Messages

I am on 26.1_4 and have Tayga setup according to the NAT64 How-To in the opnsense documentation.  It works just fine, but I am not sure I have the firewall rules setup properly.  I have the anti-lockout disabled and only allow access to the opnsense web gui via my LAN. For some reason, I can still access the gui from other VLANs when Tayga is enabled.  I notice in the firewall live log that the connection is sourced from the Tayga NAT64 IPv4 pool no matter which VLAN I access the gui from.  As soon as I disable Tayga, The gui is correctly only accessible from the LAN as I would expect.  Any ideas?

Never mind.  Found the related thread, https://forum.opnsense.org/index.php?topic=50657.0 and applied the patch.  All works great now.  Thanks

/usr/local/opnsense/scripts/health/updaterrd.php: The command </usr/local/bin/rrdtool create '/var/db/rrd/ovpns4-traffic.rrd' --step 0 DS:'inpass:COUNTER:120:0:2500000000' DS:'outpass:COUNTER:120:0:2500000000' DS:'inblock:COUNTER:120:0:2500000000' DS:'outblock:COUNTER:120:0:2500000000' DS:'inpass6:COUNTER:120:0:2500000000' DS:'outpass6:COUNTER:120:0:2500000000' DS:'inblock6:COUNTER:120:0:2500000000' DS:'outblock6:COUNTER:120:0:2500000000' RRA:'AVERAGE:0.5:1:1200' RRA:'AVERAGE:0.5:5:720' RRA:'AVERAGE:0.5:60:1860' RRA:'AVERAGE:0.5:1440:2284'> returned exit code 1 and the output was "ERROR: step size: value must be positive"

Also seeing system-->logs-->general filled with this error after 26.1_4.

Has something to do with Reporting.  I disabled and re-enabled local gathering of statistics and RRD graphing backend, but now In Health Reporting it says:  "Local data collection is not enabled. Enable it in Reporting Settings page".  It won't re-enable health monitoring no matter what I select in Reporting Settings.

May I ask a really "stupid" question? I haven't updated my home APU2D4 firewall, so I'm only looking at version 25.7.1_1 of OPNsense.

Are you trying to reduce the number of processes running as root?  Are you improving security by executing processes with least privilege?

If the process is not executing as root (or group wheel), the txt files in /var/db/aliastables can't be read.
I see that many of the files in /var/db/aliastables have permission "-rw-r-----  1 root wheel"

Gary

I sign in to opnsense using a non-root user as admin.  Not technical enough to answer you questions beyond that.  I just noticed the error after the upgrade and was curious if it is normal or not.  Thanks for the advice though.

@Jackknife4782 - the checksum error results from the patch you applied. It is to be expected.

D

Ah, I understand.  Thanks

Can you try this patch?

# opnsense-patch https://github.com/opnsense/core/commit/6ee6d9d8


Cheers,
Franco

I applied the patch, but still same error after reboot.

[62298fa6-e6e7-4699-a704-987777bdd904] Script action failed with Command '/usr/local/opnsense/scripts/filter/pftablecount.py ''' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 78, in execute subprocess.run(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.11/subprocess.py", line 571, in run raise CalledProcessError(retcode, process.args, subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/filter/pftablecount.py ''' returned non-zero exit status 1.

Also performed a health check and it showed a checksum error:
opnsense-25.7.2: checksum mismatch for /usr/local/opnsense/scripts/filter/pftablecount.py