"
Seems like there's a lot of tracking/ads etc needs be inblocked for this to work.
Can Zenarmor whitelist Pandora login please.
Can Zenarmor whitelist Pandora login please.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
24.1, 24.4 Legacy Series / PF blocking local LAN
February 24, 2024, 07:04:06 PM
I am unable to connect to pihole on a local network but I am able to from another LAN.
local machine's IP: 10.10.10.234
pihole IP: 10.10.10.10
I am able to connect to the pihole from IP: 10.13.10.119
when troubleshooting and looking at live logs I see:
When I click on the rid to show me the rule, it just pops up and vanishes.
local machine's IP: 10.10.10.234
pihole IP: 10.10.10.10
I am able to connect to the pihole from IP: 10.13.10.119
when troubleshooting and looking at live logs I see:
Code Select
__timestamp__ 2024-02-24T12:50:44-05:00
ack 3692531448
action [block]
anchorname
datalen 0
dir [in]
dst 10.10.10.234
dstport 60517
ecn
id 0
interface vlan03
interface_name INTLOCAL
ipflags DF
ipversion 4
label Default deny / state violation rule
length 60
offset 0
protoname tcp
protonum 6
reason match
rid 02f4bab031b57d1e30553ce08e0ec131
rulenr 21
seq 87346160
src 10.10.10.10
srcport 80
subrulenr
tcpflags SA
tcpopts
tos 0x0
ttl 64
urp 65160
When I click on the rid to show me the rule, it just pops up and vanishes.
#3
24.1, 24.4 Legacy Series / ISC DHCP to KEA migration plan
February 12, 2024, 08:00:43 PM
Is there a procedure to convert the ISC DHCP to KEA for the OPNsense in the GUI?
There's a link provided to convert the conf to json, ut I believe it's not sufficient.
https://dhcp.isc.org/
There's a link provided to convert the conf to json, ut I believe it's not sufficient.
https://dhcp.isc.org/
#4
24.1, 24.4 Legacy Series / DHCPv6 on WAN issue
February 10, 2024, 06:10:56 PM
I lose my DHCPv6 on the WAN interface. when I run:
#dhclient igb1
DHCPREQUEST on igb1 to 255.255.255.255 port 67
DHCPACK from x.x.x.1
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=61
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=62
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd: sync rebuild failed
arprequest_internal: cannot find matching address
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=63
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=64
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=65
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=66
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd: sync rebuild failed
bound to x.x.x.y -- renewal in 3600 seconds.
anyone know why this is?
#dhclient igb1
DHCPREQUEST on igb1 to 255.255.255.255 port 67
DHCPACK from x.x.x.1
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=61
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=62
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd: sync rebuild failed
arprequest_internal: cannot find matching address
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=63
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=64
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=65
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=66
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd: sync rebuild failed
bound to x.x.x.y -- renewal in 3600 seconds.
anyone know why this is?
#5
Intrusion Detection and Prevention / Suricata will break the WAN
October 13, 2023, 05:28:08 PM
Ok. Finally After the latest update all things work with the exception of Suricata.
If I enable suricata I still get errors and the WAN interface loses IP and the connections.
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
I hvae IPS mode enabled and on Hypersscan.
If I enable suricata I still get errors and the WAN interface loses IP and the connections.
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
I hvae IPS mode enabled and on Hypersscan.
#6
23.7 Legacy Series / [fib_algo] and (radix4_lockless)
August 13, 2023, 07:21:54 PM
It looks like that if you have multiple VLAN's set up to an interface you'd get:
[fib_algo] inet.0 (bsearch4#66) rebuild_fd_flm: switching algo to radix4_lockless
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=1
and if you have IPv6 with DHCPv6/RADVD then most of the issues are occurring.
This is tested on the 23.7 not the upgraded .1_3.
Allow manual adjustment of DHCPv6 and Router Advertisements
was enabled with the current problem. I disabled this as well on all the vlans, looks like it's VLAN related.
VLAN's are pointing to a physical ax0 interface.
[fib_algo] inet.0 (bsearch4#66) rebuild_fd_flm: switching algo to radix4_lockless
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=1
and if you have IPv6 with DHCPv6/RADVD then most of the issues are occurring.
This is tested on the 23.7 not the upgraded .1_3.
Allow manual adjustment of DHCPv6 and Router Advertisements
was enabled with the current problem. I disabled this as well on all the vlans, looks like it's VLAN related.
VLAN's are pointing to a physical ax0 interface.
#7
Zenarmor (Sensei) / checksum mismatch
August 12, 2023, 03:02:34 PM
I just ran an audit and get:
os-sensei-1.14.2: checksum mismatch for /usr/local/opnsense/mvc/app/library/OPNsense/Zenarmor/StaticConfig.php
os-sensei-1.14.2: checksum mismatch for /usr/local/opnsense/mvc/app/models/OPNsense/Zenarmor/Menu/Menu.xml
os-sensei-1.14.2: missing file /usr/local/zenarmor/output/active/temp/.placeholder
Checking all packages........ done
How should I correct this.
os-sensei-1.14.2: checksum mismatch for /usr/local/opnsense/mvc/app/library/OPNsense/Zenarmor/StaticConfig.php
os-sensei-1.14.2: checksum mismatch for /usr/local/opnsense/mvc/app/models/OPNsense/Zenarmor/Menu/Menu.xml
os-sensei-1.14.2: missing file /usr/local/zenarmor/output/active/temp/.placeholder
Checking all packages........ done
How should I correct this.
#8
23.7 Legacy Series / RADVD issues
August 12, 2023, 01:41:45 PM
I noticed after the upgrade that my issue may be related to RADVD service
Code Select
2023-08-11T04:35:23-04:00 Warning radvd sendmsg: Permission denied
2023-08-11T04:35:19-04:00 Warning radvd sendmsg: Network is down
2023-08-11T04:35:19-04:00 Informational radvd version 2.19 started
2023-08-11T04:35:19-04:00 Informational radvd returning from radvd main
2023-08-11T04:35:19-04:00 Informational radvd removing /var/run/radvd.pid
2023-08-11T04:35:19-04:00 Warning radvd sendmsg: Network is down
2023-08-11T04:35:19-04:00 Informational radvd sending stop adverts
2023-08-11T04:35:19-04:00 Warning radvd exiting, 1 sigterm(s) received
2023-08-11T04:35:13-04:00 Informational radvd version 2.19 started
2023-08-11T03:38:32-04:00 Error radvd unable to lock pid file, /var/run/radvd.pid: Resource temporarily unavailable
#9
23.7 Legacy Series / enabling suricata on WAN interface loses the WAN link
August 09, 2023, 08:27:50 AM
Even after the upgrade to 23.7.1 when enabling Suricata I get the message below from the console immediately and lose the WAN.
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
I have also been seeing messages below as well.
fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=3
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=4
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=5
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=6
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd: sync rebuild failed
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
I have also been seeing messages below as well.
fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=3
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=4
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=5
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=6
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd: sync rebuild failed
#10
Intrusion Detection and Prevention / Suricata reset.
December 17, 2022, 02:50:06 PM
Is there a way to reset the suricata or tweak the settings from the shell?
I think that I have selected "all" in one of the views and it brings down the router to its knees. I am attempting to reset that with no success.
I am referring to "Rule Adjustments"...
I think that I have selected "all" in one of the views and it brings down the router to its knees. I am attempting to reset that with no success.
I am referring to "Rule Adjustments"...
#11
Virtual private networks / ZT -- Internet browsing...
September 21, 2022, 03:02:02 PM
What's needed to route the traffic thru the OPNsense WAN for ZT traffic.
#12
22.7 Legacy Series / Page load is super slow...
August 06, 2022, 02:03:27 AM
the last couple of upgrades have drastically reduced the admin web page loads. As an example, the services, dnsmasq, settings that I am not using takes 2 min to load. CPU is @ 1%.
#13
22.1 Legacy Series / Odd behavior
July 25, 2022, 02:40:19 AM
Running opnsense for a while without an issue. Today, I just bounce the webgui and now nothing can browse the internet. I can ping everything and everywhere. I power down and power back on with no luck.
#14
22.1 Legacy Series / [FEATURE REQUEST] Pane expansion
June 19, 2022, 05:33:48 PM
May I request a dynamic pane expansion?
When you visit sections such as Suricata download section, the view section is very small when you have a large monitor. I believe this section can be based on the browser size so that one can view many lines one a single screen.
This is not only related to the IPS but many others as well...
TIA.
When you visit sections such as Suricata download section, the view section is very small when you have a large monitor. I believe this section can be based on the browser size so that one can view many lines one a single screen.
This is not only related to the IPS but many others as well...
TIA.
#15
22.1 Legacy Series / Track IPv6 on VLAN Interface
May 27, 2022, 08:59:14 PM
NM.. Reboot needed ... LOL
#16
22.1 Legacy Series / Ripe ATLAS Probe
May 20, 2022, 01:54:37 AM
Is there a way to make a package for OPENSense to also act as a probe?
#17
22.1 Legacy Series / Plugins issues.
March 29, 2022, 02:52:02 PM
brand new install.
I have attempted to install Zenarmor by selecting os-sunnyvalley. it installs ok, but after multiple reboots, zenarmor does not show up in the services tab. others such as ntopng and others are the same as they do not show up under services...
I have attempted to install Zenarmor by selecting os-sunnyvalley. it installs ok, but after multiple reboots, zenarmor does not show up in the services tab. others such as ntopng and others are the same as they do not show up under services...
#18
22.1 Legacy Series / Creating VLAN
March 28, 2022, 08:47:21 PM
In the new 22.1, when creating a VLAN, it's not allowed to correctly assign deviceid?
so as an example when one attempts to create VLAN3, deviceId is automatically selected for you as VLAN01 if there are no other VLANs.
One ought to be able to correctly align the two information together.
so as an example when one attempts to create VLAN3, deviceId is automatically selected for you as VLAN01 if there are no other VLANs.
One ought to be able to correctly align the two information together.
#19
General Discussion / Zenarmor(Sensei) VS. SURICATA VS. Crowdsec
March 09, 2022, 04:49:20 PM
As title states, now that we have another IDP/IPS, can someone provide when one should use one vs another?
#20
22.1 Legacy Series / EPYC 3201 Hardware acceleration
March 03, 2022, 07:18:57 PM
Is there a setting to activate AESNI or ability to tune this in OPNsense?
