Messages

After reboot, 24.7.b_15 crashed twice for me but then it's working fine so far. Submitted the problem, not sure if it's sent bc of the 2nd crash.

I tried that, not working vertically. I wanna see full service list so I can extend it bit down, hit refresh and it's back to before.

We were wondering if this does this also crash with the beta kernel? Because it sort of indicates that it didn't before.

# opnsense-update -kr 24.7.b


Cheers,
Franco

Same here. Keep getting crashed every couple minutes with RC1 so I update to 24.7.b. It's been an hour and no crash. Love the dashboard but widgets are not resizable ?

Do you need ppoe on the VM? The WAN interface is likely to be set to ppoe on the configuration type, either or both v4 and v6, so the system keeps trying to get authenticated.

It happened to me today, I tried create a cron work but DHCp6c renewal not stopping and quickly fill up memory usage.
Not sure if it has something to do with Zenarmor, was adding more in Policy.

I switch to mongodb as database instead of Elasticsearch since mimugmail repo also uses elasticsearch. Would it be the cause of out of swap page?

Have you tried to run a system audit and seeing what the results are? That looks like its related to php and/or python.

Goto System >> Firmware >> Status

Then choose "Health" from the "Run An Audit" button next to the  "Check for updates" button. You may also want to look at the "Upgrade" audit as well. Something isn't right though. An audit should help you find it.

I have the latest version of OPNsense and Zenarmor and it's working fine but on one older firewall (Been through many OPNsense updates) I had to manually fix some upgrade issues with OPNsense for a proper install of dependencies for Zenarmor. So you are probably looking for dependency issues in the audit.

I did not try the audit.  Good idea though.  Agree php / python / elasticsearch issue.
I've since restored back to opn 23.1 + za 1.13.
I have an email into Sunny Valley regarding issue.  (Of course decided best day for upgrade was a Friday :)
I did get a backup of broken VM prior to delete/restore which I can later restore for more troubleshooting.  Or can clone production VM and re-do another 23.7 upgrade.
I just needed to get operational again and will follow-up testing more with secondary lab VM.

I have the same issue with swap page at 100%. There was error about Sqlite.php need to change line 136 to 2048MB but I only use elastic search as database. I have to uninstall ZA for now and wait for the team responds. Love the new UI.

I tried getting wireguard working while using Adguard and ran into issue where it didn't get any handshake if I use custom domain on Cloudflare. So eventually I found that I need to create another A record like vpn.domain_name.tld on Cloudflare and disable proxy. Then add vpn.domain_name.tld to Wireguard app - Endpoint. The rest are just as same as homenetworkguy's wireguard configuration guide.

I also found that in order to get enable encryption mode working, the correct path to  the full chain certs and cert key are conveniently found in Service - ACME clients - Log file - ACME.log. In my case it's

Code Select Expand

/var/etc/acme-client/home/*.domain_name.tld_ecc/fullchain.cer and

Code Select Expand

/var/etc/acme-client/home/*.domain_name.tld_ecc/*.domain_name.tld.key

I run into an issue where I have to create rule to allow access to adguard dashboard or pretty any dashboard.

You're right. My bad, I didn't notice at first. ZA put it in dead site category and block it.

[23.1]

23.7 seems like a long way no? We're at 23.1.7 so I guess I can chill for now.

23.1 in January 2023, 23.7 in July 2023, ... there won't be 23.[2-6].

Damn.

Anyway, I got both IPv4 and IPv6 update by changing backend to OPNsense and use ip4only.me, nsupdate-info.ipv6 for Check IP method instead of interfacev4 & v6.

Btw @franco ip6only.me is a dead site, it is ip6.me i think.

Please note that 23.7 will kill dyndns (apparently ddclient will be the successor).

23.7 seems like a long way no? We're at 23.1.7 so I guess I can chill for now.

I tried DD-Client, change Services: Dynamic DNS: General Settings - Backend to OPNesne and it works for IPv6 without changing anything in config file. However, i get error message

Code Select Expand

failed to set new ip None [{"result":null,"success":false,"errors":[{"code":9005,"message":"Content for A record must be a valid IPv4 address."}],"messages":[]}]
Seems like ddclient try to update WAN private IP instead of public IP. For now I use dydns for IPv4 and, ddclient for Ipv6.

Running adguard and chrony and never had an issue between those two.

I assume you have disabled the regular NTP server service? (Services -> Network Time -> General -> "Time Servers" empty and "Client Mode" ticked)

And another wild shot in the dark: You have disabled the rate limit in Adguard Home (Settings -> DNS Settings -> Rate Limit set to "0")?

I switch to Zenarmor for now, reduce ~40ms ping but it's a completely different topic. Anyway, would NAT redirect rule like DNS or NTP cause PTR flooding Adguard?
Today I installed Chrony and added a couple servers from here

Code Select Expand

https://gist.github.com/jauderho/2ad0d441760fc5ed69d8d4e2d6b35f8d
After that I see a buttload of PTR resolve in Unbound logs right away. However, things seem going back to normal after restart or maybe bc I change NAT redirect NTP rule before DNS. Can't re-create the issue.

Thank you.
However I ran into an issue where enabled Chrony crashed OPNsense. Adguard logs see  a lot of queries every couple milliseconds. Took awhile to get to webgui so I could disable it. At first, I thought the issue was the redirect rule so I disabled it and also only added 1 server. Still seeing a lot of queries sending to Adguard. I ended up disabling Chrony for now.
Today I switched to Zenarmor since the latest update is working without problem for my OPNsense. Will try Chrony again later.

Hi
I enable IPv6 for multiple interfaces + vlan, and Adguard listening without issue. I see IPv6 addresses show up on Adguard's dashboard. However, I have no idea if redirect rule to adguard would force IPv6 as well. Temporarily I add LAN IPv6 to rdr tartget alias. The problem is that I don't have static IPv6, and my ISP changes prefix once a day. Appreciate some example of IPv6 rdr configuration on adguard and opnesne.
Cheers

But this is not the problem, its about dhcp not handing out the local IP as dns :)

I see. Does IPv6 DNS records can be looked up over IPv4? Add LAN IPv6 as upstream DNS, I see a lot more IPv6 in logs. With Pihole I can use local-link IPv6 to advoid the dynamic prefix, Adguard doesn't accept it. I'm trying w [::1]:53350 for now. Will look around more. Thank you.