Messages

1

20.1 Production Series / Viewing shaper status

« on: June 05, 2020, 03:26:08 pm »

You used to be able to monitor the full status of the traffic shaper in the GUI which would dynamically display the queues along with how many packets were dropped, etc - similar to running ipfw sched show on the command line.. Is there any way to duplicate that functionality from the command line where it automatically refreshes, similar to how top works?

2

20.1 Production Series / Request - zoom options on Health graphs

« on: June 05, 2020, 02:52:46 pm »

Is it possible to provide better options for zooming in to time periods on the Health graphs?  Especially on something like the quality graphs - being able to zoom in closer than a 20 hour period would be very helpful.. Or am I missing something? 

3

20.1 Production Series / Re: Damaged tar message after upgrade

« on: February 05, 2020, 02:17:46 pm »

So, what I ended up doing was taking a full config backup, and then doing a clean install of 20.1 on my RCC-VE 2440.. One of the things that stood out was that even when I got the firewall back up and running, it was taking a very long time to initiate a reboot, which typically completes in about 60-90 seconds.  After this happened, it was taking 3-4 minutes for a reboot.  Much of that time was spent during the shutdown process -- if I issued a reboot command from the GUI, the webpage would reload before the router even started rebooted.

I cant be 100% certain, but if I recall, the messages I was seeing about the damaged tar were showing up right when the router was attempting to start flowd_aggregate or flowd on the reboot.
tar: Damaged tar archive
    tar: Retrying...
    tar: Damaged tar archive
    tar: Retrying...
    tar: Damaged tar archive
    tar: Retrying...

Looking back at syslog messages from when this started around 3:20 AM on 2/4, it looks like my ISP remotely rebooted my modem, there was a WAN IP change via DHCP, and dpinger started complaining constantly about the gateway being down, and when I woke up around 6:00 AM, there was no internet connection and the serial console was just spitting out those tar messages.  It looks like dpinger didn't pick up the new gateway to monitor. 

Is it possible that archived logs from flowd became corrupt or something?  Why didn't dpinger change the gateway monitoring address after the WAN IP change?  Is it possible this could be related to the similar issue with flowd reported here?  https://forum.opnsense.org/index.php?topic=15698.0 -- if so, should I apply that patch?

In the end, I think the clean install and config restore was best.  My ISP does not change WAN IPs very often, maybe 2 or 3 times a year.  Now a reboot is taking about 60 seconds.

4

20.1 Production Series / Damaged tar message after upgrade

« on: February 04, 2020, 01:27:45 pm »

I upgraded my system from 19.7 to 20.1, I believe - on Friday last week.  Last night around 3:30 AM, it looks like the firewall rebooted for whatever reason and got stuck with these repeating "Damaged tar" messages.  I tried rebooting a couple more times with the same results.. I discovered that pressing CTRL-C allowed it to continue the boot and the firewall came back up.  I did one or two more reboots - but still got stuck with the damaged tar messages that required CTRL-C to finish booting.  I was getting ready to clean install and restore from a config backup when I rebooted one more time from the GUI, and this time it made it through the entire boot without issue. 

Any way I can figure out what this was/is?  I'm running on a Netgate RCC-VE2440 x64/serial with an Intel 30GB SSD.


Thanks
Rick

5

19.1 Legacy Series / Re: DDNS error since 19.1.4

« on: March 19, 2019, 12:35:08 pm »

Ended up being able to post a message to the DNS-O-Matic community about this.. I'll update this if anyone responds over there.. DNS-O-Matic is working within OPNSense -- its just the Cloudflare service when updated through DNS-O-Matic is failing.. I have a couple other services in the DNS-O-Matic account that are updating properly (Tunnelbroker, DSLReports, Zoneedit)

6

19.1 Legacy Series / Re: Can anyone reach their cable modem through OpnSense?

« on: March 18, 2019, 10:58:11 pm »

Ive always been able to access my modem's 192.168.100.1 address from the LAN through my OPNSense box.. These have included Arris TM802, Arris TM1602, Motorola SB6183, and now Netgear CM600.. The "block private networks" thing I believe only blocks incoming connections from source addresses that are RFC1918 on the WAN interface.

I do have a default IPv4 LAN outgoing rule that allows anything from "LAN Net" to go to ANY..  Have you tried adding in a LAN rule that allows anything from "LAN Net" to go to 192.168.100.1 if you dont already have an allow all outgoing rule?

7

19.1 Legacy Series / Re: DDNS error since 19.1.4

« on: March 18, 2019, 10:47:33 pm »

I'm not sure what changed.. I disabled them in Dns-o-matic and just added them separately as Cloudflare services in OPNSense, and they update without issue.  From what I can tell, OpenDNS now requires a Cisco Umbrella account to post on their community pages, and it doesn't look like its seen much action lately.

8

19.1 Legacy Series / DDNS error since 19.1.4

« on: March 17, 2019, 11:01:58 am »

Hi all. I’ve had DDNS setup for quite some time to update Dnsomatic with Opnsense. I have several records in Dnsomatic that get updated, but ever since I updated from 19.1.3 to 19.1.4, I get an error from Cloudflare when Dnsomatic tries to update. This started with the first boot after the update where I immediately got an error. I have other services that update on the same Dnsomatic account, it just seems to be Cloudflare that complains. I get the error every 24 hours.
The error Cloudflare returns is “err A record with those settings already exists. (81058)”

Did something change with the DDNS client in 19.1.4?
Thanks
Rick

9

19.1 Legacy Series / Re: OPNsense 19.1 released update!

« on: January 31, 2019, 07:38:55 pm »

Do some mirrors take longer than others to update?  Just tried from LeaseWeb (Washington DC) and I'm still at 19.1.r2... Changed over to NYC and Im getting 19.1 now.

10

19.1 Legacy Series / 19.1.r2?

« on: January 25, 2019, 03:41:43 pm »

Earlier this morning, I changed from Prod to Devel and went from 18.7.10(3) to 19.1_r33.. I rebooted and changed my settings back to production and tried to use the unlock/upgrade button for 19.1.r1.. After two tries, those upgrades failed and it rolled back to 19.1_r33...  At some point, I think I tried "Update" instead of the "Unlock/Upgrade", and it pulled down this:

OPNsense 19.1.r2-amd64
FreeBSD 11.2-RELEASE-p7-HBSD
OpenSSL 1.0.2q 20 Nov 2018

Is this where I should be at this stage?  Is that RC2? 

Thanks,
Rick

11

Web Proxy Filtering and Caching / Remote Blacklist and Netflix

« on: September 30, 2018, 05:50:20 pm »

Just got transparent proxy going here for the primary purpose of getting HTTPS Everywhere installed.. I followed the procedure detailed here:  https://medium.com/@privb0x23/minimal-cache-proxy-configuring-an-https-everywhere-squid-plugin-on-opnsense-80af717d40ab

I am not proxying HTTPS.. Only HTTP.. I wanted to also add some basic blacklisting for malware, phishing, and cryptojacking sites -- But when I enable remote blacklisting with the UT1 blacklist and those categories selected, Netflix stops working throughout the house.. Specifically, the following shows up in the Squid logs:

Code: [Select]

TCP_DENIED/403 6108 POST http://api-global.netflix.com/nq/nrdjs/pbo_logblob/%5E1.0.0/router - HIER_NONE/- text/html
Came across similar issues when searching for a solution related to pfSense where the fix is to uncheck "Do not allow IP-Addresses in URL" in pfSense.. Can anyone tell me how to set this configuration option for squid in OPNSense?

Thanks,
Rick

12

18.7 Legacy Series / Re: How do I get to rc2 from r_127?

« on: July 21, 2018, 03:22:37 pm »

And additionally had to change from development back to production - and it picked up r2.

13

18.7 Legacy Series / Re: How do I get to rc2 from r_127?

« on: July 21, 2018, 03:10:12 pm »

Nevermind.. I think I got it..  Did upgrade from console and had to type 18.7.r1

14

18.7 Legacy Series / How do I get to rc2 from r_127?

« on: July 21, 2018, 02:57:45 pm »

I was on 18.1.. Changed my settings to development and updated. Now I’m at r127... How do I get to RC2 from here?

15

18.1 Legacy Series / Re: ***call for testing*** DNS TLS encryption using Quad9 and Cloudflare DNS servers

« on: June 12, 2018, 07:04:12 pm »

Ive been using this configuration for a while, but I started getting the following errors in my Unbound logs recently.. Anyone know what they mean?

Code: [Select]

Jun 12 12:45:34 unbound: [79836:1] info: generate keytag query _ta-4a5c-4f66. NULL IN
Thanks,
Rick