Messages

1

General Discussion / Re: OPNsense should get a Mastodon presence and make announcements there

« on: January 20, 2023, 07:36:03 pm »

True BUT I think that was not what the OP meant.
New releases/patches infos are posted on Twitter and actually this is where I new about them firstly.
Leaving the Musk asylum also. The idea of the OP is a very valid one. Nobody spoke about support there (which obviously would be the wrong place).

2

General Discussion / Re: OPNsense should get a Mastodon presence and make announcements there

« on: January 20, 2023, 11:32:35 am »

+1

3

22.7 Legacy Series / Re: [update] after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: January 09, 2023, 02:58:46 pm »

Again: I'm looking (was looking) at it from an end user perspective. If my car breaks down after an intervention I can't know if it's Bosch or Siemens part of if BMW screwed up. I just want a car working as before. Might be a stupid example I know.
And if the update broke my system I blame the update not the parts it's made of.
You might be technically right but that's not what I meant (as OP). I had "really" big issues and spent many days trying to fix it, without success.
I found a "workaround" and will see what the next big version update brings.

No hard feelings anyway.

4

22.7 Legacy Series / Re: [update] after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: January 09, 2023, 02:42:51 pm »

Also, fact: up until one specific update all worked for many updates and major versions before. IPS etc.
And then ONE update breaks all in a way that the basic usage is completely compromised.
That's a fact and no finger pointing and blaming......

5

22.7 Legacy Series / Re: [update] after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: January 05, 2023, 07:47:32 pm »

22.7.9 was the last one I used with NO issues at all. Good times....

6

22.7 Legacy Series / Re: [update] after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: January 05, 2023, 08:47:50 am »

I’ve spent weeks with an unreliable system from one day to the other. No clear solutions.
Set up from scratch restoring a backup (obviously) but the backup could only be restored with all packages up to date (and reintroducing the possible issue)…..
As I’ve said I switched to pfsense for now and like what I have found.
There’s always a solution.

7

22.7 Legacy Series / Re: [update] after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: December 30, 2022, 11:51:30 am »

After the reinstall and restore of configs I couldn't get my Zerotier no longer working. While it connected and all seemed well the static routes (defined in the ZT network) to reach my LAN didn't work. 100% equal config as before (uninstalled reinstalled ZT and configured all from scratch to try).
This tipped me over the edge. Spent one day and have now pfsense running with the same configuration as OPNsense (pfblockerng instead of opnsense way of doing).
Running fine!

Will have this running now as main fw for a week and switch back to see if OPNsense stopped having the above issues with resolving DNS.

I NEED a failsafe backup (just switch cables) I can't have the issues as above and all backups from my company failing........

Time will tell with whom I'll stay

8

22.7 Legacy Series / Re: fresh install with Audit issues

« on: December 28, 2022, 10:13:32 am »

Reinstalled python39 from packages and at least this error is gone but the "Error 2 ocurred.
etc/sysctl.conf:" is still there:

Code: [Select]

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.7.10_2 (amd64/OpenSSL) at Wed Dec 28 09:08:20 WET 2022
>>> Check installed kernel version
Version 22.7.9 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.7.9 is correct.
>>> Check for missing or altered base files
Error 2 ocurred.
etc/sysctl.conf:
size (311, 345)
sha256digest (0x8c57d647047d84b9be4cddbb0b6d58c1d5839f148b62d1137b8bf2611f681cfd, 0x06ec8255e5fdfb4ccaf2059bc0d12c92554e4ba8f92b9d4c51af74ba58ba00c9)
>>> Check installed repositories
SunnyValley
OPNsense
>>> Check installed plugins
os-api-backup 1.0_1
os-crowdsec 1.0.1
os-dmidecode 1.1_1
os-etpro-telemetry 1.6_1
os-intrusion-detection-content-et-open 1.0.1
os-intrusion-detection-content-snort-vrt 1.1_1
os-nextcloud-backup 1.0_1
os-qemu-guest-agent 1.1_1
os-sensei 1.12.2
os-sensei-agent 1.12.2
os-sensei-updater 1.12
os-sunnyvalley 1.2_2
os-wireguard 1.13_3
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 63 dependencies to check.
Checking packages: ................................................................. done
***DONE***
Yes, seems to be the same.... Nothing I can do there and seems not to matter from what I understand.
I wonder WHY those errors are there on a fresh install and update to latest!?

9

22.7 Legacy Series / fresh install with Audit issues

« on: December 28, 2022, 10:03:43 am »

Hi

I yesterday started from scratch with a new OPNsense install. Updated all plugins, installed my backup.
Today I ran an Audit and got errors:

Code: [Select]

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.7.10_2 (amd64/OpenSSL) at Wed Dec 28 08:57:30 WET 2022
>>> Check installed kernel version
Version 22.7.9 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.7.9 is correct.
>>> Check for missing or altered base files
Error 2 ocurred.
etc/sysctl.conf:
size (311, 345)
sha256digest (0x8c57d647047d84b9be4cddbb0b6d58c1d5839f148b62d1137b8bf2611f681cfd, 0x06ec8255e5fdfb4ccaf2059bc0d12c92554e4ba8f92b9d4c51af74ba58ba00c9)
>>> Check installed repositories
SunnyValley
OPNsense
>>> Check installed plugins
os-api-backup 1.0_1
os-crowdsec 1.0.1
os-dmidecode 1.1_1
os-etpro-telemetry 1.6_1
os-intrusion-detection-content-et-open 1.0.1
os-intrusion-detection-content-snort-vrt 1.1_1
os-nextcloud-backup 1.0_1
os-qemu-guest-agent 1.1_1
os-sensei 1.12.2
os-sensei-agent 1.12.2
os-sensei-updater 1.12
os-sunnyvalley 1.2_2
os-wireguard 1.13_3
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: ........
python39-3.9.16: checksum mismatch for /usr/local/lib/python3.9/__pycache__/ipaddress.cpython-39.pyc
python39-3.9.16: checksum mismatch for /usr/local/lib/python3.9/__pycache__/mimetypes.cpython-39.pyc
python39-3.9.16: checksum mismatch for /usr/local/lib/python3.9/__pycache__/queue.cpython-39.pyc
python39-3.9.16: checksum mismatch for /usr/local/lib/python3.9/__pycache__/subprocess.cpython-39.pyc
python39-3.9.16: checksum mismatch for /usr/local/lib/python3.9/__pycache__/zipfile.cpython-39.pyc
Checking all packages..... done
>>> Check for core packages consistency
Core package "opnsense" has 63 dependencies to check.
Checking packages: ................................................................. done
***DONE***
Normal? What should I do?

Thx in advance

10

22.7 Legacy Series / Re: [update] after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: December 27, 2022, 03:17:29 pm »

It started stopping dns resolving in less than an hour now....

Resorted in starting VM from scratch and restoring backup and reconfiguring the rest.....

What a nightmare this has been since I updated start of this month!

11

22.7 Legacy Series / Re: after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: December 27, 2022, 09:40:43 am »

Are you using Proxmox and running OPNsense in a VM?
If you are, please disable memory ballooning.
You can find the settings in:
OPNsense VM
Hardware -> Memory
Tick Advanced
Untick Ballooning Device

It seems that FreeBSD 13.1 and MangoDB does not like Proxmox using Ballooning memory and will exhibit modules in OPNsense failing than crashing the whole VM.

Yes it's on Proxmox. Ballooning was always off, this is not it.

AND I spoke too soon: suricata 6.0.8_1 and OPNsense 22.7.10_2 after a bit more than a day had the same issue: memory trippled and DNS no longer resolving. All services running fine from what I could see.
So there seems to be another issue here apart from suricata. Unbound (also has a bigger update)?

I have reverted to a snapshot from Dec 2nd, were all was fine for ages. Running 22.7.9 with the plugins from that release and see how it goes.

12

22.7 Legacy Series / Re: after 22.7.9 update the gateway suddenly dies after 1 day or so

« on: December 26, 2022, 03:27:39 pm »

@franco

UPDATE:

I have been running 22.7.10_2 and the previous update with the Suricata 6.0.9_1

I have found that for the last few days I get to a time when I see memory usage going up, swap space being used (I have 12GB assigned and pratically never use swap) and then suddenly some domains start not resolving.
Then even more stop resolving. A reboot fixes this.
I have switched from Unbound to DNSmasq but the same happens after a day or so.
I have reverted to OPNsense 22.7.8 have locked the suricata at 6.0.8_1 and updated again to 22.7.10_2

Running fine now again, with normal memory usage and all domains resolving.

So Suricata 6.0.9_1 DOES have issues still........

13

22.7 Legacy Series / Re: use ddclient 3.10.0

« on: December 22, 2022, 08:55:07 pm »

p.S. Actually my ISP Vodafone didn't change my IP for the last 4 years

14

22.7 Legacy Series / Re: use ddclient 3.10.0

« on: December 22, 2022, 08:52:18 pm »

Well, depends on dyndns provider I guess. Mine didn't work.

I have 15min because I don't want to hammer the dyndns servers. Could be 5min or whatever...

When the IP changes it will be set. Worst case is 15min with the wrong IP. Can live with that.

15

22.7 Legacy Series / Re: use ddclient 3.10.0

« on: December 22, 2022, 04:45:26 pm »

Not sure where Dynamic DNS is headed, but ddclient has never worked for me. I still remain on the Legacy plugin.
Is trying the development version worth a try, or am I wasting my time?

Never worked well, neither of both.

Just the small script on a linux machine/VM/LXC/Raspberry and you'll be done in 2min and never have to worry about it.