Messages

1

19.7 Production Series / Re: After Update to 19.7.2 Service "flowd_aggregate Insight Aggregator" is stopped

« on: August 22, 2019, 05:26:41 pm »

@unipacket : the simplest thing is to keep it running in a console until it crashes and dump the traceback here, usually the log would also contain some info, but a full trace is easier to debug.

2

19.7 Production Series / Re: After Update to 19.7.2 Service "flowd_aggregate Insight Aggregator" is stopped

« on: August 17, 2019, 07:17:38 pm »

ok, that doesn't look good. maybe the flowd.log file is corrupted and not handled properly on our end.

can you try https://github.com/opnsense/core/commit/d8ef93932b1696edd795ec38be57a2ec3e0187ea?

Code: [Select]

opnsense-patch d8ef9393


3

19.7 Production Series / Re: After Update to 19.7.2 Service "flowd_aggregate Insight Aggregator" is stopped

« on: August 15, 2019, 09:17:19 am »

Can you execute the following on a console?

Code: [Select]

/usr/local/opnsense/scripts/netflow/flowd_aggregate.py --console

If it fails with something like:

Code: [Select]


Traceback (most recent call last):
  File "/usr/local/opnsense/site-python/sqlite3_helper.py", line 60, in check_and_repair
    cur.execute('analyze')
sqlite3.DatabaseError: database disk image is malformed

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/opnsense/scripts/netflow/flowd_aggregate.py", line 224, in <module>
    Main()
  File "/usr/local/opnsense/scripts/netflow/flowd_aggregate.py", line 136, in __init__
    self.run()
  File "/usr/local/opnsense/scripts/netflow/flowd_aggregate.py", line 144, in run
    check_and_repair('%s/*.sqlite' % self.config.database_dir)
  File "/usr/local/opnsense/site-python/sqlite3_helper.py", line 62, in check_and_repair
    if e.find('malformed') > -1 or force_repair:
AttributeError: 'DatabaseError' object has no attribute 'find'

It's a corrupted database combined with a bug trying to repair it.

Should be fixed with (on OPNsense 19.7.2):

Code: [Select]

opnsense-patch e5574648
service flowd_aggregate restart

Best regards,

Ad

4

19.7 Production Series / Re: Incoming traffic blocked after upgrade from 17.7.12_1 to 18.1 and then to 19.7.2

« on: August 15, 2019, 09:07:48 am »

The rules where there before, but not visible for the end-user.
You can also use the inspect button (top right corner) now to see which rules actually are triggered.

Is this a multiwan setup by the way? and when did the issue start (which version)? 

5

19.7 Production Series / Re: Gateway monitor missing after update

« on: August 07, 2019, 11:27:48 am »

Hi Dominik,

When Franco is back, I'll ask him to point the upgrade path to 19.7.2, which smoothens the ride.
In 99% of the cases you can easily work around these kind of issues depending on setup type by the way.

Best regards,

Ad

6

19.7 Production Series / Re: Gateway monitor missing after update

« on: August 07, 2019, 10:08:29 am »

We've added documentation about the subject recently https://docs.opnsense.org/manual/gateways.html. About the upgrade path from 19.1.x to 19.7.x, we might point it to 19.7.2 after some time.

There are some ipv6 setups, which don't seem to receive a gateway in the normal way and since we rewrote the complete gateway handling, some of the unexpected / unpredictable defaults might be different now.

The new priorities option helps to change decisions, which is explained in the docs now as well.

Best regards,

Ad

7

19.7 Production Series / Re: Gateway monitor missing after update

« on: August 06, 2019, 09:07:03 pm »

should be fixed in a future release, https://github.com/opnsense/core/issues/3625 contains the steps to test earlier (on 19.7.2).

8

19.7 Production Series / Re: 19.7 development milestones

« on: August 06, 2019, 09:02:59 pm »

@lmatturi would you be so kind to not spam our forum with the same question in different topics?

It's highly unlikely that a change from 19.7.1 to 19.7.2 resulted in different behaviour for captive portal, since this is the only change in that area:

https://github.com/opnsense/core/commit/7a7da93672a49fc116a96491b553d33304573fc2

Thanks in advance!

Best regards,

Ad

9

General Discussion / Re: Switching from KPN PPPoE to IPoE

« on: July 22, 2019, 06:15:30 pm »

Hi Julian ,

Although I don't have a similar setup, I expect that their intend is just to offer the 31.149.115.137/29 to a separate network, so the customer can install his/her own firewall behind the Cisco they usually deliver.

If you would like to configure a dmz and offer the remaining 31.149.115.137/29 addresses to machines behind your router/firewall, you could probably just configure the block on a separate interface, using an alias on wan shouldn't be an issue as well if you just want to port forward addresses within the network range.

The Cisco config they send you only configures a static address on wan, with a default gateway to 145.54.111.61, then they add the network you can use on another interface (which they call LAN).

As far as I know, IPoE is just a marketing term for standard IP over Ethernet, which sometimes seems to come with specific dhcp options (like SkyUK for example https://wiki.opnsense.org/manual/how-tos/SkyUK.html)


Best regards,

Ad

10

19.7 Production Series / Re: Backend logs - Full of .py

« on: July 22, 2019, 02:07:44 pm »

can you try https://github.com/opnsense/core/commit/f56cc1b92ff899ef05a11a81b01595dcab0eb163?

Code: [Select]

opnsense-patch f56cc1b


11

19.7 Production Series / Re: Backend logs - Full of .py

« on: July 22, 2019, 12:11:07 pm »

I'm not sure, it could also be a corrupted filter log, can you head and tail the log file?

Code: [Select]

clog /var/log/filter.log | tail
clog /var/log/filter.log | head


12

19.7 Production Series / Re: Backend logs - Full of .py

« on: July 22, 2019, 10:53:46 am »

Hi chemlud,

Can you post the output of:

Code: [Select]

/usr/local/opnsense/scripts/filter/read_log.py /limit '100' /digest ''

It looks like a bug, maybe related to the python3 conversion.

Best regards,

Ad

13

Hardware and Performance / Re: LCDproc on Watchguard XTM 5 series

« on: July 22, 2019, 08:42:38 am »

1) https://help.github.com/en/articles/creating-a-pull-request
2) https://docs.opnsense.org/develop.html
3) we use the standard port package, all supported drivers are mentioned in the Makefile https://github.com/opnsense/ports/blob/fbff6adf9605f148218b8fba753359650d6ef13b/sysutils/lcdproc/Makefile
4) no, sdeclcd is the name of the driver. please name your plugin similar if you want to clone this one (lcdproc-mydriver)

14

General Discussion / Re: Default / Hidden rules

« on: July 19, 2019, 08:33:53 am »

Just install 19.7  'Jazzy Jaguar'

From the road-map (https://opnsense.org/about/road-map/):

Firewall insights in generated rules

Best regards,

Ad

15

19.7 Production Series / Re: upgraded from 19.1.10 to 19.7r1, NetFlow data is not working

« on: July 12, 2019, 08:45:30 am »

Ok, eventually I could reproduce it, https://github.com/opnsense/core/commit/24dc2a82b5c82651c5c5925669c35ef4e5ceadf4 should fix the issue.

To test, run:

Code: [Select]

opnsense-patch 24dc2a82b

and reset netflow data again.