Messages

1

23.7 Production Series / Re: 23.7.8 - squid keeps crashing

« on: November 11, 2023, 02:49:57 am »

1am EST November 10th is when I updated the systems..

8:30pm EST is when I write the post..

Is there anything between those times about squid 6.5 package?

 

2

23.7 Production Series / Re: 23.7.8 - squid keeps crashing

« on: November 11, 2023, 02:44:02 am »

agreed..

But where would I know to check..

Yes updating to 6.5 does fix it.

Where was that reported?

3

23.7 Production Series / Re: 23.7.8 - squid keeps crashing

« on: November 11, 2023, 02:32:57 am »

https://forum.opnsense.org/index.php?topic=36891.0

Looks like there is a squid 6.5 package..

Would that be posted here.. as that would be an update to the base system?

4

23.7 Production Series / 23.7.8 - squid keeps crashing

« on: November 11, 2023, 02:28:26 am »

Code: [Select]

root@OPNsense:~ # dmesg | grep -c squid
19
root@OPNsense:~ # uptime
 8:23PM  up 21:11, 1 user, load averages: 0.06, 0.11, 0.13

2023/11/10 20:22:13 kid1| Accepting HTTP Socket connections at conn3 local=10.20.245.42:3128 remote=[::] FD 11 flags=9
    listening port: 10.20.245.42:3128
2023/11/10 20:22:13 kid1| FATAL: assertion failed: stmem.cc:98: "lowestOffset () <= target_offset"
    current master transaction: master129
2023/11/10 20:22:13| Removing PID file (/var/run/squid/squid.pid)

root@OPNsense:~ # squid -k check
2023/11/10 20:25:27| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2023/11/10 20:25:27| Processing Configuration File: /usr/local/etc/squid/pre-auth/40-snmp.conf (depth 1)
2023/11/10 20:25:27| Processing Configuration File: /usr/local/etc/squid/pre-auth/dummy.conf (depth 1)
2023/11/10 20:25:27| Processing Configuration File: /usr/local/etc/squid/pre-auth/parentproxy.conf (depth 1)
2023/11/10 20:25:27| Processing Configuration File: /usr/local/etc/squid/auth/dummy.conf (depth 1)
2023/11/10 20:25:27| Processing Configuration File: /usr/local/etc/squid/post-auth/dummy.conf (depth 1)
2023/11/10 20:25:27| Set Current Directory to /var/squid/cache
2023/11/10 20:25:27| FATAL: failed to open /var/run/squid/squid.pid: (2) No such file or directory
    exception location: File.cc(191) open

 grep -c FATAL /var/log/squid/cache.log
13


ten locations all doing the same thing..

before the update everything was working..

5

23.7 Production Series / Re: three out of nine sites.. just had an unbound problem..

« on: October 04, 2023, 06:17:25 pm »

Just had this happen again..

root@OPNsense:/var/log/resolver # ls -al
total 46
drwx------   2 root  wheel    256 Oct  4 12:01 .
drwxr-xr-x  16 root  wheel   1600 Oct  4 03:01 ..
lrwxr-x---   1 root  wheel     39 Oct  4 12:01 latest.log -> /var/log/resolver/resolver_20230918.log
-rw-------   1 root  wheel   6740 Sep 14 23:27 resolver_20230914.log
-rw-------   1 root  wheel  18568 Sep 18 17:48 resolver_20230918.log
-rw-------   1 root  wheel  14026 Oct  4 12:02 resolver_20231004.log

the 1004.log is only after the restart of unbound..

12:09PM  up 19 days, 12:43, 1 user, load averages: 0.72, 0.69, 0.64
root@OPNsense:/var/log/resolver # exit
exit

*** OPNsense.dom1.dom0: OPNsense 23.7.5 ***

<30>1 2023-10-04T12:01:45-04:00 OPNsense.dom1.dom0 unbound 66077 - [meta sequenceId="6"] [66077:0] info: server stats for thread 0: 110496 queries, 85021 answers from cache, 25475 recursions, 0 prefetch, 0 rejected by ip ratelimiting

<30>1 2023-10-04T12:01:45-04:00 OPNsense.dom1.dom0 unbound 66077 - [meta sequenceId="7"] [66077:0] info: server stats for thread 0: requestlist max 19 avg 0.676703 exceeded 0 jostled 0

<30>1 2023-10-04T12:01:45-04:00 OPNsense.dom1.dom0 unbound 66077 - [meta sequenceId="26"] [66077:0] info: server stats for thread 1: 57621 queries, 53353 answers from cache, 4268 recursions, 0 prefetch, 0 rejected by ip ratelimiting

<30>1 2023-10-04T12:01:45-04:00 OPNsense.dom1.dom0 unbound 66077 - [meta sequenceId="27"] [66077:0] info: server stats for thread 1: requestlist max 5 avg 0.229147 exceeded 0 jostled 0

<30>1 2023-10-04T12:01:45-04:00 OPNsense.dom1.dom0 unbound 66077 - [meta sequenceId="43"] [66077:0] info: server stats for thread 2: 2553318 queries, 1607760 answers from cache, 945558 recursions, 0 prefetch, 0 rejected by ip ratelimiting

<30>1 2023-10-04T12:01:45-04:00 OPNsense.dom1.dom0 unbound 66077 - [meta sequenceId="44"] [66077:0] info: server stats for thread 2: requestlist max 29 avg 0.700493 exceeded 0 jostled 0

<30>1 2023-10-04T12:01:45-04:00 OPNsense.dom1.dom0 unbound 66077 - [meta sequenceId="66"] [66077:0] info: server stats for thread 3: 1582665 queries, 966354 answers from cache, 616311 recursions, 0 prefetch, 0 rejected by ip ratelimiting

<30>1 2023-10-04T12:01:45-04:00 OPNsense.dom1.dom0 unbound 66077 - [meta sequenceId="67"] [66077:0] info: server stats for thread 3: requestlist max 140 avg 0.848675 exceeded 0 jostled 0

Everything was fine until it wasn't..

6

23.7 Production Series / dhcp relay - opnsense to receive; possible?

« on: September 18, 2023, 11:14:37 pm »

is this possible?

Can provide more details if anyone is interested.. but hopefully the question is clear enough.

I have core router with 15 networks that I would like to relay the needed dhcp requests to opnense as it seems there's a working dhcp/dns registration..

I was going to relay to an openwrt edgerouter 6 b/c it was running dnsmasq.. but that is it's own problems..

Thanks in advance.

7

23.1 Legacy Series / Re: NTP not able to use ipv6 peer

« on: September 18, 2023, 11:04:35 pm »

Just wanted to add myself onto this..

using time.aws.com (opnsense is a bare metal protectli.. if it matters)

Using local unbound..

This happens and then I have to restart ntpd.. will probably switch to chrony but that brings other issues..

System / Settings / General / Prefer to use IPv4 even if IPv6 is available is checked as well

8

23.7 Production Series / Re: Enable registration of DHCP client names in DNS

« on: September 18, 2023, 10:57:01 pm »

I have to apologize.. I never thought about using unbound..

Thank you..

9

23.7 Production Series / Enable registration of DHCP client names in DNS

« on: September 18, 2023, 04:18:57 pm »

Is there a part of the docs that cover this?

I know it needs a BIND9 server..

I've been trying to get it working and unsuccessful so far..

Thanks in advance

I know within dnsmasq this is a trivial feature..

But I also think there is no way to swap out isc-dhcpd for dnsmasq..

Or is there?

10

23.7 Production Series / three out of nine sites.. just had an unbound problem..

« on: August 29, 2023, 07:12:06 pm »

All forwarding to NextDNS.. serving people via squid.. three sites all went down at the same time..

Unbound still running, but not resolving..

Restarted unbound brought dns back to the network..

Will check on other sites.. but was same problem - no idea why..

OPNsense 23.7.2-amd64

11

Web Proxy Filtering and Caching / squid graphs?

« on: August 21, 2023, 04:55:15 pm »

I came here looking for squid information.. but I think haproxy in front of squid might also be an answer..

But is there a squid gui section that gives access to the proxy protocol?

And is there a suggestion for squid logs digestion?

Can I syslog them somewhere else and then generate graphs?

Is that the better suggestion?

After mulling it over.. haproxy might not be a solution.. might just add more complexity..

Suggestions?

12

General Discussion / Re: Can we install Speedtest CLI on OPNsense ?

« on: August 16, 2023, 06:46:52 pm »

Sorry to duplicate.. but is this the error message?

Code: [Select]

***GOT REQUEST TO INSTALL***
Currently running OPNsense 23.7.1_3 at Wed Aug 16 12:44:43 EDT 2023
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating mimugmail repository catalogue...
mimugmail repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
os-speedtest-community: 0.9_3 [mimugmail]

Number of packages to be installed: 1

8 KiB to be downloaded.
[1/1] Fetching os-speedtest-community-0.9_3.pkg: .. done
Checking integrity... done (0 conflicting)
[1/1] Installing os-speedtest-community-0.9_3...
[1/1] Extracting os-speedtest-community-0.9_3: .......... done
Stopping configd...done
Starting configd.
Reloading plugin configuration
Configuring system logging...Error opening plugin module; module='examples', error='/usr/local/lib/syslog-ng/libexamples.so: Undefined symbol "random_choice_generator_parser"'
done.
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***

13

23.7 Production Series / BUG? Clone nat rule does not make new filter rule..

« on: August 03, 2023, 11:19:44 pm »

hey all..

Setting up a bunch of new opnsense installs here..

setting up the hijacking dns/ntp rules..

(https://forum.opnsense.org/index.php?topic=9245.0)

Cloning the nat > port forward rules did not give me new rules > interface rules.. it just over wrote the original rule.

ie. they all shared the same 'filter rule association' and the last one won..

Can provide more information if this is not clear.

( I didn't understand why the rules weren't working - they always have.. then upon inspection.. figured out what was going on )

I have multiple virtual IPs and was cloning the rule for each virtual address.. (just what's left of a /29)

Thanks in advance.

https://imgur.com/a/Yjp9kHZ

14

23.1 Legacy Series / telegram api or otherwise.. smtp2telegram

« on: April 23, 2023, 07:29:43 pm »

Searching brings up old posts regarding this..

Is there a way that I could get notifications about my system status? reboots, update results, etc.?

Reporting section of the manual seems to be about system services.. but I would like the system to reach out and let me know an event happened..

Is there a plugin that possibly I missed that already does this?

Or is the suggestion to setup postfix and relay to my smtp2telegram instance?

Thanks in advance

15

23.1 Legacy Series / Netgate 6100 w/ OpnSense ix[0-1] no go?

« on: April 13, 2023, 10:14:59 pm »

I was able to get a 6100 and put OpnSense on it..

By default the installer takes the ig[0-3] lan ports and makes ig0 LAN and ig1 WAN

ix0 and ix1 are combo ports, but plugging copper into the ix0 does get link light but does not register link. Status stays as 'no carrier'.

Is there an ethtool equivalent.. or some way to enable/force the copper portion?

Code: [Select]

dmesg | grep ix0
ix0: <Intel(R) X553 N (SFP+)> mem 0x80400000-0x805fffff,0x80604000-0x80607fff at device 0.0 on pci9
ix0: Using 2048 TX descriptors and 2048 RX descriptors
ix0: Using 4 RX queues 4 TX queues
ix0: Using MSI-X interrupts with 5 vectors
ix0: allocated for 4 queues
ix0: allocated for 4 rx queues
ix0: Ethernet address: 90:ec:77:29:03:26
ix0: eTrack 0x8000084b PHY FW V65535
ix0: netmap queues/slots: TX 4/2048, RX 4/2048

uname -a
FreeBSD OPNsense.localdomain 13.1-RELEASE-p7 FreeBSD 13.1-RELEASE-p7 stable/23.1-n250411-85724e9ce22 SMP amd64
I found this from 2020.. but this does not seem to be related..

https://forums.freebsd.org/threads/intel-x553-driver-support-for-freebsd-12-1.75588/

Code: [Select]

root@OPNsense:~ # sysctl dev.ix.0 | grep driver
dev.ix.0.iflib.driver_version: 4.0.1-k
dev.ix.0.%driver: ix

Any suggestions?

Thanks in advance.