Topics

1

22.1 Legacy Series / Upgrading to V22.1 breaks my 10Gig Network

« on: January 29, 2022, 09:13:36 am »

Hello,

After upgrading to the new version of opnsense it breaks my 10gig network. Please see the video below. I did a fresh install and same issue. I am using Sophos SG320 hardware with 10 Gig modules. If i unplug the fiber cable it will boot okay and not kill my cisco switches uplink. If the fiber is plugged in the uplink port will change to orange.

Orange error in cisco means: solid orange - port in error disable, spanning-tree negotiation, Trunk to access port mismatch or switch may have a faulty port. Port is shutdown for a 6500.

This must be something to do with FreeBSD or IX drivers. I have multiple VLANS assigned to the 10Gig network.  I am currently using Mikrotik Cloud Core since new version is broken. I can do testing if need be. Everything was working fine before upgrade. 

2

21.7 Legacy Series / Opnsense 21.7.5 to 21.7.6 Suricata 6.0.4 killing WAN internet connection

« on: December 13, 2021, 11:42:47 pm »

Describe the bug
After updating opnsense to version OPNsense 21.7.6-amd64 and enabling suricata 6.0.4 version stops my internet connectivity. The service will start as normal with nothing in the logs and after few hours it will kill my internet connection and in the wan interface it will remove the ip and replace it with .dhcp. As soon as i restart suricata service my internet comes back and i can see my public ip address (nothing will show in the suricata and system logs).

I am using all the rule sets in suricata and created policies. I have been running the same system with version 21.7.5 which had no issues and with the same rule set. After upgrading to version 21.7.6 the problem appeared and it will kill my internet connection. I run my internet connection directly from ISP ONT on VLAN 10. On suricata i have WAN selected for interface which is a VLAN 10 and i have enabled Promiscuous mode. I have not changed anything on my config side.

I knew the problem started after upgrading to latest version. I re-imaged the box to 21.7.1 and using the manual Flavour settings under updates i put this code "21.7/MINT/21.7.5/OpenSSL/" to upgrade to version 21.7.5 and restoring my config. I enabled suricata and i haven't had any issues. This tells me the issue is with suricata killing internet connection without any logs. I am not sure what has changed with the new version of suricata. I tested on Sophos SG430 Rev 1 hardware and the issue is the same.

Relevant log files
Suricata shows no faults or issues in the logs when it drops internet connection. System logs show no issues.

I did see this though in the system logs, but i also see this error when i am running version Suricata 6.0.3_3.

2021-12-12T13:45:06 kernel 906.106372 [ 853] iflib_netmap_config txr 4 rxr 4 txd 1024 rxd 1024 rbufsz 2048
2021-12-12T13:45:06 kernel 906.015935 [ 853] iflib_netmap_config txr 4 rxr 4 txd 1024 rxd 1024 rbufsz 2048
2021-12-12T13:45:06 kernel 905.926248 [ 853] iflib_netmap_config txr 4 rxr 4 txd 1024 rxd 1024 rbufsz 2048

Environment
Software version used and hardware type if relevant.
e.g.:
Hardware is : Sophos SG330 Rev 1
Currently running OPNsense 21.7.5-amd64FreeBSD 12.1-RELEASE-p21-HBSDOpenSSL 1.1.1l 24 Aug 2021
CPU type | Intel(R) Core(TM) i5-4570S CPU @ 2.90GHz (4 cores)
'I210 Gigabit Network Connection'

ix0@pci0:1:0:0: class=0x020000 card=0x02031374 chip=0x10c68086 rev=0x01 hdr=0x00
vendor = 'Intel Corporation'
device = '82598EB 10-Gigabit AF Dual Port Network Connection'
class = network
ix1@pci0:1:0:1: class=0x020000 card=0x02031374 chip=0x10c68086 rev=0x01 hdr=0x00
vendor = 'Intel Corporation'
device = '82598EB 10-Gigabit AF Dual Port Network Connection'
class = network
igb0@pci0:2:0:0: class=0x020000 card=0x30e015bb chip=0x15338086 rev=0x03 hdr=0x00
vendor = 'Intel Corporation'
device = 'I210 Gigabit Network Connection'
class = network
igb1@pci0:3:0:0: class=0x020000 card=0x30e015bb chip=0x15338086 rev=0x03 hdr=0x00
vendor = 'Intel Corporation'
device = 'I210 Gigabit Network Connection'
class = network
igb2@pci0:4:0:0: class=0x020000 card=0x30e015bb chip=0x15338086 rev=0x03 hdr=0x00
vendor = 'Intel Corporation'
device = 'I210 Gigabit Network Connection'
class = network
igb3@pci0:5:0:0: class=0x020000 card=0x30e015bb chip=0x15338086 rev=0x03 hdr=0x00
vendor = 'Intel Corporation'
device = 'I210 Gigabit Network Connection'
class = network
igb4@pci0:6:0:0: class=0x020000 card=0x0000ffff chip=0x15338086 rev=0x03 hdr=0x00
vendor = 'Intel Corporation'
device = 'I210 Gigabit Network Connection'
class = network
igb5@pci0:7:0:0: class=0x020000 card=0x0000ffff chip=0x15338086 rev=0x03 hdr=0x00
vendor = 'Intel Corporation'
device = 'I210 Gigabit Network Connection'
class = network
igb6@pci0:8:0:0: class=0x020000 card=0x000015bb chip=0x15218086 rev=0x01 hdr=0x00
vendor = 'Intel Corporation'
device = 'I350 Gigabit Network Connection'
class = network
igb7@pci0:8:0:1: class=0x020000 card=0x000015bb chip=0x15218086 rev=0x01 hdr=0x00
vendor = 'Intel Corporation'
device = 'I350 Gigabit Network Connection'
class = network
igb8@pci0:9:0:0: class=0x020000 card=0x0000ffff chip=0x15228086 rev=0x01 hdr=0x00
vendor = 'Intel Corporation'
device = 'I350 Gigabit Fiber Network Connection'
class = network
igb9@pci0:9:0:1: class=0x020000 card=0x0000ffff chip=0x15228086 rev=0x01 hdr=0x00
vendor = 'Intel Corporation'
device = 'I350 Gigabit Fiber Network Connection'
class = network

https://github.com/opnsense/plugins/issues/2706

3

General Discussion / LCDProc Help on Sophos SG330 (Hard Drive)

« on: April 20, 2020, 06:06:04 am »

Hello All,

I am needing help with LCDProc on Opnsense. I have manually edited LCDd-sdeclcd.conf  and lcdproc.conf to suit my needs. The LCD is working but i am not able to display the hard drive data. Please see the attached pictures.

I tried to set disk to "false" in the config file but after the reboot it shows up. If i run "service LCDProc onerestart" it doesn't show the hard drive data as per config. If enabled in the config it still doesn't show the data properly.

Any help will be appreciated.