerate: addr=2, set address failed! (USB_ERR_TIMEOUT, ignored)
Root mount waiting for: usbus0
Root mount waiting for: usbus0
Root mount waiting for: usbus0
usbd_setup_device_desc: getting device descriptor at addr 2 failed, USB_ERR_IOERROR
Root mount waiting for: usbus0
usbd_req_re_enumerate: addr=2, set address failed! (USB_ERR_TIMEOUT, ignored)
Root mount waiting for: usbus0
Root mount waiting for: usbus0
Root mount waiting for: usbus0
usbd_setup_device_desc: getting device descriptor at addr 2 failed, USB_ERR_IOERROR
Root mount waiting for: usbus0
usbd_req_re_enumerate: addr=2, set address failed! (USB_ERR_TIMEOUT, ignored)
Root mount waiting for: usbus0
Root mount waiting for: usbus0
usbd_setup_device_desc: getting device descriptor at addr 2 failed, USB_ERR_IOERROR
Root mount waiting for: usbus0
Root mount waiting for: usbus0
usbd_req_re_enumerate: addr=2, set address failed! (USB_ERR_TIMEOUT, ignored)
Root mount waiting for: usbus0
Root mount waiting for: usbus0
usbd_setup_device_desc: getting device descriptor at addr 2 failed, USB_ERR_IOERROR
ugen0.2: <Unknown > at usbus0 (disconnected)
uhub_reattach_port: could not allocate new device
WARNING: / was not properly dismounted
WARNING: /: mount pending error: blocks 560 files 6
Dual Console: Serial Primary, Video Secondary

Please uninstall once more and ensure that the /usr/local/zenarmor directory is deleted. After that, attempt to reinstall.

Thank you very much, this was the solution!
I also deleted some other /usr/local/*sensei* files & folders.

pkg install -fy os-sensei

Thank you sy
Unfortunately it did not help.


Here is the information that is displayed during installation, it seems to be some DB problem: "sqlite3.DatabaseError: database disk image is malformed":

***GOT REQUEST TO INSTALL***
Currently running OPNsense 24.7.12_2 (amd64) at Tue Jan 28 10:13:13 CET 2025
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
    os-sensei: 1.18.5 [SunnyValley]
    ubench: 0.32_1 [SunnyValley]

Number of packages to be installed: 2

The process will require 209 MiB more space.
75 MiB to be downloaded.
[1/2] Fetching ubench-0.32_1.pkg: .. done
[2/2] Fetching os-sensei-1.18.5.pkg: .......... done
Checking integrity... done (0 conflicting)
[1/2] Installing ubench-0.32_1...
[1/2] Extracting ubench-0.32_1: ..... done
[2/2] Installing os-sensei-1.18.5...
[2/2] Extracting os-sensei-1.18.5: .......... done
Local path is : /usr/local/opnsense/service
total 64
-rw-r-----  1 root wheel  32B Sep  6  2021 serial
-rw-r-----  1 root wheel    7B Aug  7  2023 sensei_cpu_score
-rw-r--r--  1 root wheel    0B Dec  3 22:41 .mustrestart
-rw-r-----  1 root wheel    0B Jan 17 14:00 workers.map
-rw-r--r--  1 root wheel    0B Jan 17 14:00 .fixed-security-categories
-rw-r--r--  1 root wheel  6.3K Jan 17 15:03 eastpect.cfg
-rwxr-xr-x  1 root wheel  136B Jan 22 14:50 workers.map.default
-rwxr-xr-x  1 root wheel  40B Jan 22 14:50 .buildtime
-rwxr-xr-x  1 root wheel  5.5K Jan 22 14:50 eastpect.cfg.default
create link for python in virtualenv...Create link python3 to /usr/local/zenarmor/py_venv/bin/python....
Create link python3 to /usr/local/zenarmor/py_venv/bin/python3....
done
Restarting configd service...done
Activating features for Freemium Edition...
Deleting OPNsense menu cache...done
Invalidating OPNsense cache...done
Invalidating Zenarmor cache...done
Running Zenarmor post-install scripts...
Check python version
Tue Jan 28 09:13:41 UTC 2025
Removing Zenarmor cron jobs...
CLI crons: Info: Cron jobs deleted: 0
CLI crons: Success
Preparing Settings Db...
Backup configurations...
Configuration Migration .....
License Migration.....
Node.csv Migration.....
Certification Migration.....
Token Migration.....
Userpin Migration.....
Serial Migration.....
Userenricher Tokens Migration.....
Hostmap Cache Database migration.....
Creating user_device_cache.db...
Creating hostmap_cache.db...
Creating settings.db...
Traceback (most recent call last):
  File "/usr/local/zenarmor/scripts/updater/opnsense/18.1/init_settings.py", line 145, in <module>
    test = InitSettings()
          ^^^^^^^^^^^^^^
  File "/usr/local/zenarmor/scripts/updater/opnsense/18.1/init_settings.py", line 33, in __init__
    self.initSettings(self.db_script_path)
  File "/usr/local/zenarmor/scripts/updater/opnsense/18.1/init_settings.py", line 105, in initSettings
    self.executeDML(line.strip('\n'))
  File "/usr/local/zenarmor/scripts/updater/opnsense/18.1/init_settings.py", line 92, in executeDML
    cur.execute(sql)
sqlite3.DatabaseError: database disk image is malformed
Application database base path is /usr/local/zenarmor//db/
Warning: pinned_cert_sites general error:database disk image is malformed
Traceback (most recent call last):
  File "/usr/local/zenarmor/scripts/installers/opnsense/18.1/load_policy_categories.py", line 94, in <module>
    cur_e.execute('select pa.policy_id,ac.id,ac.name,pa.action,count(*) as total from \
sqlite3.DatabaseError: database disk image is malformed
Checking Schedule Reports...
Preparing Userenrich Db...
Checking Cloud Nodes...Setting new cloud nodes...done
ASAN LIBRARY CHECK....
Generating Zenarmor configuration files...done
Menu.xml template copied
StaticConfig template copied
CLI generate-static-file: OK
grep: /usr/local/etc/elasticsearch/elasticsearch.yml: No such file or directory
CLI setretireafter:
CLI setretireafter: DB Type: ES
CLI setretireafter: (Elasticsearch) 30
CLI setretireafter: Skipped:
CLI setflavor:
CLI setflavor: Warning: Not settings flavor size in eastpect.cfg
CLI settimestamp: Success
CLI migrate: Info: Report Mail Configuration Checking
CLI migrate: Info: done
CLI migrate: Info: Web category migration ...
CLI migrate: Info: done
CLI migrate: Info: Custom web category migration ...
CLI migrate: Info: done
CLI migrate: Info: Applications category migration ...
CLI migrate: Success
Error: Unable to prepare statement: 11, database disk image is malformedCLI bufsysctl: skipped  mem: 17179869184 buf: 1000000
CLI setClusterUUID: Warning: Database not running
CLI setdefaultswap: Info: Swap Rate: 60
CLI setdefaultswap: Success
CLI fillscheduledreportchart
CLI fillScheduledReportCategory Error: Unable to prepare statement: 11, database disk image is malformed
Error: Unable to prepare statement: 11, database disk image is malformedCLI setlicensesize: Success: Warning: License is not premium
CLI check-fix-websites skipped
CLI check-fix... 
CLI check-fix failed
Error: Unable to prepare statement: 11, database disk image is malformedError: Unable to prepare statement: 11, database disk image is malformedRunning OPNsense post install scripts...done
Configuring Zenarmor cron jobs...
CLI crons: Info: Cron jobs created: 1
CLI crons: Info: Cron jobs edited: 1
CLI crons: Success
Adding new dashboard widget to OPNsense...done

======================================================================

ALL installation tasks completed successfully.

*** Note that you need to complete initial configuration of Sensei.

Now point your web browser to OPNsense web administration User Interface
for the initial Zenarmor configuration.

Just click on Zenarmor from OPNsense main menu, and you'll be provided
with the initial configuration wizard.

Follow onscreen instructions to complete setup.

All Rights Reserved - Sunny Valley Networks - 2018

======================================================================

Copy block tamplate ...done
Generating Default CA keys and certificates...done
Registering plug-in to the OPNsense firmware system...done
Done & sync heartbeat ...

Removing old settings.db and config.xml files...
done
Removing old user_device_cache.db files...
done
Service `zenoverlay' has been stopped.
Restarting OPNsense web gui...
done...
=====
Message from ubench-0.32_1:

--
===>  NOTICE:

The ubench port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://docs.freebsd.org/en/articles/contributing/#ports-contributing
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***

Hello,

After my OPNsense crashed this morning my Zenarmor is broken.
I also tried to uninstall and reinstall all 4 related Packages/Plugins it's still the same.

I just see the message "Firewall not found! It may have been deleted or you are not authorized to view it or it may not have existed at all".

(And I get the error message "Error (200) Unable to prepare statement: 11, database disk is malformed" if I click on some tabs under Zenarmor.)

I hope someone can help me.

Greetings,
Dobi

I found the solution. See attached file.

No need for NAT, no need for Reflection as described in some topics.

Here are some status information.

Here are the IPsec settings.

Hello,

I read the following guides:
https://docs.opnsense.org/manual/how-tos/ipsec-road.html
https://docs.opnsense.org/manual/how-tos/ipsec-rw-srv-eapradius.html
https://docs.opnsense.org/manual/how-tos/ipsec-rw-android.html#ikev2-eap-mschapv2-or-eap-radius

I also read the following topics on the same problem I have:
https://forum.opnsense.org/index.php?topic=11340.0
https://forum.opnsense.org/index.php?topic=19404.0
https://github.com/opnsense/core/issues/3751


Accessing the LAN I have no problems, but I don't get my IPsec clients to access the internet over VPN.

Greetings,
Dobi

Hello,

I followed the following guides:
https://docs.opnsense.org/manual/how-tos/ipsec-rw-srv-eapradius.html
https://docs.opnsense.org/manual/how-tos/ipsec-rw-android.html#ikev2-eap-mschapv2-or-eap-radius

When I look at the OPNsense IPsec Log File, I can see that I get a /32 IP-address:

Code Select Expand

07[IKE] <con1|12> CHILD_SA con1{6} established with SPIs c267faa6_i e582545f_o and TS 192.168.1.0/24 === 10.10.2.1/32

Also when I check ifconfig on my Android (Termux App), I see that I get a 255.255.255.255 subnet mask.

[I attached some PrtScrs.]

Maybe someone can help me out.

Greetings,
Dobi


EDIT 01:
I also now tested with Windows 10 (needed to add some Encryption Algo. and so on).
The connection is working, but I have the same problem with the subnet mask.
I also saw that I did not get any gateway.

Code Select Expand

PPP adapter OPNsense:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 10.10.2.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0

EDIT 02:
I think I'm stupid as f***  :-[ sorry guys...
Is it possible that this is the normal behaviour and nothing wrong with it?! :-[
(I never used IPsec and thought it should behave more like OpenVPN...)

I now backuped Sensei, removed Elasticsearch:

Code Select Expand

pkg remove elasticsearch5
cd /usr/local/etc
rm -rf elasticsearch

removed Sensei, reinstalled Sensei and restored the config.

Maybe not the most beautiful solution, but now everything works again as it should.

Thank you very much for you help.

How long did you wait?  It can take a little time after a startup for all services to come online and show green on the dashboard.  I'd suggested rebooting, and waiting 10 min or so then checking.  When I first started using opnsense I thought I had an issue but turns out I was impatient, just curious if maybe that's what's happening for you.  8)

Thank you for the reply.
Even after about +- 6 hours it did not start.

Ah yea 6 hrs should have been plenty lol.  Anything useful when you run dmesg in terminal?  If needed filter with dmesg | grep error

During the WE I had access to the OPNsense server itself.
When doing a "reboot", it actually did not do a full reboot. So I took if from current, and booted afterwards.
One of my disks was corrupted. After a rebuild of the RAID nearly every service behaved normally again.

The only thing which I do not get to start is the Elasticsearch.

(Using "dmesg | grep error", I only get a VESA error, but I can not imagine that it has sth. to do with Elasticsearch.)

Elasticsearch shows the Information : "Disk usage:0 B".

How long did you wait?  It can take a little time after a startup for all services to come online and show green on the dashboard.  I'd suggested rebooting, and waiting 10 min or so then checking.  When I first started using opnsense I thought I had an issue but turns out I was impatient, just curious if maybe that's what's happening for you.  8)

Thank you for the reply.
Even after about +- 6 hours it did not start.

Hello,

After reboot there are some services which don't start:
- cicap (C-ICAP Server)
- clamd (ClamAV Daemon)
- freshclam (freshclam daemon)
- squid (Web Proxy)

Apart from this also the Sensei-Services don't start:
- Sensei Packet Engine
- Elasticsearch

After a manual "Start" of those services they work.

I tried do search for solutions online but I did not find anything helpful.
Maybe someone has an idea over here?

Greetings,
Dobi