Messages

1

24.7 Production Series / Re: Kernel panics after upgrade to R1

« on: July 17, 2024, 08:46:28 am »

After reboot, 24.7.b_15 crashed twice for me but then it's working fine so far. Submitted the problem, not sure if it's sent bc of the 2nd crash.

2

24.7 Production Series / Re: Kernel panics after upgrade to R1

« on: July 17, 2024, 02:44:44 am »

I tried that, not working vertically. I wanna see full service list so I can extend it bit down, hit refresh and it's back to before.

3

24.7 Production Series / Re: Kernel panics after upgrade to R1

« on: July 17, 2024, 01:51:01 am »

We were wondering if this does this also crash with the beta kernel? Because it sort of indicates that it didn't before.

# opnsense-update -kr 24.7.b


Cheers,
Franco

Same here. Keep getting crashed every couple minutes with RC1 so I update to 24.7.b. It's been an hour and no crash. Love the dashboard but widgets are not resizable ?

4

24.1 Legacy Series / Re: dhcp6c_script Runs Every Second

« on: June 10, 2024, 01:26:36 pm »

Do you need ppoe on the VM? The WAN interface is likely to be set to ppoe on the configuration type, either or both v4 and v6, so the system keeps trying to get authenticated.

It happened to me today, I tried create a cron work but DHCp6c renewal not stopping and quickly fill up memory usage.
Not sure if it has something to do with Zenarmor, was adding more in Policy.

5

Zenarmor (Sensei) / Re: 23.7 CPU / RAM 100% crashing - Zenarmor?

« on: August 17, 2023, 10:48:01 pm »

I switch to mongodb as database instead of Elasticsearch since mimugmail repo also uses elasticsearch. Would it be the cause of out of swap page?

6

Zenarmor (Sensei) / Re: 23.7 CPU / RAM 100% crashing - Zenarmor?

« on: August 13, 2023, 12:10:42 pm »

Have you tried to run a system audit and seeing what the results are? That looks like its related to php and/or python.

Goto System >> Firmware >> Status

Then choose "Health" from the "Run An Audit" button next to the  "Check for updates" button. You may also want to look at the "Upgrade" audit as well. Something isn't right though. An audit should help you find it.

I have the latest version of OPNsense and Zenarmor and it's working fine but on one older firewall (Been through many OPNsense updates) I had to manually fix some upgrade issues with OPNsense for a proper install of dependencies for Zenarmor. So you are probably looking for dependency issues in the audit.

I did not try the audit.  Good idea though.  Agree php / python / elasticsearch issue.
I've since restored back to opn 23.1 + za 1.13.
I have an email into Sunny Valley regarding issue.  (Of course decided best day for upgrade was a Friday
I did get a backup of broken VM prior to delete/restore which I can later restore for more troubleshooting.  Or can clone production VM and re-do another 23.7 upgrade.
I just needed to get operational again and will follow-up testing more with secondary lab VM.

I have the same issue with swap page at 100%. There was error about Sqlite.php need to change line 136 to 2048MB but I only use elastic search as database. I have to uninstall ZA for now and wait for the team responds. Love the new UI.

7

Documentation and Translation / Re: AdGuard Home setup guide

« on: July 22, 2023, 09:51:35 am »

I tried getting wireguard working while using Adguard and ran into issue where it didn't get any handshake if I use custom domain on Cloudflare. So eventually I found that I need to create another A record like vpn.domain_name.tld on Cloudflare and disable proxy. Then add vpn.domain_name.tld to Wireguard app - Endpoint. The rest are just as same as homenetworkguy's wireguard configuration guide.

I also found that in order to get enable encryption mode working, the correct path to  the full chain certs and cert key are conveniently found in Service - ACME clients - Log file - ACME.log. In my case it's

Code: [Select]

/var/etc/acme-client/home/*.domain_name.tld_ecc/fullchain.cer and

Code: [Select]

/var/etc/acme-client/home/*.domain_name.tld_ecc/*.domain_name.tld.key

8

Documentation and Translation / Re: AdGuard Home setup guide

« on: July 21, 2023, 09:52:32 am »

I run into an issue where I have to create rule to allow access to adguard dashboard or pretty any dashboard.

9

22.1 Legacy Series / Re: os-ddclient

« on: May 13, 2023, 12:57:58 pm »

You're right. My bad, I didn't notice at first. ZA put it in dead site category and block it.

10

22.1 Legacy Series / Re: os-ddclient

« on: May 10, 2023, 06:20:56 am »

23.7 seems like a long way no? We're at 23.1.7 so I guess I can chill for now.

23.1 in January 2023, 23.7 in July 2023, ... there won't be 23.[2-6].

Damn.

Anyway, I got both IPv4 and IPv6 update by changing backend to OPNsense and use ip4only.me, nsupdate-info.ipv6 for Check IP method instead of interfacev4 & v6.

Btw @franco ip6only.me is a dead site, it is ip6.me i think.

11

22.1 Legacy Series / Re: os-ddclient

« on: May 09, 2023, 07:21:51 am »

Please note that 23.7 will kill dyndns (apparently ddclient will be the successor).

23.7 seems like a long way no? We're at 23.1.7 so I guess I can chill for now.

12

22.1 Legacy Series / Re: os-ddclient

« on: May 07, 2023, 04:04:56 pm »

I tried DD-Client, change Services: Dynamic DNS: General Settings - Backend to OPNesne and it works for IPv6 without changing anything in config file. However, i get error message

Code: [Select]

failed to set new ip None [{"result":null,"success":false,"errors":[{"code":9005,"message":"Content for A record must be a valid IPv4 address."}],"messages":[]}]Seems like ddclient try to update WAN private IP instead of public IP. For now I use dydns for IPv4 and, ddclient for Ipv6.

13

23.1 Legacy Series / Re: Secure NTP

« on: May 05, 2023, 02:22:07 pm »

Running adguard and chrony and never had an issue between those two.

I assume you have disabled the regular NTP server service? (Services -> Network Time -> General -> "Time Servers" empty and "Client Mode" ticked)

And another wild shot in the dark: You have disabled the rate limit in Adguard Home (Settings -> DNS Settings -> Rate Limit set to "0")?

I switch to Zenarmor for now, reduce ~40ms ping but it's a completely different topic. Anyway, would NAT redirect rule like DNS or NTP cause PTR flooding Adguard?
Today I installed Chrony and added a couple servers from here

Code: [Select]

https://gist.github.com/jauderho/2ad0d441760fc5ed69d8d4e2d6b35f8dAfter that I see a buttload of PTR resolve in Unbound logs right away. However, things seem going back to normal after restart or maybe bc I change NAT redirect NTP rule before DNS. Can't re-create the issue.

14

23.1 Legacy Series / Re: Secure NTP

« on: May 03, 2023, 01:18:07 pm »

Thank you.
However I ran into an issue where enabled Chrony crashed OPNsense. Adguard logs see  a lot of queries every couple milliseconds. Took awhile to get to webgui so I could disable it. At first, I thought the issue was the redirect rule so I disabled it and also only added 1 server. Still seeing a lot of queries sending to Adguard. I ended up disabling Chrony for now.
Today I switched to Zenarmor since the latest update is working without problem for my OPNsense. Will try Chrony again later.

15

23.1 Legacy Series / Re: DNS issues since 23.1.6

« on: April 30, 2023, 09:31:57 am »

Hi
I enable IPv6 for multiple interfaces + vlan, and Adguard listening without issue. I see IPv6 addresses show up on Adguard's dashboard. However, I have no idea if redirect rule to adguard would force IPv6 as well. Temporarily I add LAN IPv6 to rdr tartget alias. The problem is that I don't have static IPv6, and my ISP changes prefix once a day. Appreciate some example of IPv6 rdr configuration on adguard and opnesne.
Cheers

But this is not the problem, its about dhcp not handing out the local IP as dns

I see. Does IPv6 DNS records can be looked up over IPv4? Add LAN IPv6 as upstream DNS, I see a lot more IPv6 in logs. With Pihole I can use local-link IPv6 to advoid the dynamic prefix, Adguard doesn't accept it. I'm trying w [::1]:53350 for now. Will look around more. Thank you.