Messages

Code Select Expand

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 21.7.3_1 (amd64/OpenSSL) at Thu Sep 30 14:07:04 UTC 2021
Fetching changelog information, please wait... Certificate verification failed for /C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense
4281915764736:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
fetch: https://pkg.opnsense.org/FreeBSD:12:amd64/21.7/sets/changelog.txz.sig: Authentication error
Updating OPNsense repository catalogue...
Certificate verification failed for /C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense
625717841920:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:

I tried different mirrors.

monit seems to be about sending alerts/e-mails.

When a service is set to run as default, I would expect that service to restart if it crashed, or at least have the option to do that.

Can monit do that for Unbound? I couldn't find any examples.

It's a Ryzen Mini-ITX board. I don't believe there is anything wrong with it. Worked great for two years, but with the occasional loss of services.

Even if it was caused by a hardware issue, I would have expected services to attempt to restart.

Twice this month, I have lost WAN.  PPPoE was still running (according to the UI), but restarting it fixed it.
Then today UBound stopped for no apparent reason.

I expect services to restart, when there is a problem.  Or at least allow for a restart if certain conditions are not met, like pinging an external server.

I reinstalled, and restored the config.  Took forever to boot. "waiting for PIDS"
Working now.

I can get to the console, but the screen is hard to read, as "Out of swap space" keep showing up

There is no swap drive. 4Gb Ram

When I do a Ctrl-D, then various messages about drives are mounted
then I get:

Code Select Expand

Invoking early script update
Invoking early script configd
Invoking early script templates
Invoking early script backup
Invoking backup script captiveportal
Invoking backup script dhcpleases
Invoking backup script duid
Invoking backup script netflow

Then it hangs.

After upgrading, I'm getting an infinite loop of
Python 3.7 jid was killed. Out of swap space.
I can't get past that, so my network is down.

So I set up a Virtual IP on the LAN.  I installed the Shadowsocks plugin, but it seems that it doesn't support regular SOCKS5.  :(

I run Shaper, and I have two Queues.  Priority (for my VOIP phone) and Default.

What I want to do is pass Torrent traffic into a third Queue, called Low Priority.  Since many Torrent clients support SOCKS, I figured the solution would be to set up a SOCK5 server on OpenSense, and have that tunnelled through the Shaper Queue.

Question is, the best way to do that.  Maybe have a Alias IP on the LAN, which SOCKS binds to, and filter by that?

Started getting the same issue.  It would also be nice if there was a button to click to disconnect/reconnect pppoe.

I found the problem.
I un-ticked  "Prevent interface removal" on the WAN interface.

[Returns nothing.]

So I now set it to 1508, and it fails again.

Code Select Expand

grep mtu /var/etc/mpd_*.conf
Returns nothing.

Code Select Expand

set console close
  # configure the web server
  set web close

default:
pppoeclient:
  create bundle static wan
  set bundle enable ipv6cp
  set iface name pppoe0
  set iface route default
  set iface disable on-demand
  set iface idle 0
  set iface enable tcpmssfix
  set iface up-script /usr/local/opnsense/scripts/interfaces/ppp-linkup.sh
  set iface down-script /usr/local/opnsense/scripts/interfaces/ppp-linkdown.sh
  set ipcp ranges 0.0.0.0/0 0.0.0.0/0
  set ipcp enable req-pri-dns
  set ipcp enable req-sec-dns
  create link static wan_link0 pppoe
  set link action bundle wan
  set link disable multilink
  set link keep-alive 10 60
  set link max-redial 0
  set link disable chap pap
  set link accept chap pap eap
  set link disable incoming
  set pppoe max-payload 1500
  set auth authname "XXXXXX"
  set auth password XXXXXXX
  set pppoe service "XXXXX"
  set pppoe iface em0
        open


Set it back to 1500

Code Select Expand

/var/etc/mpd_wan.conf:  set link mtu 1492

Looks like this is the same problem https://forum.opnsense.org/index.php?topic=11733.0

I updated from the previous version. 19.1.8

I now have it set to 1500 which works (albeit at the lower MTU), and it is showing 1492 as expected.
I cant change is back to 1508 right now, as the network is in use.  But I will try later.

Looking through my bash history from yesterday, I saw this in the ifconfig

Code Select Expand

pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500

So it looks like it's being set.

After updating to 19.1.9, a lot of web pages refused to load, yet I could ping out.  It was an MTU issue.

For 1500 MTU over PPPoE, I had the MTU set to 1508, which has worked until now.