Topics

Hi

Before I do further digging to see what's going on I thought I'd see if this is a known issue in 25.1.

I've installed a test VM on 25.1 and when creating a new non-root user I've noticed two things:

• Even though bash is installed (via pkg install bash) and appears in /etc/shells, it doesn't appear as a shell choice in the UI.
• If I choose another valid shell it still gets written as nologin in /etc/passwd and so I can't log in as that user via SSH.

The user in question is a member of 'admins' and initially didn't have any permissions (assuming it inherited from the admins group) - I've also tried explicitly setting 'all pages' as a permission at the user level and it didn't help.

I can't see anything obvious in the logs.

Is this a bug or have I missed something obvious?

Thanks
Ben

Hi,

This problem may be related to https://forum.opnsense.org/index.php?topic=41508.0 but my problems appear slightly different.

After the update to 24.1.10 I rebooted and everything appeared fine.  After 30 minutes (first IPv6 renewal) I seemed to loose IPv6 connectivity.  Logs showed dhcp6c sending RENEW and then SOLICIT messages.  When trying to diagnose this I could see the packets were being allowed out - checked with

Code Select Expand

$ sudo tcpdump -ve -i pflog0 udp port 546 or udp port 547
tcpdump: listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 262144 bytes
21:37:43.196073 rule 105/0(match) [uid 0]: pass out on igb0: (hlim 1, next-header UDP (17) payload length: 89) fe80::2e0:xxx.dhcpv6-client > ff02::1:2.dhcpv6-server: [bad udp cksum 0x29e8 -> 0x1be3!] dhcp6 solicit (xid=2feda3 (client-ID hwaddr/time type 1 time xx xx) (elapsed-time 65535) (option-request DNS-server DNS-search-list) (IA_PD IAID:0 T1:0 T2:0 (IA_PD-prefix ::/56 pltime:4294967295 vltime:4294967295)))
21:39:35.293493 rule 105/0(match) [uid 0]: pass out on igb0: (hlim 1, next-header UDP (17) payload length: 89) fe80::2e0:xxx.dhcpv6-client > ff02::1:2.dhcpv6-server: [bad udp cksum 0x29e8 -> 0x2881!] dhcp6 solicit (xid=e134 (client-ID hwaddr/time type 1 time xx xx) (elapsed-time 0) (option-request DNS-server DNS-search-list) (IA_PD IAID:0 T1:0 T2:0 (IA_PD-prefix ::/56 pltime:4294967295 vltime:4294967295)))
21:41:41.236162 rule 103/0(match) [uid 0]: pass out on igb0: (hlim 1, next-header UDP (17) payload length: 89) fe80::2e0:xxx.dhcpv6-client > ff02::1:2.dhcpv6-server: [bad udp cksum 0x29e8 -> 0x484f!] dhcp6 solicit (xid=419032 (client-ID hwaddr/time type 1 time xx xx) (elapsed-time 12531) (option-request DNS-server DNS-search-list) (IA_PD IAID:0 T1:0 T2:0 (IA_PD-prefix ::/56 pltime:4294967295 vltime:4294967295)))


But running a similar tcpdump command on igb0 (WAN) did not show the packets actually being sent, despite them showing as 'pass out' in the pf log.  Which I find rather confusing.  I'm not sure if the bad checksum notices in the pflog output are significant.

After rebooting the IPv6 has come back, but I don't yet know if it will stay up.  Reloading the WAN interface from the UI > Interfaces > Overview didn't bring it back.

My IPv6 has been working fine on 24.1.7 and 24.1.9.

Any suggestions would be much appreciated.

Thanks
Ben

Hi,

I'm quite new to OPNsense so hopefully I haven't missed anything obvious here.   I'm running Unbound with statistics enabled, and since updating to 24.1.7 I'm seeing the stats sometimes just stop.  It keeps answering queries just fine.  I didn't notice this on 24.1 but I'd only run it for a few days, however since the upgrade it seems to stop within an hour usually.  Restarting the service will generally get them working again, until they stop again.  I have reset the DNS data since the upgrade, and that didn't help any more than a restart does.

I can see that the timestamp on /var/unbound/data/unbound.duckdb matches the time that the UI graphs stop, so it appears to be a data collection problem and not just a UI display problem.

If I ktrace the /usr/local/opnsense/scripts/unbound/logger.py process then it appears to be doing nothing while the stats are not updating.  If I then restart the service the first line from kdump is

55384 python3.11 RET   flock -1 errno 4 Interrupted system call

which suggests to me it was stuck trying to get a lock on a file, unfortunately it's not clear which file, or why it couldn't get the lock (presumably another process held it, but what/why?)

I've checked /var/log/resolver and there is nothing useful around the time that stats stop.

This is just a home installation so there is not a huge volume of DNS queries being handled, the size of /var/unbound/data/unbound.duckdb is currently only around 2MB after resetting earlier today.

Does anyone have any suggestions of anything else I can check please?  It seems to stop fairly often so I should be able to find out if any suggestions help fairly soon.

Thanks
Ben