[SOLVED?]errors & strange behavior opnsense 22.1.1_1 ->Suricata fix:uncheck IPS

Started by RamSense, February 17, 2022, 01:29:51 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
February 17, 2022, 01:29:51 PM Last Edit: February 19, 2022, 02:16:01 PM by RamSense
since the last update to 22.1.1_1 with no config change I'm getting very strange behavior of the system. Are others experiencing this also?

some apps on the iPhones on wifi don't load any more, some websites don't load, some are.
I can't not find why. And errors in the system-log-backend:

configd.py   unable to sendback response [Updating OPNsense repository catalogue... Fetching meta.conf: . done Fetching packagesite.txz: .......... done Processing entries: .......... done OPNsense repository update completed. 779 packages processed. Updating SunnyValley repository catalogue... Fetching meta.conf: . done Fetching packagesite.txz: .. done Processing entries: .... done SunnyValley repository update completed. 32 packages processed. Updating mimugmail repository catalogue... Fetching meta.conf: . done Fetching packagesite.txz: ....... done Processing entries: .......... done mimugmail repository update completed. 170 packages processed. All repositories are up to date. ] for [sensei][check-updates][['cron']] {69965927-38b8-4217-8dd0-5d75994f6308}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 202, in run self.connection.sendall(('%s\n' % result).encode()) BrokenPipeError: [Errno 32] Broken pipe


   Error   configd.py   Timeout (120) executing : firmware remote

Error   configd.py   [f0aef359-a298-4aa7-8b71-3fccbf91beb9] Script action stderr returned "b'[07-Feb-2022 08:58:51] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful\n\n[07-Feb-2022 08:58:52] NOTICE: configuration file /usr/local/etc/php-fpm.conf test is successful\n\nnginx: the configuration file /usr/local/etc/nginx/nginx.co'"




February 17, 2022, 02:09:13 PM #1
More errors in system-log file-general:

2022-02-17T13:58:00   Error   opnsense   /usr/local/etc/rc.newwanipv6: Resyncing OpenVPN instances for interface WAN.   
2022-02-17T13:57:59   Error   opnsense   /usr/local/etc/rc.newwanipv6: The RAMVPN_GW monitor address is empty, skipping.   
2022-02-17T13:57:59   Error   opnsense   /usr/local/etc/rc.newwanipv6: The WAN_DHCP monitor address is empty, skipping.   
2022-02-17T13:57:59   Error   opnsense   /usr/local/etc/rc.newwanipv6: The WAN_DHCP6 monitor address is empty, skipping.   
2022-02-17T13:57:59   Error   opnsense   /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway 'fe80::xxxxx %igb0'   
2022-02-17T13:57:59   Error   opnsense   /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::xxxx   
2022-02-17T13:57:59   Error   opnsense   /usr/local/etc/rc.newwanipv6: ROUTING: IPv6 default gateway set to wan   
2022-02-17T13:57:59   Error   opnsense   /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway '217.xxxxxc'   
2022-02-17T13:57:59   Error   opnsense   /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv4 default route to 217.xxxxx.1   
2022-02-17T13:57:59   Error   opnsense   /usr/local/etc/rc.newwanipv6: ROUTING: IPv4 default gateway set to wan   
2022-02-17T13:57:59   Error   opnsense   /usr/local/etc/rc.newwanipv6: ROUTING: entering configure using 'wan'   
2022-02-17T13:57:59   Error   opnsense   /usr/local/etc/rc.newwanipv6: On (IP address: 2001:xxx.xxxxx) (interface: WAN[wan]) (real interface: igb0).   
2022-02-17T13:57:59   Error   opnsense   /usr/local/etc/rc.newwanipv6: IPv6 renewal is starting on 'igb0'   
2022-02-17T13:57:58   Error   opnsense   /usr/local/etc/rc.linkup: The command '/usr/local/opnsense/scripts/dns/unbound_dhcpd.py --domain 'localdomain'' returned exit code '1', the output was 'Unable to lock on the pidfile.'



Is this ipv6 related? What is going on with the latest opnsense version? Help is much appreciated. Even a site like https://www.dnsleaktest.com/ won't load but other sites do... very strange...,
February 17, 2022, 02:42:51 PM #2
After a reboot of opnsense it all seem to work, and than after some minutes all te strange behavior starts again
February 17, 2022, 02:56:10 PM #3
Same, logs are ALL screwed up, info is logged as ERROR, half my clients no longer work but hard to tell what's up because...logging.  Im going to back this one out probably as this was one of the worst updates in recent history.  Assuming the move to bsd13 was the issue here, as always should have waited a few months for the point releases to fix everything that broke :(
February 17, 2022, 03:20:03 PM #4
I can confirm this - many errors in all system logs.
February 17, 2022, 03:36:39 PM #5
Qualified reports people, this is not helpful.


Cheers,
Franco
February 17, 2022, 05:27:21 PM #6
I would love to isolate the problem more....but could not for now.
That is why I posted a selection from the errors log.
strange thing is that after opnsense reboot it works and very fast there after, just a couple of minutes, it gets acting weird again. Any suggestion where I should start looking for clues?
February 17, 2022, 06:25:56 PM #7
Hello

I have the same feeling on my side.
Checked the interface and MTU but everything seems ok

Hardware : PCengine APU2C4

Was working as a charm on 22.1 GA

Logan
February 17, 2022, 06:37:30 PM #8
I too found this after an upgrade from 22.1 to 22.1.1-1... After the initial reboot nothing outside of my LAN would load (as if the firewall or dns wasn't working correctly)... I reloaded pf service and got partial working behavior, but 'some' things were extremely slow. An additional reboot cleared everything up.
February 17, 2022, 06:57:22 PM #9 Last Edit: February 17, 2022, 06:59:23 PM by RamSense
deleted
February 17, 2022, 07:34:59 PM #10
Quote from: isamudaison on February 17, 2022, 06:37:30 PM
I too found this after an upgrade from 22.1 to 22.1.1-1... After the initial reboot nothing outside of my LAN would load (as if the firewall or dns wasn't working correctly)... I reloaded pf service and got partial working behavior, but 'some' things were extremely slow. An additional reboot cleared everything up.

The .1 update is what did it for me I think...

I had to re-install the whole OS, I would highly recommend that.  Give you an opportunity to use zfs. :)

After a wipe and re-install, everything is back to normal and functioning besides sensei which was broken by the python upgrade. You have to do a wipe and re-install to fix your issues unfortunately, the .1 completely broke my network and I don't really have anything fancy. Make a config backup, reinstall, install your plugins again, reboot and restore the config.  It goes very fast, the config backup is a great tool. This is why I only upgrade at my home network :D
February 17, 2022, 08:22:33 PM #11
you triggered me with sensei...
so I did a restore my opnsense config of the latest config I have and was working before updating. This way I can rule out that the update somehow did change something in the config... - same result.
than I did zenarmour reinstall with terminal:
rm -f /usr/local/sensei/etc/.configdone

and than ran the installation with the gui. Sensei/zenarmour is running, no errors.
but the strange behaviors of opnsense remains....
February 17, 2022, 08:44:59 PM #12 Last Edit: February 17, 2022, 10:18:04 PM by pmhausen
One one hand we might have a cosmetic problem here. I don't have any problem with my firewall malfunctioning but after reading these posts I just checked and - behold - benign events are logged with a severity of "Error". Obviously none of these events is an error.

So if I was experiencing unexplainable "weird" behaviour of my firewall, go to the log files and see nothing but "Error Error Error ..." that would make me think there is a connection, too.

Kind regards,
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 17, 2022, 09:41:00 PM #13 Last Edit: February 17, 2022, 09:50:38 PM by RamSense
@Franco
After trying by trial and error a lot of things I found in Suricata this error:
Stats for 'igb0^': pkts: 0, drop: 0 (nan%), invalid chksum: 0

I did a google, found an old opnsense forum mentioning something about setting Suricata  Pattern matcher from hyperscan (what I use on my opnsense Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz (4 cores, 4 threads)
changed it to Aho-Corasick
saved and than the weird stuff ended, all working as should... but again.. after just some minute(s) all strange things are back.

changed the setting back to Hyperscan,
saved and than the weird stuff ended again, all working as should. but again, after just some minute(s) strange things as described started again.

So I think with my trial and error, it seems related to Suricata? Or changing config in Suricata refreshes "something" in opsense what "solves" the problem for some minutes....

Hope this helps the searching direction...
February 17, 2022, 10:34:09 PM #14
I have a post in the sensei section but similar, config.py is leading me to believe an issue with the way the system uses python.
Print
Go Up Pages1 2
User actions