[update] after 22.7.9 update the gateway suddenly dies after 1 day or so

Started by manilx, December 03, 2022, 11:19:45 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4 5 6
User actions
December 11, 2022, 12:44:20 AM #45
I had the same fault with Unbound and the web page becoming unresponsive. In fact I initially thought the problem was with unbound and I didnt know about the suricata thing until later. I still dont understand what was causing that.
Downgrading Suricata as above should fix. It did for me.
December 11, 2022, 10:03:35 PM #46
I had to goto my backup hardware, install and update OPNsense, restore configuration, then did the opnsense-revert suricata, which worked. Everything seems ok now using Suricata 6.0.8_1. This site is the only one I have using IDS. All the others updated without incident. I will not do another update on this system until I know the Suricata issues are resolved. Probably a good idea to look at the forum after a new release comes out. My bad.
December 12, 2022, 02:33:21 AM #47
Make sure to lock Suricata at 6.0.8_1


Sent from my iPhone using Tapatalk
December 12, 2022, 10:17:14 AM #48
Both 6.0.8_1 or 6.0.9_1 should work. I don't know about disaster but the backport efforts were not really necessary in my opinion but someone did ask for it and it wasn't OPNsense. ;)


Cheers,
Franco
December 12, 2022, 10:21:46 AM #49
I have installed the patch but blocked Suricata at 6.0.8_1. Stable
I will now update Suricata also but will do a snapshot before to be able to revert easily. Will report how it goes.
December 13, 2022, 02:35:07 AM #50
Yes this problem caused me to change my upgrading behavior to performing snapshots of the VHD before hand so that I may simply roll back the VHD to the time before the upgrade.
December 13, 2022, 06:29:52 PM #51
After 24hrs+ running: 22.7.9_3 + suricata    6.0.9_1

Stable so far!
December 14, 2022, 10:02:08 AM #52
So how do you take snapshots. Is that a plug-in? I have been looking for a way to do bare metal backups of OPNsense.
December 14, 2022, 10:04:20 AM #53
OPNsense is running in a proxmox VM, where you make snapshots. Nothing to do with OPnsense.

Baremetal: reinstall and restore previously saved config.
December 14, 2022, 10:26:06 AM #54
Ok, thanks. Thought I was missing something.
December 14, 2022, 10:47:05 AM #55
Install with ZFS - voila! Snapshots!
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 15, 2022, 11:18:09 PM #56 Last Edit: December 15, 2022, 11:42:39 PM by dcol
I installed with ZFS. So the snapshots are automatic? If so, how do you reinstall using snapshot. In TrueNAS, I can rollback or clone. How would you do that with OPNsense?

I wouldn't mind attempting an update again to 22.7.9_3 if I knew I could easily rollback. And just using the config backup doesn't always work. Updating to 22.7.9_3 gave me file issues. Changing the config.xml doesn't change back the OPNsense version. I had to do a fresh install of 22.7, then update to 22.7.8 then apply the config restore. Twice.

I had two main issues with 22.7.9_3. Suricata had issues, and the GUI was very sluggish. Even reverting to Suricata 6.0.8_1 had issues. Took 5+ minutes to load the firmware status and other pages were very slow to load. 22.7.8 is quick and works. I wish the logs were helpful, but nothing to see there in trying to resolve the issues. Must have something to do with the configurations. On two other system with same hardware, the upgrade to 22.7.9_3 went fine. But those don't use IDS and have mostly a default configuration with one LAN and one WAN and only a few NAT rules added. The system that has the issue has 2 WAN's, Mutiple Gateways, 4 LAN's, and complex rules.
December 16, 2022, 07:28:20 AM #57
Quote from: dcol on December 15, 2022, 11:18:09 PM
I installed with ZFS. So the snapshots are automatic? If so, how do you reinstall using snapshot. In TrueNAS, I can rollback or clone. How would you do that with OPNsense?
No, they are not automatic.

https://forum.opnsense.org/index.php?topic=25540.msg122731
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
December 16, 2022, 04:26:55 PM #58
Thanks. That is what I was looking for. Worked like a charm.
December 26, 2022, 03:27:39 PM #59
@franco

UPDATE:

I have been running 22.7.10_2 and the previous update with the Suricata 6.0.9_1

I have found that for the last few days I get to a time when I see memory usage going up, swap space being used (I have 12GB assigned and pratically never use swap) and then suddenly some domains start not resolving.
Then even more stop resolving. A reboot fixes this.
I have switched from Unbound to DNSmasq but the same happens after a day or so.
I have reverted to OPNsense 22.7.8 have locked the suricata at 6.0.8_1 and updated again to 22.7.10_2

Running fine now again, with normal memory usage and all domains resolving.

So Suricata 6.0.9_1 DOES have issues still........

Print
Go Up Pages 1 2 3 4 5 6
User actions