1
24.7 Production Series / OpenVPN setup new
« on: November 15, 2024, 09:19:19 pm »
Delete please
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
2
24.7 Production Series / DNS errors flooding the system 24.7.8
« on: November 13, 2024, 10:39:46 pm »
I started a fresh install, since every update seemed to cause the system to go down. I suspect legacy things were clashing. Anyhow now there are a couple of issues that I do not understand.
2024-11-12T17:57:06-07:00 Error ntpd error resolving pool 3.opnsense.pool.ntp.org: Name does not resolve (
2024-11-12T17:57:06-07:00 Error ntpd error resolving pool 2.opnsense.pool.ntp.org: Name does not resolve (
2024-11-12T17:57:06-07:00 Error ntpd error resolving pool 1.opnsense.pool.ntp.org: Name does not resolve (
2024-11-12T17:57:06-07:00 Error ntpd error resolving pool 0.opnsense.pool.ntp.org: Name does not resolve (
2024-11-12T17:56:54-07:00 Error ntpd error resolving pool 3.opnsense.pool.ntp.org: Name does not resolve (
2024-11-12T17:56:53-07:00 Error ntpd error resolving pool 2.opnsense.pool.ntp.org: Name does not resolve (
2024-11-12T17:56:52-07:00 Error ntpd error resolving pool 1.opnsense.pool.ntp.org: Name does not resolve (
2024-11-12T17:56:51-07:00 Error ntpd error resolving pool 0.opnsense.pool.ntp.org: Name does not resolve (
2024-11-09T22:46:40-07:00 Error ntpd error resolving pool 3.opnsense.pool.ntp.org: Name does not resolve (
This is one issue. Yet, if I ping those addresses they resolve and answer back just fine. I saw that a device was not using these servers, but going to an alternate. I wondered why. This is what I see.
The other issue, I'm guessing related is:
The DNS query name does not exist: <!DOCTYPE. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: if. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: <!--. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: Eyebrow:. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: Headline:. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: <script>. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: <style>. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: \@media. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: }. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: Subscriptions. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: Bundle. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: Enjoy. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: <img. [for Hulu]
It appears that a device is sending some sort of HTML file? So far I have not found which device is blasting this. I guess it IS rejecting the request, but as much as it is hammering the system, I would think this could impact performance.
Any suggestions welcomed. Thanks in advance.
2024-11-12T17:57:06-07:00 Error ntpd error resolving pool 3.opnsense.pool.ntp.org: Name does not resolve (
2024-11-12T17:57:06-07:00 Error ntpd error resolving pool 2.opnsense.pool.ntp.org: Name does not resolve (
2024-11-12T17:57:06-07:00 Error ntpd error resolving pool 1.opnsense.pool.ntp.org: Name does not resolve (
2024-11-12T17:57:06-07:00 Error ntpd error resolving pool 0.opnsense.pool.ntp.org: Name does not resolve (
2024-11-12T17:56:54-07:00 Error ntpd error resolving pool 3.opnsense.pool.ntp.org: Name does not resolve (
2024-11-12T17:56:53-07:00 Error ntpd error resolving pool 2.opnsense.pool.ntp.org: Name does not resolve (
2024-11-12T17:56:52-07:00 Error ntpd error resolving pool 1.opnsense.pool.ntp.org: Name does not resolve (
2024-11-12T17:56:51-07:00 Error ntpd error resolving pool 0.opnsense.pool.ntp.org: Name does not resolve (
2024-11-09T22:46:40-07:00 Error ntpd error resolving pool 3.opnsense.pool.ntp.org: Name does not resolve (
This is one issue. Yet, if I ping those addresses they resolve and answer back just fine. I saw that a device was not using these servers, but going to an alternate. I wondered why. This is what I see.
The other issue, I'm guessing related is:
The DNS query name does not exist: <!DOCTYPE. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: if. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: <!--. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: Eyebrow:. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: Headline:. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: <script>. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: <style>. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: \@media. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: }. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: Subscriptions. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: Bundle. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: Enjoy. [for Hulu]
2024-11-13T14:20:04-07:00 Error firewall The DNS query name does not exist: <img. [for Hulu]
It appears that a device is sending some sort of HTML file? So far I have not found which device is blasting this. I guess it IS rejecting the request, but as much as it is hammering the system, I would think this could impact performance.
Any suggestions welcomed. Thanks in advance.
3
24.1 Legacy Series / Unbound DNS failure to properly resolve
« on: April 16, 2024, 08:34:49 pm »
I apparently have a lack of understand on how to make my unbound DNS to do what I want.
I have a unique setup I guess. I have two Synology NAS units. I wanted faster throughput so bought 2 10gbps NICS. I attempted to connect the high speed cable to my switch to only find out that even though it has 2 Fiber ports, they support 1gbps! WHY!? Dumb.. so as a work around, I have connected the cable directly from one NAS to the other. This is when my problems began. So to kind of draw a word picture:
NAS 1 has 2 IP addresses.
NIC 1 is on 192.168.100.x
NIC 5 is on 192.168.1.x (high speed)
NAS 2 has 2 IP addresss.
NIC 1 is on 192.168.100.x
NIC 5 is on 192.168.1.x (high speed)
All of a sudden my SMB server names started dropping out. I can still connect via IP, but when I drop to bash and ping from a workstation on the .100 subnet, NAS1 is is trying to resolve to NIC5!! I do not understand how this is even possible, but, if I ping NAS.FQDN, it resolves properly to NIC1.
So I went and added over rides in Unbound. I gave it the server name with proper IP address and that did not work. I then added under aliases the server name and still no go.
So what am I doing wrong? How can I get it to properly resolve everytime? I have tried under general to add A record registration, I have tried changing the local Zone Types, but nothing seems to work. I don't even understand how Unbound even knows those NIC5's exist, since they are not connected anywhere except to each other. I also tried making those NIC5 gateways each other.
I have a unique setup I guess. I have two Synology NAS units. I wanted faster throughput so bought 2 10gbps NICS. I attempted to connect the high speed cable to my switch to only find out that even though it has 2 Fiber ports, they support 1gbps! WHY!? Dumb.. so as a work around, I have connected the cable directly from one NAS to the other. This is when my problems began. So to kind of draw a word picture:
NAS 1 has 2 IP addresses.
NIC 1 is on 192.168.100.x
NIC 5 is on 192.168.1.x (high speed)
NAS 2 has 2 IP addresss.
NIC 1 is on 192.168.100.x
NIC 5 is on 192.168.1.x (high speed)
All of a sudden my SMB server names started dropping out. I can still connect via IP, but when I drop to bash and ping from a workstation on the .100 subnet, NAS1 is is trying to resolve to NIC5!! I do not understand how this is even possible, but, if I ping NAS.FQDN, it resolves properly to NIC1.
So I went and added over rides in Unbound. I gave it the server name with proper IP address and that did not work. I then added under aliases the server name and still no go.
So what am I doing wrong? How can I get it to properly resolve everytime? I have tried under general to add A record registration, I have tried changing the local Zone Types, but nothing seems to work. I don't even understand how Unbound even knows those NIC5's exist, since they are not connected anywhere except to each other. I also tried making those NIC5 gateways each other.
4
24.1 Legacy Series / 24.1.1 NTOPNG and REDIS no longer working
« on: February 14, 2024, 08:51:13 pm »
After the update REDIS no longer works. I watched on an attached monitor upgrading another box and saw where it said something about directory invalid or not found. So am I the only one? it happened on 2 different boxes.
5
24.1 Legacy Series / 24.1.1 update has broken fixed IP setup with COX
« on: February 13, 2024, 04:28:38 am »
Updated below
So I have a fairly simple setup. A single gateway using a Cox modem. The way it has been setup for several years now is a fixed WAN IP address and then right below was a spot to add an upstream gateway. Now in the new setup is a drop down box with auto-detect and no other option. The advanced info says you must select one, but there seems to be no way to do that. I can go to System/Gateways/Configuration and add it there to no avail.
I thought the box was corrupt after the update, since I no longer could get out. I rebuilt from scratch and the same thing happened. The only way around it, is to select WAN to DHCP and it works. Is this a bug or is there another way to handle this?
So I finally figured it out. I was very close. The new version, removes the ability to add the upstream gateway right in the interface section. Now you MUST go to System/Gateways/Configuration and add the upstream gateway there first and save. Once you do that, then you can go back to the interface and select something other than auto detect. (I apparently did something wrong the first 3 tries.)
So the update really should take this into account, grab this data an populate the gateway configuration so it does not break things. Just my thoughts. Keep up the good work.
So I have a fairly simple setup. A single gateway using a Cox modem. The way it has been setup for several years now is a fixed WAN IP address and then right below was a spot to add an upstream gateway. Now in the new setup is a drop down box with auto-detect and no other option. The advanced info says you must select one, but there seems to be no way to do that. I can go to System/Gateways/Configuration and add it there to no avail.
I thought the box was corrupt after the update, since I no longer could get out. I rebuilt from scratch and the same thing happened. The only way around it, is to select WAN to DHCP and it works. Is this a bug or is there another way to handle this?
So I finally figured it out. I was very close. The new version, removes the ability to add the upstream gateway right in the interface section. Now you MUST go to System/Gateways/Configuration and add the upstream gateway there first and save. Once you do that, then you can go back to the interface and select something other than auto detect. (I apparently did something wrong the first 3 tries.)
So the update really should take this into account, grab this data an populate the gateway configuration so it does not break things. Just my thoughts. Keep up the good work.
6
23.7 Legacy Series / 23.7.7_3 breaks the "intranet" link
« on: November 22, 2023, 04:12:59 am »
This seems to be a slightly different twist. After the update it seems nothing local is working correctly. ICMP works fine, but no web admin, no ssh and no file shares. After lots of digging, and doing a hard reset, it never came back up. It is hung at
Setting up routes ... done
Enter Full pathname or shell or RETURN for /bin/sh:
I have had bad sectors in the past, but this is a brand new drive and I made an assumption that was the problem. I fired up a spare FW and rebuilt the main box. A fresh install is doing the same thing, even before adding a restore to it. Anyone else seeing this? What am I doing wrong?
Setting up routes ... done
Enter Full pathname or shell or RETURN for /bin/sh:
I have had bad sectors in the past, but this is a brand new drive and I made an assumption that was the problem. I fired up a spare FW and rebuilt the main box. A fresh install is doing the same thing, even before adding a restore to it. Anyone else seeing this? What am I doing wrong?
7
23.7 Legacy Series / 23.7 ClamAV no long works
« on: October 11, 2023, 12:47:50 am »
So I had a hard drive go bad and the system would not boot. We had a backup of the configuration files. I did a fresh install on a new system and restored the backup. One thing I found is many things do NOT get restored/installed with a restore. I've been working hard on trying to restore things that didn't load and are not working.
ClamAV, is no longer working. It has been since the redo. I tried the following at CLI:
pkg remove os-clamav clamav
rm -rf /var/db/clamav
pkg install os-clamav
I then clicked on the download signatures in the GUI and checked the logs. Still not working.
Date
Severity
Process
Line
2023-10-10T11:31:18-07:00 Error freshclam Can't send to clamd: Socket operation on non-socket
2023-10-10T11:31:18-07:00 Error freshclam NotifyClamd: No communication socket specified in /usr/local/etc/clamd.conf
2023-10-04T00:27:56-07:00 Error freshclam Update failed.
2023-10-04T00:27:56-07:00 Error freshclam Database update process failed: HTTP GET failed
2023-10-04T00:27:56-07:00 Error freshclam Update failed for database: daily
2023-10-04T00:27:56-07:00 Error freshclam check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
2023-10-04T00:27:56-07:00 Warning freshclam Failed to get daily database version information from server: https://database.clamav.net
2023-10-04T00:27:56-07:00 Error freshclam Message: Couldn't resolve host name
2023-10-04T00:27:56-07:00 Error freshclam remote_cvdhead: Download failed (6)
2023-10-04T00:27:51-07:00 Error freshclam check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
2023-10-04T00:27:51-07:00 Warning freshclam Failed to get daily database version information from server: https://database.clamav.net
2023-10-04T00:27:51-07:00 Warning freshclam Message: Couldn't resolve host name
2023-10-04T00:27:51-07:00 Warning freshclam remote_cvdhead: Download failed (6)
2023-10-04T00:27:45-07:00 Error freshclam check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
2023-10-04T00:27:45-07:00 Warning freshclam Failed to get daily database version information from server: https://database.clamav.net
2023-10-04T00:27:45-07:00 Warning freshclam Message: Couldn't resolve host name
2023-10-04T00:27:45-07:00 Warning freshclam remote_cvdhead: Download failed (6)
2023-10-04T00:27:45-07:00 Warning freshclam Invalid DNS reply. Falling back to HTTP mode.
2023-10-04T00:27:45-07:00 Warning freshclam Can't query current.cvd.clamav.net
2023-09-23T12:22:47-07:00 Warning freshclam Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.sock: No such file or directory
The first thing I did was go look in the location where things are and it seems the install package is not installing properly? See the bottom line of the log. I don't want to start manually adding stuff and bork the system without some guidance from the gurus. I'm just a old man, trying to proect his household. Any help appreciated.
ClamAV, is no longer working. It has been since the redo. I tried the following at CLI:
pkg remove os-clamav clamav
rm -rf /var/db/clamav
pkg install os-clamav
I then clicked on the download signatures in the GUI and checked the logs. Still not working.
Date
Severity
Process
Line
2023-10-10T11:31:18-07:00 Error freshclam Can't send to clamd: Socket operation on non-socket
2023-10-10T11:31:18-07:00 Error freshclam NotifyClamd: No communication socket specified in /usr/local/etc/clamd.conf
2023-10-04T00:27:56-07:00 Error freshclam Update failed.
2023-10-04T00:27:56-07:00 Error freshclam Database update process failed: HTTP GET failed
2023-10-04T00:27:56-07:00 Error freshclam Update failed for database: daily
2023-10-04T00:27:56-07:00 Error freshclam check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
2023-10-04T00:27:56-07:00 Warning freshclam Failed to get daily database version information from server: https://database.clamav.net
2023-10-04T00:27:56-07:00 Error freshclam Message: Couldn't resolve host name
2023-10-04T00:27:56-07:00 Error freshclam remote_cvdhead: Download failed (6)
2023-10-04T00:27:51-07:00 Error freshclam check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
2023-10-04T00:27:51-07:00 Warning freshclam Failed to get daily database version information from server: https://database.clamav.net
2023-10-04T00:27:51-07:00 Warning freshclam Message: Couldn't resolve host name
2023-10-04T00:27:51-07:00 Warning freshclam remote_cvdhead: Download failed (6)
2023-10-04T00:27:45-07:00 Error freshclam check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
2023-10-04T00:27:45-07:00 Warning freshclam Failed to get daily database version information from server: https://database.clamav.net
2023-10-04T00:27:45-07:00 Warning freshclam Message: Couldn't resolve host name
2023-10-04T00:27:45-07:00 Warning freshclam remote_cvdhead: Download failed (6)
2023-10-04T00:27:45-07:00 Warning freshclam Invalid DNS reply. Falling back to HTTP mode.
2023-10-04T00:27:45-07:00 Warning freshclam Can't query current.cvd.clamav.net
2023-09-23T12:22:47-07:00 Warning freshclam Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.sock: No such file or directory
The first thing I did was go look in the location where things are and it seems the install package is not installing properly? See the bottom line of the log. I don't want to start manually adding stuff and bork the system without some guidance from the gurus. I'm just a old man, trying to proect his household. Any help appreciated.
8
22.1 Legacy Series / update dependency error
« on: March 04, 2022, 05:21:00 am »
This may or may not be an issue, but I noticed some missing dependencies during the remote upgrade. It came back up and says it is up to date. More of an FYI if this is serious.
***GOT REQUEST TO UPDATE***
Currently running OPNsense 22.1 (amd64/OpenSSL) at Thu Mar 3 21:14:00 MST 2022
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (43 candidates): .......... done
Processing candidates (43 candidates):
pkg-static: elasticsearch5 has a missing dependency: openjdk8
Processing candidates (43 candidates)............. done
The following 43 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
ca_root_nss: 3.74 -> 3.75
curl: 7.80.0 -> 7.81.0
cyrus-sasl: 2.1.27_2 -> 2.1.28
cyrus-sasl-gssapi: 2.1.27_2 -> 2.1.28
dnsmasq: 2.86_2,1 -> 2.86_3,1
e2fsprogs-libuuid: 1.46.4 -> 1.46.5
expat: 2.4.2 -> 2.4.4
glib: 2.70.2,2 -> 2.70.4,2
libfido2: 1.9.0 -> 1.10.0
lighttpd: 1.4.63 -> 1.4.64_1
monit: 5.29.0_1 -> 5.30.0
mpd5: 5.9_6 -> 5.9_7
nss: 3.74 -> 3.75
ntp: 4.2.8p15_4 -> 4.2.8p15_5
openssl: 1.1.1m_1,1 -> 1.1.1m_2,1
opnsense: 22.1 -> 22.1.2_1
opnsense-update: 22.1 -> 22.1.2
os-dyndns: 1.27_2 -> 1.27_3
php74: 7.4.27 -> 7.4.28
php74-ctype: 7.4.27 -> 7.4.28
php74-curl: 7.4.27 -> 7.4.28
php74-dom: 7.4.27 -> 7.4.28
php74-filter: 7.4.27 -> 7.4.28
php74-gettext: 7.4.27 -> 7.4.28
php74-json: 7.4.27 -> 7.4.28
php74-ldap: 7.4.27 -> 7.4.28
php74-mbstring: 7.4.27 -> 7.4.28
php74-openssl: 7.4.27 -> 7.4.28
php74-pdo: 7.4.27 -> 7.4.28
php74-phpseclib: 2.0.35 -> 2.0.36
php74-session: 7.4.27 -> 7.4.28
php74-simplexml: 7.4.27 -> 7.4.28
php74-sockets: 7.4.27 -> 7.4.28
php74-sqlite3: 7.4.27 -> 7.4.28
php74-xml: 7.4.27 -> 7.4.28
php74-zlib: 7.4.27 -> 7.4.28
py38-urllib3: 1.26.7,1 -> 1.26.8,1
strongswan: 5.9.4 -> 5.9.5
sudo: 1.9.8p2 -> 1.9.9
unbound: 1.14.0 -> 1.15.0_1
wireguard-go: 0.0.20211016,1 -> 0.0.20220117,1
Installed packages to be REINSTALLED:
pcre-8.45 (options changed)
pcre2-10.39 (options changed)
Number of packages to be upgraded: 41
Number of packages to be reinstalled: 2
The process will require 4 MiB more space.
27 MiB to be downloaded.
[1/43] Fetching wireguard-go-0.0.20220117,1.txz: .......... done
[2/43] Fetching unbound-1.15.0_1.txz: .......... done
[3/43] Fetching sudo-1.9.9.txz: .......... done
[4/43] Fetching strongswan-5.9.5.txz: .......... done
[5/43] Fetching py38-urllib3-1.26.8,1.txz: .......... done
[6/43] Fetching php74-zlib-7.4.28.txz: ... done
[7/43] Fetching php74-xml-7.4.28.txz: ... done
[8/43] Fetching php74-sqlite3-7.4.28.txz: ... done
[9/43] Fetching php74-sockets-7.4.28.txz: ..... done
[10/43] Fetching php74-simplexml-7.4.28.txz: ... done
[11/43] Fetching php74-session-7.4.28.txz: ..... done
[12/43] Fetching php74-phpseclib-2.0.36.txz: .......... done
[13/43] Fetching php74-pdo-7.4.28.txz: ...... done
[14/43] Fetching php74-openssl-7.4.28.txz: ........ done
[15/43] Fetching php74-mbstring-7.4.28.txz: .......... done
[16/43] Fetching php74-ldap-7.4.28.txz: .... done
[17/43] Fetching php74-json-7.4.28.txz: ... done
[18/43] Fetching php74-gettext-7.4.28.txz: . done
[19/43] Fetching php74-filter-7.4.28.txz: ... done
[20/43] Fetching php74-dom-7.4.28.txz: ....... done
[21/43] Fetching php74-curl-7.4.28.txz: .... done
[22/43] Fetching php74-ctype-7.4.28.txz: . done
[23/43] Fetching php74-7.4.28.txz: .......... done
[24/43] Fetching pcre2-10.39.txz: .......... done
[25/43] Fetching pcre-8.45.txz: .......... done
[26/43] Fetching os-dyndns-1.27_3.txz: .... done
[27/43] Fetching opnsense-update-22.1.2.txz: ..... done
[28/43] Fetching opnsense-22.1.2_1.txz: .......... done
[29/43] Fetching openssl-1.1.1m_2,1.txz: .......... done
[30/43] Fetching ntp-4.2.8p15_5.txz: .......... done
[31/43] Fetching nss-3.75.txz: .......... done
[32/43] Fetching mpd5-5.9_7.txz: .......... done
[33/43] Fetching monit-5.30.0.txz: .......... done
[34/43] Fetching lighttpd-1.4.64_1.txz: .......... done
[35/43] Fetching libfido2-1.10.0.txz: .......... done
[36/43] Fetching glib-2.70.4,2.txz: .......... done
[37/43] Fetching expat-2.4.4.txz: .......... done
[38/43] Fetching e2fsprogs-libuuid-1.46.5.txz: ..... done
[39/43] Fetching dnsmasq-2.86_3,1.txz: .......... done
[40/43] Fetching cyrus-sasl-gssapi-2.1.28.txz: .... done
[41/43] Fetching cyrus-sasl-2.1.28.txz: .......... done
[42/43] Fetching curl-7.81.0.txz: .......... done
[43/43] Fetching ca_root_nss-3.75.txz: .......... done
Checking integrity... done (0 conflicting)
[1/43] Upgrading openssl from 1.1.1m_1,1 to 1.1.1m_2,1...
[1/43] Extracting openssl-1.1.1m_2,1: .......... done
[2/43] Reinstalling pcre2-10.39...
[2/43] Extracting pcre2-10.39: .......... done
[3/43] Upgrading cyrus-sasl from 2.1.27_2 to 2.1.28...
*** Added group `cyrus' (id 60)
*** Added user `cyrus' (id 60)
[3/43] Extracting cyrus-sasl-2.1.28: .......... done
[4/43] Upgrading php74 from 7.4.27 to 7.4.28...
[4/43] Extracting php74-7.4.28: .......... done
[5/43] Reinstalling pcre-8.45...
[5/43] Extracting pcre-8.45: .......... done
[6/43] Upgrading cyrus-sasl-gssapi from 2.1.27_2 to 2.1.28...
[6/43] Extracting cyrus-sasl-gssapi-2.1.28: .......... done
[7/43] Upgrading ca_root_nss from 3.74 to 3.75...
[7/43] Extracting ca_root_nss-3.75: ...... done
[8/43] Upgrading py38-urllib3 from 1.26.7,1 to 1.26.8,1...
[8/43] Extracting py38-urllib3-1.26.8,1: .......... done
[9/43] Upgrading php74-session from 7.4.27 to 7.4.28...
[9/43] Extracting php74-session-7.4.28: .......... done
[10/43] Upgrading php74-pdo from 7.4.27 to 7.4.28...
[10/43] Extracting php74-pdo-7.4.28: .......... done
[11/43] Upgrading php74-mbstring from 7.4.27 to 7.4.28...
[11/43] Extracting php74-mbstring-7.4.28: .......... done
[12/43] Upgrading php74-json from 7.4.27 to 7.4.28...
[12/43] Extracting php74-json-7.4.28: .......... done
[13/43] Upgrading nss from 3.74 to 3.75...
[13/43] Extracting nss-3.75: .......... done
[14/43] Upgrading libfido2 from 1.9.0 to 1.10.0...
[14/43] Extracting libfido2-1.10.0: .......... done
[15/43] Upgrading glib from 2.70.2,2 to 2.70.4,2...
[15/43] Extracting glib-2.70.4,2: .......... done
No schema files found: doing nothing.
[16/43] Upgrading expat from 2.4.2 to 2.4.4...
[16/43] Extracting expat-2.4.4: .......... done
[17/43] Upgrading e2fsprogs-libuuid from 1.46.4 to 1.46.5...
[17/43] Extracting e2fsprogs-libuuid-1.46.5: .......... done
[18/43] Upgrading curl from 7.80.0 to 7.81.0...
[18/43] Extracting curl-7.81.0: .......... done
[19/43] Upgrading unbound from 1.14.0 to 1.15.0_1...
===> Creating groups.
Using existing group 'unbound'.
===> Creating users
Using existing user 'unbound'.
[19/43] Extracting unbound-1.15.0_1: .......... done
[20/43] Upgrading sudo from 1.9.8p2 to 1.9.9...
[20/43] Extracting sudo-1.9.9: .......... done
[21/43] Upgrading strongswan from 5.9.4 to 5.9.5...
[21/43] Extracting strongswan-5.9.5: .......... done
[22/43] Upgrading php74-zlib from 7.4.27 to 7.4.28...
[22/43] Extracting php74-zlib-7.4.28: ....... done
[23/43] Upgrading php74-xml from 7.4.27 to 7.4.28...
[23/43] Extracting php74-xml-7.4.28: ........ done
[24/43] Upgrading php74-sqlite3 from 7.4.27 to 7.4.28...
[24/43] Extracting php74-sqlite3-7.4.28: ........ done
[25/43] Upgrading php74-sockets from 7.4.27 to 7.4.28...
[25/43] Extracting php74-sockets-7.4.28: .......... done
[26/43] Upgrading php74-simplexml from 7.4.27 to 7.4.28...
[26/43] Extracting php74-simplexml-7.4.28: ......... done
[27/43] Upgrading php74-phpseclib from 2.0.35 to 2.0.36...
[27/43] Extracting php74-phpseclib-2.0.36: ........ done
[28/43] Upgrading php74-openssl from 7.4.27 to 7.4.28...
[28/43] Extracting php74-openssl-7.4.28: ....... done
[29/43] Upgrading php74-ldap from 7.4.27 to 7.4.28...
[29/43] Extracting php74-ldap-7.4.28: ....... done
[30/43] Upgrading php74-gettext from 7.4.27 to 7.4.28...
[30/43] Extracting php74-gettext-7.4.28: ....... done
[31/43] Upgrading php74-filter from 7.4.27 to 7.4.28...
[31/43] Extracting php74-filter-7.4.28: ........ done
[32/43] Upgrading php74-dom from 7.4.27 to 7.4.28...
[32/43] Extracting php74-dom-7.4.28: .......... done
[33/43] Upgrading php74-curl from 7.4.27 to 7.4.28...
[33/43] Extracting php74-curl-7.4.28: ....... done
[34/43] Upgrading php74-ctype from 7.4.27 to 7.4.28...
[34/43] Extracting php74-ctype-7.4.28: ....... done
[35/43] Upgrading opnsense-update from 22.1 to 22.1.2...
[35/43] Extracting opnsense-update-22.1.2: .......... done
[36/43] Upgrading ntp from 4.2.8p15_4 to 4.2.8p15_5...
[36/43] Extracting ntp-4.2.8p15_5: .......... done
[37/43] Upgrading mpd5 from 5.9_6 to 5.9_7...
[37/43] Extracting mpd5-5.9_7: ......... done
[38/43] Upgrading monit from 5.29.0_1 to 5.30.0...
[38/43] Extracting monit-5.30.0: ....... done
[39/43] Upgrading lighttpd from 1.4.63 to 1.4.64_1...
===> Creating groups.
Using existing group 'www'.
===> Creating users
Using existing user 'www'.
[39/43] Extracting lighttpd-1.4.64_1: .......... done
[40/43] Upgrading dnsmasq from 2.86_2,1 to 2.86_3,1...
[40/43] Extracting dnsmasq-2.86_3,1: .......... done
[41/43] Upgrading wireguard-go from 0.0.20211016,1 to 0.0.20220117,1...
[41/43] Extracting wireguard-go-0.0.20220117,1: .... done
[42/43] Upgrading os-dyndns from 1.27_2 to 1.27_3...
[42/43] Extracting os-dyndns-1.27_3: .......... done
Stopping configd...done
Starting configd.
Reloading plugin configuration
Configuring system logging...done.
[43/43] Upgrading opnsense from 22.1 to 22.1.2_1...
[43/43] Extracting opnsense-22.1.2_1: .......... done
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh'
Writing firmware setting...done.
Writing trust files...done.
Configuring login behaviour...done.
Configuring system logging...done.
=====
Message from php74-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from py38-urllib3-1.26.8,1:
--
Since version 1.25 HTTPS connections are now verified by default which is done
via "cert_reqs = 'CERT_REQUIRED'". While certificate verification can be
disabled via "cert_reqs = 'CERT_NONE'", it's highly recommended to leave it on.
Various consumers of net/py-urllib3 already have implemented routines that
either explicitly enable or disable HTTPS certificate verification (e.g. via
configuration settings, CLI arguments, etc.).
Yet it may happen that there are still some consumers which don't explicitly
enable/disable certificate verification for HTTPS connections which could then
lead to errors (as is often the case with self-signed certificates).
In case of an error one should try first to temporarily disable certificate
verification of the problematic urllib3 consumer to see if that approach will
remedy the issue.
=====
Message from php74-session-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-pdo-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-mbstring-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-json-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
You may need to manually remove /usr/local/etc/unbound/unbound.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/sudo.conf if it is no longer needed.
=====
Message from strongswan-5.9.5:
--
The default strongSwan configuration interface have been updated to vici.
To use the stroke interface by default either compile the port without the vici option or
set 'strongswan_interface="stroke"' in your rc.conf file.
=====
Message from php74-zlib-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-xml-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-sqlite3-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-sockets-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-simplexml-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-openssl-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-ldap-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-gettext-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-filter-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-dom-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-curl-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-ctype-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from dnsmasq-2.86_3,1:
--
To enable dnsmasq, edit /usr/local/etc/dnsmasq.conf and
set dnsmasq_enable="YES" in /etc/rc.conf[.local]
Further options and actions are documented inside
/usr/local/etc/rc.d/dnsmasq
SECURITY RECOMMENDATION
~~~~~~~~~~~~~~~~~~~~~~~
It is recommended to enable the wpad-related options
at the end of the configuration file (you may need to
copy them from the example file to yours) to fix
CERT Vulnerability VU#598349.
=====
Message from opnsense-22.1.2_1:
--
Owl be watching you
Checking integrity... done (0 conflicting)
Nothing to do.
Checking all packages: .......... done
elasticsearch5 has a missing dependency: openjdk8
elasticsearch5 has a missing dependency: jna
py37-markupsafe has a missing dependency: python37
py37-markupsafe has a missing dependency: py37-setuptools
py37-markupsafe is missing a required shared library: libpython3.7m.so.1.0
>>> Missing package dependencies were detected.
>>> Found 4 issue(s) in the package database.
pkg-static: No packages available to install matching 'openjdk8' have been found in the repositories
pkg-static: No packages available to install matching 'jna' have been found in the repositories
pkg-static: No packages available to install matching 'python37' have been found in the repositories
pkg-static: No packages available to install matching 'py37-setuptools' have been found in the repositories
>>> Summary of actions performed:
openjdk8 dependency failed to be fixed
jna dependency failed to be fixed
python37 dependency failed to be fixed
py37-setuptools dependency failed to be fixed
>>> There are still missing dependencies.
>>> Try fixing them manually.
>>> Also make sure to check 'pkg updating' for known issues.
The following package files will be deleted:
/var/cache/pkg/wireguard-go-0.0.20220117,1~67fc4a54e0.txz
/var/cache/pkg/unbound-1.15.0_1~ccf15dcf1e.txz
/var/cache/pkg/wireguard-go-0.0.20220117,1.txz
/var/cache/pkg/sudo-1.9.9~1e9e287c55.txz
/var/cache/pkg/unbound-1.15.0_1.txz
/var/cache/pkg/sudo-1.9.9.txz
/var/cache/pkg/strongswan-5.9.5~017cec7b71.txz
/var/cache/pkg/py38-urllib3-1.26.8,1.txz
/var/cache/pkg/strongswan-5.9.5.txz
/var/cache/pkg/py38-urllib3-1.26.8,1~715c8228fc.txz
/var/cache/pkg/php74-zlib-7.4.28~f159a9fa9c.txz
/var/cache/pkg/php74-xml-7.4.28~04b907b803.txz
/var/cache/pkg/pcre2-10.39.txz
/var/cache/pkg/php74-zlib-7.4.28.txz
/var/cache/pkg/php74-sqlite3-7.4.28.txz
/var/cache/pkg/php74-xml-7.4.28.txz
/var/cache/pkg/php74-sqlite3-7.4.28~34006abaa4.txz
/var/cache/pkg/php74-sockets-7.4.28~0af28ff815.txz
/var/cache/pkg/php74-pdo-7.4.28~2b73c61cf9.txz
/var/cache/pkg/php74-sockets-7.4.28.txz
/var/cache/pkg/php74-simplexml-7.4.28~c49c4071df.txz
/var/cache/pkg/php74-simplexml-7.4.28.txz
/var/cache/pkg/php74-session-7.4.28~d36c28610e.txz
/var/cache/pkg/php74-session-7.4.28.txz
/var/cache/pkg/php74-phpseclib-2.0.36~d624566b93.txz
/var/cache/pkg/php74-phpseclib-2.0.36.txz
/var/cache/pkg/php74-openssl-7.4.28.txz
/var/cache/pkg/php74-pdo-7.4.28.txz
/var/cache/pkg/php74-openssl-7.4.28~0ebdca6383.txz
/var/cache/pkg/php74-mbstring-7.4.28~d732680ce3.txz
/var/cache/pkg/php74-dom-7.4.28~8266c43221.txz
/var/cache/pkg/php74-mbstring-7.4.28.txz
/var/cache/pkg/php74-ldap-7.4.28~c08d765846.txz
/var/cache/pkg/php74-ldap-7.4.28.txz
/var/cache/pkg/php74-json-7.4.28~7023250ddb.txz
/var/cache/pkg/php74-json-7.4.28.txz
/var/cache/pkg/php74-gettext-7.4.28~91a4c8d56d.txz
/var/cache/pkg/php74-gettext-7.4.28.txz
/var/cache/pkg/php74-filter-7.4.28~368c347ee5.txz
/var/cache/pkg/php74-filter-7.4.28.txz
/var/cache/pkg/php74-7.4.28~d33e5ca09f.txz
/var/cache/pkg/php74-dom-7.4.28.txz
/var/cache/pkg/php74-curl-7.4.28~5b5e0ee4ec.txz
/var/cache/pkg/php74-curl-7.4.28.txz
/var/cache/pkg/php74-ctype-7.4.28~41590db9b4.txz
/var/cache/pkg/php74-ctype-7.4.28.txz
/var/cache/pkg/os-dyndns-1.27_3.txz
/var/cache/pkg/php74-7.4.28.txz
/var/cache/pkg/pcre2-10.39~cbb814b41d.txz
/var/cache/pkg/pcre-8.45~c8ef29795f.txz
/var/cache/pkg/pcre-8.45.txz
/var/cache/pkg/os-dyndns-1.27_3~71bb1c2b98.txz
/var/cache/pkg/opnsense-update-22.1.2~79d7b40896.txz
/var/cache/pkg/opnsense-update-22.1.2.txz
/var/cache/pkg/opnsense-22.1.2_1~9801797315.txz
/var/cache/pkg/opnsense-22.1.2_1.txz
/var/cache/pkg/openssl-1.1.1m_2,1~0c7a927fbd.txz
/var/cache/pkg/openssl-1.1.1m_2,1.txz
/var/cache/pkg/ntp-4.2.8p15_5~8144b1261d.txz
/var/cache/pkg/nss-3.75~9c50cbf309.txz
/var/cache/pkg/ntp-4.2.8p15_5.txz
/var/cache/pkg/nss-3.75.txz
/var/cache/pkg/mpd5-5.9_7~24148b58e4.txz
/var/cache/pkg/mpd5-5.9_7.txz
/var/cache/pkg/monit-5.30.0~a11b952661.txz
/var/cache/pkg/monit-5.30.0.txz
/var/cache/pkg/lighttpd-1.4.64_1~246a4c425f.txz
/var/cache/pkg/lighttpd-1.4.64_1.txz
/var/cache/pkg/libfido2-1.10.0~2d19b3af66.txz
/var/cache/pkg/libfido2-1.10.0.txz
/var/cache/pkg/glib-2.70.4,2~0c0ad1c7d0.txz
/var/cache/pkg/glib-2.70.4,2.txz
/var/cache/pkg/expat-2.4.4~968efd1bc8.txz
/var/cache/pkg/expat-2.4.4.txz
/var/cache/pkg/e2fsprogs-libuuid-1.46.5~a1a09f25bd.txz
/var/cache/pkg/dnsmasq-2.86_3,1~78c57837ab.txz
/var/cache/pkg/e2fsprogs-libuuid-1.46.5.txz
/var/cache/pkg/dnsmasq-2.86_3,1.txz
/var/cache/pkg/cyrus-sasl-gssapi-2.1.28~d7801ff65c.txz
/var/cache/pkg/cyrus-sasl-2.1.28~b4e9b7b281.txz
/var/cache/pkg/cyrus-sasl-gssapi-2.1.28.txz
/var/cache/pkg/curl-7.81.0.txz
/var/cache/pkg/curl-7.81.0~73d1b4b0f2.txz
/var/cache/pkg/cyrus-sasl-2.1.28.txz
/var/cache/pkg/ca_root_nss-3.75~85337e6890.txz
/var/cache/pkg/ca_root_nss-3.75.txz
The cleanup will free 27 MiB
Deleting files: .......... done
All done
Nothing to do.
Starting web GUI...done.
Generating RRD graphs...done.
Fetching base-22.1.2-amd64.txz: ...................... done
Fetching kernel-22.1.2-amd64.txz: .......... done
!!!!!!!!!!!! ATTENTION !!!!!!!!!!!!!!!
! A critical upgrade is in progress. !
! Please do not turn off the system. !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Installing kernel-22.1.2-amd64.txz... done
Installing base-22.1.2-amd64.txz...
***GOT REQUEST TO UPDATE***
Currently running OPNsense 22.1 (amd64/OpenSSL) at Thu Mar 3 21:14:00 MST 2022
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (43 candidates): .......... done
Processing candidates (43 candidates):
pkg-static: elasticsearch5 has a missing dependency: openjdk8
Processing candidates (43 candidates)............. done
The following 43 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
ca_root_nss: 3.74 -> 3.75
curl: 7.80.0 -> 7.81.0
cyrus-sasl: 2.1.27_2 -> 2.1.28
cyrus-sasl-gssapi: 2.1.27_2 -> 2.1.28
dnsmasq: 2.86_2,1 -> 2.86_3,1
e2fsprogs-libuuid: 1.46.4 -> 1.46.5
expat: 2.4.2 -> 2.4.4
glib: 2.70.2,2 -> 2.70.4,2
libfido2: 1.9.0 -> 1.10.0
lighttpd: 1.4.63 -> 1.4.64_1
monit: 5.29.0_1 -> 5.30.0
mpd5: 5.9_6 -> 5.9_7
nss: 3.74 -> 3.75
ntp: 4.2.8p15_4 -> 4.2.8p15_5
openssl: 1.1.1m_1,1 -> 1.1.1m_2,1
opnsense: 22.1 -> 22.1.2_1
opnsense-update: 22.1 -> 22.1.2
os-dyndns: 1.27_2 -> 1.27_3
php74: 7.4.27 -> 7.4.28
php74-ctype: 7.4.27 -> 7.4.28
php74-curl: 7.4.27 -> 7.4.28
php74-dom: 7.4.27 -> 7.4.28
php74-filter: 7.4.27 -> 7.4.28
php74-gettext: 7.4.27 -> 7.4.28
php74-json: 7.4.27 -> 7.4.28
php74-ldap: 7.4.27 -> 7.4.28
php74-mbstring: 7.4.27 -> 7.4.28
php74-openssl: 7.4.27 -> 7.4.28
php74-pdo: 7.4.27 -> 7.4.28
php74-phpseclib: 2.0.35 -> 2.0.36
php74-session: 7.4.27 -> 7.4.28
php74-simplexml: 7.4.27 -> 7.4.28
php74-sockets: 7.4.27 -> 7.4.28
php74-sqlite3: 7.4.27 -> 7.4.28
php74-xml: 7.4.27 -> 7.4.28
php74-zlib: 7.4.27 -> 7.4.28
py38-urllib3: 1.26.7,1 -> 1.26.8,1
strongswan: 5.9.4 -> 5.9.5
sudo: 1.9.8p2 -> 1.9.9
unbound: 1.14.0 -> 1.15.0_1
wireguard-go: 0.0.20211016,1 -> 0.0.20220117,1
Installed packages to be REINSTALLED:
pcre-8.45 (options changed)
pcre2-10.39 (options changed)
Number of packages to be upgraded: 41
Number of packages to be reinstalled: 2
The process will require 4 MiB more space.
27 MiB to be downloaded.
[1/43] Fetching wireguard-go-0.0.20220117,1.txz: .......... done
[2/43] Fetching unbound-1.15.0_1.txz: .......... done
[3/43] Fetching sudo-1.9.9.txz: .......... done
[4/43] Fetching strongswan-5.9.5.txz: .......... done
[5/43] Fetching py38-urllib3-1.26.8,1.txz: .......... done
[6/43] Fetching php74-zlib-7.4.28.txz: ... done
[7/43] Fetching php74-xml-7.4.28.txz: ... done
[8/43] Fetching php74-sqlite3-7.4.28.txz: ... done
[9/43] Fetching php74-sockets-7.4.28.txz: ..... done
[10/43] Fetching php74-simplexml-7.4.28.txz: ... done
[11/43] Fetching php74-session-7.4.28.txz: ..... done
[12/43] Fetching php74-phpseclib-2.0.36.txz: .......... done
[13/43] Fetching php74-pdo-7.4.28.txz: ...... done
[14/43] Fetching php74-openssl-7.4.28.txz: ........ done
[15/43] Fetching php74-mbstring-7.4.28.txz: .......... done
[16/43] Fetching php74-ldap-7.4.28.txz: .... done
[17/43] Fetching php74-json-7.4.28.txz: ... done
[18/43] Fetching php74-gettext-7.4.28.txz: . done
[19/43] Fetching php74-filter-7.4.28.txz: ... done
[20/43] Fetching php74-dom-7.4.28.txz: ....... done
[21/43] Fetching php74-curl-7.4.28.txz: .... done
[22/43] Fetching php74-ctype-7.4.28.txz: . done
[23/43] Fetching php74-7.4.28.txz: .......... done
[24/43] Fetching pcre2-10.39.txz: .......... done
[25/43] Fetching pcre-8.45.txz: .......... done
[26/43] Fetching os-dyndns-1.27_3.txz: .... done
[27/43] Fetching opnsense-update-22.1.2.txz: ..... done
[28/43] Fetching opnsense-22.1.2_1.txz: .......... done
[29/43] Fetching openssl-1.1.1m_2,1.txz: .......... done
[30/43] Fetching ntp-4.2.8p15_5.txz: .......... done
[31/43] Fetching nss-3.75.txz: .......... done
[32/43] Fetching mpd5-5.9_7.txz: .......... done
[33/43] Fetching monit-5.30.0.txz: .......... done
[34/43] Fetching lighttpd-1.4.64_1.txz: .......... done
[35/43] Fetching libfido2-1.10.0.txz: .......... done
[36/43] Fetching glib-2.70.4,2.txz: .......... done
[37/43] Fetching expat-2.4.4.txz: .......... done
[38/43] Fetching e2fsprogs-libuuid-1.46.5.txz: ..... done
[39/43] Fetching dnsmasq-2.86_3,1.txz: .......... done
[40/43] Fetching cyrus-sasl-gssapi-2.1.28.txz: .... done
[41/43] Fetching cyrus-sasl-2.1.28.txz: .......... done
[42/43] Fetching curl-7.81.0.txz: .......... done
[43/43] Fetching ca_root_nss-3.75.txz: .......... done
Checking integrity... done (0 conflicting)
[1/43] Upgrading openssl from 1.1.1m_1,1 to 1.1.1m_2,1...
[1/43] Extracting openssl-1.1.1m_2,1: .......... done
[2/43] Reinstalling pcre2-10.39...
[2/43] Extracting pcre2-10.39: .......... done
[3/43] Upgrading cyrus-sasl from 2.1.27_2 to 2.1.28...
*** Added group `cyrus' (id 60)
*** Added user `cyrus' (id 60)
[3/43] Extracting cyrus-sasl-2.1.28: .......... done
[4/43] Upgrading php74 from 7.4.27 to 7.4.28...
[4/43] Extracting php74-7.4.28: .......... done
[5/43] Reinstalling pcre-8.45...
[5/43] Extracting pcre-8.45: .......... done
[6/43] Upgrading cyrus-sasl-gssapi from 2.1.27_2 to 2.1.28...
[6/43] Extracting cyrus-sasl-gssapi-2.1.28: .......... done
[7/43] Upgrading ca_root_nss from 3.74 to 3.75...
[7/43] Extracting ca_root_nss-3.75: ...... done
[8/43] Upgrading py38-urllib3 from 1.26.7,1 to 1.26.8,1...
[8/43] Extracting py38-urllib3-1.26.8,1: .......... done
[9/43] Upgrading php74-session from 7.4.27 to 7.4.28...
[9/43] Extracting php74-session-7.4.28: .......... done
[10/43] Upgrading php74-pdo from 7.4.27 to 7.4.28...
[10/43] Extracting php74-pdo-7.4.28: .......... done
[11/43] Upgrading php74-mbstring from 7.4.27 to 7.4.28...
[11/43] Extracting php74-mbstring-7.4.28: .......... done
[12/43] Upgrading php74-json from 7.4.27 to 7.4.28...
[12/43] Extracting php74-json-7.4.28: .......... done
[13/43] Upgrading nss from 3.74 to 3.75...
[13/43] Extracting nss-3.75: .......... done
[14/43] Upgrading libfido2 from 1.9.0 to 1.10.0...
[14/43] Extracting libfido2-1.10.0: .......... done
[15/43] Upgrading glib from 2.70.2,2 to 2.70.4,2...
[15/43] Extracting glib-2.70.4,2: .......... done
No schema files found: doing nothing.
[16/43] Upgrading expat from 2.4.2 to 2.4.4...
[16/43] Extracting expat-2.4.4: .......... done
[17/43] Upgrading e2fsprogs-libuuid from 1.46.4 to 1.46.5...
[17/43] Extracting e2fsprogs-libuuid-1.46.5: .......... done
[18/43] Upgrading curl from 7.80.0 to 7.81.0...
[18/43] Extracting curl-7.81.0: .......... done
[19/43] Upgrading unbound from 1.14.0 to 1.15.0_1...
===> Creating groups.
Using existing group 'unbound'.
===> Creating users
Using existing user 'unbound'.
[19/43] Extracting unbound-1.15.0_1: .......... done
[20/43] Upgrading sudo from 1.9.8p2 to 1.9.9...
[20/43] Extracting sudo-1.9.9: .......... done
[21/43] Upgrading strongswan from 5.9.4 to 5.9.5...
[21/43] Extracting strongswan-5.9.5: .......... done
[22/43] Upgrading php74-zlib from 7.4.27 to 7.4.28...
[22/43] Extracting php74-zlib-7.4.28: ....... done
[23/43] Upgrading php74-xml from 7.4.27 to 7.4.28...
[23/43] Extracting php74-xml-7.4.28: ........ done
[24/43] Upgrading php74-sqlite3 from 7.4.27 to 7.4.28...
[24/43] Extracting php74-sqlite3-7.4.28: ........ done
[25/43] Upgrading php74-sockets from 7.4.27 to 7.4.28...
[25/43] Extracting php74-sockets-7.4.28: .......... done
[26/43] Upgrading php74-simplexml from 7.4.27 to 7.4.28...
[26/43] Extracting php74-simplexml-7.4.28: ......... done
[27/43] Upgrading php74-phpseclib from 2.0.35 to 2.0.36...
[27/43] Extracting php74-phpseclib-2.0.36: ........ done
[28/43] Upgrading php74-openssl from 7.4.27 to 7.4.28...
[28/43] Extracting php74-openssl-7.4.28: ....... done
[29/43] Upgrading php74-ldap from 7.4.27 to 7.4.28...
[29/43] Extracting php74-ldap-7.4.28: ....... done
[30/43] Upgrading php74-gettext from 7.4.27 to 7.4.28...
[30/43] Extracting php74-gettext-7.4.28: ....... done
[31/43] Upgrading php74-filter from 7.4.27 to 7.4.28...
[31/43] Extracting php74-filter-7.4.28: ........ done
[32/43] Upgrading php74-dom from 7.4.27 to 7.4.28...
[32/43] Extracting php74-dom-7.4.28: .......... done
[33/43] Upgrading php74-curl from 7.4.27 to 7.4.28...
[33/43] Extracting php74-curl-7.4.28: ....... done
[34/43] Upgrading php74-ctype from 7.4.27 to 7.4.28...
[34/43] Extracting php74-ctype-7.4.28: ....... done
[35/43] Upgrading opnsense-update from 22.1 to 22.1.2...
[35/43] Extracting opnsense-update-22.1.2: .......... done
[36/43] Upgrading ntp from 4.2.8p15_4 to 4.2.8p15_5...
[36/43] Extracting ntp-4.2.8p15_5: .......... done
[37/43] Upgrading mpd5 from 5.9_6 to 5.9_7...
[37/43] Extracting mpd5-5.9_7: ......... done
[38/43] Upgrading monit from 5.29.0_1 to 5.30.0...
[38/43] Extracting monit-5.30.0: ....... done
[39/43] Upgrading lighttpd from 1.4.63 to 1.4.64_1...
===> Creating groups.
Using existing group 'www'.
===> Creating users
Using existing user 'www'.
[39/43] Extracting lighttpd-1.4.64_1: .......... done
[40/43] Upgrading dnsmasq from 2.86_2,1 to 2.86_3,1...
[40/43] Extracting dnsmasq-2.86_3,1: .......... done
[41/43] Upgrading wireguard-go from 0.0.20211016,1 to 0.0.20220117,1...
[41/43] Extracting wireguard-go-0.0.20220117,1: .... done
[42/43] Upgrading os-dyndns from 1.27_2 to 1.27_3...
[42/43] Extracting os-dyndns-1.27_3: .......... done
Stopping configd...done
Starting configd.
Reloading plugin configuration
Configuring system logging...done.
[43/43] Upgrading opnsense from 22.1 to 22.1.2_1...
[43/43] Extracting opnsense-22.1.2_1: .......... done
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh'
Writing firmware setting...done.
Writing trust files...done.
Configuring login behaviour...done.
Configuring system logging...done.
=====
Message from php74-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from py38-urllib3-1.26.8,1:
--
Since version 1.25 HTTPS connections are now verified by default which is done
via "cert_reqs = 'CERT_REQUIRED'". While certificate verification can be
disabled via "cert_reqs = 'CERT_NONE'", it's highly recommended to leave it on.
Various consumers of net/py-urllib3 already have implemented routines that
either explicitly enable or disable HTTPS certificate verification (e.g. via
configuration settings, CLI arguments, etc.).
Yet it may happen that there are still some consumers which don't explicitly
enable/disable certificate verification for HTTPS connections which could then
lead to errors (as is often the case with self-signed certificates).
In case of an error one should try first to temporarily disable certificate
verification of the problematic urllib3 consumer to see if that approach will
remedy the issue.
=====
Message from php74-session-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-pdo-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-mbstring-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-json-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
You may need to manually remove /usr/local/etc/unbound/unbound.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/sudo.conf if it is no longer needed.
=====
Message from strongswan-5.9.5:
--
The default strongSwan configuration interface have been updated to vici.
To use the stroke interface by default either compile the port without the vici option or
set 'strongswan_interface="stroke"' in your rc.conf file.
=====
Message from php74-zlib-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-xml-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-sqlite3-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-sockets-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-simplexml-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-openssl-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-ldap-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-gettext-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-filter-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-dom-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-curl-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from php74-ctype-7.4.28:
--
===> NOTICE:
This port is deprecated; you may wish to reconsider installing it:
Upstream Security Support ends on 2022-11-28.
It is scheduled to be removed on or after 2022-11-29.
=====
Message from dnsmasq-2.86_3,1:
--
To enable dnsmasq, edit /usr/local/etc/dnsmasq.conf and
set dnsmasq_enable="YES" in /etc/rc.conf[.local]
Further options and actions are documented inside
/usr/local/etc/rc.d/dnsmasq
SECURITY RECOMMENDATION
~~~~~~~~~~~~~~~~~~~~~~~
It is recommended to enable the wpad-related options
at the end of the configuration file (you may need to
copy them from the example file to yours) to fix
CERT Vulnerability VU#598349.
=====
Message from opnsense-22.1.2_1:
--
Owl be watching you
Checking integrity... done (0 conflicting)
Nothing to do.
Checking all packages: .......... done
elasticsearch5 has a missing dependency: openjdk8
elasticsearch5 has a missing dependency: jna
py37-markupsafe has a missing dependency: python37
py37-markupsafe has a missing dependency: py37-setuptools
py37-markupsafe is missing a required shared library: libpython3.7m.so.1.0
>>> Missing package dependencies were detected.
>>> Found 4 issue(s) in the package database.
pkg-static: No packages available to install matching 'openjdk8' have been found in the repositories
pkg-static: No packages available to install matching 'jna' have been found in the repositories
pkg-static: No packages available to install matching 'python37' have been found in the repositories
pkg-static: No packages available to install matching 'py37-setuptools' have been found in the repositories
>>> Summary of actions performed:
openjdk8 dependency failed to be fixed
jna dependency failed to be fixed
python37 dependency failed to be fixed
py37-setuptools dependency failed to be fixed
>>> There are still missing dependencies.
>>> Try fixing them manually.
>>> Also make sure to check 'pkg updating' for known issues.
The following package files will be deleted:
/var/cache/pkg/wireguard-go-0.0.20220117,1~67fc4a54e0.txz
/var/cache/pkg/unbound-1.15.0_1~ccf15dcf1e.txz
/var/cache/pkg/wireguard-go-0.0.20220117,1.txz
/var/cache/pkg/sudo-1.9.9~1e9e287c55.txz
/var/cache/pkg/unbound-1.15.0_1.txz
/var/cache/pkg/sudo-1.9.9.txz
/var/cache/pkg/strongswan-5.9.5~017cec7b71.txz
/var/cache/pkg/py38-urllib3-1.26.8,1.txz
/var/cache/pkg/strongswan-5.9.5.txz
/var/cache/pkg/py38-urllib3-1.26.8,1~715c8228fc.txz
/var/cache/pkg/php74-zlib-7.4.28~f159a9fa9c.txz
/var/cache/pkg/php74-xml-7.4.28~04b907b803.txz
/var/cache/pkg/pcre2-10.39.txz
/var/cache/pkg/php74-zlib-7.4.28.txz
/var/cache/pkg/php74-sqlite3-7.4.28.txz
/var/cache/pkg/php74-xml-7.4.28.txz
/var/cache/pkg/php74-sqlite3-7.4.28~34006abaa4.txz
/var/cache/pkg/php74-sockets-7.4.28~0af28ff815.txz
/var/cache/pkg/php74-pdo-7.4.28~2b73c61cf9.txz
/var/cache/pkg/php74-sockets-7.4.28.txz
/var/cache/pkg/php74-simplexml-7.4.28~c49c4071df.txz
/var/cache/pkg/php74-simplexml-7.4.28.txz
/var/cache/pkg/php74-session-7.4.28~d36c28610e.txz
/var/cache/pkg/php74-session-7.4.28.txz
/var/cache/pkg/php74-phpseclib-2.0.36~d624566b93.txz
/var/cache/pkg/php74-phpseclib-2.0.36.txz
/var/cache/pkg/php74-openssl-7.4.28.txz
/var/cache/pkg/php74-pdo-7.4.28.txz
/var/cache/pkg/php74-openssl-7.4.28~0ebdca6383.txz
/var/cache/pkg/php74-mbstring-7.4.28~d732680ce3.txz
/var/cache/pkg/php74-dom-7.4.28~8266c43221.txz
/var/cache/pkg/php74-mbstring-7.4.28.txz
/var/cache/pkg/php74-ldap-7.4.28~c08d765846.txz
/var/cache/pkg/php74-ldap-7.4.28.txz
/var/cache/pkg/php74-json-7.4.28~7023250ddb.txz
/var/cache/pkg/php74-json-7.4.28.txz
/var/cache/pkg/php74-gettext-7.4.28~91a4c8d56d.txz
/var/cache/pkg/php74-gettext-7.4.28.txz
/var/cache/pkg/php74-filter-7.4.28~368c347ee5.txz
/var/cache/pkg/php74-filter-7.4.28.txz
/var/cache/pkg/php74-7.4.28~d33e5ca09f.txz
/var/cache/pkg/php74-dom-7.4.28.txz
/var/cache/pkg/php74-curl-7.4.28~5b5e0ee4ec.txz
/var/cache/pkg/php74-curl-7.4.28.txz
/var/cache/pkg/php74-ctype-7.4.28~41590db9b4.txz
/var/cache/pkg/php74-ctype-7.4.28.txz
/var/cache/pkg/os-dyndns-1.27_3.txz
/var/cache/pkg/php74-7.4.28.txz
/var/cache/pkg/pcre2-10.39~cbb814b41d.txz
/var/cache/pkg/pcre-8.45~c8ef29795f.txz
/var/cache/pkg/pcre-8.45.txz
/var/cache/pkg/os-dyndns-1.27_3~71bb1c2b98.txz
/var/cache/pkg/opnsense-update-22.1.2~79d7b40896.txz
/var/cache/pkg/opnsense-update-22.1.2.txz
/var/cache/pkg/opnsense-22.1.2_1~9801797315.txz
/var/cache/pkg/opnsense-22.1.2_1.txz
/var/cache/pkg/openssl-1.1.1m_2,1~0c7a927fbd.txz
/var/cache/pkg/openssl-1.1.1m_2,1.txz
/var/cache/pkg/ntp-4.2.8p15_5~8144b1261d.txz
/var/cache/pkg/nss-3.75~9c50cbf309.txz
/var/cache/pkg/ntp-4.2.8p15_5.txz
/var/cache/pkg/nss-3.75.txz
/var/cache/pkg/mpd5-5.9_7~24148b58e4.txz
/var/cache/pkg/mpd5-5.9_7.txz
/var/cache/pkg/monit-5.30.0~a11b952661.txz
/var/cache/pkg/monit-5.30.0.txz
/var/cache/pkg/lighttpd-1.4.64_1~246a4c425f.txz
/var/cache/pkg/lighttpd-1.4.64_1.txz
/var/cache/pkg/libfido2-1.10.0~2d19b3af66.txz
/var/cache/pkg/libfido2-1.10.0.txz
/var/cache/pkg/glib-2.70.4,2~0c0ad1c7d0.txz
/var/cache/pkg/glib-2.70.4,2.txz
/var/cache/pkg/expat-2.4.4~968efd1bc8.txz
/var/cache/pkg/expat-2.4.4.txz
/var/cache/pkg/e2fsprogs-libuuid-1.46.5~a1a09f25bd.txz
/var/cache/pkg/dnsmasq-2.86_3,1~78c57837ab.txz
/var/cache/pkg/e2fsprogs-libuuid-1.46.5.txz
/var/cache/pkg/dnsmasq-2.86_3,1.txz
/var/cache/pkg/cyrus-sasl-gssapi-2.1.28~d7801ff65c.txz
/var/cache/pkg/cyrus-sasl-2.1.28~b4e9b7b281.txz
/var/cache/pkg/cyrus-sasl-gssapi-2.1.28.txz
/var/cache/pkg/curl-7.81.0.txz
/var/cache/pkg/curl-7.81.0~73d1b4b0f2.txz
/var/cache/pkg/cyrus-sasl-2.1.28.txz
/var/cache/pkg/ca_root_nss-3.75~85337e6890.txz
/var/cache/pkg/ca_root_nss-3.75.txz
The cleanup will free 27 MiB
Deleting files: .......... done
All done
Nothing to do.
Starting web GUI...done.
Generating RRD graphs...done.
Fetching base-22.1.2-amd64.txz: ...................... done
Fetching kernel-22.1.2-amd64.txz: .......... done
!!!!!!!!!!!! ATTENTION !!!!!!!!!!!!!!!
! A critical upgrade is in progress. !
! Please do not turn off the system. !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Installing kernel-22.1.2-amd64.txz... done
Installing base-22.1.2-amd64.txz...
9
21.7 Legacy Series / Unbound DNS: Internal devices resolving to gateway or WAN IP address
« on: December 06, 2021, 07:44:38 pm »
This is a strange one and I know I shot myself in the foot, but not sure how to unwind it.
I was having trouble with all of these stupid devices that have hard coded DNS entries and fail to reach out since I forced all DNS queries to my unbound. I even have a Chinese camera if it can't phone home it will shut itself off. So... I read where I can redirect these devices to my unbound DNS server. Great! Well not so fast.
I set it up following the instructions and now I get constant "the DNS query name does not exist" If I do an Nslookup or ping, it is resolving to the WAN IP address, or if I use the FQDN it will report back the gateway address. NOT the device IP address. It is probably an easy fix, but I'm stumped.
I was having trouble with all of these stupid devices that have hard coded DNS entries and fail to reach out since I forced all DNS queries to my unbound. I even have a Chinese camera if it can't phone home it will shut itself off. So... I read where I can redirect these devices to my unbound DNS server. Great! Well not so fast.
I set it up following the instructions and now I get constant "the DNS query name does not exist" If I do an Nslookup or ping, it is resolving to the WAN IP address, or if I use the FQDN it will report back the gateway address. NOT the device IP address. It is probably an easy fix, but I'm stumped.
10
21.7 Legacy Series / Update to OPNsense 21.7.1-amd64 /bin/bash missing
« on: August 10, 2021, 12:41:25 am »
I had an SSD block go bad which took my system down hard. I downloaded the 21.7 image and restored assuming that the bad block would be found and marked bad. When I attempted to use the backup/restore option all hell broke loose. Lots of strange things, like unable to log in and interfaces not coming up.
Suspecting version incompatibility, I located the 21.1 image and restored. I was able to recover to it, just fine. So it does appear to be some sort of issue with the older backups. ?
Now though I have an odd issue that I need to resolve. I can ssh in, with no trouble, but if I try to su, or sudo su, it says: /usr/local/bin/bash: No such file or directory. how can I get a copy of this file back with no admin privileges? How does it not get installed from a scratch install? (21.1) If I save my backup from this 21.7 image, then install the newer image, I wonder if that works.
Suspecting version incompatibility, I located the 21.1 image and restored. I was able to recover to it, just fine. So it does appear to be some sort of issue with the older backups. ?
Now though I have an odd issue that I need to resolve. I can ssh in, with no trouble, but if I try to su, or sudo su, it says: /usr/local/bin/bash: No such file or directory. how can I get a copy of this file back with no admin privileges? How does it not get installed from a scratch install? (21.1) If I save my backup from this 21.7 image, then install the newer image, I wonder if that works.
11
21.1 Legacy Series / Freeraduis - Multiple uses fails
« on: June 26, 2021, 05:11:18 pm »
This may or may not be possible, but it seems it should be.
I have had a multifactor Freeradius system set up for well over a year now where I use it to grab the google Authenticator.
Now I am wanting to also use it to provide 802.11x authentication, but in testing it shows a garbled password and fails. On a system only uses the 802.11x, it works fine. If I remove the Google authenticator it works. Is there a way to pass this to the proper client, or is it one and done? I think I may have confused client for server and I can only have one opnsense FreeRadius "server" in place and it is one or the other, but hoping there is a work around.
Thanks in advance.
I have had a multifactor Freeradius system set up for well over a year now where I use it to grab the google Authenticator.
Now I am wanting to also use it to provide 802.11x authentication, but in testing it shows a garbled password and fails. On a system only uses the 802.11x, it works fine. If I remove the Google authenticator it works. Is there a way to pass this to the proper client, or is it one and done? I think I may have confused client for server and I can only have one opnsense FreeRadius "server" in place and it is one or the other, but hoping there is a work around.
Thanks in advance.
12
20.7 Legacy Series / Wan Multicast traffic not wanted
« on: December 01, 2020, 06:28:04 pm »
I am using the latest firmware updates and while looking at NTOPNG data, I have discovered that my security cameras that use multicast are blasting the traffic out the WAN port as well as LAN. I thought you had to specifically open multicast to WAN. ?? I am not seeing where I have activated it and do not know what the ramifications would be by attempting to block this traffic. I'm sure it is something simple, but my searches have come up blank. Anybody?
13
20.7 Legacy Series / Uncaught Google_Service_Exception:
« on: November 18, 2020, 09:51:34 pm »
I've been getting this error now for a year. I have sent in dozens and dozens of "A problem was detected. Click here for more information." I guess these are not responded to or followed? I don't see any open subjects on this matter. I hope this is a simple fix, but I'm not sure where to start. I tried by removed Google SDK and that did not seem to resolve it. It is apparently a default install, but I can't see what I would need it for. It appears that it is trying to connect to a Google service that I have no account for.
[18-Nov-2020 01:00:08 America/Phoenix] PHP Fatal error: Uncaught Google_Service_Exception: {"error":"invalid_grant","error_description":"Invalid grant: account not found"} in /usr/local/share/google-api-php-client/src/Google/Http/REST.php:118
Stack trace:
#0 /usr/local/share/google-api-php-client/src/Google/Http/REST.php(94): Google_Http_REST::decodeHttpResponse(Object(GuzzleHttp\Psr7\Response), Object(GuzzleHttp\Psr7\Request), 'Google_Service_...')
#1 /usr/local/share/google-api-php-client/src/Google/Task/Runner.php(176): Google_Http_REST::doExecute(Object(GuzzleHttp\Client), Object(GuzzleHttp\Psr7\Request), 'Google_Service_...')
#2 /usr/local/share/google-api-php-client/src/Google/Http/REST.php(58): Google_Task_Runner->run()
#3 /usr/local/share/google-api-php-client/src/Google/Client.php(842): Google_Http_REST::execute(Object(GuzzleHttp\Client), Object(GuzzleHttp\Psr7\Request), 'Google_Service_...', Array, NULL)
#4 /usr/local/share/google-api-php-client/src/Google/Service/Resource.php(232): Google_Client->execute(Object(GuzzleHttp\Psr7\Request), 'Google_Service_ in /usr/local/share/google-api-php-client/src/Google/Http/REST.php on line 118
So the only plugin I have is Google Cloud SDK, but I didn't ask for it. How do I disable this? Or does that cause a problem?
[18-Nov-2020 01:00:08 America/Phoenix] PHP Fatal error: Uncaught Google_Service_Exception: {"error":"invalid_grant","error_description":"Invalid grant: account not found"} in /usr/local/share/google-api-php-client/src/Google/Http/REST.php:118
Stack trace:
#0 /usr/local/share/google-api-php-client/src/Google/Http/REST.php(94): Google_Http_REST::decodeHttpResponse(Object(GuzzleHttp\Psr7\Response), Object(GuzzleHttp\Psr7\Request), 'Google_Service_...')
#1 /usr/local/share/google-api-php-client/src/Google/Task/Runner.php(176): Google_Http_REST::doExecute(Object(GuzzleHttp\Client), Object(GuzzleHttp\Psr7\Request), 'Google_Service_...')
#2 /usr/local/share/google-api-php-client/src/Google/Http/REST.php(58): Google_Task_Runner->run()
#3 /usr/local/share/google-api-php-client/src/Google/Client.php(842): Google_Http_REST::execute(Object(GuzzleHttp\Client), Object(GuzzleHttp\Psr7\Request), 'Google_Service_...', Array, NULL)
#4 /usr/local/share/google-api-php-client/src/Google/Service/Resource.php(232): Google_Client->execute(Object(GuzzleHttp\Psr7\Request), 'Google_Service_ in /usr/local/share/google-api-php-client/src/Google/Http/REST.php on line 118
So the only plugin I have is Google Cloud SDK, but I didn't ask for it. How do I disable this? Or does that cause a problem?
14
20.7 Legacy Series / updatedb locate proper usage
« on: August 21, 2020, 08:58:57 pm »
I LOVE the locate utility, but I'm not sure how to do a database update in Opnsense. If I run updatedb as root, it kicks me out saying it is unsafe. If I try to use just a system username it says permissions denied. What is the proper way to rung updatedb to update the database?
15
20.7 Legacy Series / NTOPNG will not start
« on: August 21, 2020, 08:15:31 am »
I have been using NTOPNG for awhile now and I'm not sure if the update to 20.7 borked it, or something else. The Redis service has started, but the ntopng service will not start. I've removed both redis and ntopng and started over, but something is corrupt. Even though I delete the redis program, when I re-install it, my old settings are still there, so it looks like I'll have to delete something from bash. Anybody know how?
Pages: [1] 2