Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - franco

Pages1 2 3 ... 1317
#1
26.1 Series / Re: Upgrade to 26.1.3 hung on startup at ">>> Invoking import script 'importer'"
March 10, 2026, 08:08:07 PM
Can you press CTRL+T while it hangs and show what it says? It's likely probing disks and hanging there, which I haven't seen before.


Cheers,
Franco
#2
26.1 Series / Re: Large number of files accumulating in /tmp with name beginning with tmpcfd_
March 10, 2026, 05:43:23 PM
Busy dashboard open perhaps?
#3
26.1 Series / Re: FW live view not working regex
March 10, 2026, 03:17:36 PM
"not seen before" was directed towards the fact that regex are/were supported in the JS here, not the regex itself :D


Cheers,
Franco
#4
26.1 Series / Re: Large number of files accumulating in /tmp with name beginning with tmpcfd_
March 10, 2026, 03:16:12 PM
Hi Larry,

> src/opnsense/service/modules/actions/script_output.py:    temp_prefix = 'tmpcfd_'

It's for the background service.  A peek into the files may help with who is requesting them.

The backend log will also show how many times something is requested:

# opnsense-log -f configd


Cheers,
Franco
#5
26.1 Series / Re: MiniUPNPD
March 10, 2026, 12:57:01 PM
The errors in the log are one thing and I encourage everyone to research them and report them upstream.

The key question for us is if the service is working or not.


Cheers,
Franco
#6
26.1 Series / Re: FW live view not working regex
March 10, 2026, 12:55:40 PM
Hi,

Thanks for the report! I think this is only an intermediate fix:

https://github.com/opnsense/core/commit/92e0d5a96fbe

I asked my colleague to comment on the "443|80|22|23|25" regex use.  Haven't seen this before.


Cheers,
Franco
#7
26.1 Series / Re: CALL FOR TESTING: Multi-dhcp6c for multi-WAN IPv6
March 10, 2026, 10:54:59 AM
@jrichey98

> The default was DNSMasq, I couldn't get router advertisements to work or see leases (though ipv4 was working, ipv6 was not), so I switched over to KEA / RA. DHCPv4/6 are working well and assigning leases and RA daemon is configured as Managed (A+O) and working great. I get a warning that I should be using a /64 it doesn't seem to effect anything.

I haven't heard this before but good to know.  Don't know what is wrong though.  Need to keep this under observation.

I'm also unsure why your WAN DHCPv6 seems to misbehave in the standard case.  This patch is only designed to allow to manage associations per interface in a fine-grained fashion.


@Maurice

Thanks!  Exactly why we're here testing.

I have to say this is somewhat expected against the same DHCPv6 server at the price of yielding full control of the associations to the user. It's difficult to support both at the same time. The indexing code is a bit whacky in general:

https://github.com/opnsense/core/blob/10c4d20dbc009ca73e201c80e4bb2f043b9416f4/src/etc/inc/interfaces.inc#L2920-L2940

IMO this isn't rooted in any type of reality -- it just tries to unbreak what you describe in a crude way and there is no (elegant) way to prevent overlap in manual settings if we keep doing this.

NA has that same issue now I guess.  Also fixable with an additional setting.

Would it help if we split the DUID like VyOS does? :>

https://github.com/vyos/vyos-build/blob/current/scripts/package-build/wide-dhcpv6/patches/wide-dhcpv6/0023-dhcpc6-support-per-interface-client-DUIDs.patch

Because that was on my wishlist...


Cheers,
Franco
#8
26.1 Series / Re: Upgrade went wrong
March 09, 2026, 09:29:39 PM
Right now, I thought we were in a different conversation.  ;)


Cheers,
Franco
#9
26.1 Series / Re: Divert mode "Write to ipfw divert socket failed: Permission denied"
March 09, 2026, 09:19:24 PM
Ok, I traced the kernel code and it appears to reinject the packet at which point the firewall is asked for outbound and then the packet is rejected:

https://github.com/opnsense/src/blob/6e01be67e8f2218a2825860ef581a988b405902d/sys/netinet/ip_output.c#L129-L130

Easy fix for 26.1.4.


Cheers,
Franco
#10
26.1 Series / Re: [feature suggestion] authpf integration
March 09, 2026, 09:01:03 PM
It looks like a viable plugin project since all you need is anchor registration into main pf ruleset which has been pluggable since forever.


Cheers,
Franco
#11
26.1 Series / Re: Upgrade went wrong
March 09, 2026, 08:57:28 PM
> This update is a bit rough for many, hopefully there is an update to patch things up.

Yes, but we did establish it's rough because the wrong package manager ended up installing which is a manual complication we neither test nor can control.


Cheers,
Franco

#12
26.1 Series / Re: Opnsense 26.1.3 upgrade error due to opnsense package removal.
March 09, 2026, 03:20:28 PM
These errors appear unavoidable with the deinstall/install approach of the package manager taken.

Some day we may consider a more clever approach to upgrading a system on the fly while the web server keeps running.

For now the errors are not muted to not mute other more important errors that would otherwise be lost.


Cheers,
Franco
#13
26.1 Series / Re: Upgrade went wrong
March 06, 2026, 08:03:29 PM
# opnsense-revert opnsense


Cheers,
Franco
#14
26.1 Series / Re: Upgrade went wrong
March 06, 2026, 06:57:40 PM
You installed the FreeBSD package manager version, which isn't good.

>   opnsense-26.1.3 [OPNsense] (Vital flag changed: 'true' -> 'false')

This looks like a weird database bug. Vital flag is never removed.

Try this first...

# opnsense-revert pkg


Cheers,
Franco
#15
General Discussion / Re: ISP bandwidth is cut in 1/3 due to Suricata Intrusion detection IPS Mode
March 06, 2026, 04:38:48 PM
> On pf long ago, Suricata was multithreaded which gave a performance boost over Snort.

The key part here is Netmap+Suricata.


Cheers,
Franco
Pages1 2 3 ... 1317