Topics

1

Zenarmor (Sensei) / pandora.com login does not work

« on: November 01, 2024, 04:51:49 pm »

Seems like there's a lot of tracking/ads etc needs be inblocked for this to work.

Can Zenarmor whitelist  Pandora login please.

2

24.1 Legacy Series / PF blocking local LAN

« on: February 24, 2024, 07:04:06 pm »

I am unable to connect to pihole on a local network but I am able to from another LAN.

local machine's IP:  10.10.10.234
pihole IP: 10.10.10.10

I am able to connect to the pihole from IP: 10.13.10.119

when troubleshooting and looking at live logs I see:

Code: [Select]

__timestamp__ 2024-02-24T12:50:44-05:00
ack 3692531448
action [block]
anchorname
datalen 0
dir [in]
dst 10.10.10.234
dstport 60517
ecn
id 0
interface vlan03
interface_name INTLOCAL
ipflags DF
ipversion 4
label Default deny / state violation rule
length 60
offset 0
protoname tcp
protonum 6
reason match
rid 02f4bab031b57d1e30553ce08e0ec131
rulenr 21
seq 87346160
src 10.10.10.10
srcport 80
subrulenr
tcpflags SA
tcpopts
tos 0x0
ttl 64
urp 65160

When I click on the rid to show me the rule, it just pops up and vanishes.

3

24.1 Legacy Series / ISC DHCP to KEA migration plan

« on: February 12, 2024, 08:00:43 pm »

  Is there a procedure to convert the ISC DHCP to KEA for the OPNsense in the GUI?

There's a link provided to convert the conf to json, ut I believe it's not sufficient.

https://dhcp.isc.org/

4

24.1 Legacy Series / DHCPv6 on WAN issue

« on: February 10, 2024, 06:10:56 pm »

I lose my DHCPv6 on the WAN interface. when I run:
#dhclient igb1
DHCPREQUEST on igb1 to 255.255.255.255 port 67
DHCPACK from x.x.x.1
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=61
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=62
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd: sync rebuild failed
arprequest_internal: cannot find matching address
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=63
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=64
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=65
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=66
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#56) rebuild_fd: sync rebuild failed
bound to x.x.x.y -- renewal in 3600 seconds.


anyone know why this is?

5

Intrusion Detection and Prevention / Suricata will break the WAN

« on: October 13, 2023, 05:28:08 pm »

Ok. Finally After the latest update all things work with the exception of Suricata.

If I enable suricata I still get errors and the WAN interface loses IP and the connections.


arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address

I hvae IPS mode enabled and on Hypersscan.

6

23.7 Legacy Series / [fib_algo] and (radix4_lockless)

« on: August 13, 2023, 07:21:54 pm »

It looks like that if you have multiple VLAN's set up to an interface you'd get:

[fib_algo] inet.0 (bsearch4#66) rebuild_fd_flm: switching algo to radix4_lockless
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=1

and if you have IPv6 with DHCPv6/RADVD then most of the issues are occurring.

This is tested on the 23.7 not the upgraded .1_3.

 Allow manual adjustment of DHCPv6 and Router Advertisements
was enabled with the current problem. I disabled this as well on all the vlans, looks like it's VLAN related.

VLAN's are pointing to a physical ax0 interface.

7

Zenarmor (Sensei) / checksum mismatch

« on: August 12, 2023, 03:02:34 pm »

I just ran an audit and get:

os-sensei-1.14.2: checksum mismatch for /usr/local/opnsense/mvc/app/library/OPNsense/Zenarmor/StaticConfig.php
os-sensei-1.14.2: checksum mismatch for /usr/local/opnsense/mvc/app/models/OPNsense/Zenarmor/Menu/Menu.xml
os-sensei-1.14.2: missing file /usr/local/zenarmor/output/active/temp/.placeholder
Checking all packages........ done

How should I correct this.

8

23.7 Legacy Series / RADVD issues

« on: August 12, 2023, 01:41:45 pm »

I noticed after the upgrade that my issue may be related to RADVD service

Code: [Select]

2023-08-11T04:35:23-04:00 Warning radvd sendmsg: Permission denied
2023-08-11T04:35:19-04:00 Warning radvd sendmsg: Network is down
2023-08-11T04:35:19-04:00 Informational radvd version 2.19 started
2023-08-11T04:35:19-04:00 Informational radvd returning from radvd main
2023-08-11T04:35:19-04:00 Informational radvd removing /var/run/radvd.pid
2023-08-11T04:35:19-04:00 Warning radvd sendmsg: Network is down
2023-08-11T04:35:19-04:00 Informational radvd sending stop adverts
2023-08-11T04:35:19-04:00 Warning radvd exiting, 1 sigterm(s) received
2023-08-11T04:35:13-04:00 Informational radvd version 2.19 started
2023-08-11T03:38:32-04:00 Error radvd unable to lock pid file, /var/run/radvd.pid: Resource temporarily unavailable



9

23.7 Legacy Series / enabling suricata on WAN interface loses the WAN link

« on: August 09, 2023, 08:27:50 am »

Even after the upgrade to 23.7.1 when enabling Suricata I get the message below from the console immediately and lose the WAN.


arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address
arprequest_internal: cannot find matching address


I have also been seeing messages below as well.


fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=3
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=4
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=5
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd: sync rebuild failed
[fib_algo] inet.0 setup_fd_instance: radix4_lockless algo instance setup failed, failures=6
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd_flm: table rebuild failed
[fib_algo] inet.0 (radix4_lockless#57) rebuild_fd: sync rebuild failed

10

Intrusion Detection and Prevention / Suricata reset.

« on: December 17, 2022, 02:50:06 pm »

Is there a way to reset the suricata or tweak the settings from the shell?

I think that I have selected "all" in one of the views and it brings down the router to its knees. I am attempting to reset that with no success.

I am referring to "Rule Adjustments"...

11

Virtual private networks / ZT -- Internet browsing...

« on: September 21, 2022, 03:02:02 pm »

What's needed to route the traffic thru the OPNsense WAN for ZT traffic.

12

22.7 Legacy Series / Page load is super slow...

« on: August 06, 2022, 02:03:27 am »

the last couple of upgrades have drastically reduced the admin web page loads. As an example, the services, dnsmasq, settings that I am not using takes 2 min to load. CPU is @ 1%.

13

22.1 Legacy Series / Odd behavior

« on: July 25, 2022, 02:40:19 am »

Running opnsense for a while without an issue. Today, I just bounce the webgui and now nothing can browse the internet. I can ping everything and everywhere. I power down and power back on with no luck.

14

22.1 Legacy Series / [FEATURE REQUEST] Pane expansion

« on: June 19, 2022, 05:33:48 pm »

May I request a dynamic pane expansion?

When you visit sections such as Suricata download section, the view section is very small when you have a large monitor. I believe this section can be based on the browser size so that one can view many lines one a single screen.

This is not only related to the IPS but many others as well...

TIA.

15

22.1 Legacy Series / Track IPv6 on VLAN Interface

« on: May 27, 2022, 08:59:14 pm »

NM.. Reboot needed ... LOL