Topics

1

High availability / XMLRPC Sync Error "parse error. not well formed"

« on: December 21, 2020, 02:48:39 pm »

Recive now a XMLRPC sync error and don't know how to troubleshoot it.

This is my current version:

OPNsense 20.7.7_1-amd64
FreeBSD 12.1-RELEASE-p11-HBSD
OpenSSL 1.1.1i 8 Dec 2020

I have attached the error shown in the gui.

The Output of /usr/local/etc/rc.filter_synchronize:

</params></methodCall>received >>>
<?xml version="1.0"?>
<methodResponse>
  <fault>
    <value>
      <struct>
        <member>
          <name>faultCode</name>
          <value><int>-32700</int></value>
        </member>
        <member>
          <name>faultString</name>
          <value><string>parse error. not well formed</string></value>
        </member>
      </struct>
    </value>
  </fault>
</methodResponse>
error >>>
parse error. not well formed

2

20.7 Legacy Series / XMLRPC Sync must be triggered manually?

« on: August 08, 2020, 03:45:43 pm »

Not sure if it has anything to do with the 2.7 release but I noticed now that configuration changes are not synced automatically anymore. To get the changes replicated to the second firewall I would have to to trigger the sync manually under System: High Availability: Status : Synchronize

Is this really intended behavior? If yes, an indicator for not synced changes to the second firewall would be
very helpful on the dashboard.

Regards, GOCE

3

20.7 Legacy Series / After Update to 2.7 no ntp update sync, also some traffic graphs are broken

« on: August 03, 2020, 11:30:36 pm »

I noticed today that the upgrade from 2.1.9 to 2.7.0 broke somehow my NTP settings.
I am not able to sync the time over NTP anymore.

The second thing that seems to be broken on my HA setup is the Traffic Graph. I don't see the In or Out traffic of the WAN interfaces anymore.

Are there any other reports with similar symptom's?

4

19.1 Legacy Series / Suricata memory leak on OPNsense 19.1.10-amd64?

« on: July 14, 2019, 09:59:37 pm »

Hello,

I have noticed during a huge file transfer over SMB that suricata started to use up to all memory (16 GB RAM) on my 19.1.10-amd64 machine. That can't be normal.

Suricata is on version 4.1.4_2.

Regards,

GOCE

5

19.1 Legacy Series / Traffic Reporting

« on: July 07, 2019, 03:18:38 pm »

Hi,

I'm a bit confused about the traffic reporting graphs and total measurements.

How should the metrics, especially Bandwith In/Out and Total In/Out been interpreted
taking the upper graphs in account? I don't get it what it represents with such low
values.

I have added a screenshot about what I observe under OPNsense 19.1.10.
Would appreciate any clarification, maybe I just read it wrong ;-)

Update:
Checked with https://docs.opnsense.org/manual/reporting_traffic.html?highlight=reporting and also with other interfaces where the indicated traffic seems correct. Now it remains that the traffic on the WAN interface isn't reported correctly.

Regards,
GOCE

6

19.1 Legacy Series / Bytes/KB/MB processed by firewall rule

« on: May 28, 2019, 06:06:27 pm »

Is there a way in OPNsense to see how many bytes where processed by a firewall rule? If not locally, can anybody recommend an open source solution to monitor the traffic by rule?

Regards, GOCE

7

18.1 Legacy Series / kernel: sa6_recoverscope: embedded scope mismatch:

« on: July 18, 2018, 05:13:27 pm »

Hi,

I keep getting a lot of the following entries in the firewall logs:

Jul 18 17:06:51   kernel: sa6_recoverscope: embedded scope mismatch: fe80:5::6231:97ff:fe84:158f%6. sin6_scope_id was overridden
Jul 18 17:06:51   kernel: sa6_recoverscope: embedded scope mismatch: fe80:5::6231:97ff:fe84:158f%6. sin6_scope_id was overridden
Jul 18 17:06:51   kernel: sa6_recoverscope: embedded scope mismatch: fe80:5::6231:97ff:fe84:158f%6. sin6_scope_id was overridden

Has anybody an idea what is going wrong here?

Regards, GOCE

8

18.1 Legacy Series / QoS on LTE (4G)

« on: July 08, 2018, 09:09:42 pm »

Hi,

I have an OPNsense firewall behind a LTE router with no real constant speed. It can be between 20-50 MBit depending on weekday and daytime. I would like to do some traffic shaping on the WAN interface but how should I configure the Pipes if there is no absolute bandwith for uploads and downloads?

Regards, GOCE

9

18.1 Legacy Series / [SOLVED] cannot define table bogonsv6: Cannot allocate memory

« on: April 11, 2018, 05:32:42 pm »

Since updating to 18.1.5 I got a lot of these errors (see attached screenshot).

My only workaround was to disable the "Block bogon networks" checkbox on my WAN interfaces.
The "Block bogon networks" rule was only applied to WAN interfaces.

The firewalls have 16GB RAM with default (10%) setting for "Firewall Maximum States".
Tried it also with 4000000 (25%) for "Firewall Maximum States" without any positive change.

Don"t know what could have caused these errors and would be thankful if anybody could help
me debug the root cause for these errors.

Regards

10

German - Deutsch / TOTP Server

« on: October 21, 2017, 07:15:11 am »

Wie ist eigentlich die Nutzung des TOTP Servers gedacht?

Welche Use-Cases sollen damit abgedeckt werden oder ist es eindach nur eine Spielerei?