Messages

I had the same problem after an opnsense Update from 26.1.x to 26.1.4.

Thanks for the listing the steps to solve the problem.
Just to add (in my case): as a last strep I had to downgrade the pkg-Package by downloading the 2.3-version from opnsense to get rid of the segfaults

Cheers,
Tom

Hi Disperser5395,

the Update to 26.1.4 seems to have problems on some installations. The problems I got range from Danger/Error-Messages (seemingly without consequences) to broken systems after the update and segfaults.

I just updated a fresh delivered DEC2687 and got a "Danger, unexpected error, check log for details" message while updating. Couldn't find any consequences or further information in the logs.

Yesterday I updated an other DEC-System from 26.1.1 to 26.1.4 and after the update the firewall system was broken (hardware was ok, only the system wasn't able to boot anymore). The update seems to have deleted necessary BSD-Files, so the system couldn't start anymore. Luckily there are some threads in this forum how to resolve this problem (booting in single user mode, repairing login files, creating repository file, updating manual, downgradeing pkg-programm...). It took some time, but finally the opnsense was running normal again, all health-checks where ok, config wasn't lost.
Didn't need to reinstall the opnsense or restore the previous config-backup.

Couldn't figure what is causing the Danger-Messages (seems like lots of people get them) or the broken system yesterday (I'm at least not the only one who got this - so I was able to use the tips on this forum to repair it).
I have to add: I'm using zenarmor on most opnsens. So maybe that's connected with my problem with the broken system after the update. But there is no direct indication (like log message) for be the cause.

Thanks for sharing your experience with squid and seg faults Pheriko.

I just tried squid on a third opnsense (Firmware 25.1.8_1-amd64) hand I get the same segmentation faults from squid when restarting squid from the webgui or using the squid command from shell like "squid -k parse".

So it is normal for opnsense (community and business) to have crashing processes with segmentation fault with squid.

On my systems the squid process still replies to http requests despite of the segmentation fault messages.

Maybe not a security problem, but feels strange to just ignore it.

Thanks,
Tom

Hi,

I just wanted to confirm the problem.

Today I installed the os-squid Plugin (1.2) on our OPNsense 25.4.1-amd64 and I get the same segmentation fault as Joel.

I had the plugin installed and configured a long time ago, but didn't use it for some time so I suspected problems with a old squid config. Sadly resetting the cache and plugin-config and removing and re-installing the plugin didn't resolve the problem.

The proxy service is still usable for http-requests and
service squid status shows:
squid is running as pid  xxxxx

But every squid-command results in a segmentation fault.
HTTPS-Requests don't seem work (maybe related to the segmentation faults)

Code Select Expand

root@OPNsense:~ # squid -k parse
2025/06/11 08:16:30| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2025/06/11 08:16:30| Processing: http_port 10.1.1.254:3128
2025/06/11 08:16:30| Processing: acl ftp proto FTP
2025/06/11 08:16:30| Processing: http_access allow ftp
2025/06/11 08:16:30| Processing: acl localnet src 10.1.1.0/24 # Possible internal network (interfaces v4)
2025/06/11 08:16:30| Processing: acl localnet src fc00::/7       # RFC 4193 local private network range
2025/06/11 08:16:30| Processing: acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
2025/06/11 08:16:30| Processing: acl SSL_ports port 443 # https
2025/06/11 08:16:30| Processing: acl Safe_ports port 80 # http
2025/06/11 08:16:30| Processing: acl Safe_ports port 21 # ftp
2025/06/11 08:16:30| Processing: acl Safe_ports port 443 # https
2025/06/11 08:16:30| Processing: acl Safe_ports port 70 # gopher
2025/06/11 08:16:30| Processing: acl Safe_ports port 210 # wais
2025/06/11 08:16:30| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2025/06/11 08:16:30| Processing: acl Safe_ports port 280 # http-mgmt
2025/06/11 08:16:30| Processing: acl Safe_ports port 488 # gss-http
2025/06/11 08:16:30| Processing: acl Safe_ports port 591 # filemaker
2025/06/11 08:16:30| Processing: acl Safe_ports port 777 # multiling http
2025/06/11 08:16:30| Processing: acl CONNECT method CONNECT
2025/06/11 08:16:30| Processing: icap_enable off
2025/06/11 08:16:30| Processing: include /usr/local/etc/squid/pre-auth/*.conf
2025/06/11 08:16:30| Processing Configuration File: /usr/local/etc/squid/pre-auth/40-snmp.conf (depth 1)
2025/06/11 08:16:30| Processing Configuration File: /usr/local/etc/squid/pre-auth/dummy.conf (depth 1)
2025/06/11 08:16:30| Processing Configuration File: /usr/local/etc/squid/pre-auth/parentproxy.conf (depth 1)
2025/06/11 08:16:30| Processing: http_access deny !Safe_ports
2025/06/11 08:16:30| Processing: http_access deny CONNECT !SSL_ports
2025/06/11 08:16:30| Processing: http_access allow localhost manager
2025/06/11 08:16:30| Processing: http_access deny manager
2025/06/11 08:16:30| Processing: http_access deny to_localhost
2025/06/11 08:16:30| Processing: include /usr/local/etc/squid/auth/*.conf
2025/06/11 08:16:30| Processing Configuration File: /usr/local/etc/squid/auth/dummy.conf (depth 1)
2025/06/11 08:16:30| Processing: http_access allow localnet
2025/06/11 08:16:30| Processing: http_access allow localhost
2025/06/11 08:16:30| Processing: http_access deny all
2025/06/11 08:16:30| Processing: include /usr/local/etc/squid/post-auth/*.conf
2025/06/11 08:16:30| Processing Configuration File: /usr/local/etc/squid/post-auth/dummy.conf (depth 1)
2025/06/11 08:16:30| Processing: cache_mem 256 MB
2025/06/11 08:16:30| Processing: coredump_dir /var/squid/cache
2025/06/11 08:16:30| Processing: refresh_pattern ^ftp:          1440    20%     10080
2025/06/11 08:16:30| Processing: refresh_pattern ^gopher:       1440    0%      1440
2025/06/11 08:16:30| Processing: refresh_pattern -i (/cgi-bin/|\?) 0    0%      0
2025/06/11 08:16:30| Processing: refresh_pattern .              0       20%     4320
2025/06/11 08:16:30| Processing: access_log stdio:/var/log/squid/access.log squid
2025/06/11 08:16:30| Processing: cache_store_log stdio:/var/log/squid/store.log
2025/06/11 08:16:30| Processing: via off
2025/06/11 08:16:30| Processing: logfile_rotate 0
2025/06/11 08:16:30| Processing: error_directory /usr/local/share/squid-langpack/en
2025/06/11 08:16:30| WARNING: HTTP requires the use of Via
2025/06/11 08:16:30| Requiring client certificates.
Segmentation fault
root@OPNsense:~ # service squid status
squid is running as pid 52104.

This forum has a lot of postings about this squid segmentation fault problem, but no solution other than resetting the config.
This seems not to work.

Any help is much appreciated.

Best regards,
Tom

I've got the same issue:
New generated peer-settings won't get saved in the wireguard peer list on the opnsense (but it shows no error message on the generator page).
I'm using OPNsense 24.1.6-amd64

The generation of a peer worked once (and was saved on the opnsense). Further peers generated by the peer generator are not saved.

Any hints?
Thanks,
Tom