Massive problems since upgrade to version 22.10

[psychofaktory]

Hello,

Since the upgrade to version 22.10, we have unfortunately been struggling with several problems.

The update itself was still error-free.
Since then, however, there have been repeated problems:

• When restarting, OPNsense hangs forever (several hours) with the message "stopping eastpect. Waiting for PIDS: 5911". OPNsense could then finally be restarted with "shutdown -r now".
• Some VLANs could no longer be reached from other networks. Only after I had replaced all VLAN interfaces with new interfaces with the designation according to the scheme vlan0.xx were most of the networks accessible again.
• OPNsense permanently had massive latencies and even packet losses. The error only disappeared after I removed the tick from "Allow changing the default gateway".
• The OPNsense webgui gives the error message 503 Service Unavailable every day. Only a restart via the console makes the webgui accessible again.

I urgently ask for help. At the moment, one network is still not accessible.

[Supermule]

That is not good news.

Are you on a business or CE?

[psychofaktory]

business!

[Supermule]

Then you need to contact support to get it fixed asap.

Do you have a test environment or lab to do the upgrades before it goes into production??

[psychofaktory]

OPNsense runs on a Deciso DEC3840 Server.

The Logs from System -> Logs from today are attached.

Couldn't get the Audit-Log exported.
Since I tried to get the audit log System Status (the red point on top right on the webgui) says:
"Crash Reporter - An issue was detected and can be reviewed using the firmware crash reporter".

[psychofaktory]

Then you need to contact support to get it fixed asap.

Where can I reach the responsible support as quickly as possible?

Do you have a test environment or lab to do the upgrades before it goes into production??

No, we are only a small school without the necessary capacity and resources for such things.

[Supermule]

https://shop.opnsense.com/product-categorie/support/

Bottom part of the page.

[psychofaktory]

Can only find the mail address of the sales Team here.
Last time it took a few days since i got an answer on this email.

[Supermule]

OPNsense.com
Deciso Sales B.V.
Edison 43
3241LS Middelharnis
The Netherlands

sales@opnsense.com
+31 187 744 020

Mon-Fri 9h to 17h CET

[franco]

I want to stop you right here and consider:

> stopping eastpect. Waiting for PIDS: 5911

Turn off Zenarmor to try to confirm what you are seeing here... I'm inclined to move this to the appropriate forum.


Cheers,
Framco

[psychofaktory]

I have now deactivated ZenArmor.

Since then, all networks can be reached again and the system can also be restarted cleanly.


Nevertheless, the logs look like a lot of errors to me.
The services cron, nginx and nut_upsmon also need a lot of time to come up.

[aduwing]

The latest Zenarmor update caused havoc on my network. I uninstalled it for now until the issues are fixed.

[sy]

Hi,

Can you share a bug report form the upper right corner of Zenarmor GUI?

[sy]

Hi again,

You can try to increase the netmap buffer by following the instruction:

Please try to add the following tunable and then restart the firewall.

System - Settings - Tunable
Tunable: dev.netmap.buf_num
Value: 1000000

[psychofaktory]

I have made the setting and will now test it for some time.
A Bug Report has been sent afterwards to the supplement.


Besides this Nginx still has problems starting.

The log says:

Code Select Expand

invalid PID number "" in "/var/run/nginx.pid".
and

Code Select Expand

bind() to unix:/var/run/nginx_status.sock failed (48: Address already in use)
bind() to 0.0.0.0:443 failed (48: Address already in use)
bind() to [::]:443 failed (48: Address already in use)
bind() to 0.0.0.0:80 failed (48: Address already in use)
bind() to [::]:80 failed (48: Address already in use)


After some time and manual start-up attempts, nginx can be started and works.

This behaviour did not occur before the upgrade to the new OPNsense version.