Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - cyberfarer

Pages1
#1
25.7, 25.10 Series / Re: High CPU on Dashboard
November 21, 2025, 07:48:37 PM
It does exist and the permissions match similar file types.

Code Select
srwxr-x---  1 root    wheel     0 Nov 20 15:53 php-fastcgi.socket-0
srwxr-x---  1 root    wheel     0 Nov 20 15:53 php-fastcgi.socket-1
srwxr-x---  1 root    wheel     0 Nov 20 15:53 php-fastcgi.socket-2
srwxr-x---  1 root    wheel     0 Nov 20 15:53 php-fastcgi.socket-3
#2
25.7, 25.10 Series / Re: High CPU on Dashboard
November 20, 2025, 09:51:57 PM
I am seeing these log entries, but I'm not clear if they're a result of the high CPU:

Code Select
2025-11-20T12:07:38-05:00
Error
lighttpd
(/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.82/src/gw_backend.c.533) connect() /var/lib/php/tmp/php-fastcgi.socket-1: Connection refused
#3
25.7, 25.10 Series / High CPU on Dashboard
November 20, 2025, 05:59:29 PM
Greetings,

I am seeing an issue on the dashboard where widgets cause many PHP and PHP-CGI processes to spawn that eventually consume all CPU. The widgets themselves become unresponsive. I've noted this issue raised on these forums but not addressed and possibly unrelated.

Logs show entries like this:
Code Select
2025-11-19T22:11:53-05:00 OPNsense.localdomain configd.py 381 - [meta sequenceId="18"] [68d947aa-2219-44e2-b504-bb0cc73ee1c8] Script action failed with Command '/usr/local/opnsense/scripts/routes/gateway_status.php' died with <Signals.SIGKILL: 9>. at Traceback (most recent call last):   File "/usr/local/opnsense/service/modules/actions/script_output.py", line 89, in execute     subprocess.run(script_command, env=self.config_environment, shell=True,   File "/usr/local/lib/python3.11/subprocess.py", line 571, in run     raise CalledProcessError(retcode, process.args, subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/routes/gateway_status.php' died with <Signals.SIGKILL: 9>.

This began when configuring IDS, but I have since disabled and removed all rules and the issue persists so I now believe it is unrelated.

Thoughts and ideas are welcome.

P.S. CPU is fine so long as I don't visit the dashboard or remove the impacted widgets.

#4
25.7, 25.10 Series / Re: Solved: Stuck on Unbound
November 13, 2025, 04:57:25 PM
This is resolved. There were two issues. The first was the "No buffer space available". This was solved by increasing the memory available under Tunables, kern.ipc.maxsockbuf to 10M and (according to support) was likely a result of multiple OpenVPN instances.

The second issue was "error: can't bind socket: Permission denied for 127.0.0.1 port 53".

Patrick M. Hausen gave a hint when he reminded me to try starting as root. Using the command  /usr/local/sbin/unbound -vvv -dc /var/unbound/unbound.conf as root showed the certificates were invalid. In fact, they were empty. I generated new certificates and now everything is happy.

Thank you to everyone who offered suggestions.
#5
25.7, 25.10 Series / Re: Stuck on Unbound
November 13, 2025, 04:22:34 PM
Yes, the reason I'm doing that is because the service does not start via Unbound under services or via the dashboard.
#6
25.7, 25.10 Series / Re: Stuck on Unbound
November 12, 2025, 10:27:16 PM
Quote from: Monviech (Cedrik) on November 12, 2025, 07:25:41 PMIts kinda weird it gets permission denied for loopback (127.0.0.1)

Can you go to

Services: Unbound DNS: General

And select an interfacw to bind to instead? See if it starts then?

It does not appear to be reading the config file. If I change
This:
# Interface IP(s) to bind to
interface: 0.0.0.0
interface: ::
interface-automatic: yes

To That:
 
# Interface IP(s) to bind to
interface: 10.10.255.5
#interface: ::
interface-automatic: yes

I get the same result:
sudo -u unbound /usr/local/sbin/unbound -vvv -dc /var/unbound/unbound.conf
[1762982815] unbound[42406:0] notice: Start of unbound 1.24.0.
[1762982815] unbound[42406:0] debug: setting ip-ratelimit-slabs: 8
[1762982815] unbound[42406:0] debug: setting ratelimit-slabs: 8
[1762982815] unbound[42406:0] debug: setting dnscrypt-shared-secret-cache-slabs: 8
[1762982815] unbound[42406:0] debug: setting dnscrypt-nonce-cache-slabs: 8
[1762982815] unbound[42406:0] debug: creating udp4 socket 0.0.0.0 53 udpancil
[1762982815] unbound[42406:0] error: can't bind socket: Permission denied for 0.0.0.0 port 53 (len 16)
[1762982815] unbound[42406:0] fatal error: could not open ports

#7
25.7, 25.10 Series / Re: Stuck on Unbound
November 12, 2025, 10:15:41 PM
I eliminated the socket buffer error by increasing the memory available under Tunables, kern.ipc.maxsockbuf to 10M. So now I only have the permissions error. It remains no matter if I select or comment out interfaces in the config file.

#8
25.7, 25.10 Series / Re: Stuck on Unbound
November 12, 2025, 05:39:09 PM
With sockstat:

 sockstat -l4u
USER     COMMAND    PID   FD  PROTO  LOCAL ADDRESS         FOREIGN ADDRESS     
root     php-cgi    84739 0   stream /var/lib/php/tmp/php-fastcgi.socket-3
root     php-cgi    50162 0   stream /var/lib/php/tmp/php-fastcgi.socket-3
dhcpd    dhcpd      72134 10  udp4   *:67                  *:*
root     php-cgi    66730 0   stream /var/lib/php/tmp/php-fastcgi.socket-2
root     php-cgi    47702 0   stream /var/lib/php/tmp/php-fastcgi.socket-3
root     php-cgi    24263 0   stream /var/lib/php/tmp/php-fastcgi.socket-3
root     sshd-sessi 62202 9   stream (not connected)
root     sshd-sessi 51438 9   stream (not connected)
root     php-cgi    12255 0   stream /var/lib/php/tmp/php-fastcgi.socket-3
root     php-cgi     9635 0   stream /var/lib/php/tmp/php-fastcgi.socket-2
root     php-cgi     9267 0   stream /var/lib/php/tmp/php-fastcgi.socket-1
root     php-cgi     8601 0   stream /var/lib/php/tmp/php-fastcgi.socket-2
root     php-cgi     8125 0   stream /var/lib/php/tmp/php-fastcgi.socket-1
root     php-cgi     7352 0   stream /var/lib/php/tmp/php-fastcgi.socket-2
root     php-cgi     6664 0   stream /var/lib/php/tmp/php-fastcgi.socket-1
root     php-cgi     5728 0   stream /var/lib/php/tmp/php-fastcgi.socket-0
root     php-cgi     5216 0   stream /var/lib/php/tmp/php-fastcgi.socket-2
root     php-cgi     5142 0   stream /var/lib/php/tmp/php-fastcgi.socket-1
root     php-cgi     4622 0   stream /var/lib/php/tmp/php-fastcgi.socket-0
root     php-cgi     4316 0   stream /var/lib/php/tmp/php-fastcgi.socket-1
root     php-cgi     4303 0   stream /var/lib/php/tmp/php-fastcgi.socket-0
root     php-cgi     3787 0   stream /var/lib/php/tmp/php-fastcgi.socket-0
root     php-cgi     2752 0   stream /var/lib/php/tmp/php-fastcgi.socket-0
root     php-cgi     2267 0   stream /var/lib/php/tmp/php-fastcgi.socket-3
root     php-cgi     1889 0   stream /var/lib/php/tmp/php-fastcgi.socket-2
root     php-cgi     1266 0   stream /var/lib/php/tmp/php-fastcgi.socket-1
root     php-cgi     1253 0   stream /var/lib/php/tmp/php-fastcgi.socket-0
root     lighttpd     879 7   tcp4   *:10443               *:*
root     lighttpd     879 9   tcp4   *:80                  *:*
root     python3.11 55636 3   stream /var/run/configd.socket
root     openvpn    68655 6   stream /var/etc/openvpn/instance-b5da173f-1a07-42f3-a481-b81db5e2118b.sock
root     openvpn    68655 8   udp46  *:1172                *:*
root     openvpn    66795 6   stream /var/etc/openvpn/instance-9e52dea4-c270-44dd-b31a-b892632fe39d.sock
root     openvpn    66795 8   udp46  *:1171                *:*
root     openvpn    60720 6   stream /var/etc/openvpn/instance-2d0bab87-ec48-48da-8cce-7fd90a8ce180.sock
root     openvpn    60720 8   udp46  *:1170                *:*
root     openvpn    57975 6   stream /var/etc/openvpn/instance-e8bd9180-5fe2-4288-96f1-4f0dd2047f2e.sock
root     openvpn    57975 8   udp46  *:1169                *:*
root     openvpn    55375 6   stream /var/etc/openvpn/instance-103facf0-f007-47a1-bfc0-71a28e94fd51.sock
root     openvpn    55375 8   udp46  *:1168                *:*
root     openvpn    52942 6   stream /var/etc/openvpn/instance-39757c7e-db75-45bf-afa0-e07742db1fc8.sock
root     openvpn    52942 8   udp46  *:1167                *:*
root     ntpd       75308 21  udp4   *:123                 *:*
root     ntpd       75308 22  udp4   10.10.255.5:123       *:*
root     ntpd       75308 26  udp4   127.0.0.1:123         *:*
root     ntpd       75308 30  udp4   10.242.0.1:123        *:*
root     ntpd       75308 31  udp4   10.242.1.1:123        *:*
root     ntpd       75308 32  udp4   10.242.2.1:123        *:*
root     ntpd       75308 33  udp4   10.242.3.1:123        *:*
root     ntpd       75308 34  udp4   10.242.4.1:123        *:*
root     ntpd       75308 35  udp4   10.242.5.1:123        *:*
root     sshd       73231 7   tcp4   *:23022               *:*
root     syslog-ng  19783 20  dgram  /var/run/log <-
root     syslog-ng  19783 21  dgram  /var/run/logpriv
root     syslog-ng  19783 22  dgram  /var/dhcpd/var/run/log <-
root     syslog-ng  19783 23  dgram  /var/unbound/var/run/log
root     syslog-ng  19783 27  stream /var/db/syslog-ng.ctl
root     devd        1852 6   stream /var/run/devd.pipe
root     devd        1852 7   seqpac /var/run/devd.seqpacket.pipe
#9
25.7, 25.10 Series / Re: Stuck on Unbound
November 12, 2025, 05:30:21 PM
Thank you for the reply. There is not any other DNS service running and netstat demonstrates the port is unused.

root@OPNsense:/etc # netstat -an | grep LISTEN
tcp6       0      0 *.80                   *.*                    LISTEN     
tcp4       0      0 *.80                   *.*                    LISTEN     
tcp6       0      0 *.10443                *.*                    LISTEN     
tcp4       0      0 *.10443                *.*                    LISTEN     
tcp4       0      0 *.23022                *.*                    LISTEN     
tcp6       0      0 *.23022                *.*                    LISTEN   
#10
25.7, 25.10 Series / Solved: Stuck on Unbound
November 11, 2025, 05:08:05 PM
Greetings

I am unable to start the Unbound service. The errors are as follows:

Code Select
[1762877195] unbound[40961:0] warning: setsockopt(..., SO_SNDBUF, ...) was not granted: No buffer space available
[1762877195] unbound[40961:0] warning: so-sndbuf 4194304 was not granted. Got 57344. To fix: start with root permissions(linux) or sysctl bigger net.core.wmem_max(linux) or kern.ipc.maxsockbuf(bsd) values. or set so-sndbuf: 0 (use system value).
[1762877195] unbound[40961:0] error: can't bind socket: Permission denied for 127.0.0.1 port 53
[1762877195] unbound[40961:0] fatal error: could not open ports

I have reviewed forums and searched but I remain stuck. Any assistance would be appreciated.

Thanks.
#11
General Discussion / Re: Nginx Reverse Proxy
August 05, 2025, 09:20:49 PM
I have gotten this to work. I may post a tutorial.
#12
General Discussion / Nginx Reverse Proxy
August 05, 2025, 08:28:30 PM
Greetings

I am struggling with reverse proxy. My situation is that I have a working Nginx reverse proxy and what I ideally want is the WAF.

My current setup is like this:

Internet - Firewall - Reverse Proxy  - sub1.domain.com
                                     - sub2.domain.com
                                     - sub3.domain.com

I'm not married to this setup, but I can't figure out how to use the GUI to act as a reverse proxy for multiple sub domains sharing port 443 and a wildcard certificate.

I have gotten it to work by adding a custom conf file but then the service cannot be started via the GUI or the include directive is over written.

Does anyone have any experience with a similar configuration?

Thanks in advance.
Pages1