Messages

616

23.7 Legacy Series / Re: high disk usage, du and df differ

« on: December 18, 2023, 07:04:07 pm »

I'm using UFS - maybe I should re-do this using ZFS?

Sounds like an excellent idea. At least it doesn't crash after every power failure. Also the filesystem is lz4-compressed by default, if you are space-constrained.

617

23.7 Legacy Series / Re: If having trouble using UPnP, not seeing Console "Open" after the guides?

« on: December 16, 2023, 11:35:04 am »

AFAICT the proper way of doing this is installing os-mdns-repeater and enabling it on required interfaces.

618

23.7 Legacy Series / Re: How to set unbound as ONLY resolver on OPNSense?

« on: December 16, 2023, 11:32:38 am »

Well, this works "out of the box" and definitely does not need any DNS servers configured for the system, or forwarders in Unbound

Firewall has logs, use them. Disabling IPv6 does not do any good, bad idea in general.

619

Tutorials and FAQs / Re: DHCP Static Mappings

« on: December 16, 2023, 10:39:31 am »

https://forum.opnsense.org/index.php?topic=9497.0
https://forum.opnsense.org/index.php?topic=33943.0

620

23.7 Legacy Series / Re: LDAP + TOTP OpenVPn

« on: December 16, 2023, 10:22:04 am »

https://learn.microsoft.com/en-us/windows/win32/debug/system-error-codes--8200-8999-

Code: [Select]

8430 (0x20EE)

The directory service encountered an internal failure.

I'd run dcdiag on the Windows box.

621

23.7 Legacy Series / Re: Firewall - Rules -WAN - unable to expand the Automatically generated rules

« on: December 14, 2023, 10:49:45 am »

Well, the "latest" version is 23.7.10_1 and this issue has definitely been fixed.

622

23.7 Legacy Series / Re: Issue with OpenVPN DNS and Dynamic Updates

« on: December 14, 2023, 10:48:27 am »

Sounds like a complete security nightmare in the making.

623

23.7 Legacy Series / Re: Syslog-ng: freeradius option vanished from remote destination

« on: December 13, 2023, 04:41:18 pm »

Not sure which "latest upgrade" you mean. Something around freeradius syslog was added over a year ago and not touched ever since.

https://github.com/opnsense/plugins/commit/b6a9b0f554164b9f0a1ee02e544fe2ef39705def

624

23.7 Legacy Series / Re: Upgrade error opnsense: 23.7.9 -> 23.7.10_1

« on: December 13, 2023, 03:58:19 pm »

OK, thanks for feedback. Sounds like pkg{,-static} bug to me, I'd say unlinking and trying to refetch the broken package file would be a much saner behaviour than giving up with a cryptic error.

625

General Discussion / Re: How get back Disable State Killing on Gateway Failure function on 23.1.11

« on: December 13, 2023, 01:48:07 pm »

You can play with partially reverting this commit (sans the GUI configuration/conditional bits).

Much more preferable: figure out something with Services - Monit.

Otherwise, there's core/#6803 issue open.

626

23.7 Legacy Series / Re: Upgrade error opnsense: 23.7.9 -> 23.7.10_1

« on: December 13, 2023, 11:21:58 am »

Remove the offending file and try again?

Code: [Select]

rm -f /var/cache/pkg/os-ddclient-1.18~753e302a6f.pkg


627

23.7 Legacy Series / Re: OPNsense runs out of space

« on: December 13, 2023, 11:15:41 am »

Well, if you are using UFS (yuck again), I'd suggest taking a configuration backup and doing a reinstall with ZFS. Will cut the storage space used by logs alone about tenfold, assuming same retention in place (the filesystem is lz4-compressed by default, see output I posted above). Plus, it does not suffer from unsolvable filesystem corruption issues.

628

23.7 Legacy Series / Re: OPNsense runs out of space

« on: December 13, 2023, 10:55:40 am »

I mean, with ZFS in place with compression enabled, we are not even getting meaningful figures here. Consider:

# man du

Code: [Select]

     -A      Display the apparent size instead of the disk usage.  This can be
             helpful when operating on compressed volumes or sparse files.


Code: [Select]

# find /var/log/filter -type f -exec du -Ah {} + | sort -h
9.2M    /var/log/filter/filter_20231213.log
 17M    /var/log/filter/filter_20231210.log
 23M    /var/log/filter/filter_20231204.log
 24M    /var/log/filter/filter_20231211.log
 30M    /var/log/filter/filter_20231212.log
 58M    /var/log/filter/filter_20231206.log
 59M    /var/log/filter/filter_20231209.log
 75M    /var/log/filter/filter_20231207.log
 92M    /var/log/filter/filter_20231208.log
 95M    /var/log/filter/filter_20231205.log

vs.

Code: [Select]

# find /var/log/filter -type f -exec du -h {} + | sort -h
1.4M    /var/log/filter/filter_20231213.log
1.9M    /var/log/filter/filter_20231210.log
3.1M    /var/log/filter/filter_20231204.log
3.1M    /var/log/filter/filter_20231211.log
4.2M    /var/log/filter/filter_20231212.log
8.1M    /var/log/filter/filter_20231209.log
8.2M    /var/log/filter/filter_20231206.log
 11M    /var/log/filter/filter_20231207.log
 13M    /var/log/filter/filter_20231205.log
 13M    /var/log/filter/filter_20231208.log

So, e.g. those firewall log files here you listed, they are actually not half gig, but ~5G per day.

Code: [Select]

547M    /var/log/filter/filter_20231129.log
540M    /var/log/filter/filter_20231127.log
534M    /var/log/filter/filter_20231206.log
532M    /var/log/filter/filter_20231128.log
531M    /var/log/filter/filter_20231205.log
529M    /var/log/filter/filter_20231130.log
522M    /var/log/filter/filter_20231207.log
512M    /var/log/filter/filter_20231204.log
509M    /var/log/filter/filter_20231123.log


629

23.7 Legacy Series / Re: OPNsense runs out of space

« on: December 13, 2023, 10:23:33 am »

At the risk of stating the obvious, did you use some reliable method to check the disk space usage first? Cannot even make sense of where does the graph come from in the original post.

Code: [Select]

# zpool list
# df -h
Some more notes:

- Those netflow DBs and logs can eat entire disk space easily. Get some decent storage before enabling it. If unable, disable and reset netflow data.
- You seem to be running the (absolutely horrlble) MongoDB thing on your firewall. For what? Yuck.
- Collecting half gig of firewall logs a day - what's the log retention set to.

Finally: have you ever rebooted the box after deleting those mongdb and whatnot files you mentioned earlier?

630

Tutorials and FAQs / Improved shell prompt

« on: December 12, 2023, 10:58:45 am »

Just putting a note here for myself, might be useful for others. Mainly wanted FQDN included, the hostname alone is not really useful when you have tons of boxes which happen to have e.g. gw as hostname.

Use this in ~/.cshrc (comment out the original line) to get [OPNsense version][username@FQDN]/$cwd #

Code: [Select]

set prompt="[%B`opnsense-version`%b][%B%n%b%{\033[0;1;31m%}@%{\033[0;0;0m%}%B%M%b]%/%{\033[0;1;31m%} #%{\033[0;0;0m%} "

Result:

Code: [Select]

[OPNsense 23.7.9][root@host.example.com]/root #