Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - joeyboon

#1
I've experienced the same problem. Switching to Hyperscan makes the process no longer crash, but detection's don't occur. Does anything get detected once you've switched to Hyperscan?
#2
I also wanted to report the same issue and the fact that this solution worked for me.

Quote from: geotek on April 20, 2025, 11:25:21 AMOne more observation: Only boxes with one of the three Aho-Corasick Pattern matchers are affected, even with today's updated rules. Boxes with Hyperscan matcher were not affected. After changing the matcher to Hyperscan, the problem was solved on all of our previously affected firewalls.

I hope this helps identifying and fixing the cause.

#3
Anyone else that still has issues? Hopefully someone has been able to fix it.
#4
Switching to ZFS did not help and the power supply seems fine when I monitor voltage levels. I ended up swapping the SSD, which up until now has worked! :) Hopefully that was the issue. 
#5
Hi Sunmast,

I'm wondering if you ever found a solution. I'm still experiencing the same problem. I used to use IPS on my LAN interface (with vlan's) but this broke when upgraded. I switched off IPS, since I did not have the time to troubleshoot at the time. As soon as I turn it on the interface switches off. I also hardware offloading disabled and selected the physical interface. Hopefully you managed to solve this! :) 
#6
Thanks for the suggestion. I installed with UFS. After talking to some friends I reinstalled with ZFS and replaced the UPS. Lets see if it was a power issue. If that does not work I'll check the power supply.
#7
Hi,

I'm currently experiencing (I think) some hardware issues. My machine freezes and is fine after a reboot. Since everything is frozen the only error messages I get are whats on screen when the machine dies (there is nothing in the logs.)

At first I thought it was the SSD, but SMART statistics look fine.



Since I thought it could be the sata cable I replaced the sata cable and used a different connection on the motherboard. But the problem only seems to be getting worse. At first the machine only froze once a week, now I'm down to daily issues. These are the error messages from two different occasions:






The specs of my software and machine
Software version:
OPNsense 22.4.3_1-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1q 5 Jul 2022

Hardware:
Motherboard: Asrock Rack X470D4U
Processor: AMD Ryzen 5 3500X
RAM: Kingston KSM26ED8/16ME
SSD: Intel DC S3520 2,5" 480GB

All suggestions are welcome since I find the issue really hard to troubleshoot.

#8
21.7 Legacy Series / Re: 4G fallback fails once a day
January 24, 2022, 04:15:24 PM
The issue seems solved! The combination of using the supersede subnet-mask option with the correct netmask for my provider and connecting the modem directly to the router (instead of the switch with a seprate VLAN) solved all issues.
#9
21.7 Legacy Series / Re: 4G fallback fails once a day
January 22, 2022, 05:08:29 PM
Hi,

Sure! First log in to your LB2120 (default IP is 192.168.5.1 and password is located on the back). Go to Settings -> Advanced -> LAN and select bridge.



I had a horrible time when I connected the device to the wrong port of my switch and created a DHCP battle between my router and this modem ;) So connect the LB2120 to a port of your router (or switch if you know what your doing) that is not in use.

Then (in OPNSense) go to Interfaces -> Assignments and select the port you connected the LB2120 to. Give it a name, for example WANfailover. Press the plus sign.

Next click on the new interface. Enable the interface and check the Prevent interface removal option. In my case (I use T-Mobile NL) my provider does not use CGNAT (thank god), so I can also block private and bogon ranges. I then select DHCP and save the interface. 



Your interface should get a public IP assigned. And you can test if it works at Interfaces -> diagnostics -> ping and select the new interface and ping 8.8.8.8 for example.

Finally under system -> gateways -> single -> I selected the new gateway and changed the monitoring address to something useful. I also changed the priority to 255 so my router will not select this gateway over my regular one with priority 254).

Thats it! depending on how you want to use the new connection you now have to create a gatewaygroup etc.

PS: Today I added a networkcard to my router in order to connect the modem directly to my router. Before it was on a seperate VLAN via the switch I'm hoping this will solve my issue... 
#10
Thanks! This post made me realize I needed to enable the phisical interface in order to change the MTU to 1508 (in my case). I thought I already implemented rfc4638 by changing the settings on the WAN interface (vlan). Thanks again! 
#11
My guess (because I don't actually know) is that they just cross reference the installed packages with the publicly available CVE database and that they don't run a server themselves. But maybe someone else can enlighten us ;)
#12
You can run a security scan on any OPNsense system under sytem -> firmware -> status -> run an audit -> Security. It will tell you the CVE's affecting your current system. For example mine gave me the follwing output:

***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 21.10.1 (amd64/OpenSSL) at Tue Jan 11 17:57:29 CET 2022
vulnxml file up-to-date
nss-3.72 is vulnerable:
  NSS -- Memory corruption
  CVE: CVE-2021-43527
  WWW: https://vuxml.freebsd.org/freebsd/47695a9c-5377-11ec-8be6-d4c9ef517024.html

ruby-2.7.4,1 is vulnerable:
  rubygem-date -- Regular Expression Denial of Service Vunlerability of Date Parsing Methods
  CVE: CVE-2021-41817
  WWW: https://vuxml.freebsd.org/freebsd/6916ea94-4628-11ec-bbe2-0800270512f4.html

  rubygem-cgi -- buffer overrun in CGI.escape_html
  CVE: CVE-2021-41816
  WWW: https://vuxml.freebsd.org/freebsd/2c6af5c3-4d36-11ec-a539-0800270512f4.html

  rubygem-cgi -- cookie prefix spoofing in CGI::Cookie.parse
  CVE: CVE-2021-41819
  WWW: https://vuxml.freebsd.org/freebsd/4548ec97-4d38-11ec-a539-0800270512f4.html

4 problem(s) in 2 installed package(s) found.
***DONE***

Is this what you are looking for? :)
#13
Hi,

I've managed to solve the issue by reinstalling the plugin and adding everything in same way I did last time. So no idear why it broke in the first place. It instantly worked again. I used this guide: https://www.youtube.com/watch?v=IR41duTqN6Y

I changed nothing to the external DNS records, so it defitnly was a problem on the local system.
#14
21.7 Legacy Series / Re: ACME Client Drops WAN Connection
December 28, 2021, 08:21:50 AM
Hi @Fright,

Quote from: Fright on December 20, 2021, 08:22:16 PM
so if you try
curl https://acme-v02.api.letsencrypt.org/directory
in shell it works?
can you try "Forcefully issue or renew" in this case?

In shell this returns:

{
  "DFkTnKbE2ms": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"

So that seems to be also working fine. I tried forcefully renewing already through the GUI, this resulted in the same problem.
#15
21.7 Legacy Series / Re: ACME Client Drops WAN Connection
December 19, 2021, 08:53:10 PM
Hi @fright

DNS is set correctly and propagated.