Messages

1

22.7 Legacy Series / Re: unbound errors starting with 22.7.10

« on: January 18, 2023, 04:35:29 pm »

Thanks, I didn't know that it was necessary to save settings, I thought that restarting the service or rebooting the system was sufficient.

2

22.7 Legacy Series / unbound errors starting with 22.7.10

« on: January 18, 2023, 04:06:27 pm »

Ever since 22.7.10, after a reboot I get this dnsbl error in unbound, which refuses to start. I believe this to be patched in a later version, and I presume also in 22.7.11.
Do I need to reinstall something to get rid of this?

Code: [Select]

<27>1 2023-01-18T15:48:06+01:00 router.haanjdj.ddns.net unbound 82519 - [meta sequenceId="8"] [82519:1] error: pythonmod: python error: Traceback (most recent call last):
  File "dnsbl_module.py", line 281, in operate
    return ctx.filter_query(id, qstate, qdata)
  File "dnsbl_module.py", line 168, in filter_query
    if reply_list.query_reply:
AttributeError: 'NoneType' object has no attribute 'query_reply'


3

22.7 Legacy Series / Re: Possible PF Software Bug Causing Slowness

« on: January 05, 2023, 06:26:12 am »

Could you elaborate a bit more on the network topology? Are there things like PPPoE involved?

4

22.7 Legacy Series / Re: Many Unbound Log Errors after updating to 22.7.10

« on: December 21, 2022, 09:57:17 pm »

I applied the hotfix (opnsense-22.7.10_2), but the hotfix itself doesn't restart unbound. Wouldn't that be necessary for it to pick up the changes?

5

22.7 Legacy Series / Re: Unbound quits running sometimes after 22.7.9 update

« on: December 03, 2022, 10:09:00 am »

I would suggest to start with the simplest possible configuration (so no overrides, query forwarding, DoT/DoH, blocklists, etc.). If that stays running that way, you can gradually re-enable those features, and by doing this, narrow down the issue.
And be sure to check the system logs as well as the unbound log. Depending on the issue, things may get logged in either place.

6

22.7 Legacy Series / Re: igmpproxy stops due to interface link down

« on: December 01, 2022, 04:15:25 pm »

I am experiencing something similar with igmpproxy. Sometimes it simply doesn't work after a reboot of the system. If I then restart it from the gui, it works again. This probably means there is a timing or dependency issue, with it starting up before the network interfaces are ready. I can't really find out what exactly is the issue here.

What I have done for now, is set a crontab entry to restart the service overnight, this seems to work well.

Code: [Select]

root@router:~ # cat /usr/local/etc/cron.d/igmpproxy.sh
#
# By default, all entries in this file are commented and inactive.
# Please uncomment and customize as shown below.

# use /bin/sh to run commands, overriding the default set by cron
# uncomment, don't change the value
#SHELL=/bin/sh

# mail any output to here, no matter whose crontab this is
# uncomment, set the addres
#MAILTO=me@example.org

# uncomment, set mm and hh to the time (e.g. hh:mm) of day you want the
# cronjob to run
#mm hh * * * /usr/local/sbin/acme.sh --cron --home /var/db/acme/.acme.sh  > /dev/null
1 1 * * * root (/usr/local/etc/rc.d/igmpproxy stop && sleep 3 && /usr/local/etc/rc.d/igmpproxy onestart) >> /dev/null


7

22.7 Legacy Series / Re: netisr saturates one CPU core, regardless of traffic. DOCSIS not PPP.

« on: November 28, 2022, 10:56:31 am »

Please read this:

https://forum.opnsense.org/index.php?topic=24409.0

This

Code: [Select]

net.isr.dispatch = deferred is AFAIK only needed for PPP/PPPoE, in all other cases it is not necessary to set this.

8

Zenarmor (Sensei) / Re: ZenArmor eastpect filesystem full error

« on: November 15, 2022, 02:09:36 pm »

I have never seen this error before, so I would like to know what has changed, that caused this to start happening now. And how do I find out what the necessary size is, without resorting to trial and error?

9

Zenarmor (Sensei) / ZenArmor eastpect filesystem full error

« on: November 12, 2022, 04:37:15 pm »

I am seeing these error messages in my logs:

pid 22 (eastpect), uid 0 inumber 8 on /usr/local/sensei/output/active/temp: filesystem full
pid 22 (eastpect), uid 0 inumber 8 on /usr/local/sensei/output/active/temp: filesystem full
pid 22 (eastpect), uid 0 inumber 11 on /usr/local/sensei/output/active/temp: filesystem full
pid 22 (eastpect), uid 0 inumber 11 on /usr/local/sensei/output/active/temp: filesystem full
pid 22 (eastpect), uid 0 inumber 18 on /usr/local/sensei/output/active/temp: filesystem full
pid 22 (eastpect), uid 0 inumber 18 on /usr/local/sensei/output/active/temp: filesystem full
pid 22 (eastpect), uid 0 inumber 23 on /usr/local/sensei/output/active/temp: filesystem full
pid 22 (eastpect), uid 0 inumber 23 on /usr/local/sensei/output/active/temp: filesystem full
pid 22 (eastpect), uid 0 inumber 28 on /usr/local/sensei/output/active/temp: filesystem full
pid 22 (eastpect), uid 0 inumber 28 on /usr/local/sensei/output/active/temp: filesystem full
pid 22 (eastpect), uid 0 inumber 30 on /usr/local/sensei/output/active/temp: filesystem full

Is this something to be concerned about? Anything I should change in the settings?
I have never seen these before, so this seems to coincide with the 1.12 release of ZenArmor, or the 22.7.7 release of OPNsense.

10

22.7 Legacy Series / Re: Connection drop on PPPoE

« on: October 03, 2022, 09:13:13 am »

I am using a Qotom mini-pc fromt the multiple-NIC series:

https://www.qotom.net/product/list-62.html

11

22.7 Legacy Series / Re: filter log files keep growing till they overflow the disk

« on: September 28, 2022, 04:16:38 pm »

You may want to try a ZFS install and turn compression on, this helps tremendously in these cases.

12

22.7 Legacy Series / Re: Connection drop on PPPoE

« on: September 23, 2022, 10:43:14 am »

I would suggest you start with using internal (PCI/PCIe) Intel-based cards. Realtek and external (USB and such) cards are notorious for these kinds of issues.

13

22.7 Legacy Series / Re: update from 22.7 install image to 22.7.4 leads to AHCI timeouts and errors

« on: September 10, 2022, 09:37:51 am »

I would start by ruling out hardware issues, is it possible to run some kind of hardware diagnostics on this machine?

14

Zenarmor (Sensei) / Re: Apps Breakdown 90% DNS

« on: September 02, 2022, 07:25:26 pm »

This happens probably because the default view in the dashboard displays the number of Sessions. Because DNS is UDP based, with lots of small packets, and every packet is a session, these numbers rise quite fast, giving a skewed view.
If you change the view to Volume, it gives a better impression of the amount of traffic, and the distribution thereof. You'll probably come to the conclusion that this is nothing to worry about.

15

22.7 Legacy Series / Re: DNS Servers not being used.

« on: August 05, 2022, 03:14:56 pm »

If the server list is empty... how would it know which servers to use??

If you leave it empty, it uses the local unbound dns service, that’s what you want, right?