OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of AbsolutelyFree »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - AbsolutelyFree

Pages: [1]
1
23.7 Legacy Series / Logs filling up with errors trying to kill dhcpdv6.pid, but I have IPV6 disabled
« on: August 20, 2023, 03:38:57 am »
I upgraded to 23.7.1 right from the 23.1 version and it was the most flawless of all updates so far, which was excellent!

I noticed today though when I logged into the web UI to add some new firewall rules that my /var/log zfs dataset was more full than usual. I went into my logs and saw that ever since that upgrade to the latest version, I am having the same error repeating many times per day:

Code: [Select]
/usr/local/etc/rc.linkup: The command '/bin/kill -'TERM' '68616''(pid:/var/dhcpd/var/run/dhcpdv6.pid) returned exit code '1', the output was 'kill: 68616: No such process'
It seems like the issue has something to do with ipv6 dhcp, but I do not use any ipv6 functionality in my network. I checked under the dhcp settings (services > DHCPv6 > Relay) and confirmed that dhcpv6 is disabled. I checked under every interface and confirmed that IPv6 Configuration Type is set to None for all of them. I am not using any VPN services either.

I have tried rebooting the system, as well as restarting dhcpd (the v4 version at least, like I said I don't use ipv6 in my network), neither of which fixed the issue.

Does anyone have any ideas about how I could resolve this issue?

2
22.7 Legacy Series / OPNsense NUT issues
« on: January 23, 2023, 09:12:04 am »
Hello all,

EDIT: See second post, the issue described in my first post was just a symptom of a much bigger issue.

I have stumbled upon a very odd issue when using OPNsense as a NUT server and trying to connect a vanilla FreeBSD client via nut_upsmon. I have provided 4 attachments that show my NUT configuration from the OPNsense UI. I am using a cyberpower brand UPS using the usbhid-ups driver. The passwords shown in my screenshots are sanitized versions of what they actually are. This all seems to work correctly, I can see all of the information from the UPS on the NUT diagnostics page (also shown in the attached screenshots).

I have setup a port forward on OPNsense that is forwarding NUT traffic from my FreeBSD client server to my OPNsense router correctly. I can tell this works because if I run "upsc cyberpower@OPNSENSE_IP" from my FreeBSD server where OPNSENSE_IP is the IP address of my router in the subnet that the FreeBSD server is in, I get output that is the same as what shows in the NUT diagnostics page in OPNsense. I can also see the traffic being passed correctly in the firewall logs in OPNsense.

I want to run the nut_upsmon service on this FreeBSD server to monitor the UPS attached to OPNsense. In my upsmon.conf file, I have:

Code: [Select]
MONITOR cyberpower@OPNSENSE_IP:3493 1 monuser password2 slave
Which I believe is the only relevant configuration when it comes to connecting upsmon to a upsd server. Now here is where things get odd. I run upsmon -D on my FreeBSD host to keep the program in the foreground in debugging mode. This is what I see:

Code: [Select]
Network UPS Tools upsmon 2.8.0
kill: No such process
   0.000000 UPS: cyberpower@OPNSENSE_IP:3493 (secondary) (power value 1)
   0.000200 Using power down flag file /etc/killpower
   0.000476 [D1] debug level is '1'
   0.000484 [D1] debug level is '1'
   0.001023 [D1] Saving PID 93255 into /var/db/nut/upsmon.pid
   0.003924 [D1] Trying to connect to UPS [cyberpower@OPNSENSE_IP:3493]
   0.005561 Login on UPS [cyberpower@OPNSENSE_IP:3493] failed - got [ERR ACCESS-DENIED]

I have spent the past 2 days investigating this issue, but between the fact that everything appears correct in the OPNsense UI, my syntax is correct in upsmon.conf (https://www.freebsd.org/cgi/man.cgi?query=upsmon.conf), that I see the traffic being passed correctly in OPNsense's logs, and that I get results when I run "upsc cyberpower@OPNSENSE_IP" from the FreeBSD server, I have completely run out of ideas.

Since all of the configuration on the client machine running upsmon that is relevant to connecting to the upsd server consists of a single line in a single file, I feel reasonably confident in assuming that the issue is with OPNsense and not the client. Since the error that I am receiving specifically mentions logging into the UPS is failing, it seems like the issue is with upsd users. OPNsense obfuscates its upsd.users file, which is actually located at /usr/local/opnsense/service/templates/OPNsense/Nut, and it is showing the following:

Code: [Select]
# Please don't modify this file as your changes might be overwritten with
# the next update.
#
{% if helpers.exists('OPNsense.Nut.general.enable') and OPNsense.Nut.general.enable == '1' %}
{%   if helpers.exists('OPNsense.Nut.general.mode') and OPNsense.Nut.general.mode == 'standalone' %}
{%     if helpers.exists('OPNsense.Nut.account.admin_password') and OPNsense.Nut.account.admin_password != '' %}
[admin]
password={{ OPNsense.Nut.account.admin_password }}
actions=set
instcmds=all
{%     endif %}
{%   endif %}
{%   if helpers.exists('OPNsense.Nut.general.mode') and OPNsense.Nut.general.mode == 'standalone' %}
{%     if helpers.exists('OPNsense.Nut.account.mon_password') and OPNsense.Nut.account.mon_password != '' %}
[monuser]
password={{ OPNsense.Nut.account.mon_password }}
upsmon master
{%     endif %}
{%   endif %}
{% endif %}
Based off of that, I have tried the following 4 variations on upsmon.conf on the FreeBSD client:

Code: [Select]
MONITOR cyberpower@OPNSENSE_IP:3493 1 monuser password2 slave
Code: [Select]
MONITOR cyberpower@OPNSENSE_IP:3493 1 monuser password2 master
Code: [Select]
MONITOR cyberpower@OPNSENSE_IP:3493 1 admin password1 master
Code: [Select]
MONITOR cyberpower@OPNSENSE_IP:3493 1 admin password1 slave
All of these also fail with the same error message, [ERR ACCESS-DENIED]. I have also tried restarting the nut service from within the OPNsense GUI while running upsmon -D on the FreeBSD client, which generates the following extra logs:

Code: [Select]
11.220715 Poll UPS [cyberpower@OPNSENSE_IP:3493] failed - Server disconnected
11.220735 Communications with UPS cyberpower@OPNSENSE_IP:3493 lost
13.346944 [D1] Trying to connect to UPS [cyberpower@OPNSENSE_IP:3493]
13.348476 Login on UPS [cyberpower@OPNSENSE_IP:3493] failed - got [ERR ACCESS-DENIED]
15.474333 Communications with UPS cyberpower@OPNSENSE_IP:3493 established
These logs imply that upsmon can definitely see the upsd server running on OPNsense, it just can't log into it.

I have tried changing the passwords from my initial complex ones to extremely simple ones with just 3 lowercase letters and am copying and pasting them from the OPNsense GUI to upsmon.conf, so I am certain that I am using the correct password and that it is a valid password.

Does anybody have any ideas? Is there anyone out there using this setup that could share their configuration for their NUT server on OPNsense and the upsmon.conf on their FreeBSD client?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2