Messages

1

General Discussion / Re: ACME Challenge HTTP-01 stopped working

« on: February 19, 2024, 10:46:53 pm »

try to manually assign the external IP address in challenge's options

Thanks, this could work, but I'm on a dynamic IP address.

Seems like there's a bug since multiple people are reporting this.

2

General Discussion / Re: Unbound DNS not working anymore

« on: February 19, 2024, 10:45:24 pm »

I can't remember exactly what file it is, but sometimes the Unbound DB gets corrupted.  I've deleted it before and it's fixed this type of behavior.

3

General Discussion / Re: ACME Challenge HTTP-01 stopped working

« on: February 19, 2024, 03:59:20 am »

I've got a problem too.  The ACME client on HTTP challenges is not seeing the IP Address of the WAN.   Renewal worked on Jan 15 and failed on Feb 15 2024.

I checked the WAN's IP.  It is correct, but the logs show the IPs listed below.   The format of the log has changed during this time.  It must be an update to the client that is an issue.   I have 1 WAN port and 4 LAN ports only the two LAN ports configured below are connected.  The new client does not appear to see the WAN port.

2024-02-18T21:39:58-05:00   opnsense   AcmeClient: using IPv4 address: 192.168.3.1
2024-02-18T21:39:58-05:00   opnsense   AcmeClient: using IPv4 address: 192.168.1.1

From when it worked:

2024-01-26T18:38:05   opnsense[2844]   AcmeClient: using IPv4 address: 73.88.76.86
2024-01-26T18:38:05   opnsense[2844]   AcmeClient: using IPv4 address: 192.168.1.1

4

23.7 Legacy Series / Re: CPU Performance after 23.7 upgrade

« on: August 05, 2023, 08:59:48 am »

For Info, J3455 CPU.

5

23.7 Legacy Series / CPU Performance after 23.7 upgrade

« on: August 05, 2023, 02:40:40 am »

See the two attached graphs.  The gap in the middle is patching from 23.1 to 23.7.  There are a lot of ISRs popping off.  Throughput is slower.  Speed test are affecting the CPU much more than in the past.

Graph 1 shows the CPU is running hotter.
Graph 2 shows the higher ISRs.

6

Hardware and Performance / Re: Random Frequent CPU Spikes and Page Faults

« on: August 04, 2023, 01:25:11 am »

@dpsguard.  The graph I posted shows the reboot from the upgrade and the change in CPU activity.  There was no change in actual work load.  I have also posted the graph of the CPU heat.  Not sure what has changed, but the CPU is definitely busier in the latest release.  I think this is affecting server throughput.   I know I have a weak CPU in this box, but it should be overkill for a firewall.  This is a simple home network.

I just ran some speed tests and network load is making a much bigger difference to CPU load than is used to.

The gaps in the graphs I've posed are from the system upgrade.  The load on the router was the same before and after.

7

Hardware and Performance / Re: 100Mb/s in WAN instead of ~250 MB\s

« on: August 03, 2023, 07:15:09 pm »

I think there's something wrong with 23.7.  I'm not getting the same peak speed I used to get, and I'm burning a lot more CPU.  It looks like ISRs are doing something they didn't do before.

8

Hardware and Performance / Re: Random Frequent CPU Spikes and Page Faults

« on: August 03, 2023, 07:12:52 pm »

I'm seeing this with my firewall too.  I'm on a J455.  I noticed the CPU spikes.  The CPU is running hotter. It looks like there's an issue with system interrupts that is new since my upgrade.  They seldom showed up before the upgrade. 

9

22.7 Legacy Series / Re: os-ddclient needs the option to turn off ipv6 (and ipv4) checks

« on: August 12, 2022, 06:39:37 am »

I do not have this checked, but it does not put the "ipv6=no" into the config file.  Is this a bug?

10

22.7 Legacy Series / os-ddclient needs the option to turn off ipv6 (and ipv4) checks

« on: August 11, 2022, 12:32:49 am »

The UI needs a way to allow the end user to select if the IPV6 and/or IPV4 addresses will be checked.  It's possible to put these options into the config file according to the link below.  I specifically do not want to list a IPV6 address.  I don't know if it would be a good idea to turn off IPV4, but might as well make it an option in the GUI too.

https://serverfault.com/questions/1084718/ddclient-do-not-update-ipv4-but-just-ipv6

11

22.7 Legacy Series / Re: Unbound did not start - how to debug?

« on: August 11, 2022, 12:19:02 am »

Look at your leases file.  Is it corrupted?  It should be text.   If it is corrupted, delete it.   Mine looked like it was binary.

I can't remember where it is, but that's been my problem twice now.

It looks like they live here: /var/dhcpd/var/db

Sorry, I can't remember specifically what file I deleted, but it was obviouss when it was corrupted.

12

22.7 Legacy Series / os-ddclient does not seem to do anything -- Logs empty

« on: August 07, 2022, 03:30:33 am »

I'm trying to switch to the new dynamic DNS client.  I have it installed and configured to use dynu.com.  This was done via the GUI.  However after letting it run for about 12 hours, there were no check attempts according to the GUI status screen.  There was no activity in the logs.

Where can I begin troubleshooting?