Topics

Stood up a system and keep getting these crashes, either the box will freeze up and not load anything while passing internet or it will force reboot.

Fatal trap 9: general protection fault while in kernel mode
cpuid = 7; apic id = 07
instruction pointer   = 0x20:0xffffffff81093ab1
stack pointer           = 0x28:0xfffffe01136c0780
frame pointer           = 0x28:0xfffffe01136c08d0
code segment      = base 0x0, limit 0xfffff, type 0x1b
         = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags   = interrupt enabled, resume, IOPL = 0
current process      = 86082 (python3.11)
rdi: fffffe000ba53a78 rsi: fffffe000ba53a78 rdx: ffbff803d1de3558
rcx: 0000000000000000  r8: fffff803e86e7000  r9: 0000000000000078
rax: 0000000000000000 rbx: fffffe0000000000 rbp: fffffe01136c08d0
r10: fffff8000e22dd38 r11: fffff803e86e7000 r12: 0000000000000028
r13: fffff8000e22dd38 r14: fffffe000ba53a40 r15: 80000001caa78405
trap number      = 9
panic: general protection fault
cpuid = 7
time = 1729201319
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe01136c04c0
vpanic() at vpanic+0x131/frame 0xfffffe01136c05f0
panic() at panic+0x43/frame 0xfffffe01136c0650
trap_fatal() at trap_fatal+0x40b/frame 0xfffffe01136c06b0
calltrap() at calltrap+0x8/frame 0xfffffe01136c06b0
--- trap 0x9, rip = 0xffffffff81093ab1, rsp = 0xfffffe01136c0780, rbp = 0xfffffe01136c08d0 ---
pmap_remove_pages() at pmap_remove_pages+0x6b1/frame 0xfffffe01136c08d0
exec_new_vmspace() at exec_new_vmspace+0x235/frame 0xfffffe01136c0930
exec_elf64_imgact() at exec_elf64_imgact+0x61b/frame 0xfffffe01136c09f0
kern_execve() at kern_execve+0x795/frame 0xfffffe01136c0d80
sys_execve() at sys_execve+0x56/frame 0xfffffe01136c0e00
amd64_syscall() at amd64_syscall+0x100/frame 0xfffffe01136c0f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe01136c0f30
--- syscall (59, FreeBSD ELF64, execve), rip = 0x8242cc69a, rsp = 0x83d5f7358, rbp = 0x83d5f73d0 ---
KDB: enter: panic
panic.txt0600003014704302247  7134 ustarrootwheelgeneral protection faultversion.txt0600007514704302247  7540 ustarrootwheelFreeBSD 14.1-RELEASE-p2 stable/24.7-n267758-4ad7ad40bc77 SMP

DHCP leases that are active dynamic and dynamic in-active cannot be deleted, the only error I see is this:

10.10.10.1 gateway.mydomain.com - [05/Aug/2023:19:33:06 -0400] "POST /api/dhcp/leases/delLease/10.0.10.10 HTTP/1.1" 400 84 "https://gateway.mydomain.com/ui/dhcpv4/leases" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15"

Edit: Same results when not using the custom domain, i.e. direct to IP of OPNSense

I didn't see anything in the change log this morning but I'm assuming the RC does not currently have an in place upgrade yet? Im seeing the latest beta in the dev channel but no RC. Do I have to update to dev channel prior to going to the RC?

I see the actual source and destination then a couple other random IPs that aren't mine listed for that as well with the interface MAC (usually) as the MAC of the bad IP.

10.105.21.169 is listed as source for the MAC that's supposed to be 10.0.0.5, that's the same for ALL IPs on the network.  There is also this duplicated for a junk IP but the interface MAC is listed. Is this expected? I got an intel Nic for this and it appears to still be broken to some extent, at least.

I switched from a mellanox card to an intel x520. I was able to get full 10gb using perf between opnsense and my unraid server, after switching to X520 I am getting less than 2 from unraid to opnsense but full 10gb between opnsense to unraid, telling me that I have something misconfigured. Any ideas? Anyone else with an X520 getting line speed?

Edit: I found the issue, sorry! I just didn't look hard enough at the forums.  I found this which helped ALOT.

https://binaryimpulse.com/2022/11/opnsense-performance-tuning-for-multi-gigabit-internet/

From here: https://forum.opnsense.org/index.php?topic=18754.150

Thanks!

Hello, I get the below error spammed in the log when using vnstat, I do not get any stats though.

[00acf906-9459-4683-964d-7bab56a4b5c1] Script action failed with Command '/usr/local/bin/vnstat -y ' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 482, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.9/subprocess.py", line 373, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/bin/vnstat -y ' returned non-zero exit status 1.

Does 1.12 support Mellanox nic's yet?

I have crowdsec and its working well.  I already have a central node so I was able to tie opnsense into it just fine.  I had a question though, I see this:

Enable Firewall Bouncer (IPS)

When this is enabled I get no alerts for blocks in the firewall logs. I have to disable this to get any alerts from my block rules. Is this expected?

Enable log for rules

I enable the above and I get some alerts but they are all blank, with no info except that it came from crowdsec.  Basically I want to make sure the crowdsec lists are being blocked correctly and since they wont show up in the logs its a bit difficult. It seems like the firewall bouncer is needed to block detections on the firewall but needs to be disabled to get blocks to show up in the logs using the blocklists that ship with crowdsec.

I posted on a couple other threads regarding Default deny/state violations in the logs. On a related note, I have floating rules for certain items but it was my understanding that interface rules applied after floating. Im blocking a lot of IGMP traffic and had to make a new floating rule to allow IGMP on all interfaces. This shouldn't be required...floating rules are applied prior to interface rules so if there are default deny rules in the floating rules they will take precedent over the allow alls I have on each interface...Im also seeing blocked traffic to certain servers from a reverse proxy. all other traffic from that proxy is allowed so I'm not sure why/where the default deny is happening.

I'm curious why the rate in my wan settings is 10gbe rather than 2.5? I have a 2.5gb link. Is this just a bug or is it actually negotiating at 10gbe? Thanks!

Just an FYI mellanox is not supported for the default netmap profile. I was able to install and enable but lost connectivity and had to ssh in and manually remove zenarmor from the terminal as it was crashing everything.  Is this expected? Thank you!

Edit: I see this - https://forum.opnsense.org/index.php?topic=17363.180 where mlx devices are being tested...did that ever work?

Anyone else seeing this message after the update?

error: kex_exchange_identification: Connection closed by remote host

Ill note im seeing this same message originating from each interface in opnsense on my other servers.  Spams log almost every hour on the dot.

Edit: make that every 15 minutes on the dot :)

Edit 2: I think this is ntopng actually, ill disable, and report back after 20 minutes or so.  All servers on network see same flood of ssh requests every 15 minutes so I THINK ntopng is doing this for network discovery.  Its a working theory.  Ill report back with my findings.

Edit 3: Yep ntopng was the culprit.  If anyone else runs into this, possibly disable network discovery on the app to stop.

Hello, I have a few issues with sensei on the new 22.1 update.  The OPNSense was clean-installed, sensei was clean installed.

I see this:
[0d569281-3cff-4e2f-96be-cb2fa640bcbc] Script action stderr returned "b'umount: /dev/md43: statfs: No such file or directory\numount: /dev/md43: unknown file system\nmount: /usr/local/sensei/output: No such file or directory'"

And this is spammed over and over:
[69aa4538-c722-4c14-bf3e-7e14d5d3718c] Script action failed with Command '/usr/local/opnsense/scripts/OPNsense/Sensei/periodicals.py ' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 478, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.8/subprocess.py", line 364, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/Sensei/periodicals.py ' returned non-zero exit status 1.

This as well:
[f119326e-6669-458a-bc4c-c3c5b8f9c4ba] Script action failed with Command 'pkg rquery "%n|||%v|||%c|||%sh|||0|||0|||%L|||%R|||%o" ' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 478, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.8/subprocess.py", line 364, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command 'pkg rquery "%n|||%v|||%c|||%sh|||0|||0|||%L|||%R|||%o" ' returned non-zero exit status 1.

Any plans to add a snort package now that v3 is released that makes it more competitive with suricata? (Multi thread etc)

Any way to suppress certain alerts from showing up in the logs, or certain logs?  I have certain things blocked, and I know it will be spammed 1000's of times in the reports which is somewhat unhelpful as I manually blocked it.  Thanks!

I just set up a blocklist in unbound, testing a migration from pihole, where do I see blocks? If I cant see blocks I cant really use it, as DNS false positives are common and I need to be able to see random blocks and deal with them if needed.  Is this possible? If we had a firewall logs-like list that would be very nice. Thanks!

Hello, I am trying to install this on a dedicated box inside my opnsense network.  I know this runs on FreeBSD, but my question is, how do I get it to route inline? I do not see any documentation on this besides how to install (which works fine).  My initial thought was to bridge 2 ports, run sensei on that bridge port in normal routed mode, and have that inline.  So basically:

Modem ---> opnsense wan --> opnsense lan --> FreeBSD bridge with sensei (OR opnsense secondary server) --> internal network

Would this work? Just trying to understand how to get sensei up and running on a dedicated server (I dont want to do a full opnsense install on the second server as that seems unneeded and a waste of resources).  I could install a second opnsense inline but Im not sure that would work.

Thanks!

I am unclear on the cloud management.  How am I able to unblock blocked sites in reports? I am not able to find it.  Also I am not able to drill down, I see graphs but am not able to interact with them at all.  Is this expected, or is the cloud portal still not ready for prime time?

Thanks!!

I have the elk stack on a remote server.  I cannot seem to get opnsense to forward traffic to it.  I was able to use barnyard2 with pfsense, do we have a feature that will allow remote log management?

I enabled unbound in forwarding mode, and it will forward to an upstream DNS server.  That works, but it is not forwarding hostnames.  I only see my opnsense ip in the forwarder even though I have enabled register hostnames in unbound.  Any idea why it is failing to pass hostnames? I have set hostname in DHCP for each host but it is not passing them.