OPNsense startet neu

[vatter]

Nach dem letzten Update auf 24.7.3 am Donnerrstag ist es so, dass die OPNsense Software neu startet. D.h. ich hoere das kurze Beep und nach ca 20 Sekunden ist sie wieder da und Internet funktioniert wieder.

Ich gehe also davon aus, dass es nicht ein kompletter Hardware Reset ist (dieser Bootvorgang dauert deutlich laenger).

Die Audits (Security/Health/Connectivity) usw sind alle unauffäellig. Die Box lief bis zu diesem Update absolut stabil. Habe bereits versucht mit opnsense revert auf 24.7.2 zurueckzugehen, gleiches Ergebnis.

Ich habe festgestellt, dass dieser Reset haeufiger vorkommt, wenn ich aktiv in GUI bin. Gestern lief sie z.b. 6h Stabil, dann hab ich mit in die GUI eingeloggt um Boom - bzw Beep :D

Ich vermute, dass es ein Problem mit einem der HTML/HTTP Diensten geben koennte - scheue mich allerdings vor Disaster Recovery und neuinstallation.

Gibt es ne Moeglichkeit mit opnsense-revert ggfs nur die Web-Packages neu zu installieren bzw zu reverten?

Hat jemand ein aehnliches Problem bzw ne Idee?

[vatter]

Gerwde genau so wieder passiert. Lief seit heute morgen ohne Probleme - kurz eingeloggt um uptime zu checken und beep - reload.

[Patrick M. Hausen]

Hast du eine Konsole an dem Gerät? Wenn nicht, solltest du eine anschließen, damit man sieht, was dort erscheint, wenn das passiert.

Bei einer seriellen Konsole kannst du ja einfach die Terminal-Verbindung stehen lassen, dann bekommst du ein vollständiges Log. Bei VGA oder HDMI ist Tablett/Smartphone davor stellen und filmen ein möglicher Trick.

[vatter]

Danke fuer den Tip - leider nicht einfach möglich. Gibts per ssh kein Log welches ich auslesen kann?

Hab unten mal das aktuelle dmesg angehaengt.

Code Select Expand

root@OPNsense:/var/log # cat dmesg.today
---<<BOOT>>---
Copyright (c) 1992-2023 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 14.1-RELEASE-p3 stable/24.7-n267802-bc5627fc5f3 SMP amd64
FreeBSD clang version 18.1.5 (https://github.com/llvm/llvm-project.git llvmorg-18.1.5-0-g617a15a9eac9)
VT(vga): resolution 640x480
CPU microcode: updated from 0x10 to 0x17
CPU: Intel(R) N100 (806.40-MHz K8-class CPU)
  Origin="GenuineIntel"  Id=0xb06e0  Family=0x6  Model=0xbe  Stepping=0
  Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x7ffafbbf<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,SDBG,FMA,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND>
  AMD Features=0x2c100800<SYSCALL,NX,Page1GB,RDTSCP,LM>
  AMD Features2=0x121<LAHF,ABM,Prefetch>
  Structured Extended Features=0x239ca7eb<FSGSBASE,TSCADJ,BMI1,AVX2,FDPEXC,SMEP,BMI2,ERMS,INVPCID,NFPUSG,PQE,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,PROCTRACE,SHA>
  Structured Extended Features2=0x98c007bc<UMIP,PKU,OSPKE,WAITPKG,GFNI,VAES,VPCLMULQDQ,RDPID,MOVDIRI,MOVDIR64B>
  Structured Extended Features3=0xfc184410<FSRM,MD_CLEAR,IBT,IBPB,STIBP,L1DFL,ARCH_CAP,CORE_CAP,SSBD>
  XSAVE Features=0xf<XSAVEOPT,XSAVEC,XINUSE,XSAVES>
  IA32_ARCH_CAPS=0x1580fd6b<RDCL_NO,IBRS_ALL,SKIP_L1DFL_VME,MDS_NO,TAA_NO>
  VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID,VID,PostIntr
  TSC: P-state invariant, performance statistics
real memory  = 17179869184 (16384 MB)
avail memory = 16304807936 (15549 MB)
Event timer "LAPIC" quality 600
ACPI APIC Table: <ALASKA A M I >
WARNING: L3 data cache covers more APIC IDs than a package (7 > 3)
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
FreeBSD/SMP: 1 package(s) x 4 core(s)
random: registering fast source Intel Secure Key RNG
random: fast provider: "Intel Secure Key RNG"
random: unblocking device.
ioapic0 <Version 2.0> irqs 0-119
Launching APs: 3 1 2
random: entropy device external interface
wlan: mac acl policy registered
kbd0 at kbdmux0
WARNING: Device "spkr" is Giant locked and may be deleted before FreeBSD 15.0.
efirtc0: <EFI Realtime Clock>
efirtc0: registered as a time-of-day clock, resolution 1.000000s
smbios0: <System Management BIOS> at iomem 0x73c73000-0x73c7301e
smbios0: Version: 3.6, BCD Revision: 3.6
aesni0: <AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS,SHA1,SHA256>
acpi0: <ALASKA A M I >
acpi0: Power Button (fixed)
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 19200000 Hz quality 950
Event timer "HPET" frequency 19200000 Hz quality 550
Event timer "HPET1" frequency 19200000 Hz quality 440
Event timer "HPET2" frequency 19200000 Hz quality 440
Event timer "HPET3" frequency 19200000 Hz quality 440
Event timer "HPET4" frequency 19200000 Hz quality 440
atrtc1: <AT realtime clock> on acpi0
atrtc1: Warning: Couldn't map I/O.
atrtc1: registered as a time-of-day clock, resolution 1.000000s
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: <AT timer> port 0x40-0x43,0x50-0x53 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1808-0x180b on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
vgapci0: <VGA-compatible display> port 0x3000-0x303f mem 0x6000000000-0x6000ffffff,0x4000000000-0x400fffffff at device 2.0 on pci0
vgapci0: Boot video device
xhci0: <XHCI (generic) USB 3.0 controller> mem 0x6001100000-0x600110ffff at device 20.0 on pci0
xhci0: 32 bytes context size, 64-bit DMA
usbus0 on xhci0
usbus0: 5.0Gbps Super Speed USB v3.0
pci0: <memory, RAM> at device 20.2 (no driver attached)
pci0: <simple comms> at device 22.0 (no driver attached)
ahci0: <AHCI SATA controller> port 0x3090-0x3097,0x3080-0x3083,0x3060-0x307f mem 0x80d00000-0x80d01fff,0x80d03000-0x80d030ff,0x80d02000-0x80d027ff at device 23.0 on pci0
ahci0: AHCI v1.31 with 1 6Gbps ports, Port Multiplier not supported
ahcich0: <AHCI channel> at channel 0 on ahci0
sdhci_pci0: <Generic SD HCI> mem 0x6001129000-0x6001129fff at device 26.0 on pci0
sdhci_pci0: 1 slot(s) allocated
mmc0: <MMC/SD bus> on sdhci_pci0
pcib1: <ACPI PCI-PCI bridge> at device 28.0 on pci0
pci1: <ACPI PCI bus> on pcib1
igc0: <Intel(R) Ethernet Controller I226-V> mem 0x80a00000-0x80afffff,0x80b00000-0x80b03fff at device 0.0 on pci1
igc0: Using 1024 TX descriptors and 1024 RX descriptors
igc0: Using 4 RX queues 4 TX queues
igc0: Using MSI-X interrupts with 5 vectors
igc0: Ethernet address: 60:be:b4:14:c8:20
igc0: netmap queues/slots: TX 4/1024, RX 4/1024
pcib2: <ACPI PCI-PCI bridge> at device 28.3 on pci0
pci2: <ACPI PCI bus> on pcib2
igc1: <Intel(R) Ethernet Controller I226-V> mem 0x80800000-0x808fffff,0x80900000-0x80903fff at device 0.0 on pci2
igc1: Using 1024 TX descriptors and 1024 RX descriptors
igc1: Using 4 RX queues 4 TX queues
igc1: Using MSI-X interrupts with 5 vectors
igc1: Ethernet address: 60:be:b4:14:c8:21
igc1: netmap queues/slots: TX 4/1024, RX 4/1024
pcib3: <ACPI PCI-PCI bridge> at device 28.6 on pci0
pci3: <ACPI PCI bus> on pcib3
igc2: <Intel(R) Ethernet Controller I226-V> mem 0x80600000-0x806fffff,0x80700000-0x80703fff at device 0.0 on pci3
igc2: Using 1024 TX descriptors and 1024 RX descriptors
igc2: Using 4 RX queues 4 TX queues
igc2: Using MSI-X interrupts with 5 vectors
igc2: Ethernet address: 60:be:b4:14:c8:22
igc2: netmap queues/slots: TX 4/1024, RX 4/1024
pcib4: <ACPI PCI-PCI bridge> at device 29.0 on pci0
pci4: <ACPI PCI bus> on pcib4
igc3: <Intel(R) Ethernet Controller I226-V> mem 0x80400000-0x804fffff,0x80500000-0x80503fff at device 0.0 on pci4
igc3: Using 1024 TX descriptors and 1024 RX descriptors
igc3: Using 4 RX queues 4 TX queues
igc3: Using MSI-X interrupts with 5 vectors
igc3: Ethernet address: 60:be:b4:14:c8:23
igc3: netmap queues/slots: TX 4/1024, RX 4/1024
pcib5: <ACPI PCI-PCI bridge> at device 29.3 on pci0
pci5: <ACPI PCI bus> on pcib5
nvme0: <Generic NVMe Device> mem 0x80c00000-0x80c03fff at device 0.0 on pci5
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
hdac0: <Intel Alder Lake-N HDA Controller> mem 0x6001120000-0x6001123fff,0x6001000000-0x60010fffff at device 31.3 on pci0
pci0: <serial bus> at device 31.5 (no driver attached)
acpi_button0: <Sleep Button> on acpi0
cpu0: <ACPI CPU> on acpi0
acpi_button1: <Power Button> on acpi0
acpi_tz0: <Thermal Zone> on acpi0
ns8250: UART FCR is broken
ns8250: UART FCR is broken
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
ns8250: UART FCR is broken
uart0: console (115200,n,8,1)
acpi_syscontainer0: <System Container> on acpi0
acpi_syscontainer1: <System Container> on acpi0
atrtc0: <AT realtime clock> at port 0x70 irq 8 on isa0
atrtc0: Warning: Couldn't map I/O.
atrtc0: registered as a time-of-day clock, resolution 1.000000s
atrtc0: Can't map interrupt.
hwpstate_intel0: <Intel Speed Shift> on cpu0
hwpstate_intel1: <Intel Speed Shift> on cpu1
hwpstate_intel2: <Intel Speed Shift> on cpu2
hwpstate_intel3: <Intel Speed Shift> on cpu3
Timecounter "TSC" frequency 806401342 Hz quality 1000
Timecounters tick every 1.000 msec
ugen0.1: <Intel XHCI root HUB> at usbus0
ZFS filesystem version: 5
ZFS storage pool version: features support (5000)
uhub0 on usbus0
uhub0: <Intel XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0
mmc0: No compatible cards found on bus
nvme0: Allocated 64MB host memory buffer
nda0 at nvme0 bus 0 scbus1 target 0 lun 1
nda0: <NVMe S990 256 V.01 0022281Z00CX>
nda0: Serial Number 0022281Z00CX
nda0: nvme version 1.3
nda0: 244198MB (500118192 512 byte sectors)
Trying to mount root from zfs:zroot/ROOT/default []...
uhub0: 16 ports with 16 removable, self powered
Root mount waiting for: usbus0
ugen0.2: <vendor 0x1ea7 2.4G Keyboard  Mouse> at usbus0
ukbd0 on uhub0
ukbd0: <vendor 0x1ea7 2.4G Keyboard  Mouse, class 0/0, rev 1.10/2.00, addr 1> on usbus0
kbd1 at ukbd0
pid 31 (zpool) is attempting to use unsafe AIO requests - not logging anymore
CPU: Intel(R) N100 (806.40-MHz K8-class CPU)
  Origin="GenuineIntel"  Id=0xb06e0  Family=0x6  Model=0xbe  Stepping=0
  Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0x7ffafbbf<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,SDBG,FMA,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE,OSXSAVE,AVX,F16C,RDRAND>
  AMD Features=0x2c100800<SYSCALL,NX,Page1GB,RDTSCP,LM>
  AMD Features2=0x121<LAHF,ABM,Prefetch>
  Structured Extended Features=0x239ca7eb<FSGSBASE,TSCADJ,BMI1,AVX2,FDPEXC,SMEP,BMI2,ERMS,INVPCID,NFPUSG,PQE,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,PROCTRACE,SHA>
  Structured Extended Features2=0x98c007bc<UMIP,PKU,OSPKE,WAITPKG,GFNI,VAES,VPCLMULQDQ,RDPID,MOVDIRI,MOVDIR64B>
  Structured Extended Features3=0xfc184410<FSRM,MD_CLEAR,IBT,IBPB,STIBP,L1DFL,ARCH_CAP,CORE_CAP,SSBD>
  XSAVE Features=0xf<XSAVEOPT,XSAVEC,XINUSE,XSAVES>
  IA32_ARCH_CAPS=0x1580fd6b<RDCL_NO,IBRS_ALL,SKIP_L1DFL_VME,MDS_NO,TAA_NO>
  VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID,VID,PostIntr
  TSC: P-state invariant, performance statistics
igc0: link state changed to UP
igc3: link state changed to UP
ichsmb0: <Intel Alder Lake SMBus controller> port 0xefa0-0xefbf mem 0x6001128000-0x60011280ff at device 31.4 on pci0
smbus0: <System Management Bus> on ichsmb0
acpi_wmi0: <ACPI-WMI mapping> on acpi0
acpi_wmi0: cannot find EC device
acpi_wmi0: Embedded MOF found
ACPI: \134_SB.WFDE.WQCC: 1 arguments were passed to a non-method ACPI object (Buffer) (20221020/nsarguments-361)
acpi_wmi1: <ACPI-WMI mapping> on acpi0
acpi_wmi1: cannot find EC device
acpi_wmi1: Embedded MOF found
ACPI: \134_SB.WFTE.WQCC: 1 arguments were passed to a non-method ACPI object (Buffer) (20221020/nsarguments-361)
ums0 on uhub0
ums0: <vendor 0x1ea7 2.4G Keyboard  Mouse, class 0/0, rev 1.10/2.00, addr 1> on usbus0
ums0: 8 buttons and [XYZT] coordinates ID=2
lo0: link state changed to UP
coretemp0: <CPU On-Die Thermal Sensors> on cpu0
pflog0: permanently promiscuous mode enabled
igc3: link state changed to DOWN
vlan0: changing name to 'vlan01'
vlan1: changing name to 'vlan02'
vlan2: changing name to 'vlan03'
igc0: link state changed to DOWN
igc3: link state changed to UP
vlan02: link state changed to UP
vlan01: link state changed to UP
vlan03: link state changed to UP
igc0: link state changed to UP
wg0: link state changed to UP


[vatter]

in /var/crash ist auch nichts

Code Select Expand

root@OPNsense:/var/crash # ls -la
total 10
drwxr-x---   2 root wheel  3 Sep  1 09:19 .
drwxr-xr-x  29 root wheel 29 Sep  1 20:48 ..
-rw-r--r--   1 root wheel  5 Aug 28 14:26 minfree
root@OPNsense:/var/crash # cat minfree
2048
root@OPNsense:/

Und das Health Audit - habe nur noch Unbound und Wireguard installiert. Ansonsten ziemlich Out-of-the-box.

Das ganze laeuft auf ner Alder Lake N100 mit 4x 226 NICs.
(HSIPC Alder Lake N100 Quad Core Firewall Micro Appliance, Mini PC, Nano PC, Router PC with 16G RAM 256G SSD, 4*i226-V RJ45 Port AES-NI)

Code Select Expand

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 24.7.3_1 at Mon Sep  2 14:40:22 CEST 2024
>>> Root file system: zroot/ROOT/default
>>> Check installed kernel version
Version 24.7.3 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 24.7.3 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense
>>> Check installed plugins
os-cpu-microcode-intel 1.0
os-mdns-repeater 1.1_1
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 68 dependencies to check.
Checking packages: ..................................................................... done
***DONE***

[Patrick M. Hausen]

Je nach art des Crash gibt es tatsächlich nur die Konsole. Wenn der Kernel meint, dass er "putt" ist, schreibt er nichts mehr auf das Dateisystem - könnte ja Schaden anrichten.