"
Thanks again, that fixed the problem here too.
Ben
Ben
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#1
22.7 Legacy Series / Re: dns override issue after updating to 22.7.3_2
September 12, 2022, 07:31:00 PM #2
22.7 Legacy Series / Re: dns override issue after updating to 22.7.3_2
September 09, 2022, 04:58:57 PM
Great! I will go and test that too after the weekend (when I'm physically at the firewall :) ).
Ben
Ben
#3
22.7 Legacy Series / Re: dns override issue after updating to 22.7.3_2
September 09, 2022, 04:30:30 PM
Perhaps it's better to create an issue about this on github?
These look related:
https://github.com/opnsense/core/issues/5477
https://github.com/opnsense/core/pull/5925
BTW, I tried to opnsense-revert to 22.7.2, but that got nowhere fast. UI would not start up I should reinstall this one and start using boot environments...
Ben
These look related:
https://github.com/opnsense/core/issues/5477
https://github.com/opnsense/core/pull/5925
BTW, I tried to opnsense-revert to 22.7.2, but that got nowhere fast. UI would not start up I should reinstall this one and start using boot environments...
Ben
#4
22.7 Legacy Series / Re: dns override issue after updating to 22.7.3_2
September 08, 2022, 06:55:18 PM
Upgraded to 27.2.4, problem persists.
Ben
Ben
#5
22.7 Legacy Series / Re: dns override issue after updating to 22.7.3_2
September 05, 2022, 10:01:48 PM
I am having the same problem. Every host override (A and Alias records) I have in the unbound config now fails the reverse lookup. Same error messages: "...PTR record already exists for...".
I haven't added all these hosts/aliases multiple times, so why does it throw this error message?
I would appreciate some guidance on how to fix this.
Thanks,
Ben
I haven't added all these hosts/aliases multiple times, so why does it throw this error message?
I would appreciate some guidance on how to fix this.
Thanks,
Ben
#6
21.7 Legacy Series / Re: 21.7.3 Processes are killed due to swap space outage
September 23, 2021, 04:18:29 PM
I updated to 21.7.3 yesterday. Same here, suricata and unbound were killed with lots of out-of-swapspace messsages. I could manually restart them.
Will try the reboot now.
Ben
Will try the reboot now.
Ben
#7
General Discussion / Re: Custom DDNS - How to see the HTTP Response
July 02, 2021, 12:22:39 PMQuote from: Vinez on May 12, 2021, 02:41:50 PM
All solved now, I can put in a pull request on GitHub if you are interested in adding the ISP TransIP to the list of supported ISP's.
I'm also interested in TransIP ddns support. I did not see a pull request yet. Is your code available somewhere?
Thanks,
Ben
#8
General Discussion / Re: Remote Access Control Lists in squid not working anymore
December 05, 2016, 02:50:38 PMQuote from: tillsense on December 04, 2016, 11:38:37 AM
back to 16.7.10 it's the same (all categories active) plus a error in the log:Quote
configd.py: unable to sendback response [OK ] for [proxy][downloadacls][None] {b62421f1-b3be-4e2c-b502-366d1a140aa0}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 202, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe
That's probably the same issue I have. The timeout for the GUI is set to 120 s, but the ACL script isn't finished by then.
Ben
#9
General Discussion / Re: Remote Access Control Lists in squid not working anymore
November 25, 2016, 05:47:30 PM
Hi Ad,
I understand the problem. This also explains some odd behaviour I have seen in the past when clicking on 'Apply' and the list not sticking correctly. Perhaps the same problem as pr3p described in his latest message? For now the workaround could be to Download the list, and watch the cpu meter until all is quiet. And then hit Apply.
Increasing the timeout would help in the short run, but it is also highly dependant on the hardware of course. And what if some list suddenly takes even longer? Making it async would be best, but is probably a lot more work?
While we're on this subject: I also noticed that OPNsense currently blacklists every address in that list. But some categories are explicitly whitelisted, see for example liste_blanche. I currently have to delete that index in the GUI.
Kind regards,
Ben
I understand the problem. This also explains some odd behaviour I have seen in the past when clicking on 'Apply' and the list not sticking correctly. Perhaps the same problem as pr3p described in his latest message? For now the workaround could be to Download the list, and watch the cpu meter until all is quiet. And then hit Apply.
Increasing the timeout would help in the short run, but it is also highly dependant on the hardware of course. And what if some list suddenly takes even longer? Making it async would be best, but is probably a lot more work?
While we're on this subject: I also noticed that OPNsense currently blacklists every address in that list. But some categories are explicitly whitelisted, see for example liste_blanche. I currently have to delete that index in the GUI.
Kind regards,
Ben
#10
General Discussion / Re: Remote Access Control Lists in squid not working anymore
November 24, 2016, 02:05:27 PM
Hi Ad,
Indeed, it looks like processing the list is taking an awful long time:
This is on an OPNsense A10 Quad Core SSD rack system.
Kind regards,
Ben
Quote from: AdSchellevis on November 23, 2016, 05:33:32 PM
You can easily trigger the download from the command line to see if something strange happens, but I guess your download/process just takes more the 120 seconds (which is the timeout from the gui to wait for a response).Code Select/usr/local/opnsense/scripts/proxy/fetchACLs.py
Indeed, it looks like processing the list is taking an awful long time:
Code Select
# time curl -C - -O 'ftp://ftp.ut-capitole.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz'
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 8373k 100 8373k 0 0 1284k 0 0:00:06 0:00:06 --:--:-- 1619k
0.107u 0.071s 0:06.57 2.5% 148+120k 0+65io 0pf+0w
# time /usr/local/opnsense/scripts/proxy/fetchACLs.py
168.865u 12.138s 3:09.56 95.4% 7+167k 0+748io 12pf+0wThis is on an OPNsense A10 Quad Core SSD rack system.
Kind regards,
Ben
#11
General Discussion / Re: Remote Access Control Lists in squid not working anymore
November 23, 2016, 01:39:18 PM
Hi Ad,
Yes, that line is in there. I have restarted squid and am now unable to reproduce the bungled message. The timeout is still there tough. Download ACLs gives this:
The Web UI has at that point returned to normal (no spinning indicator). At that point a Python process is still chewing up 100% cpu (fetchACLs I think). When that's done I get:
And then I hit Apply:
Perhaps the bungled message was because I hit apply before the Python process actually ended.
Kind regards,
Ben
Yes, that line is in there. I have restarted squid and am now unable to reproduce the bungled message. The timeout is still there tough. Download ACLs gives this:
Code Select
Nov 23 13:27:15 OPNsense configd.py: [8ed9d971-89dc-4d69-bb59-c99578afaccb] request proxy status
Nov 23 13:27:31 OPNsense configd.py: [776d1217-5e8f-4f66-8e3d-8aca0b8c8744] generate template OPNsense/Proxy
Nov 23 13:27:32 OPNsense configd.py: generate template container OPNsense/Proxy
Nov 23 13:27:34 OPNsense configd.py: [c7a06f6b-5253-4251-af1a-6740ef916ed5] download proxy ACLs from remote locations
Nov 23 13:29:36 OPNsense configd[18360]: Timeout (120) executing : proxy downloadaclsThe Web UI has at that point returned to normal (no spinning indicator). At that point a Python process is still chewing up 100% cpu (fetchACLs I think). When that's done I get:
Code Select
Nov 23 13:30:39 OPNsense configd.py: unable to sendback response [OK ] for [proxy][downloadacls][None] {c7a06f6b-5253-4251-af1a-6740ef916ed5}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 202, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipeAnd then I hit Apply:
Code Select
Nov 23 13:33:07 OPNsense configd.py: [61d38b33-64d8-410d-86a4-dd8f13397041] request proxy status
Nov 23 13:33:07 OPNsense configd.py: [18e041fb-8f75-41b1-af92-f5b6f8c2563c] generate template OPNsense/Proxy
Nov 23 13:33:08 OPNsense configd.py: generate template container OPNsense/Proxy
Nov 23 13:33:10 OPNsense configd.py: [63646e00-3382-4624-89c9-dfcc8f63fbd6] reconfigure proxyPerhaps the bungled message was because I hit apply before the Python process actually ended.
Kind regards,
Ben
#12
General Discussion / Re: Remote Access Control Lists in squid not working anymore
November 22, 2016, 06:57:16 PM
Oops, it seems there is another problem after applying the download:
Line 38 looks like this:
And that file actually exists:
Kind regards,
Ben
Code Select
Nov 22 18:48:52 OPNsense configd.py: [10b51670-e81f-426e-8a60-ebd7eaa3192a] request proxy status
Nov 22 18:48:52 OPNsense configd.py: [9f07c783-7099-4f49-87c1-b7fc14f9a298] generate template OPNsense/Proxy
Nov 22 18:48:53 OPNsense configd.py: generate template container OPNsense/Proxy
Nov 22 18:48:55 OPNsense configd.py: [f651e852-da92-4dd7-a376-2267b28ece11] reconfigure proxy
Nov 22 18:48:59 OPNsense squid: Bungled /usr/local/etc/squid/squid.conf line 38: acl remoteblacklist_UT1 dstdomain "/usr/local/etc/squid/acl/UT1"
Nov 22 18:48:59 OPNsense configd.py: [f651e852-da92-4dd7-a376-2267b28ece11] returned exit status 1Line 38 looks like this:
Code Select
acl remoteblacklist_UT1 dstdomain "/usr/local/etc/squid/acl/UT1"And that file actually exists:
Code Select
root@OPNsense:/usr/local/etc/squid # ll acl/
total 27942
-rw-r----- 1 root squid 28580995 Nov 22 18:43 UT1
-rw-r----- 1 root squid 1444 Nov 22 18:42 UT1.index
-rw-r----- 1 root squid 991 Nov 22 18:43 yoyoads
-rw-r----- 1 root squid 2 Nov 22 18:43 yoyoads.indexKind regards,
Ben
#13
General Discussion / Re: Remote Access Control Lists in squid not working anymore
November 22, 2016, 06:50:53 PM
Hi Ad,
Thanks for the patch. Fetching the ftp data works again, but in system.log I now see a timeout:
But the data is updated in /usr/local/etc/squid/acl, and I can see/choose the categories again in the web UI. So perhaps this is only a cosmetic problem.
Kind regards,
Ben
Thanks for the patch. Fetching the ftp data works again, but in system.log I now see a timeout:
Code Select
Nov 22 18:40:52 OPNsense configd.py: [b2cf595d-8d13-43a5-869e-b33dddac1949] generate template OPNsense/Proxy
Nov 22 18:40:53 OPNsense configd.py: generate template container OPNsense/Proxy
Nov 22 18:40:55 OPNsense configd.py: [73e319a1-7595-4240-be5d-c671820f6ab3] download and reload proxy ACLs from remote locations
Nov 22 18:42:57 OPNsense configd[6698]: Timeout (120) executing : proxy fetchaclsBut the data is updated in /usr/local/etc/squid/acl, and I can see/choose the categories again in the web UI. So perhaps this is only a cosmetic problem.
Kind regards,
Ben
#14
General Discussion / Re: Remote Access Control Lists in squid not working anymore
November 22, 2016, 03:01:54 PM
Ok, good to know I'm not the only one!
Ben
Ben
#15
General Discussion / Re: Remote Access Control Lists in squid not working anymore
November 22, 2016, 02:32:49 PM
No one? Any tips on helping me debug this?
Thanks,
Ben
Thanks,
Ben
