Messages

I've experienced two issues that made the machine un-responsive.  This was stable before 26.1.0.   DNS did seem like it was not working this last time.

Why is this discovering hosts outside of my firewall?  I can't fathom why it would try to discover anything on the WAN port. 

Is there a way to send an email alert when a Firewall is triggered? 

I realize this can lead to a lot of spam, but if the alerts are properly throttled, it can be handled.

The rule is set up to block outbound communications to known bad actors.  If an internal computer actually attempts to contact the bad actor, then there is something bad going on with that computer.  It would be prudent to check that machine for malware.

The email would be like:

Code Select Expand

"<computer name|ip> violated the known_abusers outbound firewall rule."
There would be an option to send the message only once until the alert is cleared.  Possibly with reminders until the alert is cleared.
Or perhaps just send a summary message hourly/daily about machines that violated the rule.

Because the refresh interval is only hours and minutes...ex:  1 day and 8 hours means the alias will be refreshed after 32 hours.  This time floats too.  It's going to be 32 hours from now.  If the server reboots the "from now" changes.

But if I have cron job, I can schedule the refresh at a specific time:

Use case:  my black list is published at 00:00, 06:00, 12:00, and 18:00

First set a cron job to do this:

Code Select Expand

05~30 */6 * * * *  update_blacklish.shThis will wait between 5 and 30 minutes after the list is published and download it to my staging server.

The cron job on Opnsense will be

Code Select Expand

35 */6 * * * * <refresh url table>This will update the URL Table alias list at 00:35, 06:35, 12:35 and 18:35.

Using cron jobs allow the updates/refreshes to
1) try not to cram the black list server but still get the list in a reasonable amount of time after update.
2) only use up CPU reprocessing the list on the firewall when there is a known update.

Even better would be able to trigger step 2 via an API call.  Then the list is only updated when the process in step 1 knows it got a new list.  (The second cron job wouldn't be needed.)

Can we do Cron style updates for URL Tables in Aliases? The idea is that I'd like to update the list every 6 hours with a random 15 minutes...then have the URL Tables refresh on the 16th minute.  Or even better, is there a way to trigger an update via API call?

Can we do Cron style updates for URL Tables in Aliases? The idea is that I'd like to update the list every 6 hours with a random 15 minutes...then have the URL Tables refresh on the 16th minutes.  Or even better, is there a way to trigger an update via API call?

*** Crap wrong forum.  Don't see a delete button.

try to manually assign the external IP address in challenge's options

Thanks, this could work, but I'm on a dynamic IP address.

Seems like there's a bug since multiple people are reporting this.

I can't remember exactly what file it is, but sometimes the Unbound DB gets corrupted.  I've deleted it before and it's fixed this type of behavior.

I've got a problem too.  The ACME client on HTTP challenges is not seeing the IP Address of the WAN.   Renewal worked on Jan 15 and failed on Feb 15 2024.

I checked the WAN's IP.  It is correct, but the logs show the IPs listed below.   The format of the log has changed during this time.  It must be an update to the client that is an issue.   I have 1 WAN port and 4 LAN ports only the two LAN ports configured below are connected.  The new client does not appear to see the WAN port.

2024-02-18T21:39:58-05:00   opnsense   AcmeClient: using IPv4 address: 192.168.3.1
2024-02-18T21:39:58-05:00   opnsense   AcmeClient: using IPv4 address: 192.168.1.1

From when it worked:

2024-01-26T18:38:05   opnsense[2844]   AcmeClient: using IPv4 address: 73.88.76.86
2024-01-26T18:38:05   opnsense[2844]   AcmeClient: using IPv4 address: 192.168.1.1

For Info, J3455 CPU.

See the two attached graphs.  The gap in the middle is patching from 23.1 to 23.7.  There are a lot of ISRs popping off.  Throughput is slower.  Speed test are affecting the CPU much more than in the past.

Graph 1 shows the CPU is running hotter.
Graph 2 shows the higher ISRs.

@dpsguard.  The graph I posted shows the reboot from the upgrade and the change in CPU activity.  There was no change in actual work load.  I have also posted the graph of the CPU heat.  Not sure what has changed, but the CPU is definitely busier in the latest release.  I think this is affecting server throughput.   I know I have a weak CPU in this box, but it should be overkill for a firewall.  This is a simple home network.

I just ran some speed tests and network load is making a much bigger difference to CPU load than is used to.

The gaps in the graphs I've posed are from the system upgrade.  The load on the router was the same before and after.

I think there's something wrong with 23.7.  I'm not getting the same peak speed I used to get, and I'm burning a lot more CPU.  It looks like ISRs are doing something they didn't do before.

I'm seeing this with my firewall too.  I'm on a J455.  I noticed the CPU spikes.  The CPU is running hotter. It looks like there's an issue with system interrupts that is new since my upgrade.  They seldom showed up before the upgrade. 

I do not have this checked, but it does not put the "ipv6=no" into the config file.  Is this a bug?