Messages

Looking to add:

shutdown_lifetime 0 seconds

looks like /usr/local/etc/squid/auth and /usr/local/etc/squid/post-auth look for *.conf files

I added a local.conf in auth

squid -k parse seems to show it correctly..

Does that survive a reboot?

Is there something 'more correct'?

Thanks in advance.

1am EST November 10th is when I updated the systems..

8:30pm EST is when I write the post..

Is there anything between those times about squid 6.5 package?

agreed..

But where would I know to check..

Yes updating to 6.5 does fix it.

Where was that reported?

https://forum.opnsense.org/index.php?topic=36891.0

Looks like there is a squid 6.5 package..

Would that be posted here.. as that would be an update to the base system?

Code Select Expand

root@OPNsense:~ # dmesg | grep -c squid
19
root@OPNsense:~ # uptime
8:23PM  up 21:11, 1 user, load averages: 0.06, 0.11, 0.13

2023/11/10 20:22:13 kid1| Accepting HTTP Socket connections at conn3 local=10.20.245.42:3128 remote=[::] FD 11 flags=9
    listening port: 10.20.245.42:3128
2023/11/10 20:22:13 kid1| FATAL: assertion failed: stmem.cc:98: "lowestOffset () <= target_offset"
    current master transaction: master129
2023/11/10 20:22:13| Removing PID file (/var/run/squid/squid.pid)

root@OPNsense:~ # squid -k check
2023/11/10 20:25:27| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2023/11/10 20:25:27| Processing Configuration File: /usr/local/etc/squid/pre-auth/40-snmp.conf (depth 1)
2023/11/10 20:25:27| Processing Configuration File: /usr/local/etc/squid/pre-auth/dummy.conf (depth 1)
2023/11/10 20:25:27| Processing Configuration File: /usr/local/etc/squid/pre-auth/parentproxy.conf (depth 1)
2023/11/10 20:25:27| Processing Configuration File: /usr/local/etc/squid/auth/dummy.conf (depth 1)
2023/11/10 20:25:27| Processing Configuration File: /usr/local/etc/squid/post-auth/dummy.conf (depth 1)
2023/11/10 20:25:27| Set Current Directory to /var/squid/cache
2023/11/10 20:25:27| FATAL: failed to open /var/run/squid/squid.pid: (2) No such file or directory
    exception location: File.cc(191) open

grep -c FATAL /var/log/squid/cache.log
13



ten locations all doing the same thing..

before the update everything was working..

Just had this happen again..

root@OPNsense:/var/log/resolver # ls -al
total 46
drwx------   2 root  wheel    256 Oct  4 12:01 .
drwxr-xr-x  16 root  wheel   1600 Oct  4 03:01 ..
lrwxr-x---   1 root  wheel     39 Oct  4 12:01 latest.log -> /var/log/resolver/resolver_20230918.log
-rw-------   1 root  wheel   6740 Sep 14 23:27 resolver_20230914.log
-rw-------   1 root  wheel  18568 Sep 18 17:48 resolver_20230918.log
-rw-------   1 root  wheel  14026 Oct  4 12:02 resolver_20231004.log

the 1004.log is only after the restart of unbound..

12:09PM  up 19 days, 12:43, 1 user, load averages: 0.72, 0.69, 0.64
root@OPNsense:/var/log/resolver # exit
exit

*** OPNsense.dom1.dom0: OPNsense 23.7.5 ***

<30>1 2023-10-04T12:01:45-04:00 OPNsense.dom1.dom0 unbound 66077 - [meta sequenceId="6"] [66077:0] info: server stats for thread 0: 110496 queries, 85021 answers from cache, 25475 recursions, 0 prefetch, 0 rejected by ip ratelimiting

<30>1 2023-10-04T12:01:45-04:00 OPNsense.dom1.dom0 unbound 66077 - [meta sequenceId="7"] [66077:0] info: server stats for thread 0: requestlist max 19 avg 0.676703 exceeded 0 jostled 0

<30>1 2023-10-04T12:01:45-04:00 OPNsense.dom1.dom0 unbound 66077 - [meta sequenceId="26"] [66077:0] info: server stats for thread 1: 57621 queries, 53353 answers from cache, 4268 recursions, 0 prefetch, 0 rejected by ip ratelimiting

<30>1 2023-10-04T12:01:45-04:00 OPNsense.dom1.dom0 unbound 66077 - [meta sequenceId="27"] [66077:0] info: server stats for thread 1: requestlist max 5 avg 0.229147 exceeded 0 jostled 0

<30>1 2023-10-04T12:01:45-04:00 OPNsense.dom1.dom0 unbound 66077 - [meta sequenceId="43"] [66077:0] info: server stats for thread 2: 2553318 queries, 1607760 answers from cache, 945558 recursions, 0 prefetch, 0 rejected by ip ratelimiting

<30>1 2023-10-04T12:01:45-04:00 OPNsense.dom1.dom0 unbound 66077 - [meta sequenceId="44"] [66077:0] info: server stats for thread 2: requestlist max 29 avg 0.700493 exceeded 0 jostled 0

<30>1 2023-10-04T12:01:45-04:00 OPNsense.dom1.dom0 unbound 66077 - [meta sequenceId="66"] [66077:0] info: server stats for thread 3: 1582665 queries, 966354 answers from cache, 616311 recursions, 0 prefetch, 0 rejected by ip ratelimiting

<30>1 2023-10-04T12:01:45-04:00 OPNsense.dom1.dom0 unbound 66077 - [meta sequenceId="67"] [66077:0] info: server stats for thread 3: requestlist max 140 avg 0.848675 exceeded 0 jostled 0

Everything was fine until it wasn't..

is this possible?

Can provide more details if anyone is interested.. but hopefully the question is clear enough.

I have core router with 15 networks that I would like to relay the needed dhcp requests to opnense as it seems there's a working dhcp/dns registration..

I was going to relay to an openwrt edgerouter 6 b/c it was running dnsmasq.. but that is it's own problems..

Thanks in advance.

Just wanted to add myself onto this..

using time.aws.com (opnsense is a bare metal protectli.. if it matters)

Using local unbound..

This happens and then I have to restart ntpd.. will probably switch to chrony but that brings other issues..

System / Settings / General / Prefer to use IPv4 even if IPv6 is available is checked as well

I have to apologize.. I never thought about using unbound..

Thank you..

Is there a part of the docs that cover this?

I know it needs a BIND9 server..

I've been trying to get it working and unsuccessful so far..

Thanks in advance

I know within dnsmasq this is a trivial feature..

But I also think there is no way to swap out isc-dhcpd for dnsmasq..

Or is there?

All forwarding to NextDNS.. serving people via squid.. three sites all went down at the same time..

Unbound still running, but not resolving..

Restarted unbound brought dns back to the network..

Will check on other sites.. but was same problem - no idea why..

OPNsense 23.7.2-amd64

I came here looking for squid information.. but I think haproxy in front of squid might also be an answer..

But is there a squid gui section that gives access to the proxy protocol?

And is there a suggestion for squid logs digestion?

Can I syslog them somewhere else and then generate graphs?

Is that the better suggestion?

After mulling it over.. haproxy might not be a solution.. might just add more complexity..

Suggestions?

Sorry to duplicate.. but is this the error message?

Code Select Expand

***GOT REQUEST TO INSTALL***
Currently running OPNsense 23.7.1_3 at Wed Aug 16 12:44:43 EDT 2023
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating mimugmail repository catalogue...
mimugmail repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
os-speedtest-community: 0.9_3 [mimugmail]

Number of packages to be installed: 1

8 KiB to be downloaded.
[1/1] Fetching os-speedtest-community-0.9_3.pkg: .. done
Checking integrity... done (0 conflicting)
[1/1] Installing os-speedtest-community-0.9_3...
[1/1] Extracting os-speedtest-community-0.9_3: .......... done
Stopping configd...done
Starting configd.
Reloading plugin configuration
Configuring system logging...Error opening plugin module; module='examples', error='/usr/local/lib/syslog-ng/libexamples.so: Undefined symbol "random_choice_generator_parser"'
done.
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***

hey all..

Setting up a bunch of new opnsense installs here..

setting up the hijacking dns/ntp rules..

(https://forum.opnsense.org/index.php?topic=9245.0)

Cloning the nat > port forward rules did not give me new rules > interface rules.. it just over wrote the original rule.

ie. they all shared the same 'filter rule association' and the last one won..

Can provide more information if this is not clear.

( I didn't understand why the rules weren't working - they always have.. then upon inspection.. figured out what was going on )

I have multiple virtual IPs and was cloning the rule for each virtual address.. (just what's left of a /29)

Thanks in advance.

https://imgur.com/a/Yjp9kHZ

Searching brings up old posts regarding this..

Is there a way that I could get notifications about my system status? reboots, update results, etc.?

Reporting section of the manual seems to be about system services.. but I would like the system to reach out and let me know an event happened..

Is there a plugin that possibly I missed that already does this?

Or is the suggestion to setup postfix and relay to my smtp2telegram instance?

Thanks in advance