Messages

Got this error. Realized what had happened was when I initially setup this machine I used another port and cable to run the Guest LAN to the switch so I ran it through Zenarmor. Later, I changed it to a VLAN over the same port as my normal LAN, but did not remove the configuration from Zenarmor.
It appears no one thought of something like this happening, as when I went into the settings, igb2 does not appear in the list of interfaces, making it not easily removable.
I ended up doing the following:
Make a fake permanent interface assignment for igb2
Go into Zenarmor and enable the new fake interface, Save
Remove Fake interface from Zenarmor, Save
Start Zenarmor successfully.
Delete fake interface from OpnSense.

Doing this allowed me to start Zenarmor, but I feel like invalid configs should be fixable without doing this workaround. Maybe interfaces that are in the configuration but invalid should show up on the interface configuration screen in red or something so they can be removed.

I am using Cisco 2811 routers as essentially VoIP endpoints. Analog audio goes in, IP Packets come out. Thats all they do* The session target for the VoIP packets is a multicast address as it needs to go to all of the endpoints simultaneously.
Originally I was using all UniFi routers as the real internet-facing router. Their built-in IPSec S2S VPN was used to then link the sites.
To get around the multicast not passing over the VPN, I got GRE tunnels set up between the 2811s.
So there is a VPN between the sites, but then also a GRE tunnel within that between the Cisco routers

I have gone through, trashed all of the Unifi stuff, got it set up with OPNsense running on 1u servers, with ZeroTier as the S2S.
I would like to eliminate the GRE tunnels, as Ive found them to not be reliable. I have to reload the cisco boxen at least once a week to force the tunnel to come back up. Part of the reason I went with zerotier was because it was basically meshing and eliminating the single point of failure but that is maintined with the GRE tunnels.

What I would like is for the multicast to be transmitted from whichever end point, as multicast, then the OPNsense/Zerotier handles getting it sent out to all the recievers. What is the best way to do that?

This is a pretty minor thing, but I logged into one of my boxes and thought the intel coretemp driver was broken. But they I realized that it was reporting but the temperatures were in the range of -1C to 0C. Once one of the cores spiked to 2-3C and the green bar displayed enough to see the white characters.
I fixed it by going to a dark theme.
But I thought a couple ways would be to prevent the green bar from disappearing completely or shifting the text the a different color if it was under a certain amount.
The attached picture show what it was the following day. 2C is about the lowest it will display without characters disappearing.

.

Yes that is correct syntax.
They were both incorrect on mine. Webconsole and onboard.

I just talked with support about this very issue.
This is what they told me

Please run the following commands on the console as root.

pkg install -fy os-sensei-agent
service senpai restart

This worked for me. It instantly updated the Zenconsole to show the correct information

Have only noticed this recently. Its filling my logs with

Code Select Expand

2023-01-30T01:32:30
vnstatd Traffic rate for "xn0" higher than set maximum 10 Mbit (30s->40894464, r793873 t42004161, 64bit:1), syncing.
10mbit is really low. I cant find a place to set this higher either in the GUI or a conf file. Anyone adjusted this before?

I have seen the memory balloon issue. I havent been able to figure it out other than its Suricata. I ended up increasing memory to 16GB as like you saw with 12GB, it was pushing onto swap.
Funnily, once I increased memory about a week ago I havent had any issue with memory, in fact its not gone higher than about 4GB. Its very strange. I wonder if I went back to 12GB it would ballon again.
I never had issue with DNS outside of using the original Suricata 6.0.9 when it would stall.

Yes this problem caused me to change my upgrading behavior to performing snapshots of the VHD before hand so that I may simply roll back the VHD to the time before the upgrade.

I had the same fault with Unbound and the web page becoming unresponsive. In fact I initially thought the problem was with unbound and I didnt know about the suricata thing until later. I still dont understand what was causing that.
Downgrading Suricata as above should fix. It did for me.

Code Select Expand

# grep -e -.interface: -e copy-iface: -e netmap: /usr/local/etc/suricata/suricata.yaml
  - interface: eth0
    #copy-iface: eth1
  - interface: default
  - interface: default
netmap:
  - interface: default
    # (e.g. "copy-iface: eth0+"). Don't forget to set up a symmetrical eth0+ -> eth0
    #copy-iface: eth3
  - interface: xn1
    copy-iface: xn1^
  - interface: xn1^
    copy-iface: xn1
# dmesg | grep generic_netmap_register
310.301436 [ 320] generic_netmap_register   Emulated adapter for wg0 activated
310.302155 [ 320] generic_netmap_register   Emulated adapter for xn0 activated
476.574947 [ 320] generic_netmap_register   Emulated adapter for xn1 activated


Much appreciated. Mine still seems to be running fine here and I've also been hammering speed tests. :/

I want to know which NIC driver(s) are reproducible. Can you post the output of:

# grep -e -.interface: -e copy-iface: -e netmap: /usr/local/etc/suricata/suricata.yaml


Thanks,
Franco

Code Select Expand

/local/etc/suricata/suricata.yaml
  - interface: eth0
    #copy-iface: eth1
  - interface: default
  - interface: default
netmap:
  - interface: default
    # (e.g. "copy-iface: eth0+"). Don't forget to set up a symmetrical eth0+ ->                                                                                           eth0
    #copy-iface: eth3
  - interface: xn1
    copy-iface: xn1^
  - interface: xn1^
    copy-iface: xn1

Running as a Xen HVM guest on Linux 5.15.80

I put my .02 in on the bug report, Thanks.

Do you run Suricata? That seems to be the problem most are having that is causing it to lose WAN or LAN depending on which its looking at. Rolling Suricata back to 6.0.8 from 22.7.8 fixes the issue it seems.

Disregard. This problem is occurring due to Suricata 6.0.9 issues found by others. If I just restart Suricata then Unbound I dont need to do a full reboot.
In the interim Ive downgraded Suricata to 6.0.8 from Opnsense 22.7.8 release.