Messages

1

22.7 Legacy Series / Re: [update] after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: January 06, 2023, 02:58:22 pm »

That is the procedure.

I’m running fine on .10 with Suricata locked at .8, but I would hold at the version you’re on now.  There’s no need to rush the upgrade.  I suspect there are other underlying gremlins complicating various configs, judging from forum posts here and elsewhere.

In tech, “upgrading” a perfectly stable setup, usually turns into, “ruining your entire weekend”.  We’re all masochists.

2

22.7 Legacy Series / Re: [update] after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: January 06, 2023, 12:44:02 am »

And restore your last good config on .9.

3

22.7 Legacy Series / Re: [update] after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: January 06, 2023, 12:40:35 am »

Noticed internet access was very slow since doing the upgrade couple days ago.

Thankfully came across this thread. Not an opnsense expert. Running opnsense on a dedicated physical machine.

Rolled back to 22.7.9 and things seem to back to 'normal'.

opnsense-revert -r 22.7.9 opnsense
opnsense-update -kr 22.7.9
# then reboot

Cheers,

Do the commands exactly as shown above.  Revert, update, then reboot.  First command reverts the package, second command updates the kernel to the specific package.

4

22.7 Legacy Series / Re: [update] after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: January 05, 2023, 11:34:46 pm »

And, yes, .10, broke somethings for sure, but OPNsense has been a rock solid platform for me for several years up until this last change.


Sent from my iPhone using Tapatalk

5

22.7 Legacy Series / Re: [update] after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: January 05, 2023, 11:32:31 pm »

And to answer a previous poster, no, it’s not fixed.  Lock Suricata at 6.0.8.  Everything else should work fine.

You can follow the Suricata bug report Franco linked to earlier.


Sent from my iPhone using Tapatalk

6

22.7 Legacy Series / Re: [update] after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: January 05, 2023, 11:29:04 pm »

You have to use revert.

7

22.7 Legacy Series / Re: after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: December 12, 2022, 02:33:21 am »

Make sure to lock Suricata at 6.0.8_1


Sent from my iPhone using Tapatalk

8

22.7 Legacy Series / Re: after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: December 11, 2022, 12:16:10 am »

You can download it directly from here:

https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/MINT/22.7.8/OpenSSL/All/

Scroll down and find:

   suricata-6.0.8_1.pkg   2022-11-16 21:31   1.9M   

https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/MINT/22.7.8/OpenSSL/All/suricata-6.0.8_1.pkg

I'm assuming you're on OpenSSL.  Easy enough to figure out, if you're on LibreSSL.

https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/MINT/22.7.8/LibreSSL/All/suricata-6.0.8_1.pkg

9

22.7 Legacy Series / Re: after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: December 10, 2022, 11:06:04 pm »

Yes.

# opnsense-revert -r 22.7.8 suricata

10

22.7 Legacy Series / Re: after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: December 10, 2022, 10:22:39 pm »

No output on dmesg.

11

22.7 Legacy Series / Re: after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: December 07, 2022, 03:07:50 pm »

This is very much what's going on:

https://redmine.openinfosecfoundation.org/issues/5744#note-16

I came across this previous problem, as well, during my research, and it describes exactly what is happening with my system.  There are no errors logged.  Interface just drops.  "Ethernet detached event".  And, with the first version of 6.0.9, completely bricked my box and could not be accessed through ssh or web GUI.  Full reboot with hardware power button was only option.

12

22.7 Legacy Series / Re: after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: December 07, 2022, 02:52:25 pm »

Code: [Select]

  - interface: eth0
    #copy-iface: eth1
  - interface: default
  - interface: default
netmap:
  - interface: default
    # (e.g. "copy-iface: eth0+"). Don't forget to set up a symmetrical eth0+ -> eth0
    #copy-iface: eth3
  - interface: em1
    copy-iface: em1^
  - interface: em1^
    copy-iface: em1
Baremetal i5, 16GB dual channel RAM, Intel 82583V NIC, Protectli box.  Suricata IPS, Promiscuous, on LAN.

I believe the issue manifests itself the easiest with multiple TLS connections.  As mentioned previously, can reproduce problem instantly with nzbget (docker instance on NAS) (setup 6 news-servers with 63 TLS connections on a 1Gbps connection and watch your interface get obliterated; this setup can completely saturate the line with TLS connections/SSL traffic).  My network performs flawlessly with 6.0.9 otherwise, and same setup works 100% flawlessly on 6.0.8.  Can switch the versions (6.0.9 patched without new API; previous version bricked the box) mid-download and watch the download speeds die and comeback (with restarting the Suricata service in between).

13

22.7 Legacy Series / Re: after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: December 06, 2022, 04:28:26 pm »

Much thanks Franco for the followup.

14

22.7 Legacy Series / Re: after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: December 06, 2022, 04:27:46 pm »

Doesn't kill the entire network anymore (or crash the Opnsense router), but still kills the SSL connections after 30 seconds or so.  Throwing the ethernet detached event on LAN (em1) now, but interface recovers.

15

22.7 Legacy Series / Re: after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: December 05, 2022, 01:01:40 am »

Can confirm it's Suricata 6.0.9.  Have spent many hours the last two days testing numerous settings and scenarios.

Reverted to Suricata 6.0.8 on Opnsense 22.7.9 and the problem stopped.  The logs did not show anything other than this: "/usr/local/etc/rc.linkup: DEVD: Ethernet detached event for dynamic wan(em0)" Each time it happened.  Problem was easily reproduced with nzbget (will saturate download pipeline; seems to be related to multiple, parallel high bandwidth connections occurring simultaneously; saw no unusual problems during normal daily network activity, so I'm sure most users will not notice anything amiss).  Dropped the entire network within seconds.

Protectli box, intel NIC, i5, 16GB dual channel.  Suricata running IPS, Promiscuous, on LAN.  Platform and config have been rock solid until this upgrade.

And, there are no hardware problems with the NIC, cable, ISP modem or switch.