Messages

Hi Franco, Stephan,

I've applied the patch and same regex(s) I used before are working again.

thanks

Hi team,

some time ago (probably on 25.x) I've noticed that my saved live view filters do not work. Just waited some time that maybe get fixed.
Found out that interfaces changed, ex. DMZ now vlan02 etc. So fixed this, but regular expression filters does not work anymore.
The syntax looks same in config, but not working.

I see the error in backend log:
Script action stderr returned "b"/usr/local/opnsense/scripts/filter/read_log.py:101: SyntaxWarning: invalid escape sequence '\\['\n if re.search('filterlog\\[\\d*\\]:', record['line']):""

Example I used:
- filter interface, action and more ports with contain operator:
dstport~443|80|22|23|25

This now does not work. Is that an issue or was there some plan to remove regex from live view?

thx

Hi,

on 25.7.2 and 25.7.3 I have 3 warning/error logs.

Warnings:
/usr/local/sbin/pluginctl: warning: ignoring missing default tunable request: hw.ibrs_disable
/usr/local/sbin/pluginctl: warning: ignoring missing default tunable request: vm.pmap.pti

I think I saw on forum that there is some change in values in 25.7, but no defaults set. Can I fix it somehow or can be fixed in some newer version?

error:
/usr/local/etc/rc.bootup: The command '/usr/local/etc/rc.d/dnsmasq stop' returned exit code '1', the output was 'dnsmasq not running? (check /var/run/dnsmasq.pid).'

With 25.7 I've switched to dnsmasq for DHCP only. DNS is disabled.

Everything seems working fine, just want get away with such errors if not serious.

thx

Hit the same problem yesterday when migrating from ISC to dnsmasq.

The output is empty if the DHCP on the interface is not running.
Enable DHCP on that interface, export and then can disable it.

Or maybe just ISC has to be running, not tested. I just enabled it on interfaces.

I guess this is not right.

Postfix is a server and can send emails to other servers. I have never seen Postfix to behave as client and authenticate itself as client - MSA. But mybe it is doable with some specific steps.

Anyway here we are talking about clients sending emails -> clients mean Outlook, Thunderbird or any other application behaving as client to the server. Here monit. But other gear may have similar.

Often such clients can send email without authentication to local server.
But to use some public provider, today you need authenticate.

So use SMTP "AUTH" - and very often plain -simple user/password.
Now MS will remove it and will use OATH authentication.

So no, MS does not remove SMTP AUTH, just changes the auth method and client has to support it.

I see that freebsd has cron with @reboot and 'at' so in theory that could be general option in cron to run after reboot and after reboot + delay.

My point was about remote systems only.

I think there are 2 different scenarios:
1. own upgrade is fine ->  it boots up and works, but admin cannot login back for management.
For example due to some bug, the PPPoE client does not auth, vpn tunnel is down so box not accesible from outside, or other functional problem

2. the own upgrade fail - the system does not boot up -> broken kernel, kernel panic, wrongly written data to disk etc.


My point was to resolve scenario 1.

I use something similar on Mikrotiks.

point 1 on MT:
- have a script which switch active partition and reboot
- before upgrade, I enable scheduler which run the script 10m after boot up
- if I can login, do some test with positive results, then I disable the scheduler
- if cannot login the system reverts back to backup partition and all should work as before

point 2 on MT:
- they wrote in docs that there is some fallback/recovery to next partition if system does not boot up
- I've never experienced
- I do not know how that do that, but they have too own bootloader/bios (even watchdog feature), so it can be bounded
and if system not boot up then the bios will reboot and boot next partition. Do not know.

Anyway my point was to resolve somehow the scenario 1. Idea was through some cron job.
Anyway it should be manual process - enable the cron job for revert snapshot and reboot and then admin to disable the job
if all is OK.

Nothing big to do, just have an option for controlled revert.

The point 2 can much more complicated to think about and implement.

I've recently switched to ZFS to have a snapshots.
Looking a way for automatic snapshot activation and reboot to get original state.

Do not see such option in cron section. Could that be added?

The scenario when doing remote upgrade is below:
- create new snapshot with known good state
- create cron job 20/30m in future
- run upgrade
- if I cannot log in back to box and manage it -> cron will change active snapshot and reboot
- if I can log in, just disable the cron job

The goal is auto recovery from state when vpn tunnel is down, PPPoE does not come up with new version etc.

The best would up autostart the recovery some time after boot up, anyway the cron job to specific time is sufficient, just could accept the name of snaphost to activate.

Hi,

got small error, no impact, just looking how to fix it.

1. I have SD card with UFS, upgraded to 24.7.6 from previous version -> no error.

2. new install
- took new SD card and put ZFS. Installed 24.7
- load old config from 24.7 hotfix 5 to get internet quickly
- upgraded to 24.7.6
- install missing packages
- restore config for 24.7.6 from SD card 1

All works, except error below. I think it showed up after the install of 24.7.

Error:
Traceback (most recent call last):
  File "/usr/local/opnsense/scripts/system/certctl.py", line 203, in <module>
    cmds[sys.argv[1]]()
  File "/usr/local/opnsense/scripts/system/certctl.py", line 160, in cmd_rehash
    os.symlink(src_filename, dst_filename)
FileNotFoundError: [Errno 2] No such file or directory: '/usr/share/certs/untrusted/Staat_der_Nederlanden_c' -> '/etc/ssl/blacklisted/03179a64.0'


It looks like the blacklisted dir is missing. Is there a way to fix this? thx

Take a new serial cable.
I had before similar issues, nothing I have tried worked. Just got new cable and all works flawlessly.

Got the same problem. Thanks for test.

Another example can be. Wnat some rules for all interfaces and some rules for subset only.

Group_A: LAN1, LAN2, LAN3, DMZ1, DMZ2
Group_B: LAN1, LAN2, LAN3

The sort is now based on the 'name'.

Maybe good point to be confirmed by dev and to be documented.