Messages

@tillsense

Ich geb Dir recht, habe gerade mit 2 APU 1C4 das Problem:

Code Select Expand

WARNING - Timeout at ehci_wait_td:517!
ehci pipe=0x000eee80 cur=000efdc0 tok=801f0c81 next=1 td=0x0000fdc0 status=1f0c80
USB transmission failed

Habe jetzt auf Verdacht neue APU 2C4 bestellt und werde nächste Woche mal testen wie es sich damit verhält!

Hi Franco,

I was upgrading from 17.1.1...

Interface is up:

Code Select Expand


enc0: flags=41<UP,RUNNING> metric 0 mtu 1536
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: enc


And all three tunnel'S are up and have SID's

I've just upgraded from 17.1.2, I was hoping to get rid of this issue.

But instead I got another one:


I don't have the choice to create or modify rules on the IPsec interface any longer...

Changing "Firewall > Settings > Advanced > Firewall Optimization" from normal to conservative gave me some ease...

Reply to myself, for documentary reason's, this is the log created during one of those extremly short SSH sessions:

As promised to franco here's my posting about the actual issue:

After Upgrading from 16.7.14 to 17.1 and getting the other two bugs out of the way I'm still hit by this one!

I'm running approx half a dozen APU's of which I've already upgraded two. Both are working as expected. But then there's one OPNsense Installation running as a KVM client, and that machine suffer's from the above mentioned bug. There's 5 S2S Tunnel's of which some have 2 or three L2's...

And all the traffic headed towards the machine's behind those Tunnel's is recognized on the WAN interface of the OPNsense. And the only cure to the issue is to allow Class-A Traffic and create a Firewall rule on the WAN Interface that allow's traffic from behind the IPSec tunnel to the local network...



And just now I realized all my SSH connections are slugish, I can connect but might be kicked after a few sec's!!!

So I'm hoping this get's fixed very soon

Hi hi, just upgraded three of my installation's two of them went smooth a third has firewall rule issue's as mentioned!

Reply to myself, as a reference for the next to come...

Atom D525 is a X64 CPU, so I used this image:
http://mirror.fra10.de.leaseweb.net/opnsense/releases/mirror/OPNsense-16.7-OpenSSL-serial-amd64.img.bz2

Autoinstall with that one worked as expected and booted right into interface assignement...

Hi hi,

I got a GPO-150 from a client and would like to run OPNsense on it. With OPNsense-16.7-OpenSSL-serial-i386.img on a pendrive the installer boots (115200 8N1) right away. And the setup runs through just fine in guided mode...

But it doesn't boot after Setup...

I've booted into rescue mode mounted the ada0s1a and mounted devfs and went into chroot like this:

Code Select Expand


mkdir /tmp/mnt
mount /dev/ada0s1a /tmp/mnt/
mount -t devfs devfs /tmp/mnt/dev
chroot /tmp/mnt


In the chroot I reinstalled the bootloader as follow's:

Code Select Expand


boot0cfg -B ada0


But reboting didn't change the picture...

As I'm more of a LinuxI guess guy I could use some help with the bootloader conf here.

BTW: Happy Holidays...

thanks to franco it's now fixed!

You have to search & replace through your config.xml!

replace "<enable/>" with "<enable>1</enable>" and reimport the config...

Hi franco,

as I'm on ALIX I can't upgrade....

and "pkg info" just returns nothing

But it's reproducable, just changed the CF again, and restored the config and the problem was back!

Hi Franco,

thx for all your effort! ;-)

Code Select Expand


root@router:~ #  ls -lah /var/db
total 36
drwxr-xr-x   7 root    wheel   432B May 23 05:44 .
drwxr-xr-x  13 root    wheel   396B May 21 14:45 ..
-rw-r--r--   1 root    wheel     0B May 21 14:51 currentipsecpinghosts
drwxr-xr-x   2 root    wheel   108B May 21 14:48 dnscache
drwxr-xr-x   2 root    wheel     0B May 21 14:43 entropy
-rw-r-----   1 root    wheel    62B May 21 14:44 growlnotices_lastmsg.txt
-rw-r-----   1 root    wheel     0B May 22 14:44 ipsecpinghosts
-rw-r-----   1 root    wheel     8B May 23 05:44 ntpd.drift
drwxr-xr-x   2 root    wheel     0B May 21 14:51 pingmsstatus
drwxr-xr-x   2 root    wheel     0B May 21 14:51 pingstatus
lrwxr-xr-x   1 root    wheel    16B May 21 14:43 pkg -> /root/var/db/pkg
drwxr-xr-x   2 nobody  wheel   720B May 21 14:45 rrd
-rw-r-----   1 root    wheel    12B May 22 14:44 wan_cacheip
-rw-r-----   1 root    wheel    12B May 22 14:44 wan_ip
root@router:~ # ls -lah /root/var/db/pkg
total 5321
drwxr-xr-x  2 root  wheel   512B May 21 14:30 .
drwxr-xr-x  3 root  wheel   512B May 21 14:07 ..
-rw-r--r--  1 root  wheel     0B May 21 14:30 OPNsense.meta
-rw-r--r--  1 root  wheel   4.7M May 21 14:30 local.sqlite
-rw-r--r--  1 root  wheel   2.5K May 21 14:30 local.sqlite-journal
-rw-r--r--  1 root  wheel   502K May 21 14:30 repo-OPNsense.sqlite


I've imported an existing config into a fresh nanosd 16.1.8 CF Install on an ALIX.

And I only had to do so because the system crashed while trying to upgrade with disabled RAM-Disks...

On the first but after restore DHCPD was running and I got an IP, a few hours later dhcpd seems no to be running and when trying to start it I see the following log:

Code Select Expand


May 22 12:00:26 dhcpd: no such user: dhcpd
May 22 12:00:26 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
May 22 12:00:26 dhcpd: All rights reserved.
May 22 12:00:26 dhcpd: Copyright 2004-2016 Internet Systems Consortium.
May 22 12:00:26 dhcpd: Internet Systems Consortium DHCP Server 4.3.3-P1
May 22 12:00:21 dhcpd: exiting.
May 22 12:00:21 dhcpd:
May 22 12:00:21 dhcpd: process and the information we find helpful for debugging..
May 22 12:00:21 dhcpd: before submitting a bug. These pages explain the proper
May 22 12:00:21 dhcpd: bugs on either our web page at www.isc.org or in the README file
May 22 12:00:21 dhcpd: than a configuration issue please read the section on submitting


So I ran adduser on the console and could successfully start dhcpd from the webif afterwards...

If your're willing to debug I can supply the config!

Thank you so much franco, that kind of trapped me yesterday... I'll upgrade next week and see how that changes the picture!

I'll report back