Messages

1

24.7 Production Series / netdata broken after 24.7.6 update

« on: October 09, 2024, 06:27:29 pm »

On two OPNsense machines, netdata was broken after installing 24.7.6. Netdata is no longer starting, it looks like netdata is not properly updated and missing "libprotobuf.so.28.1.0".

"ld-elf.so.1: Shared object "libprotobuf.so.28.1.0" not found, required by "netdata""

I solved it by reinstallating the netdata package from firmware/package, that updated netdata to a new minor version, now it works again.

Installed packages to be UPGRADED:
   netdata: 1.43.2_5 -> 1.43.2_6

2

24.7 Production Series / Re: Stuck at update 24.7.6 (no more)

« on: October 09, 2024, 06:21:21 pm »

Same here, had to kill crowssec to continue the update.

3

24.7 Production Series / Re: After Upgrade to 24.7.4 Zerotier not working

« on: September 13, 2024, 02:23:29 pm »

Same issue on my end.

I run a Zerotier Tunnel between a OPNsense Business Edition (home) and OPNsense Community running at my hoster. Right after updating to 24.7.4 on the OPNsense Community Edition, Zerotier is dead. Both Zerotier installations are shown as online, but none of the devices can ping each other on their Zerotier IP or any other IP that is routed over this Tunnel.

I try to downgrade my OPNsense to 24.7.3 as a solution for now.

Update: Downgrade with "opnsense-revert -r 27.7.3_1" worked, traffic is fliowing again

4

Virtual private networks / Re: ZeroTier sessions from all interfaces?

« on: July 12, 2024, 10:21:13 pm »

I think Zerotier does this for multipath, if there are multiple ways out, it uses them. You can add options to ignore certain networks for transport.

try adding this to your zerotier config:

{
   "settings": {
      "interfacePrefixBlacklist": ["interface1", "interface2"]
   }
}


https://docs.zerotier.com/config/#local-configuration-options

5

24.7 Production Series / Re: Firewall ‣ Aliases: URL: Spamhaus: Create Alias from JSON format

« on: June 24, 2024, 05:17:27 pm »

I would like to see json support. Currently i get my Microsoft Azure Service List json with https://github.com/thedxt/IP-Downloader. Love to see something like that in OPNsense.

6

German - Deutsch / Re: Kea DHCP - Subnetze auf Interfaces verteilen?

« on: May 06, 2024, 02:02:59 pm »

Das brauchst du auch nicht, Kea erkennt selber auf welchen Interfaces die Subnetze sind, du musst nur sicherstellen das Kea selber auf die Interfaces aktiviert wurde auf dem DHCP Dienste bereitgestellt werden sollen.

7

Virtual private networks / Re: [Solved] Port forward WireGuard return traffic through WAN

« on: May 03, 2024, 08:14:48 pm »

i am sitting here for 6 hours and try to find the reason why a port forward from a wireguard tunnel (that provides me a static wan ip) to my mailserver does respond to requests coming in from wireguard. That manual firewall rule and settings reply-to saved my day.

I almost went insane.

8

24.1 Legacy Series / Re: Unbound keep crashing

« on: February 20, 2024, 08:26:42 pm »

I see this on several Business OPNsense 23.10.2 installations. Unbound stop resolving external domains (only), internal stills works. Looks like tls to quad9 is dying sometimes. A restart of unbound solve this issue immediately, if i do nothing, it fixes itself after a few minutes.

I dont know if this is a unbound or quad9 issue.

9

24.1 Legacy Series / Re: No access to URLs on WAN side after upgrading to 24.1

« on: January 30, 2024, 09:30:44 pm »

After upgrading to 24.1 I could no more access any host at the WAN side.
Calling "nslookup google.com" at terminal works great (on linux and windows) but the domain-names are not resolved!
I also tried the DNS Diagnose-Tool of my OPNsense, using 8.8.8.8, and it could receive the IP of amazon.com, but again no Domain-Name resolving when working with browser, calling apt-get etc.
Before upgrading to 24.1 I saved the configuration. I tried to solve the issue by restore the config saved before: the issue remains.
I also tried several restarts... did also not helped.
Now I am confused, sad, angry and cannot surf in the www :-(
Please help me!

Check if you still have an IPv4 gateway, two of my machines completly lost the IPv4 gateway entries. I had to recreate them by hand, luckly these remote firewall still had ipv6 running so i was able to fix it.

10

24.1 Legacy Series / Re: 24.1 IDS breaks internet

« on: January 30, 2024, 09:21:00 pm »

For me, disabling Surricata is not enough. IPv4 WAN is complety dead, IPv6 still works. Unbound cant resolve anything but has IPv4 and IPv6 upstream servers.

Update: the system has no IPv4 default gateway anymore.

11

24.1 Legacy Series / Re: No access to URLs on WAN side after upgrading to 24.1

« on: January 30, 2024, 09:13:56 pm »

Many of my VLANs lost internet, they can ping the firewall but unbound does not respond, cant ping 8.8.8.8. Automatic outbound nat rules are missing, i had to recreate them but still no internet.

S2S IPSec tunnels do not work anymore, up but no traffic.

Disabled Surricata and rebootet, no change.

12

23.7 Legacy Series / Re: netdata update on OPNsense Business Edition

« on: September 28, 2023, 08:25:41 pm »

Hi Franco,

you are right, the banner "9 Nodes are below recommend agent version v1.39.1. Please update them to ensure you get the latest security bug fixes." in the netdata cloud console is a bit misleading and suggest there might be a security issue with the old netdata agent. It looks like there is no open cve for this version.

13

23.7 Legacy Series / netdata update on OPNsense Business Edition

« on: September 26, 2023, 11:49:26 am »

Hello,

we monitor our OPNsense installation with netdata. We found that netdata.cloud complains about security issue with netdata 1.39.1 on our OPNsense Business Edition installations. We have a few with Community Editions and these are fine and have a newer installation.

Is it possible for the OPNsense Team to include netdata in the next Update? or is it possible to use the netdata package from the community edition on the business edition or does this brake the updating process?

Thanks

14

23.1 Legacy Series / Re: Can't do any firmware update

« on: July 07, 2023, 03:07:17 pm »

It look like a pure IPv4 connection, so i would rule out the usual IPv6 connectivity issue. It might be an MTU issue, meta.conf is around 163 bytes and packagesite.pkg around 240kb.

I would try another mirror or try pulling the file from console via wget or curl and see whats happening.

https://opnsense.c0urier.net/FreeBSD%3A13%3Aamd64/23.1/latest/

15

23.1 Legacy Series / Re: errors during 23.4 business upgrade

« on: April 27, 2023, 12:24:12 pm »

We got the same errors on yesterdays update run, but had no issues after the final reboot. So far, the Update to 23.04 was successful on 3 of our devices.

We see low uptime on some of our S2S IPSec SA's and "to few" active mobile IKEv2 Windows Clients, i hope this is just some random occurrence and not issues with the new StrongSWAN update.