Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Meik

#1
Hi cookiemonster,

great it works
- I have one unassigned Interface, Unbound can't start.
- I simple assign the Interface, not configure anything, - start Unbound - it work's

Unbound back to Business - Thank you

Regards - Meik
#2
Hi cookiemonster:
"no errors in /var/unbound/unbound.conf"

Hi JustMeHere, DHCP-Server is not used / folder is empty:
root@fw:/var/dhcpd/var/db # ls
root@fw:/var/dhcpd/var/db #


root@fw:/var/unbound # ls
access_lists.conf       etc                     root.hints              unbound_control.pem
conf.d                  host_entries.conf       root.key                unbound_server.key
dev                     lib                     run                     unbound_server.pem
dhcpleases.conf         private_domains.conf    unbound.conf            usr
domainoverrides.conf    resolv.conf.root        unbound_control.key     var

#3
Hello 👋

I have two OPNsense, which only hang with one interface in the network, on which the unbound service no longer starts since the 22.x.
Both installed on a Hyper-V 2012R2 and 2019 host.

Date
Severity
Process
Line
2022-08-10T14:24:33 Error configd.py [305016fc-62f2-4ec1-8c49-9f09771a06c8] Script action stderr returned "b"pgrep: Cannot open pidfile `/var/run/unbound.pid': No such file or directory""
2022-08-10T14:24:33 Notice configd.py [305016fc-62f2-4ec1-8c49-9f09771a06c8] request Unbound status
2022-08-10T14:24:28 Debug configd.py OPNsense/Unbound/* generated //usr/local/etc/unbound_dhcpd.conf
2022-08-10T14:24:28 Debug configd.py OPNsense/Unbound/* generated //var/unbound/root.hints
2022-08-10T14:24:28 Debug configd.py OPNsense/Unbound/* generated //usr/local/etc/unbound.opnsense.d/miscellaneous.conf
2022-08-10T14:24:28 Debug configd.py OPNsense/Unbound/* generated //usr/local/etc/unbound.opnsense.d/domainoverrides.conf
2022-08-10T14:24:28 Debug configd.py OPNsense/Unbound/* generated //var/unbound/private_domains.conf
2022-08-10T14:24:28 Debug configd.py OPNsense/Unbound/* generated //usr/local/etc/unbound.opnsense.d/dot.conf
2022-08-10T14:24:28 Debug configd.py OPNsense/Unbound/* generated //tmp/unbound-blocklists.conf
2022-08-10T14:24:28 Notice configd.py generate template container OPNsense/Unbound/core
2022-08-10T14:24:28 Notice configd.py [9290ca78-7411-4ef0-976a-28e390648445] generate template OPNsense/Unbound/*
2022-08-10T00:12:22 Notice configd.py [0b216cc1-e978-4b48-8ded-18428ea0abe2] Unbound cache flush
2022-08-09T20:45:57 Notice configd.py [c7bf4753-f82c-4712-aeba-db93fee1cc8b] Unbound cache flush
------------------------
PID
USERNAME
PRI
NICE
SIZE
RES
STATE
C
TIME
WCPU
COMMAND
14274 root 102 0 32M 19M CPU0 0 80:30 99.62% /usr/local/sbin/unbound-checkconf /var/unbound/unbound.conf
14167 root 52 0 13M 2284K wait 0 0:00 0.00% /bin/sh /usr/local/opnsense/scripts/unbound/start.sh
14121 root 52 0 13M 2144K wait 0 0:00 0.00% /usr/local/bin/flock -n -E 0 -o /tmp/unbound_start.lock /usr/local/opnsense/scripts/unbound/start.sh


The Unbound Protocol is empty (cleared, but it comes no new entry's).

Reset to Factory-Default and reconfigure interface only, Unbound did not start.

How to search, why Unbound did not start.

Thanks for help - Meik

#4
Hi clownschiff,

For MSP, it's partly usable.
Best with a stand-alone instance (not using as Firewall only for managing / OPNcentral).

All or nothing from a category is the thing  :-\
For every OPNsense select from the Provision classes you want to deploy.
E.g. Aliases - create Aliases, all Aliases deployed on every selected OPNsense.

(Aliases, Auth Servers, Captive Portal, Certificates, Cron, DHCPD, DHCPDv6, DHCPv4: Relay, DHCPv6: Relay, Dashboard, Dnsmasq DNS, Firewall Categories, Firewall Groups, Firewall Log Templates, Firewall Rules, Firewall Schedules, IPsec, Intrusion Detection, Monit System Monitoring, NAT, Netflow / Insight, Network Time, OpenSSH, OpenVPN, Shaper, Static Routes, System Tunables, Unbound DNS, Users and Groups, Wake on LAN, Web GUI, Web Proxy, WireGuard)

- VPN is not necessary, access the Web Interface from the OPNcentral running Host must be given, every way is ok ;).
Create a Allow List for your static IPs where the OPNcentral is running, allow Access from WAN on the Client side.
- You can use DYNDNS-Address if no Static IP is available.

For Firmware overview it's ok, to central show the status of Services, and Resources this makes it easy for an overview.

Best Regards - ADI
#6
19.1 Legacy Series / Re: Kernel panic after upgrade
March 26, 2019, 06:39:28 PM
I've added the Hardware above.

i tested also on a Server 2012 R2, Gen2, Configuration Version 5.0, there installer works, Live-CD too
E3-1270 v3, Intel Board S1200RP, 32GB ECC RAM

On a Server 2016, Gen2, Configuration Version 8.0, it works like the Server 2012 R2
E3-1240 v5, Supermicro Board X11SSL-CF, 32GB ECC Ram

On the Server 2019 (above) i create a Gen2 Configuration Version 5.0, the same "error"

On a Windows 10 1809, Gen2 Configuration Version 9.0, the same error
i3-4150, Supermicro X10SLV-Q, 8GB RAM (a small PBX-Host)

Something that i can test? (for testing i removed the NIC from the configuration, set use other CPU-Version, error is the same)
#7
19.1 Legacy Series / Re: Kernel panic after upgrade
March 26, 2019, 04:44:31 PM
Hi lattera,

the Attached Image ist the boot Screen and the Settings (German)
Secure Boot is of.

Hope this helps - Meik

Hyper-V Host: Window Server 2019, Dual XEON E5-2620 v2, Supermicro X9DR3-F Board, 64GB-ECC-Reg-Ram, NVMe-Storage-Pool with Linux optimised vhdx (-BlockSizeBytes 1MB)
#8
Hi there,

I have a Problem with our 3CX after upgrading from 17.7.12 to 18.1.1
The Firewall Checker say SIP ALG failed
--> https://www.3cx.com/docs/firewall-checker/#h.ikh44hto4r56

Before with 17.7.12, no issue.

I have tested:
Upgrade 17.17.12 (on 2016 Hyper-V Gen1) to 18.1.1, failed :-(
Backup and Restore on a new 18.1.1 (on 2016 Hyper-V Gen2), failed :-(

Check the "Firewall, Settings, Advanced, --> Firewall Optimization: conservative", (normally the Thing, where it hangs)

Any ideas?

Thanks, Meik

---

18.x runs von Hyper-V 2016 Gen2 (Secure Boot Disabled, like all Linux Guests) good, no issue in the moment
#9
18.1 Legacy Series / Hyper-V 2016 Gen 2 works
January 15, 2018, 04:03:17 PM
Hi weust,

i has test yesterday a Installation with the ISO:
OPNsense-18.1.r1-OpenSSL-dvd-amd64.iso

This works on a Windows Server 2016 with Configuration-Version 8.0, disabled Secure-Boot (like 99% Linux Guests).

(Test only installation, reboot, quick config. This Week i will backup the Gen1 OPNsense, and restore it in the Gen2, looking what working, and what not :-p).

Meik
#10
No one? :-( / or better bug tracker?

have rebuild it on a second installation, there the DNS crashes also, on DHCP-Leases names with .(dot) at the end
#11
Hi @all,

I have a OPNsense with DHCP und Unbound DNS running.

and, I have a DHCP Client (Snom Phone with a . (DOT) in the Name):

unbound: [10850:0] error: error parsing local-data at 16 'Snom-Heavy-C..crasydomain.org IN A 10.1.32.213': Empty Label

Not the best Name (now reconfigured), but this brings the Unbound DNS to Crash, if "Register DHCP-Leases in DNS-Resolver" is enabled.
In the gui I can't remove the entry's (delete the Lease in DHCP not working), the only possible way to bring back Unbound DNS i to deactivate "Register DHCP-Leases in DNS-Resolver".

1. any way to drop the wrong entry to bring back "Register"
2. ToDo: Create a filter to put only valid Names in the DNS

Thansk  for Help - Meik
#12
Hi in the round...

if Running OPNsense from image, all fine*, but if installing (mbr/gpt testet) the system freeze on boot at the FreeBSD boot screen.



I'm installing on a KVM-VM over the QEMU-Console

I search around in the issues and forum, but no thing works.
things like Type: set comconsole="efi", ...
at the console befor the FreeBSD boot screen all endless :-(

Thanks - Meik

#13
17.7 Legacy Series / Disable HTTP_REFERER from the Shell
September 08, 2017, 07:29:23 PM
Hi all,

i would install a 17.7 on a vserver at my Provider.

there is a special, they route the public ip to a private 172.1.1.1
i only have one Network Interface so i set wan to the "Internet" IP.

when i would access the Webinterface this comes:

QuoteThe HTTP_REFERER "http://1.2.3.4/" does not match the predefined settings. You can disable this check if needed under System: Settings: Administration.

Is there a way to disable the HTTP_REFERER check from the Shell, or include the "real" secound IP to it?.


Thanks for helping ways :-)
                                         Meik