Messages

Ta Monviech

I have a number of certificates from Let's encrypt.  One wildcard for the whole domain, and 3 individual ones.

Recently one of the services using these broke, and it turns out that the renewal process failed.  This process though only failed on the 3 individual services, the wildcard renewed quite happily.

When I did in I find that the _acme-challenge TXT record fails to add to my Goddady DNS for the domain.

(See the attached image file that I could not figure out how to embed ;-)  )

This only seems to happen when it tries to create a record with a _acme-challenge.XXX format (where XXX is the name of the server that needs the certificate).  The wildcard happily creates as it has no .XXX on the end.

Is this an issue with the setup of the DNS?  or something weird in the opnsense ACME Client?  I have tried looking at the TXT it tries to add to get the value and then manually creating a key to match, but this fails too, probably because the client tries to add a new value to the same key and that fails.

Any ideas how I can get this to work again?

I swear there used to be a button to clear the logs in the logs of the ACME client.  Has this disappeared or is there another way to clear the logs from the UI?

For the last couple of weeks since I upgraded to the 23.7 I have been having a problem with my opnsense router.

1) Sometimes my machines loose internet access, but the network seems to be working.  When this happens I cannot access the opnsense webui either. Poking the powerbutton rectifies the machine shutsdown cleanly then works when rebooted.

2)The router randomly reboots.  I become aware that the whole network is just not working.  After a bit it starts working again and when I access the webui it is clear the router has rebooted.

The device itself is about a month old now based on an N5105 with 16gb ram.

I've made sure I've done all the updates I have found but alas still no luck figuring out what caused it.

Situation 1 just happened again prompting me to finally get around to asking if anyone has any ideas.  25pages back in the log at the time it happened I see this.

<6>pid 61824 (unbound), jid 0, uid 59: exited on signal 11   
2023-09-07T09:42:00   Notice   kernel   <6>pid 25031 (python3.9), jid 0, uid 0: exited on signal 11 (core dumped)   
2023-09-07T09:40:09   Notice   kernel   <6>pid 4217 (python3.9), jid 0, uid 0: exited on signal 11 (core dumped)   
2023-09-07T09:40:00   Notice   kernel   <6>pid 97999 (python3.9), jid 0, uid 0: exited on signal 11 (core dumped)   
2023-09-07T09:39:00   Notice   kernel   <6>pid 85400 (python3.9), jid 0, uid 0: exited on signal 11 (core dumped)   
2023-09-07T09:36:00   Notice   kernel   <6>pid 52843 (python3.9), jid 0, uid 0: exited on signal 11 (core dumped)
2023-09-07T09:34:00   Notice   kernel   <6>pid 25958 (python3.9), jid 0, uid 0: exited on signal 11 (core dumped)   
2023-09-07T09:30:00   Notice   kernel   <6>pid 68520 (python3.9), jid 0, uid 0: exited on signal 11 (core dumped)   
2023-09-07T09:28:00   Notice   kernel   <6>pid 38821 (python3.9), jid 0, uid 0: exited on signal 11 (core dumped)   
2023-09-07T09:27:00   Notice   kernel   <6>pid 26862 (python3.9), jid 0, uid 0: exited on signal 11 (core dumped)   
2023-09-07T09:25:00   Notice   kernel   <6>pid 566 (python3.9), jid 0, uid 0: exited on signal 11 (core dumped)   
2023-09-07T09:24:01   Notice   kernel   <6>pid 84849 (python3.9), jid 0, uid 0: exited on signal 11 (core dumped)   
2023-09-07T09:21:00   Notice   kernel   <6>pid 40608 (ld.lld), jid 0, uid 0: exited on signal 11 (core dumped)

python error messages also happen when situation 2 occurs as well.  I seem to remember around the time it started that the updates did an update to python.  Is it possible this is corrupt or something?  Is there a repair option?

Out of interest this seems to be when it started.  Interesting that the script failing is related to NUT which ought to have the ability to shutdown the PC too.  I'm going to disable NUT and see if this helps. 

Well, I am getting pretty much identical issues on my new OpnSense box too.  Only been happening the last couple of weeks since I did the upgrade. 

Just out of interest what box/processor etc. are you using just in case there is commonality of the processor memory size etc.  Mine is an N5105 with 16GB ram, it's six weeks old, but that does not guarantee that there isn't a hardware fault.

Pre router death HAProxy was working really well.

Having now got everything back on line, HAProxy does not work for any server that does anything with Rules etc.   The basic ones work normally but not that.

During the process of importing the confing opnsense made me upgrade to the latest version.  Although the config looks good and checks through fine things keep failing.

I went through and disabled all the servers that were not working.  I am now adding them in one by one, but am not winning.  I exported the haconfig and found this.



These feels like it should not be there and I wondered if because the config was imported new it has generated new acls and there is a mixture of old and new in there?  Not sure if that makes sense though or even really what those acls might be!

I gave up on the VOIP and went back to the PPPoE, which is working perfectly.

Not good, mine is doing the same thing,  did anyone find a resolution to this?

It's an option on the router I have which is a THG3000g.

No idea how old it is, only came out the box when the opensense box died as an emergency measure.

So I currently have setup the vodafone router with a Public subnet and have added my opnsense router to that subnet and I get this far.



I get all the way to the providers end of the broadband service, but it fails when I try and get to an internet site.   Which I am assuming is something to do with the vodafone router as once it gets to the Vodafone side of the Public Subnet (192.168.200.1) it is beyond the control of the opnsense router.

Any ideas how I can get past this last hurdle?

I wanted to connect via the Public Subnet.  That did not work.

I'm now trying it as a DMZ host, but not wedded to this I just want to make it work

Up until now I have used a broadband modem connected to my WAN port using PPPOE.

PSTN telephony is being turned off so the only way to get this now is to use my providers (Vodafone) broadband.  Having just had the opnsense device die I have replaced it and have imported the setup that has been working for the last 5 years.

My plan was to connect the opnsense router (OR) to the broadband router(BR) by having the OR WAN port as an exposed device on the BR.  This connection works on the OR box where I can ping the BR routing address from the OR box but there is no routing going on.

As I changed the WAN port from PPPOE on the OR to static IP does this change all the rules and things?

Easy fix.

I went into config.xml and removed the password for root.  Then the importer worked and it defaulted to the normal root password.

I am trying to reload a new copy of opnsense and base it on a config.xml.

I can do this and it gets running as my server, however the challenge is I chose a really complex password for my system and it is too hard to type it in manually.   This means I cannot get logged in to run the installer to get it on the hardware.

Is there a way to get the system to do the import but replace the config.xml version of the root password with the standard opnsense default?    If not an option can I do this by modifying config.xml?