Messages

Does this apply to your network : https://forum.opnsense.org/index.php?topic=50735.0 ??

I'm not using freeRadius, but I am using DNS over TLS, would that be impacted?

Thank you for the replies, I am researching them now.

Link to M365 Connectivity Test - with 26.1 it often immediately fails on trying to find my location...

https://connectivity.office.com/

Thank you for the reply. 

Any Google-fu points to TLS 1.2 enablement on the PCs, but these are multiple workstations with TLS 1.2 enabled, and that have been working just fine all along until 26.1. 

What SSL certificate setting(s) would change on the firewall between 25.7 and 26.1?

Installed 26.1 and all seemed fine.  Yesterday I was having a lot of trouble with M365, specifically PowerPoint and Excel files that would save locally but generated a lot of "Upload Failed" messages, and intermittent "SSL library load failed" messages in Excel.

I reverted to 25.x and everything was working OK again.  I tried disabling Maltrail and its blocklists, turning off the Unbound DNS blocklist, and looking for rules that might be causing trouble.

Using the M365 Connectivity Test website everything was working OK under 25.x, but it would generate a lot of errors to domains like microsoft.com, and .microsoft using 26.1.

Are there any other reports of this, or does anything stick out as being a possible culprit?

Thank you for the replies!

Running the update generates a message that you should manually delete the dhcpd user and group, but they aren't normal entities apparently.

Does anyone have a pointer on docs to do this?

Google-fu doesn't help much, it doesn't understand the context, and Brave isn't much better.

***GOT REQUEST TO REMOVE***
   os-isc-dhcp: 1.0_3
   isc-dhcp44-server: 4.4.3P1_2
==> You should manually remove the "dhcpd" user
==> You should manually remove the "dhcpd" group
***DONE***

Awesome, thank you for the quick reply!

I migrated my "legacy rules", all 5-10 of them.

I notice they are all that appear in the new interface while there are still several dozen "auto-generated" rules in the old interface.

Is that correct / proper ?

I thought the check mark was odd as well, and that it indicated the CSV had been parsed successfully, but I was looking for a "Go" or arrow or "Submit" button, but after a few seconds I clicked on the check mark and Bob was suddenly my uncle.

As it says on the tin, will 25.7.11_9 fix the memory/swap consumption issue? 

I see a line item for "dnsmasq: fix log conditions", but I'm not sure if that's what that means?

Will do, thank you!

In the past several hours, on the "old" version with IDS enabled, the memory utilization is still in the 30% range.

This morning, without IDS or Web GUI running overnight, the system was at 93+% memory used and 90+% swap used.

I have rolled back to before the upgrade as I need my router to just work.

Maybe 26.1 will be better, but I definitely won't bother with that for quite some time.

Memory got over 85%, swap over 85%, so I restarted IDS (I had reverted it yesterday using the command in the thread above) to see what that might do, but it never restarted and shortly after the network went down.

The console showed thousands of netstat_bind_fail errors, and I had to reboot it.  The messages were flying by, and I had to log in blind and press "Enter" a bunch of times to get the menu to flash on the screen as I didn't remember the menu number for reboot (it's 6), and then I had to guess whether it was "y" or "Y" or "Yes" to get it to reboot.

Back to 50% memory and 0% swap used, but climbing again.

I'll have to roll back if this keeps up.  For now I am keeping the web GUI off to see if that helps and I'm monitoring memory utilization with "top -asH".  I'm also not running IDS for now.

It started with 2048M free about 5 minutes ago, and it's down to 1922M in that time.

Disabled IDS yesterday and memory utilization dropped to 50% of the 8GB.

Left it on overnight, and this morning memory and swap were both over 85% consumed.

Restarted host discovery service for grins and memory dropped to 40% and is climbing back up, currently 50% memory and 30% swap.  System rarely used swap before now.

Anybody notice my mistake yet?  LOL.