Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - Apex

Pages1
#1
Virtual private networks / OpenVPN Client [Legacy] Unable to delete client
August 31, 2024, 09:26:37 PM
I'm attempting to delete a legacy client as I no longer need the VPN tunnel. I select it, click on the "delete selected rules" which produces a pop-up of "Do you really want to delete the selected clients? No / Yes

I click on Yes, and it just sits there. It does nothing. I've deleted the interface associated with it, the gateway group the outbound firewall rule. There isn't anything associated with this client now and for some reason it will not delete using the GUI.

Is there a way to do it via the shell?
#2
Development and Code Review / OPNSense Unifi Controller Application is starting up
April 23, 2024, 04:02:32 AM
I used the plugin repository provided by mimugmail  Repo URL https://www.routerperformance.net/opnsense-repo/ reference URL: https://forum.opnsense.org/index.php?topic=20827.0

I installed the latest unifi which installed unifi 8. It worked quite well for a little while and after the last reboot I get this error message in the attachment.

I've attempted to uninstall and reinstall and get the same results.

Not sure how to troubleshoot or what logs I should look at so looking for a little direction to try and get this working again.
#3
24.1, 24.4 Legacy Series / Weird issue with unbound using VPN Gateway Group
March 06, 2024, 04:29:19 PM
I'm a recent convert from PFSense to OPNSense. I have run this configuration for years in PFSense, and for about a month the same configuration was working in OPNSense.

I am using 2 unbound servers that are external to OPNsense located on my LAN. I had a firewall rule for any protocol from DNS servers (in a firewall alias) the traffic would be directed to the VPN Gateway group. I have a VPN Gateway Group with 2 Tier 1 connections for load balancing the requests, and for everything else including policy base routing it works just fine.

But for Unbound up until 2 days ago was working the same way. Then out of nowhere I started seeing DNS lookup failures with a status return of SERVFAIL and I'm not sure why.

Even the DNS servers themselves if I do a traceroute, the VPN gateway passes traffic but for Unbound at least according to the Unbound logs it appears to be failing to retrieve a proper response.

Here is the logs, I performed a lookup using the domain name "pickles.com" to make it easier to find in the unbound logs.

[1709696403] unbound[1816:2] info: 1RDdc mod2 rep pickles.com. A IN
[1709696403] unbound[1816:2] debug: cache memory msg=132120 rrset=132120 infra=14229 val=132400 subnet=140552
[1709696403] unbound[1816:2] debug: svcd callbacks end
[1709696403] unbound[1816:2] debug: close of port 45447
[1709696403] unbound[1816:2] debug: close fd 33
[1709696403] unbound[1816:2] debug: answer cb
[1709696403] unbound[1816:2] debug: Incoming reply id = 9021
[1709696403] unbound[1816:2] debug: Incoming reply addr = ip4 192.5.5.241 port 53 (len 16)
[1709696403] unbound[1816:2] debug: lookup size is 1 entries
[1709696403] unbound[1816:2] debug: received udp reply.
[1709696403] unbound[1816:2] debug: udp message[28:0] 902180950001000000000001000002000100002904D0000080000000
[1709696403] unbound[1816:2] debug: outnet handle udp reply
[1709696403] unbound[1816:2] debug: measured roundtrip at 18 msec
[1709696403] unbound[1816:2] debug: svcd callbacks start
[1709696403] unbound[1816:2] debug: worker svcd callback for qstate 0x7f8bbc3311b0
[1709696403] unbound[1816:2] debug: mesh_run: start
[1709696403] unbound[1816:2] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_reply
[1709696403] unbound[1816:2] info: iterator operate: query . NS IN
[1709696403] unbound[1816:2] debug: process_response: new external response event
[1709696403] unbound[1816:2] info: scrub for . NS IN
[1709696403] unbound[1816:2] info: response for . NS IN
[1709696403] unbound[1816:2] info: reply from <.> 192.5.5.241#53
[1709696403] unbound[1816:2] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: REFUSED, id: 0
;; flags: qr ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
.   IN   NS

;; ANSWER SECTION:

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:
;; MSG SIZE  rcvd: 17

[1709696403] unbound[1816:2] debug: iter_handle processing q with state QUERY RESPONSE STATE
[1709696403] unbound[1816:2] info: query response was THROWAWAY
[1709696403] unbound[1816:2] debug: iter_handle processing q with state QUERY TARGETS STATE
[1709696403] unbound[1816:2] info: processQueryTargets: . NS IN
[1709696403] unbound[1816:2] debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 32
[1709696403] unbound[1816:2] info: DelegationPoint<.>: 13 names (0 missing), 26 addrs (25 result, 0 avail) parentNS
[1709696403] unbound[1816:2] info:   a.root-servers.net. * A AAAA
[1709696403] unbound[1816:2] info:   b.root-servers.net. * A AAAA
[1709696403] unbound[1816:2] info:   c.root-servers.net. * A AAAA
[1709696403] unbound[1816:2] info:   d.root-servers.net. * A AAAA
[1709696403] unbound[1816:2] info:   e.root-servers.net. * A AAAA
[1709696403] unbound[1816:2] info:   f.root-servers.net. * A AAAA
[1709696403] unbound[1816:2] info:   g.root-servers.net. * A AAAA
[1709696403] unbound[1816:2] info:   h.root-servers.net. * A AAAA
[1709696403] unbound[1816:2] info:   i.root-servers.net. * A AAAA
[1709696403] unbound[1816:2] info:   j.root-servers.net. * A AAAA
[1709696403] unbound[1816:2] info:   k.root-servers.net. * A AAAA
[1709696403] unbound[1816:2] info:   l.root-servers.net. * A AAAA
[1709696403] unbound[1816:2] info:   m.root-servers.net. * A AAAA
[1709696403] unbound[1816:2] debug:    ip4 198.41.0.4 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    ip6 2001:503:ba3e::2:30 port 53 (len 28)
[1709696403] unbound[1816:2] debug:    ip4 199.9.14.201 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    ip6 2001:500:200::b port 53 (len 28)
[1709696403] unbound[1816:2] debug:    ip4 192.33.4.12 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    ip6 2001:500:2::c port 53 (len 28)
[1709696403] unbound[1816:2] debug:    ip4 199.7.91.13 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    ip6 2001:500:2d::d port 53 (len 28)
[1709696403] unbound[1816:2] debug:    ip4 192.203.230.10 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    ip6 2001:500:a8::e port 53 (len 28)
[1709696403] unbound[1816:2] debug:    ip4 192.5.5.241 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    ip6 2001:500:2f::f port 53 (len 28)
[1709696403] unbound[1816:2] debug:    ip4 192.112.36.4 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    ip6 2001:500:12::d0d port 53 (len 28)
[1709696403] unbound[1816:2] debug:    ip4 198.97.190.53 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    ip6 2001:500:1::53 port 53 (len 28)
[1709696403] unbound[1816:2] debug:    ip4 192.36.148.17 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    ip6 2001:7fe::53 port 53 (len 28)
[1709696403] unbound[1816:2] debug:    ip4 192.58.128.30 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    ip6 2001:503:c27::2:30 port 53 (len 28)
[1709696403] unbound[1816:2] debug:    ip4 193.0.14.129 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    ip6 2001:7fd::1 port 53 (len 28)
[1709696403] unbound[1816:2] debug:    ip4 199.7.83.42 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    ip6 2001:500:9f::42 port 53 (len 28)
[1709696403] unbound[1816:2] debug:    ip4 202.12.27.33 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    ip6 2001:dc3::35 port 53 (len 28)
[1709696403] unbound[1816:2] debug: servselect ip4 202.12.27.33 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    rtt=302
[1709696403] unbound[1816:2] debug: servselect ip4 199.7.83.42 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    rtt=170
[1709696403] unbound[1816:2] debug: servselect ip4 193.0.14.129 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    rtt=302
[1709696403] unbound[1816:2] debug: servselect ip4 192.58.128.30 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    rtt=248
[1709696403] unbound[1816:2] debug: servselect ip4 192.36.148.17 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    rtt=248
[1709696403] unbound[1816:2] debug: servselect ip4 192.112.36.4 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    rtt=248
[1709696403] unbound[1816:2] debug: servselect ip4 192.5.5.241 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    rtt=248
[1709696403] unbound[1816:2] debug: servselect ip4 192.203.230.10 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    rtt=205
[1709696403] unbound[1816:2] debug: servselect ip4 199.7.91.13 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    rtt=248
[1709696403] unbound[1816:2] debug: servselect ip4 192.33.4.12 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    rtt=205
[1709696403] unbound[1816:2] debug: servselect ip4 199.9.14.201 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    rtt=205
[1709696403] unbound[1816:2] debug: servselect ip4 198.41.0.4 port 53 (len 16)
[1709696403] unbound[1816:2] debug:    rtt=248
[1709696403] unbound[1816:2] debug: selrtt 170
[1709696403] unbound[1816:2] info: sending query: . NS IN
[1709696403] unbound[1816:2] debug: sending to target: <.> 192.203.230.10#53
[1709696403] unbound[1816:2] debug: dnssec status: expected
[1709696403] unbound[1816:2] debug: EDNS lookup known=1 vs=0
[1709696403] unbound[1816:2] debug: serviced query UDP timeout=205 msec
[1709696403] unbound[1816:2] debug: inserted new pending reply id=4c35
[1709696403] unbound[1816:2] debug: opened UDP if=0 port=13824
[1709696403] unbound[1816:2] debug: comm point start listening 33 (-1 msec)
[1709696403] unbound[1816:2] debug: mesh_run: iterator module exit state is module_wait_reply
[1709696403] unbound[1816:2] info: mesh_run: end 2 recursion states (1 with reply, 0 detached), 1 waiting replies, 0 recursion replies sent, 0 replies dropped, 0 states jostled out
[1709696403] unbound[1816:2] info: 0pvCD mod2  . NS IN
[1709696403] unbound[1816:2] info: 1RDdc mod2 rep pickles.com. A IN
[1709696403] unbound[1816:2] debug: cache memory msg=132120 rrset=132120 infra=14229 val=132400 subnet=140552
[1709696403] unbound[1816:2] debug: svcd callbacks end
[1709696403] unbound[1816:2] debug: close of port 19468
[1709696403] unbound[1816:2] debug: close fd 34
[1709696404] unbound[1816:2] debug: answer cb
[1709696404] unbound[1816:2] debug: Incoming reply id = 4c35
[1709696404] unbound[1816:2] debug: Incoming reply addr = ip4 192.203.230.10 port 53 (len 16)
[1709696404] unbound[1816:2] debug: lookup size is 1 entries
[1709696404] unbound[1816:2] debug: received udp reply.
[1709696404] unbound[1816:2] debug: udp message[28:0] 4C3580950001000000000001000002000100002904D0000080000000
[1709696404] unbound[1816:2] debug: outnet handle udp reply
[1709696404] unbound[1816:2] debug: measured roundtrip at 19 msec
[1709696404] unbound[1816:2] debug: svcd callbacks start
[1709696404] unbound[1816:2] debug: worker svcd callback for qstate 0x7f8bbc3311b0
[1709696404] unbound[1816:2] debug: mesh_run: start
[1709696404] unbound[1816:2] debug: iterator[module 2] operate: extstate:module_wait_reply event:module_event_reply
[1709696404] unbound[1816:2] info: iterator operate: query . NS IN
[1709696404] unbound[1816:2] debug: process_response: new external response event
[1709696404] unbound[1816:2] info: scrub for . NS IN
[1709696404] unbound[1816:2] info: response for . NS IN
[1709696404] unbound[1816:2] info: reply from <.> 192.203.230.10#53
[1709696404] unbound[1816:2] info: incoming scrubbed packet: ;; ->>HEADER<<- opcode: QUERY, rcode: REFUSED, id: 0
;; flags: qr ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
.   IN   NS

;; ANSWER SECTION:

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:
;; MSG SIZE  rcvd: 17

[1709696404] unbound[1816:2] debug: iter_handle processing q with state QUERY RESPONSE STATE
[1709696404] unbound[1816:2] info: query response was THROWAWAY
[1709696404] unbound[1816:2] debug: iter_handle processing q with state QUERY TARGETS STATE
[1709696404] unbound[1816:2] info: processQueryTargets: . NS IN
[1709696404] unbound[1816:2] debug: processQueryTargets: targetqueries 0, currentqueries 0 sentcount 33
[1709696404] unbound[1816:2] debug: request has exceeded the maximum number of sends with 33
[1709696404] unbound[1816:2] debug: return error response SERVFAIL
[1709696404] unbound[1816:2] debug: mesh_run: iterator module exit state is module_finished
[1709696404] unbound[1816:2] debug: validator[module 1] operate: extstate:module_state_initial event:module_event_moddone
[1709696404] unbound[1816:2] info: validator operate: query . NS IN
[1709696404] unbound[1816:2] debug: validator: nextmodule returned
[1709696404] unbound[1816:2] debug: not validating response, is valrec(validation recursion lookup)
[1709696404] unbound[1816:2] debug: mesh_run: validator module exit state is module_finished


I'm at a bit of a loss to explain this as everything else works except for DNS lookups over the VPN tunnel.
Pages1