Topics

1

21.1 Legacy Series / postfix/smtpd: OTP unavailable because can't read/write key database /etc/

« on: February 20, 2021, 10:55:33 am »

After upgrading to 21 my log is spammed with messages like:
postfix/smtpd[40858]   OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied

I should mention that postfix, Enable Rspamd Integration is disabled.

This error does not give any hint regarding what should I do to avoid it.

2

General Discussion / How about enabling github discussions?

« on: December 24, 2020, 01:43:32 pm »

As github already moved discussions out of beta and anyone can now enable them, could we at least experimentally enable them and see if they could prove a reliable alternative to the current outdated forum platform?

If it works the benefits would be considerable as it is far easier to use and it integrates greatly with the issue tracker.

I proposed that at https://github.com/opnsense/core/issues/4547 --- I am curious what people think.

3

20.7 Legacy Series / 20.7.7 upgrade made unbound unstable

« on: December 24, 2020, 01:39:04 pm »

Something really happened with 20.7.7 upgrade that got the Unbound resolved to a status where it stops responding, quite often, sometimes even after less than 24h.

Reloading all services does restore it but that is not something I want to do. So far I was not able to identify what is causing this as the logs are huge and I do not know what to search for in them.

Clearly this is a regression as it was not happening until recently. I do use `Enable DNSSEC Support`, logging verbosity is 2.

The only thing weird I found on resolver logs was a small number of lines like:
notice: sendto failed: Permission denied

Update: But at the same time I was able to spot something interesting general log, which may correlate with the moment it went down. Maybe is not really the dns? Still I have no idea how to fix it. I do use ipv6 and is fixed.


2020-12-24T12:36:42   opnsense[95177]   /usr/local/etc/rc.newwanipv6: Failed to detect IP for WAN[wan]   
2020-12-24T12:36:40   dhcp6c[99706]   transmit failed: Can't assign requested address   
2020-12-24T12:36:39   opnsense[40415]   /usr/local/etc/rc.newwanipv6: Failed to detect IP for WAN[wan]   
2020-12-24T12:20:10   opnsense[7251]   /usr/local/etc/rc.newwanipv6: Failed to detect IP for WAN[wan]   
2020-12-24T12:20:05   opnsense[72599]   /usr/local/etc/rc.newwanipv6: Failed to detect IP for WAN[wan]   
2020-12-23T23:08:08   opnsense[9414]   /usr/local/etc/rc.newwanipv6: Failed to detect IP for WAN[wan]   
2020-12-23T23:08:06   dhcp6c[99706]   transmit failed: Can't assign requested address

4

Hardware and Performance / QOTOM-Q370G4 I7 occasional sudden freeze

« on: November 12, 2019, 09:58:53 am »

I am using a QOTOM-Q370G4 I7 as my home router and occasionally (3 times this year) the router freeze and stopped responding to anything. http://www.qotom.net/product/32.html

Even plugging and unplugging it after 10s did not make it boot again but using the RESET button did the trick.

When it froze I can see the LAN lights flashing, the HDMI connection does not work until the reset button is pressed. After this it will boot normally.

The worst part is that I have zero logs from before the boot. Last time when it happened it was last night and mainly coincidentally exactly at midnight.

I really doubt that it could be a thermal issue because the CPU stays around 40-45 Celsius, I have PowerD enabled and using HiAdaptive. Also it is on UPS and I am not having any fluctuations around.

What can it be or how can I reconfigure it to assure that it keeps some logs?

5

19.7 Legacy Series / How to add a cron entry that persists system updates

« on: September 07, 2019, 11:18:00 am »

The current GUI implementation for cron does not allow a user to add a specific command to be run without creating a patch. Every time you will update the router your custom command will be lost.

How can I made this work persistently so I so not have to rerun all my configuration management scripts to repair the upgrade "damange".

Before someone asking about https://docs.opnsense.org/development/backend/autorun.html -- the answer is no, because I have a special script that runs every minute, refreshing an OTP token.

6

19.1 Legacy Series / Web GUI fails to start with Virtual IPs on LAN: Address already in use

« on: April 15, 2019, 11:27:05 am »

I managed to find a configuration setup that while resonable will render your opnsense webgui useless as it will fail to restart.

How to reproduce?

    install haproxy
    add a Virtual IP for your LAN (192.168.33.1 in my case)
    configure haproxy to use that virtual-ip (192.168.33.2 in my case)
    restart web gui (or wait till next day)
    enjoy not having a web gui anymore and not being able to start the service at all.

Thus is why I raised a bug on https://github.com/opnsense/core/issues/3419


I have no idea how to avoid this case and it seems to be another variation of the old bug where there was an option to bind to all interfaces. Now you can only pick one interface, but if you happen to add multipe IPs to that interface you are back to the same problem.... where you endup being locked out of web gui.

7

Web Proxy Filtering and Caching / How to get some minima stats/reports from squid web proxy?

« on: April 14, 2019, 04:52:01 pm »

While I was able to get Squid to work it seems that the plugin provides zero stats/reports regarding squid activity.

There is not way to find basic information like: cache size (mb), saved traffic (mb), hit/miss ratio, which network clients used the proxy.

8

Web Proxy Filtering and Caching / New installation: squid fails to start: Unable to open HTTP Socket

« on: March 21, 2019, 03:02:13 pm »

Something weird is happening with squid on my new opnsense deployment: it fails to (re)start because 3128 is kept by itself!

If I go to the CLI and kill the quid process, it will succeed starting, until I change something in UI and need to restart it.

And yes I do have both IPv4 and IPv6 setup on my network.

```
2019/03/21 13:53:10|    pinger: ICMPv6 socket opened
2019/03/21 13:53:10|    pinger: ICMP socket opened.
2019/03/21 13:53:10|    pinger: Initialising ICMP pinger ...
2019/03/21 13:53:10    kid1| Closing Pinger socket on FD 19
Page faults    with physical i/o: 0
Maximum Resident    Size: 221360 KB
CPU Usage:    0.044 seconds = 0.030 user + 0.015 sys
Squid Cache    (Version 3.5.28): Terminated abnormally.
FATAL: Unable    to open HTTP Socket
2019/03/21 13:53:10    kid1| Closing HTTP port 192.168.33.1:3128
2019/03/21 13:53:10    kid1| Adaptation support is off.
2019/03/21 13:53:10    kid1| Squid plugin modules loaded: 0
2019/03/21 13:53:10    kid1| Pinger socket opened on FD 19
2019/03/21 13:53:10    kid1| HTCP Disabled.
2019/03/21 13:53:10    kid1| commBind: Cannot bind socket FD 17 to 192.168.33.1:3128: (48) Address already in use
2019/03/21 13:53:10    kid1| Finished loading MIME types and icons.
2019/03/21 13:53:10    kid1| Set Current Directory to /var/squid/cache
2019/03/21 13:53:10    kid1| Using Least Load store dir selection
2019/03/21 13:53:10    kid1| Rebuilding storage in /var/squid/cache (dirty log)
2019/03/21 13:53:10    kid1| Max Swap size: 51200000 KB
2019/03/21 13:53:10    kid1| Max Mem size: 4194304 KB
2019/03/21 13:53:10    kid1| Using 262144 Store buckets
```