Topics

1

24.1 Legacy Series / Gateways offline after reboot (re-apply setting brings them back)

« on: June 16, 2024, 05:55:18 pm »

Hi all,

I face a strange issue since a couple of month.
Now I did a clean installl on new hardware (import of config) but the issue still exists.

After every reboot (and sometimes after a couple of weeks) the gateway goes offline and therefore internet connectivity is lost. All local systems etc. are running without any issue when this issue happens.

Gateway (System: Gateways: Single) is up and running and also within System: Routes: Status the default route is listed.

What I do to solve the issue until the next reboot (or when the issue occurs) is to hit the "Save" (may than the config is re-applied) button within the settings of the gateway (System: Gateways: Single).
Seconds after that internet connectivity is back.

Any idea how to solve or analyze the issue, I found some similar posts from the past but no solution.
Beside that everything works fine.

br

2

23.7 Legacy Series / No route to host after reboot, need to re-apply (not change) gateway settings

« on: January 07, 2024, 11:24:51 am »

Dear all,

may some of you are facing the same or an similar issue.

After every reboot (and sometimes after a couple of weeks) it seems the route for default gateway is lost and therefore internet connectivity is lost. All local systems etc. are running without any issue when this problem happens.

OPNsense 23.7.11-amd64 (issue occurs since ~23.7.9 )
FreeBSD 13.2-RELEASE-p7
OpenSSL 1.1.1w

Gateway (System: Gateways: Single) is up and running and also within System: Routes: Status the default route is listed.

What I do to solve the issue until the next reboot (or when the issue occurs) is to push the "Save" (may than the config is re-applied) button within the settings of the gateway (System: Gateways: Single).

Any idea how to solve or analyse the issue, beside that everything works fine.

br

3

22.7 Legacy Series / Unbound Issues: Timeout for Host override DNS lookups & Timeout for log

« on: November 11, 2022, 09:15:49 pm »

Dear all,

may you can help me, I've two issues with unbound.

1. Unbound stops responding to DNS queries to entries from Host Overrides
Unbound stops responding to queries from clients for Host Override entries after a couple of days. Lookups from Interfaces: Diagnostics: DNS Lookup are working.
DNS queries for external resources are working. Also requests for PTR records for Host overrides are working. A reboot is necessary.


2. Unbound logs are running in a timeout
Unbound DNS: Log File just displays "Loading", the following errer is shown in the Backend logs

Code: [Select]

configd.py Timeout (120) executing : system diag log '500' '0' '' 'core' 'resolver' 'Emergency,Alert,Critical,Error,Warning'
Any idea for both cases or how to analyze?

My setup:
OPNsense 22.7.7_1-amd64
unbound    1.17.0

Any help is appreciated, Thanks

Br

4

Zenarmor (Sensei) / No package(s) matching os-sensei-agent

« on: April 25, 2022, 08:53:11 pm »

Dear all,

I'm getting the following error three times a day:

Code: [Select]

Script action stderr returned "b'pkg: No package(s) matching os-sensei-agent'"
I don't need the os-sensei-agent and haven't installed it nonetheless the error is thrown regularly by the configd.py process. Any ideas how to solve this?

Thanks

br

5

General Discussion / Unbound listen on VirtualIP

« on: February 20, 2022, 04:18:42 pm »

Dear all,

is it possible to configure Unbound to list on an Virtual IP? I can't configure this, the VirtualIP is not shown in the list.

br

6

22.1 Legacy Series / [solved] Log Multiselect 100% CPU load

« on: January 30, 2022, 12:44:45 pm »

Dear all,

when I use "Multiselect" (see attachment) on any log page in the GUI I've a huge CPU increase (nearly 100%). Only deselect and reboot solved the issue.

Anybody facing the same issue?

OPNsense 22.1-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1m 14 Dec 2021


br

7

Zenarmor (Sensei) / [solved] Zenarmor always in bypass mode

« on: January 29, 2022, 08:48:16 am »

Dear all,

anybody facing the same issue? Zenarmor is in bypass mode and this can't be deactivated. Upgrade/uninstall/reinstall did not solve the issue.

Any idea?

br

8

21.7 Legacy Series / Open Log Live view 100% CPU

« on: October 08, 2021, 10:46:08 pm »

Dear all,

On the most recent version I can't open the Live view or if it works CPU increase to 100%

Code: [Select]

Script action failed with Command '/usr/local/opnsense/scripts/filter/read_log.py /limit '25' /digest ''' died with <Signals.SIGKILL: 9>. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 478, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.8/subprocess.py", line 364, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/filter/read_log.py /limit '25' /digest ''' died with <Signals.SIGKILL: 9>.
Screenshot from Activity Diagnostic attached.

Any idea?

br

9

21.7 Legacy Series / ZFS snapshots and rollback question

« on: October 04, 2021, 09:53:22 pm »

Dear all,

may you can support, I'm a bit confused.

I've installed the most recent version of opnsense with ZFS. Main reason is the possibility of snapshots.
There is one pool created "zroot", I try to create and rollback a snapshot but without success, may you have some ideas. Here some code (clean install for test purposes)

Code: [Select]

root@OPNsense:/ # zfs list -t all
NAME                 USED  AVAIL  REFER  MOUNTPOINT
zroot                904M  48.5G    88K  /zroot
zroot/ROOT           900M  48.5G    88K  none
zroot/ROOT/default   900M  48.5G   900M  /
zroot/tmp            152K  48.5G   152K  /tmp
zroot/usr            352K  48.5G    88K  /usr
zroot/usr/home        88K  48.5G    88K  /usr/home
zroot/usr/ports       88K  48.5G    88K  /usr/ports
zroot/usr/src         88K  48.5G    88K  /usr/src
zroot/var           1.36M  48.5G    88K  /var
zroot/var/audit       88K  48.5G    88K  /var/audit
zroot/var/crash       88K  48.5G    88K  /var/crash
zroot/var/log        956K  48.5G   956K  /var/log
zroot/var/mail        88K  48.5G    88K  /var/mail
zroot/var/tmp         88K  48.5G    88K  /var/tmp
root@OPNsense:/ # echo "test1" > test.txt
root@OPNsense:/ # cat test.txt
test1
root@OPNsense:/ # zfs snap -r zroot@snap1
root@OPNsense:/ # echo "test2" > test.txt
root@OPNsense:/ # cat test.txt
test2
root@OPNsense:/ # zfs list -t all
NAME                       USED  AVAIL  REFER  MOUNTPOINT
zroot                      904M  48.5G    88K  /zroot
zroot@snap1                   0      -    88K  -
zroot/ROOT                 900M  48.5G    88K  none
zroot/ROOT@snap1              0      -    88K  -
zroot/ROOT/default         900M  48.5G   900M  /
zroot/ROOT/default@snap1    56K      -   900M  -
zroot/tmp                  152K  48.5G   152K  /tmp
zroot/tmp@snap1               0      -   152K  -
zroot/usr                  352K  48.5G    88K  /usr
zroot/usr@snap1               0      -    88K  -
zroot/usr/home              88K  48.5G    88K  /usr/home
zroot/usr/home@snap1          0      -    88K  -
zroot/usr/ports             88K  48.5G    88K  /usr/ports
zroot/usr/ports@snap1         0      -    88K  -
zroot/usr/src               88K  48.5G    88K  /usr/src
zroot/usr/src@snap1           0      -    88K  -
zroot/var                 1.43M  48.5G    88K  /var
zroot/var@snap1               0      -    88K  -
zroot/var/audit             88K  48.5G    88K  /var/audit
zroot/var/audit@snap1         0      -    88K  -
zroot/var/crash             88K  48.5G    88K  /var/crash
zroot/var/crash@snap1         0      -    88K  -
zroot/var/log             1.00M  48.5G   956K  /var/log
zroot/var/log@snap1         72K      -   956K  -
zroot/var/mail              88K  48.5G    88K  /var/mail
zroot/var/mail@snap1          0      -    88K  -
zroot/var/tmp               88K  48.5G    88K  /var/tmp
zroot/var/tmp@snap1           0      -    88K  -
root@OPNsense:/ # zfs rollback -r zroot@snap1
root@OPNsense:/ # cat test.txt
test2

After the rollback my assumption was that "test1" is the output?
My goal is to create before any update an snapshot to be able to rollback to the previous state if anything unexpected happens.

br

10

Web Proxy Filtering and Caching / [NGINX] One URL multiple applications base on path

« on: April 22, 2021, 08:47:26 pm »

Dear all,

may you can give me some hints, I already searched some time but did not find a solution.

Basic Setup:
2 web applications on different server
app1 on 192.168.1.1:8080
app2 on 192.168.1.2:80

My goal is to have one url and access both applications on different path, e.g

www.mywebapps.com/app1 --> 192.168.1.1:8080
www.mywebapps.com/app2 --> 192.168.1.2:80


I have already configured:
-Two upstream server (app1,app2)
-Two upstreams

Location:
LocationApp1-->URL Pattern: /app1/ --> Upstream Server App1
LocationApp2-->URL Pattern: /app2/ --> Upstream Server App2

HTTP Server
HTTP Server with both locations

I'm just able to access the homepage but no further sites but cannot follow links, login etc., what do I miss, may some URL Rewriting rules?

Thanks

br

11

Zenarmor (Sensei) / [solved] Packet engine not starting

« on: February 23, 2021, 06:40:20 am »

Hi all,

I've already filed a bug.

Anybody out there who face the same issue. The packet engine doesn't start at boot and can't be started via the GUI?

Sense as well as Sensei are on the latest stable version.

br

12

Zenarmor (Sensei) / Sensei Internet traffic only?

« on: January 11, 2021, 03:03:56 pm »

Dear all.

Is it possible to control only Internet based traffic (from/to)?

I want to follow a strict whitelist approach regarding Sensei but only for Internet (NON-RFC1918) related traffic.
Internal local traffic should not be affected.

I tried the Whitelist but this does not really cover everything local or needs a lot of maintanence.

br

13

Zenarmor (Sensei) / Whitelist only

« on: January 03, 2021, 09:48:20 pm »

Hi, is it possible to configure a policy based on a strict whitelist approach, meaning everything is blocked except what is defined within the whitelist?

br

14

20.7 Legacy Series / Monit General settings: Username (numbers only) not accepted

« on: August 29, 2020, 03:20:19 pm »

Hi,

I discovered a possible bug in Monit.
The username within settings must consist of at least some characters, a username consisting only of numbers is not accepted (Syntax error within log).

br

15

20.1 Legacy Series / (SOLVED) No VLAN Network connectivity 1min after reboot - how to revert?

« on: April 30, 2020, 10:50:31 pm »

Hi.

I loose after 1-2 minutes after reboot the network connectivity on my VLANs with the 20.1.6.

Serious issue, how can I revert to 20.1.5?

br