Messages

[Monit]

Is there a way to be notified when services shut down like that?

Or, to automatically try to restart them?

Monit can do both. Im using this for HAProxy, otherwise I would have to manually start HAProxy after every reboot.

Thank you!

After migrating all of my Rules I used a port scanning service to make sure I still had a firewall in place - I used GRC Shields-Up and a couple local tools we have in place.

No, I did not know how to do that, but here is a list of plugins I have installed.

os-acme-client
os-caddy
os-cpu-microcode-intel
os-crowdsec   
os-ddclient
os-etpro-telemetry
os-maltrail
os-smart

I figured out what caused the problem, most likely.

After the update to 26.1.2 the system was supposed to reboot.  The dialog came up with the little spinning gear wheel, but then it returned back to the dashboard and kept running, there was likely no actual reboot.

I came back later and restarted the services thinking they'd randomly failed, but they actually were stopped and the system was hung waiting for a process to terminate.

I just did the update to 26.1.2_5 and the same thing happened - the system would give the "rebooting" dialog but never reboot. 

I used ssh to get in and brought up the menu to reboot manually, and it indicated it was stuck waiting for process 137.  I used "ps aux | grep 137" to identify the process (python) and then had to use "kill -9 137" because kill alone would not do it.

Then the system immediately rebooted and now it's running as normal.

Is there a way to be notified when services shut down like that?

Or, to automatically try to restart them?

Visiting the Services -> ACME Client -> Settings page and just clicking "Apply" without changing anything else restarted the service, and all are green at the moment.

Checking out the router, noticed memory utilization at 46% instead of recent norm of 56-66%.

Noticed ACME, Caddy, Host Discovery Service, and Intrusion Detection were all "red" or "down".

I clicked "Run" on all of them and each started back up except for ACME, which remains down. 

I may have to reboot.

Does this apply to your network : https://forum.opnsense.org/index.php?topic=50735.0 ??

I'm not using freeRadius, but I am using DNS over TLS, would that be impacted?

Thank you for the replies, I am researching them now.

Link to M365 Connectivity Test - with 26.1 it often immediately fails on trying to find my location...

https://connectivity.office.com/

Thank you for the reply. 

Any Google-fu points to TLS 1.2 enablement on the PCs, but these are multiple workstations with TLS 1.2 enabled, and that have been working just fine all along until 26.1. 

What SSL certificate setting(s) would change on the firewall between 25.7 and 26.1?

Installed 26.1 and all seemed fine.  Yesterday I was having a lot of trouble with M365, specifically PowerPoint and Excel files that would save locally but generated a lot of "Upload Failed" messages, and intermittent "SSL library load failed" messages in Excel.

I reverted to 25.x and everything was working OK again.  I tried disabling Maltrail and its blocklists, turning off the Unbound DNS blocklist, and looking for rules that might be causing trouble.

Using the M365 Connectivity Test website everything was working OK under 25.x, but it would generate a lot of errors to domains like microsoft.com, and .microsoft using 26.1.

Are there any other reports of this, or does anything stick out as being a possible culprit?

Thank you for the replies!

Running the update generates a message that you should manually delete the dhcpd user and group, but they aren't normal entities apparently.

Does anyone have a pointer on docs to do this?

Google-fu doesn't help much, it doesn't understand the context, and Brave isn't much better.

***GOT REQUEST TO REMOVE***
   os-isc-dhcp: 1.0_3
   isc-dhcp44-server: 4.4.3P1_2
==> You should manually remove the "dhcpd" user
==> You should manually remove the "dhcpd" group
***DONE***

Awesome, thank you for the quick reply!

I migrated my "legacy rules", all 5-10 of them.

I notice they are all that appear in the new interface while there are still several dozen "auto-generated" rules in the old interface.

Is that correct / proper ?