Topics

Hi

I purchased a Protectli Vault Pro VP2420-4, Crucial RAM 32GB DDR4 3200MHz CL22 & a Integral 512GB M.2 SATA III 2280 to run OPNSense in April 2024. Since installation the system has been rock solid, with no crashes, until I upgraded to OPNSense 24.7.11_2 in December of 2024. Since then I've had 3 OPNsense crashes, where the system reboots and recovers by itself. The crash reporter shows the crashes. All 3 crashes have been due to page faults. I've removed the memory and SSD from the Protectli and I've re-seated them but the crashes still occur. The Protectli is UPS fed and no other device have reported any power issues on the same UPS. The Protectli is in a cool environment and isn't near sources of EMI. The firewall isn't driven very hard and I use it at home. I use NUT, BGP, DHCP Server. I only use 2 ports on the Protectli, WAN access and a trunk for my home network. Interestingly, all 3 crashes have occurred after a few days of uptime while watching videos online, 2 with YouTube and one with the BBC.

The OPNSense crashes are receiving a poor wife acceptance factor, so I'd appreciate any advice on how to stop The Great British Bake Off from being interrupted ;-)

The kernel panic is shown below:

Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 02
fault virtual address   = 0x0
fault code      = supervisor write data, page not present
instruction pointer   = 0x20:0xffffffff82190d9c
stack pointer           = 0x28:0xffffffff82e54e00
frame pointer           = 0x28:0xffffffff82e54e30
code segment      = base 0x0, limit 0xfffff, type 0x1b
         = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags   = interrupt enabled, resume, IOPL = 0
current process      = 6 (pf purge)
rdi: fffff801e8d47d10 rsi: fffff801e8d47d10 rdx: 0000000095089b03
rcx: 0000000000000000  r8: 0000000022f0d653  r9: 0000000000000000
rax: 0000000000000000 rbx: fffff801e8d68dc0 rbp: ffffffff82e54e30
r10: 0000000000000000 r11: 00000000b9f5a6a9 r12: fffffe0106bdc000
r13: 00000000000877df r14: fffff801e8d47d10 r15: fffff80001b20000
trap number      = 12
panic: page fault
cpuid = 1
time = 1736625558
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xffffffff82e54af0
vpanic() at vpanic+0x131/frame 0xffffffff82e54c20
panic() at panic+0x43/frame 0xffffffff82e54c80
trap_fatal() at trap_fatal+0x40b/frame 0xffffffff82e54ce0
trap_pfault() at trap_pfault+0x46/frame 0xffffffff82e54d30
calltrap() at calltrap+0x8/frame 0xffffffff82e54d30
--- trap 0xc, rip = 0xffffffff82190d9c, rsp = 0xffffffff82e54e00, rbp = 0xffffffff82e54e30 ---
pf_detach_state() at pf_detach_state+0x5fc/frame 0xffffffff82e54e30
pf_unlink_state() at pf_unlink_state+0x290/frame 0xffffffff82e54e70
pf_purge_expired_states() at pf_purge_expired_states+0x188/frame 0xffffffff82e54ec0
pf_purge_thread() at pf_purge_thread+0x13b/frame 0xffffffff82e54ef0
fork_exit() at fork_exit+0x7f/frame 0xffffffff82e54f30
fork_trampoline() at fork_trampoline+0xe/frame 0xffffffff82e54f30
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
panic.txt0600001214740546626  7147 ustarrootwheelpage faultversion.txt0600007414740546626  7552 ustarrootwheelFreeBSD 14.1-RELEASE-p6 stable/24.7-n267979-0d692990122 SMP

EDIT: I forgot to mention, I ran memtest64 for a few hours but no errors were found.

Thanks!

Hi

My OPNsense firewall has an issue where the system firmware update just says "fetching changelog information" and a spinning icon.

The Firewall tried to update itself, automatically, from 24.7.5 to 24.7.6 last night. When I checked this morning the update was nearly complete and the update process got to "updating crowdsec" and was waiting for a couple of PIDs. That message was displayed over 12 hours ago. though, with no further messages. I then rebooted the Firewall and now when the unit has restarted it says it is running 24.7.5 still. The firewall works and my clients have internet access etc. If I ssh to the firewall I can resolve names and ping www.google.com. I've tried changing to a different mirror but the "fetching changelog information" issue remains. If I run "fetch https://pkg.opnsense.org/FreeBSD:13:amd64/23.1/sets/changelog.txz", via ssh, the file is downloaded correctly.

I only have IPV4 access but I read that changing "Prefer to use IPv4 even if IPv6 is available"might help under setting/general, but this hasn't helped my system.

In the system/firmware/updates log I sometimes see an additional entry beyond "fetching changelog information", though if I leave the system running like this for 30 mins no further messages are displayed:

Code Select Expand

Updating OPNsense repository catalogue...
Waiting for another process to update repository OPNsense

I've noticed that if I check the upgrade log I have a message at the top saying "pkg-static: Warning: Major OS version upgrade detected. Running "pkg bootstrap -f" recommended". if I try and run "pkg bootstrap -f" at the cl I receive a message "The package management tool is not yet installed on your system". I'm then prompted if I want to install the package. I've declined to install the package as I don't want to make my situation worse, without knowing the implications of installing. This message might also be from a previous upgrade, there are no timestamps in the file for me to be sure when this log is from.

The system has a reliable 100Mb down internet connection is using 4% of its RAM, with a load average of 0.21. I'd appropriate any suggestions on what I can try next.

Thanks

Hi

I'm new to OPNSense and to this forum so firstly hello & thanks for a great system!

I have installed  OPNsense 24.1.5_1-amd64 on a Protectli Vault Pro VP2420-4 Port PC. I have 2 WAN connections that I'm load balancing between between and all is working well from a firewall point of view. The WAN connections are provided to me as separate ethernet connections on 2 subnets with private 192.168.x.x/24 ip connections (this might be relevant, not sure!).

If I navigate to the Reporting/traffic page I can see graphs of the "in" and "out" data on LAN and WAN interfaces working correctly with real data. On the same page the "Top Hosts" in and out graphs are also displayed but without any data being shown. If I navigate to the "Top Talkers" tab no host data is displayed there either.

I've check the fw's backend log and I can see the error message below, from the configd.py process, when navigate to Reporting/Traffic:

Code Select Expand

Script action failed with Command '/usr/local/opnsense/scripts/interfaces/traffic_top.py --interfaces 'igc0'' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/actions/script_output.py", line 44, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.9/subprocess.py", line 373, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/interfaces/traffic_top.py --interfaces 'igc0'' returned non-zero exit status 1.

If I then navigate to Top talkers I also see the same error in the backend log as above.

I don't know if this helps but if I run the command from the log via ssh:

/usr/local/opnsense/scripts/interfaces/traffic_top.py --interfaces 'igc0'

I receive this error message:

Code Select Expand

Traceback (most recent call last):
  File "/usr/local/opnsense/scripts/interfaces/traffic_top.py", line 154, in <module>
    if ip.is_private():
AttributeError: 'IPAddress' object has no attribute 'is_private'


Interface igc0 is the fw's LAN interface and is passing LAN traffic ok. I'm using igc0 as a dot1q trunk.

Any ideas on how I could fix the issue above will be appreciated! As above, I'm new to OPNsense so user error on my part is a likely cause!

Thanks