Messages

1

General Discussion / Re: DNS not resolving after reboot

« on: May 20, 2024, 07:06:19 pm »

Where do I set it manually?

Also I think its working now went in to change to static IP for time server  to NIST  129.6.15.28

Then added  0.opnsense.pool.ntp.org  enabled again.

Restarted Unbound and now its working!

How do you set the system date by hand first ?


Sparkey

2

General Discussion / Re: DNS not resolving after reboot

« on: May 20, 2024, 06:49:35 pm »

Thanks!

I assume it is not resolving from the Wan side to get to the pool?

I had unbound service stopped. I started it again. I looks like the OPNSense box cant resolve from the device itself.

0.opnsense.pool.ntp.org

Time Logs.

2023-11-09T21:38:06-06:00   Error   ntpd   unable to bind to wildcard address :: - another process may be running - EXITING   
2023-11-07T08:14:36-06:00   Error   ntpd   error resolving pool 3.opnsense.pool.ntp.org: Name does not resolve (   
2023-11-07T08:14:36-06:00   Error   ntpd   error resolving pool 2.opnsense.pool.ntp.org: Name does not resolve (   
2023-11-07T08:14:36-06:00   Error   ntpd   error resolving pool 1.opnsense.pool.ntp.org: Name does not resolve (   
2023-11-07T08:14:30-06:00   Error   ntpd   error resolving pool 0.opnsense.pool.ntp.org: Name does not resolve (

Unbound logs

2024-04-05T12:17:03-05:00   Informational   ntpd   174.53.169.69 local addr [REDACTED] -> <null>   
2024-04-05T12:16:43-05:00   Informational   ntpd   135.148.100.14 local addr [REDACTED] -> <null>   
2024-04-05T12:16:02-05:00   Informational   ntpd   69.10.223.131 local addr [REDACTED] -> <null>   
2024-04-05T12:15:51-05:00   Informational   ntpd   44.190.40.123 local addr [REDACTED] -> <null>

as well as warning

024-04-05T11:49:32-05:00   Error   ntpd   daemon child exited with code 1   
2024-04-05T11:49:32-05:00   Error   ntpd   unable to bind to wildcard address :: - another process may be running - EXITING   
2024-02-21T13:45:49-06:00   Error   ntpd   daemon child exited with code 1   
2024-02-21T13:45:49-06:00   Error   ntpd   unable to bind to wildcard address :: - another process may be running - EXITING   
2024-01-31T12:58:06-06:00   Error   ntpd   daemon child exited with code 1   
2024-01-31T12:58:06-06:00   Error   ntpd   unable to bind to wildcard address :: - another process may be running - EXITING   
2024-01-30T10:43:04-06:00   Error   ntpd   daemon child exited with code 1   
2024-01-30T10:43:04-06:00   Error   ntpd   unable to bind to wildcard address :: - another process may be running - EXITING   
2024-01-30T10:36:31-06:00   Error   ntpd   daemon child exited with code 1   
2024-01-30T10:36:31-06:00   Error   ntpd   unable to bind to wildcard address :: - another process may be running - EXITING   
2023-12-12T14:45:19-06:00   Error   ntpd   daemon child exited with code 1   
2023-12-12T14:45:19-06:00   Error   ntpd   unable to bind to wildcard address :: - another process may be running - EXITING   
2023-11-09T21:38:06-06:00   Error   ntpd   daemon child exited with code 1   
2023-11-09T21:38:06-06:00   Error   ntpd   unable to bind to wildcard address :: - another process may be running - EXITING   
2023-11-07T08:14:36-06:00   Error   ntpd   error resolving pool 3.opnsense.pool.ntp.org: Name does not resolve (



Where should i look for logs wise?

Sparkey

3

General Discussion / DNS not resolving after reboot

« on: May 20, 2024, 05:56:00 pm »

My unbound has stopped working I have restore from last wo backups same issue each time:

OPNsense 24.1.7-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13

Any help would be appreciated

Thanks!

2023-01-01T16:05:43-06:00   Error   unbound   [32138:0] error: remote control failed ssl crypto error:0A000412:SSL routines::sslv3 alert bad certificate   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: ssl handshake cert error: certificate is not yet valid   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: and additionally crypto error:0A000086:SSL routines::certificate verify failed   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: and additionally crypto error:80000002:system library::No such file or directory   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: ssl handshake failed crypto error:16000069:STORE routines::unregistered scheme   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: ssl handshake cert error: certificate is not yet valid   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: and additionally crypto error:0A000086:SSL routines::certificate verify failed   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: and additionally crypto error:80000002:system library::No such file or directory   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: ssl handshake failed crypto error:16000069:STORE routines::unregistered scheme   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: ssl handshake cert error: certificate is not yet valid   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: and additionally crypto error:0A000086:SSL routines::certificate verify failed   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: and additionally crypto error:80000002:system library::No such file or directory   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: ssl handshake failed crypto error:16000069:STORE routines::unregistered scheme   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: ssl handshake cert error: certificate is not yet valid   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: and additionally crypto error:0A000086:SSL routines::certificate verify failed   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: and additionally crypto error:80000002:system library::No such file or directory   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: ssl handshake failed crypto error:16000069:STORE routines::unregistered scheme   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: ssl handshake cert error: certificate is not yet valid   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: and additionally crypto error:0A000086:SSL routines::certificate verify failed   
2023-01-01T16:01:03-06:00   Error   unbound   [32138:0] error: and additionally crypto error:80000002:system library::No such file or directory

4

24.1 Legacy Series / Re: 24.1 IDS breaks internet

« on: January 31, 2024, 12:09:16 am »

I have the same issue after upgrading to 24.1.   Disable all is okay.
Sparkey

5

Hardware and Performance / Re: Question about DEC740 SFP+ (home use)

« on: October 09, 2023, 05:40:12 pm »

Here ya go.. newer V3C48
https://linuxgizmos.com/ryzen-embedded-3000-based-pc-equipped-with-up-to-6x-lan-ports/

6

Hardware and Performance / Intel Core i3-N305 work with bare metal

« on: October 01, 2023, 11:31:09 pm »

I have seen several of these with 2.5 Intel v225 Nics. Anyone try these with IDS/IPS with proof point.

It shows https://www.cpubenchmark.net/cpu.php?cpu=Intel+Core+i3-N305&id=5213

10K on Passmark..  thoughts?  I need a small firewall for home users. Need to find if it will do IDS/IPS for 2.5Gb speed   Intel i225-V B3 x 2   

Here is an Amazon link to something I have found.
https://www.amazon.com/gp/product/B0C6FGV76L/ref=ox_sc_act_title_1?smid=A1U8KYR6GMVLRX&psc=1

Thanks in advance.
Sparkey

7

Hardware and Performance / Re: Needing 10Gbs Wan and 10Gbs Lan

« on: September 19, 2023, 07:29:29 pm »

Thanks!  I will  check to see if they have a fiber hand off and do the SFP+.  Is the 10Gbps SFP+ module run host as well?

Sparkey

8

Hardware and Performance / Needing 10Gbs Wan and 10Gbs Lan

« on: September 19, 2023, 06:35:20 pm »

Greetings,

I am getting a fiber for the business and it is up to 10 Gbps. We have not chosen what to use as hardware and which speed of internet as of today. We are offered a Copper RJ45 hand off and have a choice of 100/1/2.5/5/10Gbps symmetrical. Internally we would like the LAN part to be a 10Gbps copper RJ45 connection as well. I would like to know what hardware OPNsense recommends or forum users that have already tested similar hardware. I have IDS IPS enables via Proofpoint.

Thanks in Advance!
Sparkey

9

21.7 Legacy Series / Re: Interfaces randomly go down/unroutable

« on: December 07, 2021, 06:59:21 pm »

I had the same issue as Sushifish

Same issue with latest update to 21.7.6 on weekend.
My (internal) interfaces are unreachable. I can log-in through VPN via WAN. After reboot, it runs some time (on Monday full day, Tuesday only 1 h). I've disabled IDS then and it was stable since.
So I suspect an issue with
*ports: suricata 6.0.4[9] with Netmap API version 14 enabled
So internet / WAN interaface is still working, however internal interfaces (on which suricata runs) were unreachable.

10

21.7 Legacy Series / Re: 21.7.6 - iflib_netmap_config

« on: December 07, 2021, 06:57:17 pm »

Maybe issue is this?


https://forum.opnsense.org/index.php?topic=25750.15


From Sushifish

Same issue with latest update to 21.7.6 on weekend.
My (internal) interfaces are unreachable. I can log-in through VPN via WAN. After reboot, it runs some time (on Monday full day, Tuesday only 1 h). I've disabled IDS then and it was stable since.
So I suspect an issue with
*ports: suricata 6.0.4[9] with Netmap API version 14 enabled
So internet / WAN interaface is still working, however internal interfaces (on which suricata runs) were unreachable.

11

21.7 Legacy Series / Re: 21.7.6 - iflib_netmap_config

« on: December 06, 2021, 04:06:28 pm »

I received the same thing not routing allowed rebooted same thing a few mins after reboot. Reverted went back to previous version same thing . Re did the entire VM (esx) and same thing occurred on previous version. Leaving IDS  disabled it stable.

Sparkey