Topics

Copied the output from the gui... the two snips look like the only errors.  The system did not auto-reboot.  Any recommendations?  I'm worried about rebooting the router.  Right now opnsense is running fine, no issues.  Thanks in advance!


[36/37] Extracting clamav-1.0.1,1: .......... done
pkg-static: sqlite error while executing COMMIT TRANSACTION  in file pkgdb.c:1144: disk I/O error
pkg-static: sqlite error while executing SELECT script, type  FROM pkg_script    JOIN script USING(script_id)  WHERE package_id = 3249 in file pkgdb_iterator.c:733: disk I/O error
Starting web GUI...done.

...

Installing kernel-23.1.2-amd64.txz.../usr/local/sbin/opnsense-update: kldxref: Input/output error
failed, kldxref error 0
***DONE***

I believe that opnsense overwrites resolv.conf every 30 minutes via /usr/local/etc/inc/system.inc

However, I'd like to add the following to resolv.conf:

options ndots:1 timeout:0.3 attempts:1 rotate

My understanding is that the normal timeout to failover from one name server to another in the /etc/resolv.conf file is 5 seconds.  I'd like to change that to 0.3 seconds.

What is the approved method to accomplish this?

Thank you!

I'm going to google this issue, yet I was hoping that someone here on the forums could give me any tips (or time to explain) what the heck this stuff is about, and more importantly, on how to prevent it on my opnsense implementation.  I would prefer to source my knowledge from here vs the wild web.

Background:  Heard of it, didn't understand it.  Have a work project that discussed arp-spoofing risks, researching it worried me that my home opnsense implementation could be at risk.  I'm vaguely suspicious that the default opnsense configuration is set to block this sort of thing, yet I'd like to know more.

I'll now go read up on this. 

Kind regards to everyone!

Post 19.7.5.5 > 19.7.7 upgrade:

Noticed 100% cpu utilization (i5-5250u, 4 core), logged into command line, top listed suricata at 98%.  Disabled suricata in the gui, cpu utilization went down below 10% (normal-ish).  Then, cpu utilization spiked back up 100%, this time it's python 2.7 using over 90% on all 4 cores.

Any suggestions on what to do?

Hello,

I'm interested in syncing a complete system backup to dropbox using rclone.  I've installed it, it runs.  I'm trying to configure it to use dropbox.  For a dropbox authorization code, mid-way through the config script, it requests that the user access url http://127.0.0.1:53682/auth   ...  when I open that webpage, I get a 'Failed to Connect'.

I put in a floating rule for intranet traffic to have access to 127.0.0.1/53682  .... no luck.  Searched for rclone info, nothing found that works.

Any suggestions?

Thanks!

Aug 31 09:28:37    /update_tables.py: error fetching alias url 81.22.45.80

Disclaimer:  To call myself an amateur with security is an insult to the amateurs. 

I'm curious about this log entry.  I googled update_tables.py, the responses were effectively in sanskrit to me.  I know that it's probably a python script, that's it.

Why would opnsense try to fetch an alias for that ip address?  Is this an attack?  Should I do something?

Thank you for your time and consideration.

Hello,

I have a Ring doorbell on an untrusted subnet.  I'm trying to allow our cellphones (on a trusted subnet) to have permission to view Live Video from the Ring doorbell.  No matter what combination I try, it doesn't work.  I'm suspicious that the untrusted subnet, hosted on an older router, is the problem.  But just in case:

Does anybody have a working configuration which has the Ring on one subnet, and the clients (cellphones) on another?

Alternatively, any advice appreciated.

Thanks!

What is the correct path to manually edit unbound.conf?

I edited /var/unbound/unbound.conf, and today when I was intending to futz around with some other stuff, I noticed my edits had reverted to default.  I checked /usr/local/etc/unbound/unbound.conf, it's completely commented out.

Can unbound.conf be manually edited and remain compatible with the GUI?

Thanks!

Went from 19.1.10 to 19.7.2.  Upgrade went smoothly without error.  19.7.2 corrected a memory hog issue of unknown origin that started around 19.1.8.  GUI seems quicker, more responsive than before. 

Well done.

David

Greetings,

How do I enable access to opnsense ports on 19.1.9?  Portsnap is not present by default in the command line.  Neither are ports (applications) available in the file system despite ports being listed in github.  I didn't find anything in the manual, pkg search portsnap = no return.

Thank you.

disclaimer:  amateur with freebsd/opnsense/firewalls.

Would you please recommend a method and scheme to implement automated backups?

Background:  I tried to gpart and resize the freebsd-ufs partition without os backups, and while online/operational.  I recognize how stupid that was, now, especially as I type this.  I recovered opensense using a new image and a backup of the opnsense config.  Time consuming, manual, and not graceful.  I decided to implement a full hard drive backup and an incremental synced backup workflow.  I would like it to be automated.  I searched for installed ports:  none.  /usr/local/ports is missing.  I searched installed pkgs for anything like rsync, not found.  I searched the forum for related issues:  nothing relevant found.

I can implement a hacked solution, but I'm concerned that it will be consistent with my skillset and not be as secure as the philosophical and functional model of opnsense.  Accordingly, I'm hoping to ask for the advice of the more experienced for an appropriate solution.

Thanks in advance,

LouieLouie

Running opnsense 19.1.8, I am trying to add sshd to Monit service monitoring. In the gui, the start and stop commands are required with the full path to the command. I've searched freebsd forums and tutorials, the /etc/rc.d commands don't work (can't even find rc.config), the 'service sshd start' commands aren't accepted.

May I ask for help, please? Thanks in advance!