Current list of bugs/issues I've encountered in 20.7

Started by FullyBorked, August 07, 2020, 07:31:57 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
August 07, 2020, 07:31:57 PM Last Edit: January 29, 2021, 01:03:52 AM by FullyBorked
This isn't comprehensive by any means, but outlines what I am experiencing.  I've not found any workarounds for these issues.  I consider 1 and 2 more serious than the others.  I'll try and keep this up to date as issues are resolved or more are encountered. 

1. WAN throughput is very slow IPS on or off doesn't matter, I'm only getting about 15% of my actual WAN bandwidth.  A reboot fixes the issue temporarily but at some point it will drop back to being slow.  >:(

Edit: Messing with my power settings https://forum.opnsense.org/index.php?topic=18450.0 seemed to "fix" this somehow.  Very confused, maybe it was stuck in a low power mode?  No idea but my speed is fine now, maybe try cycling your power settings.

2. GEO IP Alias simply doesn't work, the zip file is being downloaded from maxmind.com but the alias won't populate, so any rules containing the alias fail to correctly function.

Workaround (Credit: @Goldorak92 pointed out @Julien who detailed it in https://forum.opnsense.org/index.php?topic=18628.0): Setting Firewall > Settings > Advanced > "Firewall Maximum Table Entries" set to 400,000 allows the table to fill and GeoIP filtering to function correctly.

3. Dashboard traffic graphs don't show data with IPS enabled.  I'm on an Intel NIC, some have suggested it's driver related.  Worked ok in 20.1.9 though maybe there is a bug in the latest driver?  No workaround has resolved the issue as of yet.

Fixed in 2.1

4. Syslog-NG service doesn't start on it's own after reboot.  Starting it manually does seem to work, but is inconvenient after reboot.  

This appears to be fixed with 20.7.1.

4. Restarting suricata service sometimes stops the ntpd service for some reason.  It can be manually started. 

This appears to be fixed.

5. Bogons alias is inexplicably empty at times.  Firewall > Diagnostics > pftables > bogons > "update bogons" does populate the list. 

This appears to be fixed.

6. Seeing log spam just like https://forum.opnsense.org/index.php?topic=18480.msg84175#msg84175 constantly in the log.  Not sure if this is cause of issue #1 or not.

Code Select

kernel: pflog0: promiscuous mode enabled
kernel: pflog0: promiscuous mode disabled


August 08, 2020, 12:42:07 AM #1
I'm very new in OPNsense, but test installation had on 20.1 and when decided to install for real, 20.7 was released and I installed it.
As I'm new in that topic I wasnt speeding in installation, but in current situation machine didn't take its place and I'm considering to install something else - but can I install 20.1 and not upgrade to 20.7?
For me errors are:

1. If I leave Lobby/Dashboard page open (or any other page with graphs) it is very likely page will crash and will stop refreshing.
2. Two times I experiencet total freez with kernel panic- had to manually restart machine.
3. Quiet often while visiting web interface I'm getting information that there was an problem and I should send crash raport. Which mean machine did crash and restart in meantime.

I'm not using anything specific of plugins, not even Shaping configured yet - just OpenVPN and ZeroTier, and actually just through OpenVPN some data are being transfered. Installation on AMD64 architecture.
August 17, 2020, 11:09:35 PM #2
@FullyBorked: I'm having the issues #3 and #4 (both) too.

I've reported issue #3 some minutes ago (https://github.com/opnsense/core/issues/4272)
Regarding syslog-ng there are several reports of users which having the same or other issues (https://github.com/opnsense/core/issues/4263)
Duck, Duck, Duck, Duck, Duck, Duck, Duck, Duck, Goose
August 17, 2020, 11:14:23 PM #3
Quote from: JasMan on August 17, 2020, 11:09:35 PM
@FullyBorked: I'm having the issues #3 and #4 (both) too.

I've reported issue #3 some minutes ago (https://github.com/opnsense/core/issues/4272)
Regarding syslog-ng there are several reports of users which having the same or other issues (https://github.com/opnsense/core/issues/4263)

I updated my post.  The syslog service issue is resolved in 20.7.1.  If you haven't yet it's worth updating.  Hasn't made anything worse at least.
August 17, 2020, 11:51:08 PM #4 Last Edit: August 17, 2020, 11:53:13 PM by marjohn56
Had the same issue after updating to 20.7.1, strangely 20.7.0 was OK. Here's how I got Geo IP Alias working again. delete the Alias, delete the rule. Create the alias again and then create the rule again...

syslog-ng still has a problem, it's known about and we're trying to get to the root of it.

Other issues not seen, other than syslog-ng, all working nicely.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
August 18, 2020, 04:36:56 AM #5
Quote from: FullyBorked on August 07, 2020, 07:31:57 PM
This isn't comprehensive by any means, but outlines what I am experiencing.  I've not found any workarounds for these issues.  I consider 1 and 2 more serious than the others.  I'll try and keep this up to date as issues are resolved or more are encountered. 

1. WAN throughput is very slow IPS on or off doesn't matter, I'm only getting about 15% of my actual WAN bandwidth.  A reboot fixes the issue temporarily but at some point it will drop back to being slow.  >:(

Edit: Messing with my power settings https://forum.opnsense.org/index.php?topic=18450.0 seemed to "fix" this somehow.  Very confused, maybe it was stuck in a low power mode?  No idea but my speed is fine now, maybe try cycling your power settings.

2. GEO IP Alias simply doesn't work, the zip file is being downloaded from maxmind.com but the alias won't populate, so any rules containing the alias fail to correctly function.

3. Dashboard traffic graphs don't show data with IPS enabled.  I'm on an Intel NIC, some have suggested it's driver related.  Worked ok in 20.1.9 though maybe there is a bug in the latest driver?  No workaround has resolved the issue as of yet.

4. Syslog-NG service doesn't start on it's own after reboot.  Starting it manually does seem to work, but is inconvenient after reboot.   This appears to be fixed with 20.7.1.

4. Restarting suricata service sometimes stops the ntpd service for some reason.  It can be manually started. 

5. Bogons alias is inexplicably empty at times.  Firewall > Diagnostics > pftables > bogons > "update bogons" does populate the list.   

6. Seeing log spam just like https://forum.opnsense.org/index.php?topic=18480.msg84175#msg84175 constantly in the log.  Not sure if this is cause of issue #1 or not.

Code Select

kernel: pflog0: promiscuous mode enabled
kernel: pflog0: promiscuous mode disabled


I have observed many of the same issues.  #3,4,5,6 are the ones that seem to also affect my installation.

No observed issue with bandwidth slowdowns (#1), even with IPS and traffic shaping turned on. Power Saving settings have "Use PowerD" enabled and Hiadaptive set for all drop downs.

I'm not sure if I have seen a problem with GeoIPs (#2). I checked pfTables and see GeoIPs being filled in for all the Alias. Also "Firewall: Aliases > GeoIP settings tab" claims last update was 2020-08-14T20:38:26. Maybe the install I am looking at is OK, not sure how to test it.
August 18, 2020, 05:19:39 AM #6
Quote from: Steven on August 18, 2020, 04:36:56 AM
Quote from: FullyBorked on August 07, 2020, 07:31:57 PM
This isn't comprehensive by any means, but outlines what I am experiencing.  I've not found any workarounds for these issues.  I consider 1 and 2 more serious than the others.  I'll try and keep this up to date as issues are resolved or more are encountered. 

1. WAN throughput is very slow IPS on or off doesn't matter, I'm only getting about 15% of my actual WAN bandwidth.  A reboot fixes the issue temporarily but at some point it will drop back to being slow.  >:(

Edit: Messing with my power settings https://forum.opnsense.org/index.php?topic=18450.0 seemed to "fix" this somehow.  Very confused, maybe it was stuck in a low power mode?  No idea but my speed is fine now, maybe try cycling your power settings.

2. GEO IP Alias simply doesn't work, the zip file is being downloaded from maxmind.com but the alias won't populate, so any rules containing the alias fail to correctly function.

3. Dashboard traffic graphs don't show data with IPS enabled.  I'm on an Intel NIC, some have suggested it's driver related.  Worked ok in 20.1.9 though maybe there is a bug in the latest driver?  No workaround has resolved the issue as of yet.

4. Syslog-NG service doesn't start on it's own after reboot.  Starting it manually does seem to work, but is inconvenient after reboot.   This appears to be fixed with 20.7.1.

4. Restarting suricata service sometimes stops the ntpd service for some reason.  It can be manually started. 

5. Bogons alias is inexplicably empty at times.  Firewall > Diagnostics > pftables > bogons > "update bogons" does populate the list.   

6. Seeing log spam just like https://forum.opnsense.org/index.php?topic=18480.msg84175#msg84175 constantly in the log.  Not sure if this is cause of issue #1 or not.

Code Select

kernel: pflog0: promiscuous mode enabled
kernel: pflog0: promiscuous mode disabled


I have observed many of the same issues.  #3,4,5,6 are the ones that seem to also affect my installation.

No observed issue with bandwidth slowdowns (#1), even with IPS and traffic shaping turned on. Power Saving settings have "Use PowerD" enabled and Hiadaptive set for all drop downs.

I'm not sure if I have seen a problem with GeoIPs (#2). I checked pfTables and see GeoIPs being filled in for all the Alias. Also "Firewall: Aliases > GeoIP settings tab" claims last update was 2020-08-14T20:38:26. Maybe the install I am looking at is OK, not sure how to test it.

I've seen a few folks that have been able to get GeoIP working.  Really wish I could get one of the workarounds to work for me.  I've deleted and recreated and even deleted rebooted and recreated to no avail.  Nothing I do will fill in anything in the pftables under the alias.  My download of the zip appears to be working as it should.
August 18, 2020, 10:29:59 AM #7
Quote from: Steven on August 18, 2020, 04:36:56 AM
I'm not sure if I have seen a problem with GeoIPs (#2). I checked pfTables and see GeoIPs being filled in for all the Alias. Also "Firewall: Aliases > GeoIP settings tab" claims last update was 2020-08-14T20:38:26. Maybe the install I am looking at is OK, not sure how to test it.


Is it the GUI not displaying the GeoIP table or that GeoIP is not working.


Test the GUI by going to  Firewall > Diagnostics > pftables  and selecting the GeoIP rules to see what's there.
Test it's working by going to a site such as https://www.host-tracker.com/v3/en/check - there are many others.
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
August 18, 2020, 02:18:32 PM #8
Quote from: marjohn56 on August 18, 2020, 10:29:59 AM
Quote from: Steven on August 18, 2020, 04:36:56 AM
I'm not sure if I have seen a problem with GeoIPs (#2). I checked pfTables and see GeoIPs being filled in for all the Alias. Also "Firewall: Aliases > GeoIP settings tab" claims last update was 2020-08-14T20:38:26. Maybe the install I am looking at is OK, not sure how to test it.


Is it the GUI not displaying the GeoIP table or that GeoIP is not working.


Test the GUI by going to  Firewall > Diagnostics > pftables  and selecting the GeoIP rules to see what's there.
Test it's working by going to a site such as https://www.host-tracker.com/v3/en/check - there are many others.

GUI not displaying GeoIP table and the GeoIP is not working.  Soon as I enable it nobody can connect to anything.  Remove the GeoIP rule and add any as the source and all is fine again.  It doesn't work because the list is empty so there is no match on the rule and the default drop rule takes precedence. 
August 18, 2020, 02:31:18 PM #9
OPNsense 24.7 - Qotom Q355G4 - ISP - Squirrel 1Gbps.

Team Rebellion Member
August 18, 2020, 02:36:46 PM #10
Quote from: marjohn56 on August 18, 2020, 02:31:18 PM
Force it and then try.


https://forum.opnsense.org/index.php?topic=15409.60 Msg #62
Yea I've done this, I deleted everything and re-added them as mentioned in a few places.  I even created a test alias with a name I'd never used with only one country.  It simply refuses to work.  I can't seem to find any logs to understand why though.

It's ok that it isn't working I'm sure it's just a bug that will get squashed.  It worked just fine in 20.1.9 so I see no reason it won't work here soon.  Maybe they'll have it squashed in the next point release.

Sent from my GM1917 using Tapatalk

August 18, 2020, 03:03:27 PM #11
Hi,
Have you went to firewall->params and change the max entries pfTables up to 400.000 (default is 200.000)?

Goldorak92
August 18, 2020, 03:09:31 PM #12
Quote from: Goldorak92 on August 18, 2020, 03:03:27 PM
Hi,
Have you went to firewall->params and change the max entries pfTables up to 400.000 (default is 200.000)?

Goldorak92
Mine is set to 802000 by default.

Sent from my GM1917 using Tapatalk

August 18, 2020, 03:45:44 PM #13
@oscarr

Had the same issue two days ago. Didn't know why my master crashed and secondary didn't kick in. Had to drive about an hour/half to hard power down the master to get networking up again.

I believe leaving the dashboard opened for extended period of time was the cause, since that what happened in my case as you mentioned above.

Never had any issue like this prior.

Thanks.
Richard
August 18, 2020, 04:01:55 PM #14
@FullyBorked,

Not "max firewall states", which is 806000, but "max pfTables entries"...

Goldorak92
Print
Go Up Pages1 2
User actions