Messages

I still have this problem on every OPNSense.

With debug level high I see:

Code Select Expand

wazuh-logcollector[2206] read_syslog.c 104 at read_syslog(): DEBUG: Reading syslog message: '2025/05/21 18:08:45 opnsense-fw: Aborted'

That errors is shown due to what is discussed above. It was always there when you at certain point reached more packets than the CPU could handle while having netmap ON. Devs did just disable the suppression of this message thus you can see it now.

I disabled inspection mode. It simply does not work with VmWare nics. After some times, packets entering the firewall do not exit anymore from the target interface until a full reboot. It is not a performance matter, it is something that stops working.

[Aborted]

Hi have quite same problem. Wazuh agent does not update alias "sometimes". It receives commands, but sometimes they are processed, sometimes IPs are not inserted to the list.

I noticed that logfile for active response reports: opnsense-fw   Aborted

I have same problem, after a few days packets flow is broken.
I'm running OpnSense on VMWare, vmxnet3 nic. Is there any way to run it, or is simply not compatible?

Hi,
I'm still having this problem with many different OPNSense instances.

I connect OPNSense to remote devices via VTI IPSEC tunnels, then run OSPF over them and all works fine. But sometimes, most of time when IPSECs go down and then are restored, the routes received by OSPF are reported under routing->diagnostics->OSPF (so FRR is loading them), but are missing under system->routes->status, so they are not (re)loaded and networking is broken.


This is really strange for me, but I cannot find a solution nor any idea. Help will be really appreciate.

Hi,
I need to distribute via OSPF IPs assigned to dialup clients connected via OpenVPN tunnels. I noticed that on some OPNSense I find these addresses in routing table as "kernel", on some others I find them as "connected". So, sometimes I need to arrange config to redistribute connected routes, sometime kernel. Why?
Is there something wrong in my settings?

Basically I need to make IPs con connected client distributes to other routers via OSPF.

thanks

I think that system routing table may reflect (import) what the OSPF daemon calculates as routes. Is not this right?
What may I find as possible explanation of my problem?

Hi,
I have a strange behavior. This Opnsense has OSPF enabled, that seems working well. It connects to remote OSPF routers, received data and create routing table. In routing -> diagnostic -> OSPF I can see the route I look for, and it reflect connections changes well.
For example, I have a remote network 10.0.0.0/24 that is connected via different paths, and I find the right entry in the table based on paths availability and priorities.

The problem is that the OPSENSE's routing table does not apply this. In system -> route -> status I do not find this entry. And every topology change is not reflected so I have routing problems.

This is really strange for me, but I cannot find a solution. Any idea?

thanks

I have this problem, and traffic flow is also broken (still GUI is accessible)  >:(

disabling Suricata has solved the problem and restored flows (without to reboot)

I'm running last OPNSense on vmware, with Suricata checking WAN side (there is a lot of incoming NATs)

sorry, I don't remember the exact settings. I suspect in openvpn server main settings

I've just updated from the last 23.7 to 24.1. After the upgrade, I was able to access the firewall from Internet, but the firewall itself was not able to send packet to any host. The default route was not loaded in routing table, or better it was loaded but assigned to a wrong interface (an ipsec).
The upstream gateway setting was preserved in WAN interface.

I manually added a static route 0.0.0.0/0 to the default upstream gateway and this solved: the right default route is loaded, and the wrong is not reported.

I upgraded many firewalls to 24.1 without this problem, but I'm worried because this is the most important. Is this a known issue? Is this something I can check?

wan is an IPv4 only interface with static public IP. OpnSense runs on a VM

thanks

Maybe it's something similar, but I cannot explain nor fix :(
The first and the second server are in two subnets connected to this OPNSense. Direct and quick connection, no alternate route available.
Also tried to put the firewall in conservative

Also checking "Disable all packet filtering. " seems not solving problems :(

take a look to attached firewall log

sometimes
tcpflags   RA
sometime only A

for example:

F03LAN      2024-03-13T17:27:39   10.77.67.3:54052   52.20.40.101:443   tcp   Default deny / state violation rule
F03LAN      2024-03-13T17:27:15   10.77.67.3:56432   34.149.211.227:443   tcp   Default deny / state violation rule

and attached rules for F03LAN. The first is a bypass I added to avoid the problem (that is not working) and the last the rule I aspect that will allow the flow of above blocked logs.

The F03LAN address is 10.77.67.1/26

I've a firewall that was working until today (when I updated from  24.1.2 to  24.1.3, but maybe the problem has started before the upgrade), that now is not applying rules as expected.

I can see in the log that packets are dropped because "Default deny / state violation rule", but rules that allow that kind of packet are loaded (and they are working until yesterday).
I've this problem both on rules with SNAT (for example to connect to HTTPS), and without any NAT (for example simple "routing" from client in a network to AD servers in an other).

Tried to restart firewall service, and also all appliance but nothing :(

This is an hell: something can help me?
thanks