Messages

Hi cookiemonster,

great it works
- I have one unassigned Interface, Unbound can't start.
- I simple assign the Interface, not configure anything, - start Unbound - it work's

Unbound back to Business - Thank you

Regards - Meik

Hi cookiemonster:
"no errors in /var/unbound/unbound.conf"

Hi JustMeHere, DHCP-Server is not used / folder is empty:
root@fw:/var/dhcpd/var/db # ls
root@fw:/var/dhcpd/var/db #

Code Select Expand


root@fw:/var/unbound # ls
access_lists.conf       etc                     root.hints              unbound_control.pem
conf.d                  host_entries.conf       root.key                unbound_server.key
dev                     lib                     run                     unbound_server.pem
dhcpleases.conf         private_domains.conf    unbound.conf            usr
domainoverrides.conf    resolv.conf.root        unbound_control.key     var


Hello 👋

I have two OPNsense, which only hang with one interface in the network, on which the unbound service no longer starts since the 22.x.
Both installed on a Hyper-V 2012R2 and 2019 host.

Code Select Expand


Date
Severity
Process
Line
2022-08-10T14:24:33 Error configd.py [305016fc-62f2-4ec1-8c49-9f09771a06c8] Script action stderr returned "b"pgrep: Cannot open pidfile `/var/run/unbound.pid': No such file or directory""
2022-08-10T14:24:33 Notice configd.py [305016fc-62f2-4ec1-8c49-9f09771a06c8] request Unbound status
2022-08-10T14:24:28 Debug configd.py OPNsense/Unbound/* generated //usr/local/etc/unbound_dhcpd.conf
2022-08-10T14:24:28 Debug configd.py OPNsense/Unbound/* generated //var/unbound/root.hints
2022-08-10T14:24:28 Debug configd.py OPNsense/Unbound/* generated //usr/local/etc/unbound.opnsense.d/miscellaneous.conf
2022-08-10T14:24:28 Debug configd.py OPNsense/Unbound/* generated //usr/local/etc/unbound.opnsense.d/domainoverrides.conf
2022-08-10T14:24:28 Debug configd.py OPNsense/Unbound/* generated //var/unbound/private_domains.conf
2022-08-10T14:24:28 Debug configd.py OPNsense/Unbound/* generated //usr/local/etc/unbound.opnsense.d/dot.conf
2022-08-10T14:24:28 Debug configd.py OPNsense/Unbound/* generated //tmp/unbound-blocklists.conf
2022-08-10T14:24:28 Notice configd.py generate template container OPNsense/Unbound/core
2022-08-10T14:24:28 Notice configd.py [9290ca78-7411-4ef0-976a-28e390648445] generate template OPNsense/Unbound/*
2022-08-10T00:12:22 Notice configd.py [0b216cc1-e978-4b48-8ded-18428ea0abe2] Unbound cache flush
2022-08-09T20:45:57 Notice configd.py [c7bf4753-f82c-4712-aeba-db93fee1cc8b] Unbound cache flush
------------------------
PID
USERNAME
PRI
NICE
SIZE
RES
STATE
C
TIME
WCPU
COMMAND
14274 root 102 0 32M 19M CPU0 0 80:30 99.62% /usr/local/sbin/unbound-checkconf /var/unbound/unbound.conf
14167 root 52 0 13M 2284K wait 0 0:00 0.00% /bin/sh /usr/local/opnsense/scripts/unbound/start.sh
14121 root 52 0 13M 2144K wait 0 0:00 0.00% /usr/local/bin/flock -n -E 0 -o /tmp/unbound_start.lock /usr/local/opnsense/scripts/unbound/start.sh


The Unbound Protocol is empty (cleared, but it comes no new entry's).

Reset to Factory-Default and reconfigure interface only, Unbound did not start.

How to search, why Unbound did not start.

Thanks for help - Meik

Hi clownschiff,

For MSP, it's partly usable.
Best with a stand-alone instance (not using as Firewall only for managing / OPNcentral).

All or nothing from a category is the thing  :-\
For every OPNsense select from the Provision classes you want to deploy.
E.g. Aliases - create Aliases, all Aliases deployed on every selected OPNsense.

(Aliases, Auth Servers, Captive Portal, Certificates, Cron, DHCPD, DHCPDv6, DHCPv4: Relay, DHCPv6: Relay, Dashboard, Dnsmasq DNS, Firewall Categories, Firewall Groups, Firewall Log Templates, Firewall Rules, Firewall Schedules, IPsec, Intrusion Detection, Monit System Monitoring, NAT, Netflow / Insight, Network Time, OpenSSH, OpenVPN, Shaper, Static Routes, System Tunables, Unbound DNS, Users and Groups, Wake on LAN, Web GUI, Web Proxy, WireGuard)

- VPN is not necessary, access the Web Interface from the OPNcentral running Host must be given, every way is ok ;).
Create a Allow List for your static IPs where the OPNcentral is running, allow Access from WAN on the Client side.
- You can use DYNDNS-Address if no Static IP is available.

For Firmware overview it's ok, to central show the status of Services, and Resources this makes it easy for an overview.

Best Regards - ADI

no, the Windows Server 2012 R2 Host has a v3:
https://ark.intel.com/content/www/de/de/ark/products/75056/intel-xeon-processor-e3-1270-v3-8m-cache-3-50-ghz.html

the Windows Server 2016 a:
https://ark.intel.com/content/www/us/en/ark/products/88176/intel-xeon-processor-e3-1240-v5-8m-cache-3-50-ghz.html

the Windows Server 2019 a:
https://ark.intel.com/content/www/us/en/ark/products/75789/intel-xeon-processor-e5-2620-v2-15m-cache-2-10-ghz.html

I've added the Hardware above.

i tested also on a Server 2012 R2, Gen2, Configuration Version 5.0, there installer works, Live-CD too
E3-1270 v3, Intel Board S1200RP, 32GB ECC RAM

On a Server 2016, Gen2, Configuration Version 8.0, it works like the Server 2012 R2
E3-1240 v5, Supermicro Board X11SSL-CF, 32GB ECC Ram

On the Server 2019 (above) i create a Gen2 Configuration Version 5.0, the same "error"

On a Windows 10 1809, Gen2 Configuration Version 9.0, the same error
i3-4150, Supermicro X10SLV-Q, 8GB RAM (a small PBX-Host)

Something that i can test? (for testing i removed the NIC from the configuration, set use other CPU-Version, error is the same)

Hi lattera,

the Attached Image ist the boot Screen and the Settings (German)
Secure Boot is of.

Hope this helps - Meik

Hyper-V Host: Window Server 2019, Dual XEON E5-2620 v2, Supermicro X9DR3-F Board, 64GB-ECC-Reg-Ram, NVMe-Storage-Pool with Linux optimised vhdx (-BlockSizeBytes 1MB)

Hi there,

I have a Problem with our 3CX after upgrading from 17.7.12 to 18.1.1
The Firewall Checker say SIP ALG failed
--> https://www.3cx.com/docs/firewall-checker/#h.ikh44hto4r56

Before with 17.7.12, no issue.

I have tested:
Upgrade 17.17.12 (on 2016 Hyper-V Gen1) to 18.1.1, failed :-(
Backup and Restore on a new 18.1.1 (on 2016 Hyper-V Gen2), failed :-(

Check the "Firewall, Settings, Advanced, --> Firewall Optimization: conservative", (normally the Thing, where it hangs)

Any ideas?

Thanks, Meik

---

18.x runs von Hyper-V 2016 Gen2 (Secure Boot Disabled, like all Linux Guests) good, no issue in the moment

Hi weust,

i has test yesterday a Installation with the ISO:
OPNsense-18.1.r1-OpenSSL-dvd-amd64.iso

This works on a Windows Server 2016 with Configuration-Version 8.0, disabled Secure-Boot (like 99% Linux Guests).

(Test only installation, reboot, quick config. This Week i will backup the Gen1 OPNsense, and restore it in the Gen2, looking what working, and what not :-p).

Meik

No one? :-( / or better bug tracker?

have rebuild it on a second installation, there the DNS crashes also, on DHCP-Leases names with .(dot) at the end

Hi @all,

I have a OPNsense with DHCP und Unbound DNS running.

and, I have a DHCP Client (Snom Phone with a . (DOT) in the Name):

unbound: [10850:0] error: error parsing local-data at 16 'Snom-Heavy-C..crasydomain.org IN A 10.1.32.213': Empty Label

Not the best Name (now reconfigured), but this brings the Unbound DNS to Crash, if "Register DHCP-Leases in DNS-Resolver" is enabled.
In the gui I can't remove the entry's (delete the Lease in DHCP not working), the only possible way to bring back Unbound DNS i to deactivate "Register DHCP-Leases in DNS-Resolver".

1. any way to drop the wrong entry to bring back "Register"
2. ToDo: Create a filter to put only valid Names in the DNS

Thansk  for Help - Meik

Hi in the round...

if Running OPNsense from image, all fine*, but if installing (mbr/gpt testet) the system freeze on boot at the FreeBSD boot screen.



I'm installing on a KVM-VM over the QEMU-Console

I search around in the issues and forum, but no thing works.
things like Type: set comconsole="efi", ...
at the console befor the FreeBSD boot screen all endless :-(

Thanks - Meik

Hi all,

i would install a 17.7 on a vserver at my Provider.

there is a special, they route the public ip to a private 172.1.1.1
i only have one Network Interface so i set wan to the "Internet" IP.

when i would access the Webinterface this comes:

The HTTP_REFERER "http://1.2.3.4/" does not match the predefined settings. You can disable this check if needed under System: Settings: Administration.

Is there a way to disable the HTTP_REFERER check from the Shell, or include the "real" secound IP to it?.


Thanks for helping ways :-)
                                         Meik