1
24.7 Production Series / Re: DNSCrypt-Proxy logs no longer show after upgrade to 24.7
« on: September 22, 2024, 12:55:24 am »
I just installed the DNSCrypt plugin and I have the same problem with the logs
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
2
24.1 Legacy Series / Re: 24.1.2 Wireguard does not work after updating
« on: February 21, 2024, 07:41:18 pm »Quote
Reading the questions:
I just realized that I completely forgot about the DynDNS. I mean the time it needs to update.
I was super quick with testing. What a shame, if this would be the reason.....
So I just rolled back to 24.1.1, updated again to 24.1.2 (without the patch).
I will now test again and having a look at the DynDNS topic....
So...
After a clean update to 24.1.2, a few minutes of just waiting and doing nothing, everyhting works nicely...
So DynDNS could be an explanation....
However, there might have also been something else. Especialle because I was not able to start OPNsense yesterday at all.... no idea....
Thanks for the great support!
Just made a litte PayPal donation the the OPNsense project.
3
24.1 Legacy Series / Re: 24.1.2 Wireguard does not work after updating
« on: February 21, 2024, 06:09:13 pm »Quote
(1) Do you use DNS entries as endpoint addresses?Yes, I have a dynamic IP, so I have a dyndns domain pointing to my OPNsense router.
Quote
(2) Do you use tunnel addresses on your instances?Yes, this is the entry for the respective instance: 10.21.4.1/24,fd21:04::01/64
And allowed IPs for the peers. For example: 10.21.4.4/32,fd21:04::04/128
This addresses are then in the interface section of the client.
Quote
(3) Do you have allowed IPs on your peers?Yes, different for split and full tunnel:
Full tunnel allowed IPs: 0.0.0.0/0,::/0
Split tunnel allowed IPS: 10.21.0.0/16
Quote
(4) Do you have the instances assigned as interfaces?Yes
Quote
(5) If yes for (4) do you have an IPv4/IPv6 mode set in the interface?IPv4 and IPv6 Configuration Type set to "none"
Quote
(6) If yes for (4) do you have VIPs assigned to these interfaces?No
Reading the questions:
I just realized that I completely forgot about the DynDNS. I mean the time it needs to update.
I was super quick with testing. What a shame, if this would be the reason.....
So I just rolled back to 24.1.1, updated again to 24.1.2 (without the patch).
I will now test again and having a look at the DynDNS topic....
4
24.1 Legacy Series / Re: 24.1.2 Wireguard does not work after updating
« on: February 21, 2024, 05:03:30 pm »
OK. Following behaviour:
1. Updated again to 24.1.2 -> Wireguard did not work.
2. Applied the patch and rebooted. -> Wireguard did not work
3. Restarted Wireguard -> Wireguard worked
4. Reboot again -> Wireguard works
Until now. Everything was checked with my Android phone.
5. Reboot again -> Wireguard does not work on Android. However, iPad works.
A few connects and disconnects with both, Android and iPad. Suddenly both of them are working.
I tested Wireguard with the mobile LTE network but also out of my WLAN. Both showed the same behaviour.
Either both work, or both do not work.
Also both of my tunnes, split and full, showed the same behaviour.
This is difficult to nail down...
Anything that I could test now with the patched 24.1.2 installation?
Otherwise I would revert back to 24.1.1, reinstall 24.1.2 and continue testing to see if it is the same unstable behaviour....
1. Updated again to 24.1.2 -> Wireguard did not work.
2. Applied the patch and rebooted. -> Wireguard did not work
3. Restarted Wireguard -> Wireguard worked
4. Reboot again -> Wireguard works
Until now. Everything was checked with my Android phone.
5. Reboot again -> Wireguard does not work on Android. However, iPad works.
A few connects and disconnects with both, Android and iPad. Suddenly both of them are working.
I tested Wireguard with the mobile LTE network but also out of my WLAN. Both showed the same behaviour.
Either both work, or both do not work.
Also both of my tunnes, split and full, showed the same behaviour.
This is difficult to nail down...
Anything that I could test now with the patched 24.1.2 installation?
Otherwise I would revert back to 24.1.1, reinstall 24.1.2 and continue testing to see if it is the same unstable behaviour....
5
24.1 Legacy Series / Re: 24.1.2 Wireguard does not work after updating
« on: February 21, 2024, 04:07:25 pm »
# opnsense-patch 340a32473
or
# opnsense-patch 3340a32473
I guess it is the second to fit to the Github link correct? Just to be double-safe....
or
# opnsense-patch 3340a32473
I guess it is the second to fit to the Github link correct? Just to be double-safe....
6
24.1 Legacy Series / Re: 24.1.2 Wireguard does not work after updating
« on: February 21, 2024, 02:59:02 pm »You could try reverting this one:
https://github.com/opnsense/core/commit/3340a32473
But it's basically a can of worms because it fixes a non-operational issue on the surface, which points to lack of proper setup if it causes breakage... perhaps meddling with VIPs or a left-over interface IPv4 configuration (this has been discontinued but some old configs may still have it) which is not optimal at the moment.
# opnsense-patch 3340a32473
Cheers,
Franco
I just created the 24.1.1 installation.
I was running OPNsense on bare metal and now switched to Proxmox.
I described the way I did it in this post https://forum.opnsense.org/index.php?topic=38942.msg190682#msg190682.
Anything I can check in my config that could be a potential problem?
7
24.1 Legacy Series / Re: 24.1.2 Wireguard does not work after updating
« on: February 21, 2024, 02:55:03 pm »Quote
i've had vpn stuck at boot only if dns race condition was a problem (e.g. adguard as a main dns; unbound can't resolve if not routed to wan).
I think this could also be the problem for my hang during boot.
However also only with 24.1.2.
I just have unbound, howver with "DNS over TLS" resolving to Cloudflare enabled.
Any way to dive into this? Do I just have to wait for a certain timeout? It seemd to completely stuck at "Configuring Wireguard VPN..." and I was not able to start OPNsense at all...
8
24.1 Legacy Series / Re: 24.1.2 Wireguard does not work after updating
« on: February 20, 2024, 11:59:18 pm »
Another thing:
I rebooted a few times. It ended up with the following behaviour:
"Starting Unbound DNS" took several seconds.
If this is happening, the boot completely hangs with "Configuring Wireguard VPN..."
See attached screenshot.
I rolled back again to 24.1.1 and no problems.
I rebooted a few times. It ended up with the following behaviour:
"Starting Unbound DNS" took several seconds.
If this is happening, the boot completely hangs with "Configuring Wireguard VPN..."
See attached screenshot.
I rolled back again to 24.1.1 and no problems.
9
24.1 Legacy Series / Re: 24.1.2 Wireguard does not work after updating
« on: February 20, 2024, 11:40:34 pm »
I updated again and did some testing.
Outgoing Wireguard works. So selective routing to an external VPN provider.
Incoming Wireguard does not work. I see the connection in the OPNsense WebGui, but no data is transferred.
Then I disabled Wireguard and enabled it again. After this everything works normally.
When I reboot, it is broken again until I restart Wireguard.
One strange thing: I have two tunnel configurations. A full and a split tunnel.
Full tunnel allowed IPs: 0.0.0.0/0,::/0
Split tunnel allowed IPS: 10.21.0.0/16
After the reboot, the full tunnel does not work. From my Android phone and my iPad I cannot access an external site and also nothing of my private 10.21... network.
However with the split tunnel, I can access my private network.
Outgoing Wireguard works. So selective routing to an external VPN provider.
Incoming Wireguard does not work. I see the connection in the OPNsense WebGui, but no data is transferred.
Then I disabled Wireguard and enabled it again. After this everything works normally.
When I reboot, it is broken again until I restart Wireguard.
One strange thing: I have two tunnel configurations. A full and a split tunnel.
Full tunnel allowed IPs: 0.0.0.0/0,::/0
Split tunnel allowed IPS: 10.21.0.0/16
After the reboot, the full tunnel does not work. From my Android phone and my iPad I cannot access an external site and also nothing of my private 10.21... network.
However with the split tunnel, I can access my private network.
10
24.1 Legacy Series / Re: 24.1.2 Wireguard does not work after updating
« on: February 20, 2024, 10:04:43 pm »
I will try again tonight or tomorrow and then report here.
11
24.1 Legacy Series / Re: 24.1.2 Wireguard does not work after updating
« on: February 20, 2024, 08:06:26 pm »
My problem was that I could not connect to the wireguard server on the opnsense.
Client was my mobile phone.
I saw the connection in the opnsense webinterface but no data was transmitted.
I also have a tunnel to an external vpn provider for selective routing. At least the gateway of the provider showed up green in the opnsense interface. However did not try if actually data is transmitted.
Client was my mobile phone.
I saw the connection in the opnsense webinterface but no data was transmitted.
I also have a tunnel to an external vpn provider for selective routing. At least the gateway of the provider showed up green in the opnsense interface. However did not try if actually data is transmitted.
12
24.1 Legacy Series / Re: 24.1.2 Wireguard does not work after updating
« on: February 20, 2024, 06:56:12 pm »
Same here
Did not look into the log files. Wireguard is needed here urgently. Rolled back to snapshot before the upgrade.
I could the the client beeing connected in the OPNsense web gui. But no traffic went through.
Did not look into the log files. Wireguard is needed here urgently. Rolled back to snapshot before the upgrade.
I could the the client beeing connected in the OPNsense web gui. But no traffic went through.
13
24.1 Legacy Series / Re: The differences between upgrade and import config with a clean install?
« on: February 20, 2024, 06:45:26 pm »
I just did something similar.
I had 23.7.12 running on a bare metal N5105 box from CN.
I migrated to a Proxmox VM on my new server.
24.1.1 was already out.
I did a fresh install of 24.1.1 in the Proxmox VM.
However before downloading the config of my bare metal, I upgraded to 24.1.1 to avoid differences...
What I then did was looking up the network interface names in the new VM. They were called vtnet instead of igc on my bare metal.
I did a search and replace in the configuration backup xml and for example replaced igc0 to vtnet0.
Then I loaded the configuration in the new VM.
After this I had to:
- install the plugins that were also installed before on the other router.
- independently from the opnsense configuration also restore the Zenarmor configuration (there is also a backup-restore functionality)
- I use crowdsec in opnsense also as lapi for servers. I had to reconnect the other servers to the new lapi on the shell.
Everything else worked out of the box.
I had 23.7.12 running on a bare metal N5105 box from CN.
I migrated to a Proxmox VM on my new server.
24.1.1 was already out.
I did a fresh install of 24.1.1 in the Proxmox VM.
However before downloading the config of my bare metal, I upgraded to 24.1.1 to avoid differences...
What I then did was looking up the network interface names in the new VM. They were called vtnet instead of igc on my bare metal.
I did a search and replace in the configuration backup xml and for example replaced igc0 to vtnet0.
Then I loaded the configuration in the new VM.
After this I had to:
- install the plugins that were also installed before on the other router.
- independently from the opnsense configuration also restore the Zenarmor configuration (there is also a backup-restore functionality)
- I use crowdsec in opnsense also as lapi for servers. I had to reconnect the other servers to the new lapi on the shell.
Everything else worked out of the box.
14
Virtual private networks / Understanding Wireguard selective routing tutorial
« on: September 07, 2023, 08:07:39 am »
Hi,
I set up selective routing following this tutorial:
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
Works fine.
However, I do not really understand "Step 9".
Outgoing traffic from the VPN address, that does not go into the VPN net shall go through the VPN gateway.
What is happening here???
I set up selective routing following this tutorial:
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
Works fine.
However, I do not really understand "Step 9".
Outgoing traffic from the VPN address, that does not go into the VPN net shall go through the VPN gateway.
What is happening here???
15
Zenarmor (Sensei) / Crash report every minute
« on: August 16, 2023, 03:48:43 pm »
Hi,
yesterday I updated to 23.1.11_1 and with this to Zenarmor 1.14.2.
During the day, my OPNsense suddenly crashed. RAM and cache was completely full (8GB RAM).
Since then, I get the following crash report every minute:
Although I shut down Zenarmor engine and database.
Today I updated to 23.7.1_3. However, the problem stays.
Zenarmor still not enabled.
Memory usage at 50%.
Any idea about it?
Best regards
Mario
yesterday I updated to 23.1.11_1 and with this to Zenarmor 1.14.2.
During the day, my OPNsense suddenly crashed. RAM and cache was completely full (8GB RAM).
Since then, I get the following crash report every minute:
Code: [Select]
[16-Aug-2023 15:19:04 Europe/Berlin] PHP Fatal error: Allowed memory size of 1073741824 bytes exhausted (tried to allocate 20480 bytes) in /usr/local/opnsense/mvc/app/library/OPNsense/Zenarmor/SqLiteAdapter.php on line 136Although I shut down Zenarmor engine and database.
Today I updated to 23.7.1_3. However, the problem stays.
Zenarmor still not enabled.
Memory usage at 50%.
Any idea about it?
Best regards
Mario
Pages: [1] 2