Messages

try to manually assign the external IP address in challenge's options

Thanks, this could work, but I'm on a dynamic IP address.

Seems like there's a bug since multiple people are reporting this.

I can't remember exactly what file it is, but sometimes the Unbound DB gets corrupted.  I've deleted it before and it's fixed this type of behavior.

I've got a problem too.  The ACME client on HTTP challenges is not seeing the IP Address of the WAN.   Renewal worked on Jan 15 and failed on Feb 15 2024.

I checked the WAN's IP.  It is correct, but the logs show the IPs listed below.   The format of the log has changed during this time.  It must be an update to the client that is an issue.   I have 1 WAN port and 4 LAN ports only the two LAN ports configured below are connected.  The new client does not appear to see the WAN port.

2024-02-18T21:39:58-05:00   opnsense   AcmeClient: using IPv4 address: 192.168.3.1
2024-02-18T21:39:58-05:00   opnsense   AcmeClient: using IPv4 address: 192.168.1.1

From when it worked:

2024-01-26T18:38:05   opnsense[2844]   AcmeClient: using IPv4 address: 73.88.76.86
2024-01-26T18:38:05   opnsense[2844]   AcmeClient: using IPv4 address: 192.168.1.1

For Info, J3455 CPU.

See the two attached graphs.  The gap in the middle is patching from 23.1 to 23.7.  There are a lot of ISRs popping off.  Throughput is slower.  Speed test are affecting the CPU much more than in the past.

Graph 1 shows the CPU is running hotter.
Graph 2 shows the higher ISRs.

@dpsguard.  The graph I posted shows the reboot from the upgrade and the change in CPU activity.  There was no change in actual work load.  I have also posted the graph of the CPU heat.  Not sure what has changed, but the CPU is definitely busier in the latest release.  I think this is affecting server throughput.   I know I have a weak CPU in this box, but it should be overkill for a firewall.  This is a simple home network.

I just ran some speed tests and network load is making a much bigger difference to CPU load than is used to.

The gaps in the graphs I've posed are from the system upgrade.  The load on the router was the same before and after.

I think there's something wrong with 23.7.  I'm not getting the same peak speed I used to get, and I'm burning a lot more CPU.  It looks like ISRs are doing something they didn't do before.

I'm seeing this with my firewall too.  I'm on a J455.  I noticed the CPU spikes.  The CPU is running hotter. It looks like there's an issue with system interrupts that is new since my upgrade.  They seldom showed up before the upgrade. 

I do not have this checked, but it does not put the "ipv6=no" into the config file.  Is this a bug?

The UI needs a way to allow the end user to select if the IPV6 and/or IPV4 addresses will be checked.  It's possible to put these options into the config file according to the link below.  I specifically do not want to list a IPV6 address.  I don't know if it would be a good idea to turn off IPV4, but might as well make it an option in the GUI too.

https://serverfault.com/questions/1084718/ddclient-do-not-update-ipv4-but-just-ipv6

Look at your leases file.  Is it corrupted?  It should be text.   If it is corrupted, delete it.   Mine looked like it was binary.

I can't remember where it is, but that's been my problem twice now.

It looks like they live here: /var/dhcpd/var/db

Sorry, I can't remember specifically what file I deleted, but it was obviouss when it was corrupted.

I'm trying to switch to the new dynamic DNS client.  I have it installed and configured to use dynu.com.  This was done via the GUI.  However after letting it run for about 12 hours, there were no check attempts according to the GUI status screen.  There was no activity in the logs.

Where can I begin troubleshooting?