Messages

I may have suggested this a couple years back but thought I might suggest again.
There was a feature I used a long time ago, I think it was dd-wrt on a 54gl router that would introduce latency to some devices at a certain time. It wasn't in the gui, but a script. Why you might ask? Its real handy as a parental controls to reduce pvp gaming if you use it with a a set time, like add 2000ms from 1am to 7am. This could be added to the 'shaper' section in firewall. I think this can be done in feebsd with a package called dummynet and in linux with tc. There is probably close to 0% interest in this feature but if its easy to add, why not.

[CPU core temperature]

90 C CPU core temperature is not a problem. Are you saying this is some ambient/chassis sensor showing this value?

Thats the core temp. Ambiant would be around 55C using a infred temp gun/probe.

With those CPU temps I reckon thermal paste or a very small case. If that does not help, reduce power limits.

While 90°C ist not a problem in itself, it is when reached at light load already.

I will find my thermal paste and pull it apart tomorrow, Looks like I can get a nice noctorua 120mm 5v fan and screw it to the top possibly. Also I read about adding hint.hwpstate_intel.0.disabled=1 to system --> setting --> tuneables , Not sure if I want to brick my system just yet trying things. Thanks for the suggestions

I was installing a ip camera today with 1920*1080p. I had 3 streams running from one poe switch to opensense and back on a diffrent switch. My router which is a mini pci from China --> Intel N5105 @ 2.00GHz (4 cores, 4 threads) usually runs hot, around 65-70c but it was holding steady at 90c until I shut those streams down. I put a infared temp probe on the fanless router (black fins) and it said 50c. My equipment sits in a fanless small rack box. Watching top, the cpu sits at 1% with spikes to 9% once in a while.

I think I need to do something. Should I throttle the cpu way down? Check the thermal paste and connection? buy a usb fan?
I usually get nervous with the 85c but for it to peg out so near to t junction has me worried. Maybe there is some setting/operation that the opnsense doesnt need to do when traffic wants to go to deffrent switches (subnets) on my lan.

Thanks Maurice

Thanks for the reply. I cant find the exact same box as before, I think it may have been discontinued. I found a new version of the older hardware with diffrent nics, but I think I may try a newer cpu as well.
The nic in the one im looking at is Intel i225 2.5G with a  n5105 processor which seems kinda popular. I believe my J1900 cpu/board used 4* Intel WG82583 lan controllers.

Im wondering if the naming would be diffrent and I would have to edit the onfig xml on that one? I imagine this is changing name from eth0 to some other name.

I have a chinese board with 4 ethernet ports and a intel j1900. If i buy another mini pc with 4 ports can I load the config file from the old one? How similar does the hardware need to be?

Thanks

No luck with nano image. Here is screen shot.

root mount waiting for cam

I see that message allot.

I think i am going to find a older image and have them try that.
edit: I wonder if this is a freebsd issue or hardware with my china box Q190G4U

no luck so far. We have removed the msata drive and placed in a sata drive. The bios can see it.The opnsense install does not. Im using the vga image. Im going to have family member download a diffrent image and try that. Maybe the nano?

Pressing #2 causes the sysyem to hang for a long time, we are or I am expecting a prompt.
will the dvd iso write to a thumb drive?

I'm trying to talk a family member through reinstalling opnsense remotely. Its not going well.

How do you get into single user mode? I'm not getting a command prompt. Nothing that says login. Ctrl + Alt + F1 or F2 does nothing too (sometimes that works in Linux), just messages printed to screen (screeshot) This is 23.1 version.
Spacebar works to pause.

Also tried to install with fresh 23.7 vga img file, copied to thumb drive with dd, installer does not see the ssd drive when logging in via ssh installer@192.168.1.1. , it just shows the usb thumb drive. This is second day of messing around for a couple hours. My device is a qotom j1900 box.

Maybe the ssd is broken?

Thanks for the help, Im going to let it ride since wont be home for several more months.


fingers crossed :-D

I tried, no luck, file shows when I "ls" but not "ls -lah". I tested on another file in directory and it listed the file. Some of the files have something like a hash at the end of the file name.

Code Select Expand

root@J1900:/usr/local/lib/python3.9/test/test_tools/__pycache__ # ls -lah test_lll.cpython-39.opt-1.pyc
ls: test_lll.cpython-39.opt-1.pyc: Invalid argument
root@J1900:/usr/local/lib/python3.9/test/test_tools/__pycache__ # ls -lah test_sundry.cpython-39.opt-2.pyc
-rw-r--r--  1 root  wheel   1.6K Mar 28 05:14 test_sundry.cpython-39.opt-2.pyc
root@J1900:/usr/local/lib/python3.9/test/test_tools/__pycache__ # ls -lah
ls: test_lll.cpython-39.opt-1.pyc: Invalid argument
ls: test_lll.cpython-39.opt-2.pyc: Invalid argument
ls: test_lll.cpython-39.pyc: Invalid argument
ls: test_md5sum.cpython-39.opt-1.pyc: Invalid argument
ls: test_md5sum.cpython-39.opt-2.pyc: Invalid argument
ls: test_md5sum.cpython-39.pyc: Invalid argument
ls: test_pathfix.cpython-39.opt-1.pyc: Invalid argument
ls: test_pathfix.cpython-39.opt-2.pyc: Invalid argument
ls: test_pathfix.cpython-39.pyc: Invalid argument
ls: test_pdeps.cpython-39.opt-1.pyc: Invalid argument
ls: test_pdeps.cpython-39.opt-2.pyc: Invalid argument
ls: test_pdeps.cpython-39.pyc: Invalid argument
ls: test_pindent.cpython-39.opt-1.pyc: Invalid argument
ls: test_pindent.cpython-39.opt-2.pyc: Invalid argument
ls: test_pindent.cpython-39.pyc: Invalid argument
ls: test_reindent.cpython-39.opt-1.pyc: Invalid argument
total 660
drwxr-xr-x  2 root  wheel   9.0K Jun 25 22:51 .
drwxr-xr-x  3 root  wheel   3.0K Jun 25 22:51 ..
-rw-r--r--  1 root  wheel   1.4K Jun 21 05:17 .pkgtemp.test_lll.cpython-39.opt-1.pyc.F21qEh0gnaWr
-rw-r--r--  1 root  wheel   1.4K Jun 21 05:17 .pkgtemp.test_lll.cpython-39.opt-1.pyc.SLAtPp6mSC72
-rw-r--r--  1 root  wheel   1.4K Jun 21 05:17 .pkgtemp.test_lll.cpython-39.opt-1.pyc.dRm2Lr8DrAGh
.................................
................................



edit: I have a ton of these msgs in dmesg.yesterday "/mnt: inode 758: check-hash failed
/mnt: inode 757: check-hash failed
/mnt: inode 754: check-hash failed
/mnt: inode 756: check-hash failed
/mnt: inode 752: check-hash failed
/mnt: inode 753: check-hash failed
/mnt: inode 755: check-hash failed
/mnt: inode 764: check-hash failed
/mnt: inode 766: check-hash failed
/mnt: inode 767: check-hash failed
/mnt: inode 760: check-hash failed
/mnt: inode 765: check-hash failed
..........." after a reboot. I wonder if I have a corrupt filesystem. I have a lot of lightning at my house and freq power outages that exceed the UPS. Just a thought.

edit#2
I ran fsck and it says a bunch of stuff like "INODE CHECK-HASH FAILED I=753  OWNER=4294967295 MODE=177777
SIZE=18446744073709551615 MTIME=Jan  1 06:59 1970
FIX? no
.........."

That means trouble right? lol

I don't know enough kung foo to know why either, but here is a screen shot. 

Try this command and then re-run the upgrade:

Code Select Expand

mv /usr/local/lib/python3.9/test/test_tools/__pycache__/test_lll.cpython-39.opt-1.pyc /usr/local/lib/python3.9/test/test_tools/__pycache__/test_lll.cpython-39.opt-1.pyc-old

It is a bug in PKG that's reported and now Franco has two different reports to add to the bug, and if I understood correctly a fix it will land in OPNsense soon regardless of how fast it is addressed upstream. Unsure if this will be a hotfix or 23.1.11/23.7.

We'll find out either here from Franco or in the release notes :)

I get

Code Select Expand

mv: rename test_lll.cpython-39.opt-1.pyc to test_lll.cpython-39.opt-1.pyc-old: Invalid argument when in that directory. Thanks for the tip, I'm not sure why I get invalid argument. I can see the filelisted when I type ls

I guess I will wait a while, opnsense still works for me.

I keep getting this in the log when updating. I updating over wiregaurd remotely and don't want to brick it.
Anyone know what I should do? I am trying to fix another problem I am having but first thought I would update first.

Code Select Expand

***GOT REQUEST TO UPDATE***
Currently running OPNsense 23.1.5_4 at Sun Jun 25 22:36:17 +07 2023
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (56 candidates): .......... done
Processing candidates (56 candidates): .......... done
Checking integrity... done (0 conflicting)
The following 59 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
easy-rsa: 3.1.5
pkcs11-helper: 1.29.0
py39-tzdata: 2023.3_1

Installed packages to be UPGRADED:
ca_root_nss: 3.89 -> 3.89.1
curl: 7.88.1 -> 8.1.2
dhcp6c: 20200512_1 -> 20230530
glib: 2.76.1,2 -> 2.76.3,2
ifinfo: 13.0 -> 13.0_1
krb5: 1.20.1 -> 1.21
libnghttp2: 1.52.0 -> 1.53.0
libpsl: 0.21.2_2 -> 0.21.2_3
libxml2: 2.10.3_1 -> 2.10.4
lighttpd: 1.4.69 -> 1.4.71
mpd5: 5.9_13 -> 5.9_16
nettle: 3.8.1 -> 3.9.1
nss: 3.89 -> 3.90
ntp: 4.2.8p15_5 -> 4.2.8p17
openssh-portable: 9.2.p1,1 -> 9.3.p1,1
openvpn: 2.5.8 -> 2.6.5
opnsense: 23.1.5_4 -> 23.1.10_1
opnsense-update: 23.1.5 -> 23.1.8_2
os-dnscrypt-proxy: 1.12_1 -> 1.13_1
pftop: 0.8_2 -> 0.8_4
php81: 8.1.17 -> 8.1.20
php81-ctype: 8.1.17 -> 8.1.20
php81-curl: 8.1.17 -> 8.1.20
php81-dom: 8.1.17 -> 8.1.20
php81-filter: 8.1.17 -> 8.1.20
php81-gettext: 8.1.17 -> 8.1.20
php81-ldap: 8.1.17 -> 8.1.20
php81-mbstring: 8.1.17 -> 8.1.20
php81-pdo: 8.1.17 -> 8.1.20
php81-phalcon: 5.2.1 -> 5.2.2
php81-session: 8.1.17 -> 8.1.20
php81-simplexml: 8.1.17 -> 8.1.20
php81-sockets: 8.1.17 -> 8.1.20
php81-sqlite3: 8.1.17 -> 8.1.20
php81-xml: 8.1.17 -> 8.1.20
php81-zlib: 8.1.17 -> 8.1.20
py39-bottleneck: 1.3.6 -> 1.3.7_1
py39-certifi: 2022.12.7 -> 2023.5.7
py39-charset-normalizer: 3.0.1 -> 3.1.0
py39-cython: 0.29.33 -> 0.29.35
py39-dnspython: 2.2.1_1,1 -> 2.3.0,1
py39-idna: 3.4 -> 3.4_1
py39-markupsafe: 2.1.2 -> 2.1.3
py39-numexpr: 2.8.4 -> 2.8.4_1
py39-numpy: 1.24.1,1 -> 1.24.1_4,1
py39-pandas: 1.5.3,1 -> 2.0.2,1
py39-requests: 2.28.2 -> 2.31.0
py39-sqlite3: 3.9.16_7 -> 3.9.17_7
py39-ujson: 5.7.0 -> 5.8.0
py39-urllib3: 1.26.14,1 -> 1.26.16,1
python39: 3.9.16_2 -> 3.9.17
sqlite3: 3.41.0_1,1 -> 3.42.0,1
squid: 5.8 -> 5.9
strongswan: 5.9.10_1 -> 5.9.10_2
suricata: 6.0.9_1 -> 6.0.13
syslog-ng: 3.38.1 -> 4.2.0

Number of packages to be installed: 3
Number of packages to be upgraded: 56

The process will require 6 MiB more space.
[1/59] Upgrading python39 from 3.9.16_2 to 3.9.17...
[1/59] Extracting python39-3.9.17: .......... done
python39-3.9.16_2: missing file /usr/local/lib/python3.9/ensurepip/_bundled/pip-22.0.4-py3-none-any.whl
python39-3.9.16_2: missing file /usr/local/lib/python3.9/lib2to3/Grammar3.9.16.final.0.pickle
python39-3.9.16_2: missing file /usr/local/lib/python3.9/lib2to3/PatternGrammar3.9.16.final.0.pickle
python39-3.9.16_2: missing file /usr/local/share/licenses/python39-3.9.16_2/LICENSE
python39-3.9.16_2: missing file /usr/local/share/licenses/python39-3.9.16_2/PSFL
python39-3.9.16_2: missing file /usr/local/share/licenses/python39-3.9.16_2/catalog.mk
pkg-static: Fail to rename /usr/local/lib/python3.9/test/test_tools/__pycache__/.pkgtemp.test_lll.cpython-39.opt-1.pyc.dRm2Lr8DrAGh -> /usr/local/lib/python3.9/test/test_tools/__pycache__/test_lll.cpython-39.opt-1.pyc:Invalid argument
Starting web GUI...done.
Generating RRD graphs...done.
***DONE***

Wow thanks for the list tiermutter. I did a nslookup on the manually entered ones.
mozilla.cloudflare-dns.com
doh.opendns.com
doh.dns.sb
Those are listed in this one-> https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-ipv4.txt

Incidentally I had to disable the Aliases check box hit save and then click box to re-enable in order for the new list to be populated. (hope that helps someone) 2,400+ DNS over https servers (DoH) all together.

I got my system to work. I can't ping 8.8.8.8 anymore and a device that has 8.8.8.8 for dns manually set goes through dnscrypt according to https://ipleak.net/

The only thing that bothers me is all the queries in the dnscrypt logging tab now say 127.0.0.2 or 192.168.0.4 (where dnscrypt is listening), so I have to look at unbound to see what device is making any questionable queries.

If anyone is going to work on their system I suggest disabling dns cache everywhere you can before you start. Your machine, your browser, unbound.... lol I see there is some tutorials but most are a bit stale. I could make one and post it here if there is interest.

cheers everyone