Messages

i have php-cgi spawn with 100% cpu usage when clicking on certain items of the 25.7.1 web GUI. Like Nginx. No memory issue. So i just frequently run:
killall php-cgi
configctl webgui restart

I just noticed why boot is slow and with tons of errors, and that is because of that commit. I used to filter loopback on all levels to great satisfaction. It was the only way to control the firewall itself and all the plugins and apps, which otherwise have free will what to do. I created firewall rules, DNS redirects, and also NAT for loopback, and could monitor loopback activity in all CLI and GUI tools. Now i'm reduced to tcpdump as currently this information is sadly removed from everywhere.
I'm so keen on restoring this functionality, the rules are still there (and even called "Loopback" in GUI and also present in pfctl), but they don't seem to work after "unset skip" and turn on syncookies. Is there any advice (strictly technical, not fundamental) to save the previous behavior?

Well it's a Opnsense thing, as the system is handling the services and defining also RC execution chain.
Here you starting UPS

Code Select Expand

service nut startbut you should start UPS Monitor

Code Select Expand

service nut_upsmon startand hope it launches under nut user. Mind there could be a difference between commands:

Code Select Expand

service * startand

Code Select Expand

configctl * startIn my case every boot I have to watch the error but it works:

Code Select Expand

WARNING: failed precmd routine for nutMost likely, all NUT components are started instead of the one per UI configuration. It all depends on how the scripts are written.

What switch you found? I am looking for the good old setting, i want password for VGA, not auto login. Is it still possible?

Is anyone else successfully running multiple wg interfaces using hostnames as the Endpoints ? 

I only use hostnames, and it works except boot, where in the infamous race, WG starts before all DNS. So I have to restart WG every boot.

For my understanding: Is this issue something that has to be solved on the crowdsec side or on the OPNsense side?
Is there an open issue on either side? I could not find any yet.

#4262 on GIT. still active in 24.7.12_2. Even Adguard can't restart. The issue is nothing is killed, OPNsense scripts are hoping processes will terminate, and they will not.

Stuck again in update from 24.7.7 to 24.7.8, wish that wait_for_pids function had a timeout. TERM signal doesn't work.

yep, crowdsec implementation is the menace of the year and blocking the router for months. blocked upgrades, and even UPS events succesfully.
even in 24.7.7, can't stop it, it also keeps trying its own port which is already reserved by itself every 10sec:

Code Select Expand

local API server stopped with error: listening on 127.0.0.1:8080: listen tcp 127.0.0.1:8080: bind: address already in use

and it does nonstop internet activity during that, fetching from api.crowdsec.net nonstop. hillariously, after killing it, and starting from scratch, it killed the OS:

Code Select Expand


ps aux|grep crowdsec
-
sockstat -sSUivl|grep 8080
-
configctl crowdsec start
OK
root@opnsense:/]$                                                                               
*** FINAL System shutdown message from root@opnsense ***               

System going down IMMEDIATELY

i found it in their executable (/usr/local/bin/ntopng), should have mentioned their version:
GUI: ntopng Community v.6.2.240925 rev.0 (FreeBSD 14.1)
Plugin: os-ntopng (installed)   1.3
Package: ntopng   6.2.d20240813,1

so that is causing grep, md5, and UTC warnings, while the "Undefined symbol "gpgrt_add_post_log_func"" is related to the installed packages.

my ntopng starts but it floods the log with the errors because it wants to run md5sum with -q parameter which is not working even on Linux:

Code Select Expand

xargs md5sum | grep `md5sum -q /etc/localtime`

OPNsense 24.7.5_3

I think the old dashboard was more functional, the new one is half baked but slightly more readable. My impression in 24.7.1:
1) like before, very slow, browser will eventually offer to kill the window which i didn't do before
2) no CPU or disk in system information widget (CPU worked, disk shown tooo many rows so it's ok to be replaced with the separate gauge)
3) CPU widget 4 charts, all empty, alternating between nothing and a flat orange line -> i'd prefer the gauge with only "total" info
4) Cannot click on the headers to go to the actual window, it is the nr.1 issue
5) Cannot resize many widgets, there's no chance to make a nice layout with aligned windows
6) settings are gone from most of the windows
7) Services widget is too long, 2 lines per item, it could have just one button on the right
8) Gateways, Wireguard also too long, either can't resize or not looking good in 2 column mode..some less important information like WG last timestamp or RTT could be compressed (small font, combining into mini table) or removed
9) Interfaces widget too long, should put IP to the right even in column window, this 2-5 line approach sucks

Hi
actually the dropped packets just disappeared with the new BSD14 kernel. Wireguard is faster.👍
I've Pentium Gold 8505, 12GB RAM, NVME. Few dozen devices. Should be fine for WAN but I don't use it for anything other than firewall contacting DNS. So i need to accomodate both ZenArmor and Wireguard for 2Gb/s line. The VPN speed gets reduced from 2000Mb/s to 1250Mb/s in netmap mode, it's really hard to guess what CPU could handle the full speed, 100% Wireguard. I wish there was a calculator:)

For more accurate reporting results, it is recommended to use Zenarmor in Directed mode.

Is this theoretically possible to have a hybrid mode, not filtering connection which has high throughput? I have too many dropped packets during downloads (~1gbps), so i stick to passive mode. During that time every component misreports size, and the slow connections which are the most dangerous are skipped.

so i investigated how to trigger the message in v1.17.3, here's how:
* configctl zenarmor notice-public-ip-devices
* in browser you do have to refresh the Dashboard view manually
then you get the popup instantly.
now with this procedure, i've checked interfaces, and the popup appears for ANY interface.
-> ignore the popup. just like "local", "remote" hosts, it doesnt' work.

thanks, let me reproduce it. initially i watched it for a few months, and then applied script, and now i turn it off to see if it's stil the case.