Messages

196

21.7 Legacy Series / Re: Unable to upgrade from OPNsense 21.1.9_1-amd64 to 21.7

« on: July 28, 2021, 03:49:45 pm »

As mentioned in my duplicate thread of this issue (please delete if you want) I had the same issue.
As franco suspected it appears to have been caused by the mimugmail repo. I deleted the repo and initiated another update (after making sure I had no pkg from said repo installed). Unfortunately my system is not coming up again (it has been about 15 minutes now) and I can only check later when I get home.

Same here, system didn't come up after the upgrade. I can investigate further when I'm home. I'm only using the sensei repository, no other 3rd party repository.

197

Hardware and Performance / Re: Lack of multi-core working?

« on: July 27, 2021, 04:08:26 pm »

I'd just give it a go; retest and see what happens. It's an easy change to roll back if you notice any issues.

198

Hardware and Performance / Re: Lack of multi-core working?

« on: July 24, 2021, 10:15:50 am »

In the default settings, all network traffic is handled by core 0 only; this is done to enforce strong ordering for protocols requiring it, while keeping cpu affinity. You can set the following sysctl tunables: net.isr.maxthreads="-1" and net.isr.bindthreads="1" to enable traffic to be handled by all cores.

See this https://calomel.org/freebsd_network_tuning.html to find all kind of tunables to play with

199

Hardware and Performance / Re: Enabling VLAN on 10G card causes reboot

« on: July 17, 2021, 05:16:04 pm »

I don't have any experience with this particular card, but have you tried changing the hardware offloading settings? They are in Interfaces -> Settings. Hardware offloading is known to generate erratic behavior in cards with mediocre drivers. Not this saying this the case here, but it wouldn't hurt to try out.

200

21.1 Legacy Series / Re: Unbound DNS over TLS not working

« on: July 03, 2021, 05:30:21 pm »

If anyone stumbles upon this: it had to do with the sequence in which the configuration files are read.
When enabling DoT, the second-last part of the configuration that is loaded is the DoT config file, which is a zone declaration. This leads to anything in the Custom Options field (which makes the last part the config file) also being treated as a zone statement. The solution is to provide context in the custom options field, like this:

Code: [Select]

server:
 do-ip6: no
 aggressive-nsec: yes

201

21.1 Legacy Series / Re: Unbound DNS Locking Up

« on: July 01, 2021, 04:51:52 pm »

Some people have reported problems with unbound locking up, which boiled down to the system running out of resources. Have you checked cpu load, and memory and disk usage? Unbound on OPNsense seems particularly affected by /var running out of space.

202

21.1 Legacy Series / Re: Unbound set cache-max-negative-ttl via WebUI

« on: July 01, 2021, 09:22:46 am »

Maybe you should elaborate a bit more on the use case for this, so people can judge if this is a one-off or something which deserves general support.

Anyway, you should be able to put this setting in Unbound:General: Custom Options. Don't put it directly in some config file, as this will get overwritten on config changes or with a reboot.

203

Zenarmor (Sensei) / Re: Request for Feedback: Application/Web Category based Traffic Shaping

« on: June 25, 2021, 09:37:48 pm »

An use case for me would be to deprioritize bulk downloads (i.e. p2p/torrent), so they don't block other traffic.

Out of curiosity, how would this work together with the system default shaper?

204

Hardware and Performance / Re: Qotom box - Flashing light issue

« on: June 20, 2021, 02:32:50 pm »

It looks like a hardware error.
I'd start by opening the box up, and remove everything that can be removed (memory, harddisk, memory, cpu?, etc). Clean contacts and put them back. make sure everything is seated properly. Check for loose cables as well.
Also there should be a 3 pin header there with a jumper on it, which determines the power-on behavior. In my box this is on the underside of the PCB, and you need to unscrew the cpu heatsink to get the board out, because the other side of the heatsink is glued to the casing. Check this jumper is present and either on position 1-2 or 2-3.
If the system still doesn't boot, I'd send it back for RMA/warranty

205

21.1 Legacy Series / Re: Unbound DNS Locking Up

« on: June 20, 2021, 02:16:52 pm »

Also, not sure if it is of any help, I have Unbound set up to be forwarding queries to NextDNS over TLS.

What happens when you disable DoT and/or forwarding?
In my setup, forwarding works, but unbound stops working as soon as I enable DNS over TLS.

206

21.1 Legacy Series / [Solved] Unbound DNS over TLS not working

« on: June 19, 2021, 02:19:13 pm »

I have tried to enable DoT in unbound by setting one or more servers in the 'DNS over TLS Servers' entry on the 'miscellaneous' page, as described in several tutorials found on the www. Unfortunately, as soon as anything is in that field, unbound fails to start. I have increased the log level to give me clues, but the only thing that is logged is 'daemonize unbound dhcpd watcher.', and nothing after that.
Otherwise my setup is working perfectly, just as soon as anything is entered in the 'DNS over TLS Servers' field, unbound fails to start.

Any ideas as to what I'm doing wrong, or where to start to investigate this further? Are there any prerequisites in the configuration to be able to use DoT, as in do I need to enable/disable certain other settings for it to work?

207

21.1 Legacy Series / Re: QoS upload shaper does not match subnet clients?

« on: June 16, 2021, 12:45:37 pm »

You'd better use cli commands to display this info, as I noticed there are GUI errors in the shaper status page. Not everything is displayed properly. The commands are: ipfw pipe show, ipfw queue show, ipfw sched show
I reported this bug some time ago, but it didn't seem to attract attention from the devs.
Hope this helps!

208

21.1 Legacy Series / Re: OpnSense locking up when trying to view Audit Log

« on: June 05, 2021, 07:16:05 pm »

Here it works as it should. Have you tried resetting the log files? Maybe one has become corrupt. It's at System->Settings->Logging->Reset log files.
I am using non-circular logging btw.

209

21.1 Legacy Series / overnight 'error in configd communication Traceback'

« on: May 20, 2021, 04:14:18 pm »

On one system I get this error every night. I don't have any cron jobs scheduled for this time, so I don't really know where to start investigating this. System is up-to-date and running 21.1.5. Any hints?

2021-05-20T03:02:21   configctl[83611]   error in configd communication Traceback (most recent call last): File "/usr/local/opnsense/service/configd_ctl.py", line 68, in exec_config_cmd line = sock.recv(65536).decode() socket.timeout: timed out   
2021-05-20T03:02:00   configctl[95510]   error in configd communication Traceback (most recent call last): File "/usr/local/opnsense/service/configd_ctl.py", line 68, in exec_config_cmd line = sock.recv(65536).decode() socket.timeout: timed out

210

Hardware and Performance / Re: Qotom box - Installing Opnsense

« on: May 17, 2021, 03:29:26 pm »

I have one of these boxes too. Keep in mind that the physical order of network ports is different than in the software, the ports are numbered 0 2 3 1 IIRC.