Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - G

Pages: [1]

24.7 Production Series / Hang up after "failed to reclaim memory" message

« on: August 12, 2024, 10:41:14 am »

Good morning,
looking for some assistance with this weird issue. My device was working perfectly until a few updates ago (24.1?). Now it has several problems:

web interface doesn't start properly, i need to reload all services on each boot
Unbound stops working and also needs restart
the whole device freezes, not even terminal, last message being <3>pid 274 (python3.11), jid 0, uid 0, was killed: failed to reclaim memory

I have another instance in the same network working ok. I removed zerotier which seem to extend time between failures. Time of failure is very close to IDS rules updates, but it doesn't fail every day. Looking at the monitoring, memory deeps down to nothing from the usual 2gb free from 4gb.
Any ideas?

24.1 Legacy Series / [SOLVED] DuckDB error on Unbound update

« on: February 23, 2024, 10:44:59 am »

Hi guys,
trying to update my system this morning from 23.7.12_5 to the latest. Upgrade process failing on unbound upgrade

Code: [Select]

>>> Invoking upgrade script 'unbound-duckdb.py'
Traceback (most recent call last):
  File "/usr/local/opnsense/site-python/duckdb_helper.py", line 65, in __enter__
    self.connection = duckdb.connect(database=self._path, read_only=self._read_only)
duckdb.IOException: IO Error: Trying to read a database file with version number 39, but we can only read version 51.
The database file was created with DuckDB version v0.6.0 or v0.6.1.

Any workarounds, or do I really need to get a lower version of duckdb?
Thanks for the help as usual.

21.1 Legacy Series / IPv6 ULA ping (SOLVED)

« on: June 22, 2021, 07:26:22 pm »

Hi,
I've come across a situation during my dual stack implementation.
My WAN interface is using DHCPv6 (client). from that interface, I can ping the other side of the link on the local link address but not the LUA.
ping6: sendmsg: Permission denied

Any ideas? I've created rules on the interfaces but with no luck.
Thanks.

-----------------

Editing: an old floating rule screwed me over. Waste of day.

Probably worth to mentioning that a generic ipv6 block rule was not stopping traffic between link local addresses though, but everything else.

21.1 Legacy Series / Default deny rule change

« on: February 09, 2021, 02:40:01 pm »

Hi,
for testing purposes I want to allow all traffic from my LAN interface, while using certain rules to categorize.
Even after configuring an any to any allow rule, I still get packets blocked by the default deny rule. Is there a way to check what's wrong with these packets without having to capture and manually review them?
Quite a few of them are actually Https.
I also had to disable Firewall Rules Optimization as it seem to increase the number.
Thank you.

20.1 Legacy Series / Zerotier plugin cpu issues

« on: May 22, 2020, 12:35:04 pm »

Hi,
wanted to confirm if anyone else has notice this.
When using 2 OPNsense devices connected with a Zerotier tunnel, cpu will randomly spike to 100% during long periods, and start dropping packets.
The process is /usr/local/sbin/zerotier-one /var/db/zerotier-one/{zerotier-one}
It doesn't happen with 1 OPNsense & 1 Openwrt devices connected.

19.7 Legacy Series / Logstash parsing with new logging

« on: August 09, 2019, 05:31:49 pm »

HI,
I'm sharing this here for others to use. It's far from perfect, but a starting point for mainly FW hits.

filter {
if [type] == "opnsense" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{HOSTNAME:fw_name} %{WORD:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
# filterlog #######################################################
if [syslog_program] == "filterlog" {
grok {
match => { "syslog_message" => "(%{WORD:rulenr}),,,(%{WORD:rid}),(%{WORD:interface}),(%{WORD:reason}),(%{WORD:action}),(%{WORD:dir}),(%{WORD:version}),(%{WORD:tos}),,(%{NUMBER:ttl}),(%{NUMBER:id}),(%{NUMBER:offset}),(%{WORD:ipflags}),(%{NUMBER:protonumber}),(%{WORD:protocol}),(%{NUMBER:length}),(%{IP:src_ip}),(%{IP:dst_ip}),(%{NUMBER:src_port}),(%{NUMBER:dst_port}),(%{NUMBER:datalen})" }
add_field => [ "parsed", "filterlog" ]
}
}
# unbound ########################################################
if [syslog_program] == "unbound" {
grok {
match => { "syslog_message" => "%{GREEDYDATA:syslog_message2}"}
add_field => [ "parsed", "unbound" ]
}
}
# devd ###########################################################
if [syslog_program] == "devd" {
grok {
match => { "syslog_message" => "%{GREEDYDATA:syslog_message2}"}
add_field => [ "parsed", "devd" ]
}
}
# openvpn ########################################################
if [syslog_program] == "openvpn" {
grok {
match => { "syslog_message" => "%{GREEDYDATA:syslog_message2}"}
add_field => [ "parsed", "openvpn" ]
}
}

19.1 Legacy Series / Posible bug on Firewall rules setting (edited)

« on: June 25, 2019, 10:28:44 am »

Hi Guys,
I would like to know if someone else has notice this.
Under Firewall, settings, advanced, if you change the firewall rules optimization setting from basic to none, the labels on the firewall logs get messed.
A reboot or delete of temporary tables doesn't solve the issue.
To get it back, you need to reverse the change.
(edited as I was reporting the wrong setting)

18.7 Legacy Series / Wrong username or password after upgrade

« on: August 26, 2018, 09:58:17 am »

Hi,
I've upgraded 2 members of a cluster yesterday.
Backup member upgraded OK, but after upgraded master, I can't login back on ssh or webgui.
Any ideas on how to recover from this?
I've rebooted it several times hoping it will load properly, but I see no error messages.
This is what i get on the syslog:
<11>Aug 26 08:56:50 opnsense: /index.php: Web GUI authentication error for 'USERNAME' from 192.168.1.15

Pages: [1]