Topics

After the 11/2024 update, cannot use DNS Over TLS.  Using Quad9 and IPV4 only.  Worked fine before update.  No access to Internet if turned on.  If turned off, access is fine.  Here are the errors from the DNS/TLS log:

2024-11-20T17:26:26-05:00   Error   unbound   [95068:5] error: ssl handshake cert error: unable to get local issuer certificate   
2024-11-20T17:26:26-05:00   Error   unbound   [95068:5] error: and additionally crypto error:0A000086:SSL routines::certificate verify failed   
2024-11-20T17:26:26-05:00   Error   unbound   [95068:5] error: and additionally crypto error:80000002:system library::No such file or directory   
2024-11-20T17:26:26-05:00   Error   unbound   [95068:5] error: and additionally crypto error:16000069:STORE routines::unregistered scheme

Any chance the new kernel now supports Ryzen 9 CPU temp monitoring?

So I have a question about the DNS settings for KEA, but I have to start with ISC DHCPv4 to get to the question.  When using ISC DHCPv4 under the LAN settings you don't list your DNS servers if you are going to use DNS over TLS under UNBOUND.

So I thought the parallel might be true if using KEA as KEA also has a DNS Subnet section.  So when I setup KEA initially, I added a DNS under the subnet entry as I did not want to chance wrecking my network access.  That seems to have worked fine, but it bugged me that KEA settings were a bit different so I took a chance and removed the DNS setting under KEA.  Everything worked fine, both wired and wireless.  Woke up this morning to find wireless access had quit working, but wired was just fine, so I went back into the KEA subnet setting and re=added the DNS entry.  Wireless network came back up. 

Not sure what is truly happening where I get wired but not wired DNS in this situation.  Also makes me wonder if DNS over TLS is actually functioning given the settings between ISC DHCPv4 and KEA are not parallel in this sense.

I do have my switches set to DHCP, but use the KEA reservations to give them each a specific IP address.  I have done the same thing with the wireless access ports too.

So what happened to KEA DHCP when I made the change to remove my DHCP IP address from the KEA Subnet setting, which in this case is the router IP?

If I run DNSCrypt-proxy and Unbound DNS, do I turn off DNS/TLS? 

- Using OPNsense 23.7.6-amd64.
- I setup an Unbound DNS: Query Forwarding Rule to take care of the old text entry options noted in the older OPNSense tutorial for setting up DNSCrypt-proxy with Unbound DNS, and it seems to work without issue.

Any chance we will see support for Temp reporting for AM5 systems?d

Thanks!

Any idea what this is about?  Constantly shows up in my syslog as an error:

/usr/local/opnsense/scripts/dhcp/prefixes.php: The command '/sbin/route add -inet6 '2600:4040:b001:c1e4::/62' '2600:4040:b001:c100::1bf6'' returned exit code '1', the output was 'route: writing to routing socket: Network is unreachable add net 2600:4040:b001:c1e4::/62: gateway 2600:4040:b001:c100::1bf6 fib 0: Network is unreachable'

Thanks

Zenarmor Engine will not start.

Get this error message:

netmap_register_if: mlxen2: NIOCREGIF ioctl failed for the interface: Invalid argument

I am trying a new 22.7 install of Opnsense with two Mellanox MCX311a NICs.  During install I see  zmellanox driver loaded, but when the setup gets to the point of letting me select Wan and Lan the cards do not show up. 

If I load ipFire or PFsense they are recognized without issue.

What am I missing with Opnsense?

Anyone have Zenarmor working with 22.7.b?  I find the the plugins install without issue, but when starting I get some kind of a Phalcon error.

i was on 22.1.6 and had installed Crowdsec manually and it seemed to work fine.  Today i installed the new 22.1.7 and Crowdsec quit working. OS-crowdsec shows it has been orphaned in the plugins section.  I deleted the orphan and tried to reinstall the new Crowdsec packages, there are two and I get this error:
***GOT REQUEST TO REINSTALL***
Currently running OPNsense 22.1.7 (amd64/OpenSSL) at Tue May 10 21:31:04 EDT 2022
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
pkg-static: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.1/OpenSSL/latest/packagesite.pkg: Not Found
SunnyValley repository is up to date.
All repositories are up to date.

No packages are required to be fetched.
Integrity check was successful.
crowdsec-1.3.3: already unlocked
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
pkg-static: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.1/OpenSSL/latest/packagesite.pkg: Not Found
SunnyValley repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
   crowdsec-1.3.3 [OPNsense]

Number of packages to be reinstalled: 1
[1/1] Reinstalling crowdsec-1.3.3...
[1/1] Extracting crowdsec-1.3.3: .......... done
Cannot 'status' crowdsec. Set crowdsec_enable to YES in /etc/rc.conf or use 'onestatus' instead of 'status'.
Cannot 'stop' crowdsec. Set crowdsec_enable to YES in /etc/rc.conf or use 'onestop' instead of 'stop'.
Cannot 'start' crowdsec. Set crowdsec_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'.
You may need to manually remove /usr/local/etc/crowdsec/local_api_credentials.yaml if it is no longer needed.
You may need to manually remove /usr/local/etc/crowdsec/online_api_credentials.yaml if it is no longer needed.
You may need to manually remove /usr/local/etc/crowdsec/config.yaml if it is no longer needed.
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***

I found the /etc/rc.conf file empty when I went to edit.  I was able to manually remove the recommended files, but that did not change anything.  How do I get Crowdsec back up and running?

I get this error: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:ix0/R failed: Device busy
Line Number: 103419
I have also checked to see if the WAN IP has not changed.

Is there RSS support built in or coming later? Thank you.

--See last Phantomsfbw post in this thread to see solution-- Just moved over from the last stable version of OPNsense to this RC.  The RC crashes the network when running a SpeedTest during the Upload test.  I can still access the wired LAN, but Internet access blown away.  Must reboot OPNsense to get WAN service back.  I have narrowed it to the IPS if it is tured on.  I was able to narrow it by doing a complete reinstall and turning on one capability after another.  Running Unbound with TLS-DNS.  WAN IP is DHCP.  Using Cloudflare DNS 1.1.1.2 and 1.0.0.2. 

1G symetrical service provider through Verizon FIOS.  The WAN NIC is an Intel 1G on board motherboard. No issues in the past or under last stable OPNsense version.

Intel(R) Core(TM) i5-10400 CPU @ 2.90GHz (12 cores) and 16G Ram