Messages

1

24.7 Production Series / Re: DNS Over TLS Broken

« on: Today at 03:34:46 am »

/usr/local/etc/unbound/root.key does not exist
debug cert update forced
last successful probe: Wed Nov 20 21:33:29 2024
the last successful probe is recent
/usr/local/etc/unbound/icannbundle.pem: No such file or directory
using builtin certificate
have 1 trusted certificates
resolved server address 152.199.24.38
resolved server address 2606:2800:21f:b505:516b:4186:98cd:116
connect to 152.199.24.38
fetched root-anchors/root-anchors.xml (1861 bytes)
connect to 152.199.24.38
fetched root-anchors/root-anchors.p7s (2523 bytes)
signer 0: Subject: /O=ICANN/CN=DNSSEC Trust Anchor Verification/emailAddress=dnssec@iana.org
the PKCS7 signature verified
XML was parsed successfully, 2 keys
success: the anchor has been updated using the cert

2

24.7 Production Series / DNS Over TLS Broken

« on: November 20, 2024, 11:30:45 pm »

After the 11/2024 update, cannot use DNS Over TLS.  Using Quad9 and IPV4 only.  Worked fine before update.  No access to Internet if turned on.  If turned off, access is fine.  Here are the errors from the DNS/TLS log:

2024-11-20T17:26:26-05:00   Error   unbound   [95068:5] error: ssl handshake cert error: unable to get local issuer certificate   
2024-11-20T17:26:26-05:00   Error   unbound   [95068:5] error: and additionally crypto error:0A000086:SSL routines::certificate verify failed   
2024-11-20T17:26:26-05:00   Error   unbound   [95068:5] error: and additionally crypto error:80000002:system library::No such file or directory   
2024-11-20T17:26:26-05:00   Error   unbound   [95068:5] error: and additionally crypto error:16000069:STORE routines::unregistered scheme

3

24.7 Production Series / Re: Ryzen 9 CPU Temp Monitoring?

« on: June 28, 2024, 09:53:53 pm »

So temp monitoring works for AMD newer CPUs if you do the new install with kernel 4.1.  However, on my 7900X it shows Cores 0 and 1 twice.  O and 1 are at the top of the cue, and then if you scroll down, the are also the last two in the cue.  The 2nd reading is not only duplicative in this case, but also incorrect. Would also note that in the new dashboard the same info is shown in the same order, with the color bar for the repeated two CPUs as red.

49.2 °CCore 0 (dev.cpu.0.temperature)
49.2 °CCore 1 (dev.cpu.1.temperature)
49.2 °CCore 10 (dev.cpu.10.temperature)
49.2 °CCore 11 (dev.cpu.11.temperature)
49.2 °CCore 12 (dev.cpu.12.temperature)
49.2 °CCore 13 (dev.cpu.13.temperature)
49.2 °CCore 14 (dev.cpu.14.temperature)
49.2 °CCore 15 (dev.cpu.15.temperature)
49.2 °CCore 16 (dev.cpu.16.temperature)
49.2 °CCore 17 (dev.cpu.17.temperature)
49.2 °CCore 18 (dev.cpu.18.temperature)
49.2 °CCore 19 (dev.cpu.19.temperature)
49.2 °CCore 2 (dev.cpu.2.temperature)
49.2 °CCore 20 (dev.cpu.20.temperature)
49.2 °CCore 21 (dev.cpu.21.temperature)
49.2 °CCore 22 (dev.cpu.22.temperature)
49.2 °CCore 23 (dev.cpu.23.temperature)
49.2 °CCore 3 (dev.cpu.3.temperature)
49.2 °CCore 4 (dev.cpu.4.temperature)
49.2 °CCore 5 (dev.cpu.5.temperature)
49.2 °CCore 6 (dev.cpu.6.temperature)
49.2 °CCore 7 (dev.cpu.7.temperature)
49.2 °CCore 8 (dev.cpu.8.temperature)
49.2 °CCore 9 (dev.cpu.9.temperature)
80000 °CCore 0 (dev.mce.0.hw_temperature)
80000 °C

4

24.7 Production Series / Ryzen 9 CPU Temp Monitoring?

« on: June 20, 2024, 06:36:13 pm »

Any chance the new kernel now supports Ryzen 9 CPU temp monitoring?

5

Zenarmor (Sensei) / Re: Zenarmor Cloud Nodes Status

« on: May 21, 2024, 07:55:28 pm »

I was LAN only with Zenarmor as well.  Use CROWDSEC and SURICATA for WAN.

6

Zenarmor (Sensei) / Re: Zenarmor Cloud Nodes Status

« on: May 19, 2024, 10:07:00 pm »

SY,

  I tried a Zenarmor reset as that was the only thing working in the Zenarmor menu.  The reset seemed to work initially up to selecting a database type.  I noticed there is now an Elastic 5 and 8 version database you can choose.  I tried the version 8, and the installer said to make sure the Zenarmor cloud agent was connected.  So after running that routine twice with no joy, I decided to uninstall from the Opnsense package manager and then reinstall.  The reinstall failed as no Zenarmor entry was set in the Opnsense menu.  So I have just uninstalled again and will leave it for a bit until the next Opnsense update.  I am on the dev firmware so understand these things will happen.

Cheers!

7

Zenarmor (Sensei) / Re: Zenarmor Cloud Nodes Status

« on: May 19, 2024, 02:55:18 pm »

I have the same problem

8

24.1 Legacy Series / Re: KEA DHCP Subnets and DNS over TLS Question

« on: May 12, 2024, 02:20:53 pm »

I am on the developer release, so suspect there might be some differences as the business release might actually be newer in some cases at this point. 

9

24.1 Legacy Series / KEA DHCP Subnets and DNS over TLS Question

« on: May 01, 2024, 01:52:44 pm »

So I have a question about the DNS settings for KEA, but I have to start with ISC DHCPv4 to get to the question.  When using ISC DHCPv4 under the LAN settings you don't list your DNS servers if you are going to use DNS over TLS under UNBOUND.

So I thought the parallel might be true if using KEA as KEA also has a DNS Subnet section.  So when I setup KEA initially, I added a DNS under the subnet entry as I did not want to chance wrecking my network access.  That seems to have worked fine, but it bugged me that KEA settings were a bit different so I took a chance and removed the DNS setting under KEA.  Everything worked fine, both wired and wireless.  Woke up this morning to find wireless access had quit working, but wired was just fine, so I went back into the KEA subnet setting and re=added the DNS entry.  Wireless network came back up. 

Not sure what is truly happening where I get wired but not wired DNS in this situation.  Also makes me wonder if DNS over TLS is actually functioning given the settings between ISC DHCPv4 and KEA are not parallel in this sense.

I do have my switches set to DHCP, but use the KEA reservations to give them each a specific IP address.  I have done the same thing with the wireless access ports too.

So what happened to KEA DHCP when I made the change to remove my DHCP IP address from the KEA Subnet setting, which in this case is the router IP?

10

Zenarmor (Sensei) / Re: why is eastpect locked to a single core

« on: December 02, 2023, 02:37:36 pm »

Yay!  Waiting for this before installing again.

11

23.7 Legacy Series / Re: [CALL FOR TESTING] Unbound DNS over TLS without explicit CA bundle

« on: December 02, 2023, 02:36:16 pm »

Working here

12

General Discussion / DNSCrypt-proxy and Unbound DNS Question

« on: October 15, 2023, 03:22:08 pm »

If I run DNSCrypt-proxy and Unbound DNS, do I turn off DNS/TLS? 

- Using OPNsense 23.7.6-amd64.
- I setup an Unbound DNS: Query Forwarding Rule to take care of the old text entry options noted in the older OPNSense tutorial for setting up DNSCrypt-proxy with Unbound DNS, and it seems to work without issue.

13

Hardware and Performance / Re: AMD AM5 Temp Reporting Support

« on: October 07, 2023, 09:01:09 pm »

So temp will not show under HTOP.  HTOP shows 0.0.% 3000MHz N/A. N/A is where the temp should show.  The 0.0% should show CPU utilization, and the 3000MHz is the incorrectly reported CPU frequency. Tested  using the AMD Ryzen 9 7900x.

Functionally, OPNsense seems to work otherwise, but I wonder if the underpinning BSD operating system is not properly utilizing or optimized for this CPU and AMD 5 Chipset.

14

Hardware and Performance / Re: AMD AM5 Temp Reporting Support

« on: October 03, 2023, 09:05:08 pm »

newsense, I installed mimugmail's repo yesterday looking for HTOP and did not see it.  Is it by chance under another feature?

15

Hardware and Performance / Re: AMD AM5 Temp Reporting Support

« on: October 02, 2023, 06:30:54 pm »

There are three selections for sensors, one of those is AMD.  Did not work, and neither do the other two, Intel and I think it is something like APIC.  Also tried a series of CLI commands and nothing literally is reported.