Messages

I assume you disconnected the power for a minute or so? And you don't see anything on the serial console, even when trying to boot from e.g. OPNsense USB?

You're right. After physically disconnecting the power and plugging it back in, the system is functional and I again have serial output. Previously I had just turned the system on and off with the pinhole power button.

Sorry for the false alarm, but perhaps this ought to be part of the installation instructions. Currently they just say "Reboot the machine" which I thought I had accomplished with the power button.

I have a DEC740 from December 2022. I just downloaded and flashed (after checking the SHA!) the latest version from here. The flashing process itself was straightforward, and ended with this screen before the system switched itself off:

Code Select Expand

          Insyde H2OFFT (Flash Firmware Tool) Version (SEG) 200.02.00.06
         Copyright (C) 2022 Insyde Software Corp. All Rights Reserved.


                      Loading New BIOS Image File: ..Done

                  Current BIOS Model Name: NetBoard-A10_Gen.3
                  New     BIOS Model Name: NetBoard-A10_Gen.3
                  Current BIOS Version: 05.32.50.0014-A10.22E
                  New     BIOS Version: 05.39.21.0028-A10.35
                           Save SMBIOS Structures


                           Updating Block at FFFFF000h
          0%          25%         50%          75%         100%
           **************************************************     100%

Now, when powered up, it appears to enter a boot loop. The power light flickers off briefly roughly once a second, as if it is constantly resetting itself, and there is no output on the serial console.

I am now going in desperate search of a flash programmer and an older BIOS version, but wanted to get the warning out that this BIOS update appears to be capable of bricking systems!

https://github.com/opnsense/core/issues/8759

FWIW I bumped into this as well (now on 21.5.7), only in my case there are now 5 configd and 7 dnsmasq log entries for every RA: https://forum.opnsense.org/index.php?topic=47469.0

I dug into this a little more and confirmed that each RA received on the WAN triggers:
 * "New IPv6" message and related processing -- at least two or three scripts are forked each time
 * /etc/resolv.conf and /etc/hosts get rewritten (with the same contents)
 * dnsmasq noisily reloads the above files

This results in non-trivial CPU load on a near-idle network, e.g. a snapshot from top:

Code Select Expand

  PID USERNAME    THR PRI NICE   SIZE    RES STATE    C   TIME    WCPU COMMAND
 7507 root          9  28    0   376M   275M kqread   4  19:03   0.98% /usr/local/bin/python3 /usr/local/opnsense/scripts/unbound/logger.py (python3.11)
72017 nobody        1  20    0    17M  6276K select   7   9:16   0.29% /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
84373 root          1  68    0    58M    33M nanslp   0   0:00   0.00% /usr/local/bin/php /usr/local/etc/rc.newwanipv6 ax0
Wouldn't it be reasonable to cache the RA contents, and do nothing if they are the same as last time?

Hmm, I found the configd log is full of:

<13>1 2025-06-02T21:50:40+02:00 <redacted> configd.py 251 - [meta sequenceId="23808"] [f48e13a6-4234-40c4-8adf-dd835f1453a8] New IPv6 on ax0
<13>1 2025-06-02T21:50:43+02:00 <redacted> configd.py 251 - [meta sequenceId="23809"] [abb7da35-87a7-49ec-9405-1cd791e690d8] request dhcp options
<13>1 2025-06-02T21:50:43+02:00 <redacted> configd.py 251 - [meta sequenceId="23810"] [447be926-549f-4030-b953-a5398b7d201a] request dhcp options6
<13>1 2025-06-02T21:50:43+02:00 <redacted> configd.py 251 - [meta sequenceId="23811"] [b6b41c5f-bb32-4f43-9fa7-6c3e81d1efd1] IPsec list legacy VirtualTunnelInterfaces
<14>1 2025-06-02T21:50:43+02:00 <redacted> configd.py 251 - [meta sequenceId="23812"] message f48e13a6-4234-40c4-8adf-dd835f1453a8 ['ax0' ''] returned OK

... repeating at a period that matches the roughly 10s rewrites of resolv.conf.

https://forum.opnsense.org/index.php?topic=40477.0 puts this "new IPv6" message down to receiving RAs on the WAN port, but if every RA results in this many processes and log entries, the whole thing seems awfully inefficient.

[I've updated the subject to reflect diagnosis of the issue. See later messages for details.]

I have migrated from ISC DHCP to dnsmasq + unbound DNS, largely following the configuration example in the docs where Unbound forwards DNS queries for the local domain to Dnsmasq on a custom port. Everything seems to work, but my dnsmasq log is full of these entries:

2025-06-02T21:21:54    Informational    dnsmasq    reading /etc/resolv.conf
2025-06-02T21:21:46    Informational    dnsmasq    using only locally-known addresses for <redacted>
2025-06-02T21:21:46    Informational    dnsmasq    using nameserver <redacted>
2025-06-02T21:21:46    Informational    dnsmasq    using nameserver <redacted>
2025-06-02T21:21:46    Informational    dnsmasq    using nameserver <redacted>
2025-06-02T21:21:46    Informational    dnsmasq    using nameserver <redacted>
2025-06-02T21:21:46    Informational    dnsmasq    using nameserver 127.0.0.1#53   
2025-06-02T21:21:46    Informational    dnsmasq    reading /etc/resolv.conf
...

this repeats approximately every 10 seconds, and indeed /etc/resolv.conf and /etc/hosts are always being rewritten (with the same contents). This interval is much shorter than the DHCP renewals on the WAN link that also rewrite resolv.conf only every 15 minutes.

My best guess is that there's a feedback loop where dnsmasq is both being triggered by these updates to resolv.conf yet also causing them, but I'm not familiar enough with BSD / opnsense to diagnose it. Any tips?