Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - caplam

#1
26.1, 26,4 Series / Re: vnstat dashboard widget
July 03, 2026, 01:29:18 PM
i discover now this plugin. It looks good. Thank you for that.
i could suggest several things:
- when you select which interfaces to monitor you have the choice within the different names of the interfaces and when it's displayed on the dashboard you have the name of the underlying device. i would prefer to have the interface name.
- perhaps a layout with where you can select 2 or more interfaces to display could be a plus. But i guess it there will troubles to display that correctly. Or maybe spawn that to a widget per interface.
Anyway that's a very convenient plugin.
#2
the least i can do given the effort you put in it.
#3
I updated to 26.1.11_5 but no reboot was necessary.
I manually rebooted without issue. So i guess there was no problem to shut down suricata.
#4
i installed the patch. What should i look for ? the same commands ?
#5
Hello,
this seems to be the same issue i faced here
I have suricata running in ips mode with divert.
so i updated to 26.1.11 and the issue is here

here is what i have pre update:
red@cerberus:~ $ sudo sockstat | grep suricata
root     suricata   29596 3   dgram  -> /var/run/log
root     suricata   29596 6   div4   *:8000                *:*
fred@cerberus:~ $
fred@cerberus:~ $
fred@cerberus:~ $ sudo ps auxwww | grep suricata
root    29596   0.1 23.8 2723192 1922216  -  Ss   20Jun26    96:13.75 /usr/local/bin/suricata -D -d 8000 --pidfile /var/run/suricata.pid -c /usr/local/etc/suricata/suricata.yaml
fred    19042   0.0  0.0   13744    2032  0  S+   10:40       0:00.00 grep suricata
fred@cerberus:~ $
fred@cerberus:~ $
fred@cerberus:~ $ sudo fstat | grep suricata
root     suricata   29596 text /        248115 -rwxr-xr-x  11994960  r
root     suricata   29596   wd /            34 drwxr-xr-x      28  r
root     suricata   29596 root /            34 drwxr-xr-x      28  r
root     suricata   29596    0 /dev         20 crw-rw-rw-    null rw
root     suricata   29596    1 /dev         20 crw-rw-rw-    null rw
root     suricata   29596    2 /dev         20 crw-rw-rw-    null rw
root     suricata   29596    3* local dgram fffff8001bb27640 <-> fffff8001bce2dc0
root     suricata   29596    4 /var/log  27980 -rw-r-----       0  w
root     suricata   29596    5 -           476 -rw-r-----  6318542  w
root     suricata   29596    6* divert raw 0 0

and what i have when suricata  is stucked:

fred@cerberus:~ $ sudo sockstat | grep suricata
root     suricata   29596 3   dgram  (not connected)
root     suricata   29596 6   div4   *:8000                *:*
fred@cerberus:~ $
fred@cerberus:~ $ sudo ps auxwww | grep suricata
root    29596   0.1 23.8 2723192 1922216  -  Ss   20Jun26    96:15.42 /usr/local/bin/suricata -D -d 8000 --pidfile /var/run/suricata.pid -c /usr/local/etc/suricata/suricata.yaml
root    44586   0.0  0.0   14312    2888  -  I    10:44       0:00.01 /bin/sh /usr/local/etc/rc.d/suricata stop
fred    67953   0.0  0.0   13744    2336  0  S+   10:46       0:00.00 grep suricata
fred@cerberus:~ $
fred@cerberus:~ $ sudo fstat | grep suricata
root     suricata   29596 text /        248115 -rwxr-xr-x  11994960  r
root     suricata   29596   wd /            34 drwxr-xr-x      28  r
root     suricata   29596 root /            34 drwxr-xr-x      28  r
root     suricata   29596    0 /dev         20 crw-rw-rw-    null rw
root     suricata   29596    1 /dev         20 crw-rw-rw-    null rw
root     suricata   29596    2 /dev         20 crw-rw-rw-    null rw
root     suricata   29596    3* local dgram fffff8001bb27640
root     suricata   29596    4 /var/log  27980 -rw-r-----       0  w
root     suricata   29596    5 -           476 -rw-r-----  6320460  w
root     suricata   29596    6* divert raw 0 0

when i killed pid 44586 opnsense was able to reboot and. the upgrade is ok.
#6
thanks
#7
Quote from: newsense on June 20, 2026, 10:47:03 AMI wanted to see the packages output more than the kernel and base...that's why I asked for the full output.


Let's try another health check ?

i'm not at home and took some risks (did it with a vpn connection).
From what i saw all was running good until stopping suricata.
Here is the result of update check.
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 26.1.10 (amd64) at Sat Jun 20 10:51:10 CEST 2026
>>> Root file system: zroot/ROOT/default
>>> Check installed kernel version
Version 26.1.10 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 26.1.10 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense (Priority: 11)
mimugmail (Priority: 5)
>>> Check installed plugins
os-acme-client 4.16_1
os-apcupsd 1.2_3
os-caddy 2.1.0
os-cpu-microcode-intel 1.1
os-crowdsec 1.0.12
os-ddclient 1.31_1
os-freeradius 1.10.1
os-igmp-proxy 1.5_6
os-iperf 1.0_2
os-isc-dhcp 1.0_5
os-mdns-repeater 1.2
os-net-snmp 1.6_1
os-opnarp-maxit 1.0_4
os-q-feeds-connector 1.6
os-unifi9-maxit 1.4
os-wol 2.5_4
os-zabbix74-agent 1.19
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .
isc-dhcp44-server-4.4.3P1_2: missing file /usr/local/share/licenses/isc-dhcp44-server-4.4.3P1_2/LICENSE
Checking all packages............ done
>>> Check for core packages consistency
Core package "opnsense" at 26.1.10 has 68 dependencies to check.
Checking packages: ..................................................................... done
***DONE***
i don't use isc dhcp.
#8
i open another ssh session and kill pid 15665: opnsense killed the connection and rebooted. Almost all services started.
And i can now request update and health check in gui.

It seems suricata was preventing a reboot.
#9
the update doesn't end in the ssh session:
Installing kernel-26.1.10-amd64.txz... done
Installing base-26.1.10-amd64.txz... done
Cleaning obsolete files... done
Please reboot.
>>> Invoking stop script 'beep'
>>> Invoking stop script 'freebsd'
Stopping crowdsec_firewall.
Stopping caddy... done
Stopping crowdsec.
Waiting for PIDS: 1455.
Stopping ddclient.
Waiting for PIDS: 81869.
Stopping unifi.
Waiting for PIDS: 83023.
Cleaning up leftover child processes.
kill: 86497: No such process
Stopping acme_http_challenge.
Waiting for PIDS: 15393.
Stopping mdns_repeater.
Waiting for PIDS: 71298.
Stopping hostwatch.
Waiting for PIDS: 12714, 12714.
Stopping zabbix_agentd.
Waiting for PIDS: 803.
Stopping snmpd.
Waiting for PIDS: 39155.
Stopping suricata.
Waiting for PIDS: 15665

in the gui it's like it upgraded to 26.1.10 and rebooted. And many services have not restarted.
#10
i use vivaldi. will try with brave and safari.

edit: same in brave or safari.
When i request update check it displays the result of the last update from the beginning of the mont that was ran in ssh.

edit2: tried also with firefox for the same result.
#11
26.1.10 is out and as before i can no longer update from gui. I can neither run an audit from gui.
Running from ssh is ok and the result of the command (update check or health audit) is displayed in the gui.

#12
i ran update.sh and got errors.
[03-Jun-2026 19:02:44 Europe/Luxembourg] PHP Fatal error:  Uncaught Error: Class "OPNsense\Base\Menu\MenuContainer" not found in /usr/local/opnsense/mvc/app/models/OPNsense/DHCPv4/Menu/Menu.php:34
Stack trace:
#0 /usr/local/opnsense/mvc/app/library/OPNsense/Autoload/Loader.php(49): require_once()
#1 [internal function]: OPNsense\Autoload\Loader->autoload('OPNsense\\DHCPv4...')
#2 /usr/local/opnsense/mvc/script/run_migrations.php(64): ReflectionClass->__construct('OPNsense\\DHCPv4...')
#3 {main}
  thrown in /usr/local/opnsense/mvc/app/models/OPNsense/DHCPv4/Menu/Menu.php on line 34

After the reboot many services didn't start automatically. I had to start manually. Acme started only after applying config from settings page.
And still no possibility to run any audit from gui. This works only from ssh.
At least all services seem to work correctly with firmware 26.1.9. I go on vacation tomorrow and have not much time to investigate.
#13
i have done health check in cli:

/usr/local/opnsense/scripts/firmware $ sudo ./health.sh
>>> Root file system: zroot/ROOT/default
>>> Check installed kernel version
Version 26.1.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 26.1.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense (Priority: 11)
mimugmail (Priority: 5)
>>> Check installed plugins
os-acme-client 4.16_1
os-apcupsd 1.2_3
os-caddy 2.1.0
os-cpu-microcode-intel 1.1
os-crowdsec 1.0.12
os-ddclient 1.31
os-freeradius 1.10.1
os-igmp-proxy 1.5_6
os-iperf 1.0_2
os-isc-dhcp 1.0_4
os-mdns-repeater 1.2
os-net-snmp 1.6_1
os-opnarp-maxit 1.0_4
os-q-feeds-connector 1.6
os-unifi9-maxit 1.4
os-wol 2.5_4
os-zabbix74-agent 1.19
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .
isc-dhcp44-server-4.4.3P1_2: missing file /usr/local/share/licenses/isc-dhcp44-server-4.4.3P1_2/LICENSE
Checking all packages............ done
>>> Check for core packages consistency
Core package "opnsense" at 26.1.8_5 has 68 dependencies to check.
Checking packages: ..
ca_root_nss-3.117_2 version mismatch, expected 3.124
Checking packages: .....................
openvpn-2.6.20 version mismatch, expected 2.7.4
Checking packages: .
opnsense-26.1.8_5 version mismatch, expected 26.1.9
Checking packages: ...
opnsense-update-26.1.7_1 version mismatch, expected 26.1.9
Checking packages: ...
php83-ctype-8.3.30 version mismatch, expected 8.3.31
Checking packages: .
php83-curl-8.3.30 version mismatch, expected 8.3.31
Checking packages: .
php83-dom-8.3.30 version mismatch, expected 8.3.31
Checking packages: .
php83-filter-8.3.30 version mismatch, expected 8.3.31
Checking packages: .
php83-gettext-8.3.30 version mismatch, expected 8.3.31
Checking packages: .
php83-ldap-8.3.30 version mismatch, expected 8.3.31
Checking packages: .
php83-pcntl-8.3.30 version mismatch, expected 8.3.31
Checking packages: .
php83-pdo-8.3.30 version mismatch, expected 8.3.31
Checking packages: .....
php83-session-8.3.30 version mismatch, expected 8.3.31
Checking packages: .
php83-simplexml-8.3.30 version mismatch, expected 8.3.31
Checking packages: .
php83-sockets-8.3.30 version mismatch, expected 8.3.31
Checking packages: .
php83-sqlite3-8.3.30 version mismatch, expected 8.3.31
Checking packages: .
php83-xml-8.3.30 version mismatch, expected 8.3.31
Checking packages: .
php83-zlib-8.3.30 version mismatch, expected 8.3.31
Checking packages: ....
py313-duckdb-1.5.2 version mismatch, expected 1.5.2_1
Checking packages: ...
py313-numpy1-1.26.4_3 has no upstream equivalent
Checking packages: .
py313-pandas-2.3.3_1,1 version mismatch, expected 2.3.3_2,1
Checking packages: .
py313-requests-2.33.1 version mismatch, expected 2.34.2
Checking packages: ..
py313-ujson-5.12.0 version mismatch, expected 5.12.1
Checking packages: .......
suricata-8.0.4 version mismatch, expected 8.0.5
Checking packages: ..
unbound-1.25.0 version mismatch, expected 1.25.1
Checking packages: .. done

and now it's this health check that's displayed in the gui but still no possibility to check for updates in gui.
#14
doesn't work for me as stated in the first post.
#15
not really:
sudo killall pkg pkg-static
No matching processes were found