Messages

16

18.1 Legacy Series / Re: Upgrade from 17.7.12 to 18.* not completing

« on: February 13, 2018, 05:25:24 pm »

Double-check these first and let us know their output before we continue:

# uname -a
# freebsd-version -u


Thanks,
Franco

Code: [Select]

% uname -a
FreeBSD gateway.lan 11.1-RELEASE-p6 FreeBSD 11.1-RELEASE-p6  6621d681e(stable/18.1)  amd64
% freebsd-version -u
11.1-RELEASE-p6


17

General Discussion / Re: How to avoid Double NAT with Fritz!Box

« on: February 12, 2018, 06:19:50 pm »

Not sure if this will be helpful but sharing this anyway.

I have a FritzBox 5490 and OPNsense set-up as follows:

Code: [Select]

INTERNET ----[Fritz5490]----[OPNsense]--- LAN

On my FritzBox there is a setting under Internet > Permit Access that allows you to set port sharing. Under the same setting I have an option to fully expose a host (see image).
That's how I got rid of the double NAT

18

General Discussion / Re: DtDNS Support

« on: February 10, 2018, 08:55:20 pm »

Have you tried using "Custom"?

19

18.1 Legacy Series / Re: Feature requests

« on: February 10, 2018, 06:01:03 pm »

May I add: (optional) IP resolving in the GUI and logfiles where appropriate.

* Replacing IP addresses by cached host+domain names in the GUI and logs.
* Replacing IP addresses by looked up host+domain names in the GUI and logs.

For local traffic I especially like to know where it is coming from/going to and I'm not very good in remembering which host is has which IP. Especially when using IPv6.
If logs and the GUI could show hostnames instead of (or together with) IPs that would also be very helpful. Seeing a host/domainname often gives a better idea of whether I need to be worried or not.

20

General Discussion / Re: DtDNS Support

« on: February 10, 2018, 05:48:40 pm »

What makes you think it is not supported?

21

18.1 Legacy Series / Re: Upgrade from 17.7.12 to 18.* not completing

« on: February 10, 2018, 12:56:47 pm »

After reboot (see image).

GUI wants to roll back again...

WTF?

22

18.1 Legacy Series / Re: Access Bios

« on: February 10, 2018, 11:58:15 am »

When you see the OPNsense bootloader you're too late.

You need to power on the computer and then immediately press the DELETE key (and probably keep it pressed) until you get into the BIOS.

BTW: you should not expect a lot of support here, since the BIOS (and access to it) is not under control of OPNsense.

23

18.1 Legacy Series / Re: Upgrade from 17.7.12 to 18.* not completing

« on: February 10, 2018, 11:43:00 am »

Continuing:

See image.

After the reboot I still have 17.7

So, I tried using the CLI as follows:

Code: [Select]

% su root
Password:

  0) Logout                              7) Ping host
  1) Assign interfaces                   8) Shell
  2) Set interface IP address            9) pfTop
  3) Reset the root password            10) Firewall log
  4) Reset to factory defaults          11) Reload all services
  5) Power off system                   12) Upgrade from console
  6) Reboot system                      13) Restore a backup

Enter an option: 12

Fetching change log information, please wait... done

This will automatically fetch all available updates, apply them,
and reboot if necessary.

A major firmware upgrade is available for this installation: 18.1

Make sure you have read the release notes and migration guide before
attempting this upgrade.  Around 300MB will need to be downloaded and
require 600MB of free space.  Continue with this major upgrade by
typing the major upgrade version number displayed above.

Minor updates may be available, answer 'y' to run them instead.

Proceed with this action? [18.1/y/N]: 18.1

Fetching packages-18.1-OpenSSL-amd64.tar: ................. done
Extracting packages-18.1-OpenSSL-amd64.tar...pkg-static: Repository OPNsense missing. 'pkg update' required
pkg-static: No package database installed.  Nothing to do!
 done
Please reboot.
>>> Invoking stop script 'beep'
>>> Invoking stop script 'freebsd'
Performing sanity check on squid configuration.
Configuration for squid passes.
Stopping squid.
Waiting for PIDS: 17289.
Stopping suricata.
Waiting for PIDS: 19457.
>>> Invoking stop script 'backup'
Cannot 'stop' flowd_aggregate. Set flowd_aggregate_enable to YES in /etc/rc.conf or use 'onestop' instead of 'stop'.
Shutdown NOW!
shutdown: [pid 84616]

*** FINAL System shutdown message from admin
Still on 17.7

Looks like I'm running in circles.
HELP!

24

18.1 Legacy Series / Re: Upgrade from 17.7.12 to 18.* not completing

« on: February 10, 2018, 10:11:34 am »

Updating from the CLI rolls me back...

Code: [Select]

% sudo opnsense-update
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (18 candidates): 100%
Processing candidates (18 candidates): 100%
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking integrity... done (0 conflicting)
Nothing to do.
Nothing to do.
Fetching base-17.7.10-amd64.obsolete: ... done
Fetching base-17.7.10-amd64.txz: ....... done
Fetching kernel-17.7.10-amd64.txz: .... done
!!!!!!!!!!!! ATTENTION !!!!!!!!!!!!!!!
! A critical upgrade is in progress. !
! Please do not turn off the system. !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Installing kernel-17.7.10-amd64.txz... done
Installing base-17.7.10-amd64.txz... done
Installing base-17.7.10-amd64.obsolete... done
Please reboot.

Upgrading via the GUI gave me a hint (see image)

So I logged in:

Code: [Select]

% sudo pkg update
Updating OPNsense repository catalogue...
pkg: Repository OPNsense load error: access repo file(/var/db/pkg/repo-OPNsense.sqlite) failed: No such file or directory
Fetching meta.txz: 100%    1 KiB   1.5kB/s    00:01
Fetching packagesite.txz: 100%  126 KiB 128.6kB/s    00:01
Processing entries: 100%
OPNsense repository update completed. 462 packages processed.
All repositories are up to date.

Which is an interesting output.
After a reboot I tried that again:

Code: [Select]

% sudo pkg update
Updating OPNsense repository catalogue...
pkg: Repository OPNsense has a wrong packagesite, need to re-create database
Fetching meta.txz: 100%    1 KiB   1.5kB/s    00:01
Fetching packagesite.txz: 100%  126 KiB 128.6kB/s    00:01
Processing entries: 100%
OPNsense repository update completed. 462 packages processed.
All repositories are up to date.
admin@gateway:~ % sudo pkg update
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.


25

18.1 Legacy Series / Upgrade from 17.7.12 to 18.* not completing

« on: February 10, 2018, 10:06:34 am »

This morning I'm trying to upgrade from OPNsense 17.7.12_1-amd64 to the current 18.* from the WebGUI System > Firmware > Updates  [Check for upgrades] > [Upgrade]

After a reboot I am now on:
OPNsense 17.7.12_1-amd64
FreeBSD 11.1-RELEASE-p6
OpenSSL 1.0.2n 7 Dec 2017

but still no 18.*.

What am I doing wrong?

P.S. Is there an upgrade path using the CLI instead of the GUI?

26

18.1 Legacy Series / Re: Yay, no more swap file

« on: February 07, 2018, 05:06:45 pm »

Anyone with opinions on why I would ever need a swap file with OPNsense?

Only an opinion to the contrary. You do not need a swap file if you have enough RAM.

Swap space is merely a hedge against running out of memory. By adding swap space, you extend the amount of memory the system can use before processes start to fail for lack of it. If you have more RAM than you ever use, then swap is pointless.

27

18.1 Legacy Series / Re: /usr/local/etc/bogonsv6 too big

« on: February 07, 2018, 04:46:04 pm »

I can't imagine why it's that large, mine isn't:

ll /usr/local/etc/bogonsv6
-rw-r--r--  1 root  wheel  860 Feb  1 11:58 /usr/local/etc/bogonsv6

There is a *really* well-hidden option in Firewall > Diagnostics > pfTables
The button in the top-right corner : [Update bogons]. When clicked it downloads the latest list of bogons. Which can be fairly large.

Code: [Select]

$ la /usr/local/etc/bogons*
-rw-r--r--  1 root  wheel    62572 Feb  7 16:44 /usr/local/etc/bogons
-rw-r--r--  1 root  wheel      132 Jan 29 13:12 /usr/local/etc/bogons.sample
-rw-r--r--  1 root  wheel  1514021 Feb  7 16:44 /usr/local/etc/bogonsv6
-rw-r--r--  1 root  wheel      860 Jan 29 13:12 /usr/local/etc/bogonsv6.sample

And looking at my logs I see nothing special.

Code: [Select]


Feb  7 16:43:45 gateway configd.py: [dc6fa705-7811-47fd-a2d1-9c4bbc11a04b] request content of pf bogons table
Feb  7 16:44:04 gateway configd.py: [b4dfd709-84b2-41da-bc55-e26c2bab476f] update bogons database
Feb  7 16:44:04 gateway root: rc.update_bogons is starting up
Feb  7 16:44:04 gateway root: rc.update_bogons is beginning the update cycle
Feb  7 16:44:05 gateway root: rc.update_bogons is ending the update cycle
Feb  7 16:44:05 gateway configd.py: [2edfb7f2-a740-488b-a2e4-0aee5e383c64] request content of pf bogons table
Feb  7 16:46:22 gateway configd.py: [3f82124c-4eca-4186-b412-d5e27172e084] request content of pf bogonsv6 table

I tend to agree with @franco that this might be a memory problem.

28

General Discussion / Re: How to setup ipv6 DHCPv6

« on: February 04, 2018, 08:04:44 am »

See if this works for you:

https://www.kirkg.us/posts/setting-up-ipv6-with-opnsense-and-comcast/

It especially suggests you need to add a firewall rule!

29

General Discussion / Re: How to setup ipv6 DHCPv6

« on: February 03, 2018, 11:35:30 am »

Router Advertisements can only be enabled on interfaces configured with static IP addresses. Only interfaces configured with a static IP will be shown.

Have you configured Interfaces > [LAN] >  IPv6 Configuration Type  as "Static IPv6"
And Interfaces > [LAN] > IPv6 address  with an IPv6 address?

30

17.7 Legacy Series / Restarting services & documentation

« on: February 03, 2018, 10:45:56 am »

I'm trying to figure out how to restart syslogd.
Since it is a service (and listed by service -e I thought that this would work:

Code: [Select]

$ sudo service syslogd restart
syslogd not running? (check /var/run/syslog.pid).
Starting syslogd.
syslogd: syslogd already running, pid: 7423
/etc/rc.d/syslogd: WARNING: failed to start syslogd

But apparently it doesn't.

Also using sudo pluginctl syslogd resulted in no restarting of syslogd.

Confusion... 

So, I'm now wondering if there is some documentation that I might have missed that lists which services, packages or plugins should be restarted in which way because there seem to be various mechanisms available with (at least to me) no apparent distinctions between the different functionalities.