OPNsense 25.1-BETA | feedback

Started by Seimus, December 19, 2024, 08:46:03 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4 5
User actions
January 09, 2025, 10:02:55 AM #45
Quote from: franco on January 09, 2025, 08:17:40 AMIs this with a specific selection under Services: Network Time: General: Interfaces or using "all"?


Cheers,
Franco

Hi actually it's both. I have "Lan" network with ipv4, ipv6 gua and virtual ip in form of ula/64. I can pick any interface but picking this one breakes ntpd. I also have another similar one, but without ipv4 and this one doesn't do this.

I'll check both unable and patch fixes later today and report back.

Thanks!
January 09, 2025, 07:31:24 PM #46
I tried the patch (25.1 beta, with updated base/kernel), and with wan, lan + a virtual ipv6 /64 address (all selected in ntp config) ntp starts up ok :)
January 09, 2025, 07:57:36 PM #47
I did some more work on this... in particular:


https://github.com/opnsense/core/commit/c6e700fb
https://github.com/opnsense/core/commit/b2cc8168
https://github.com/opnsense/core/commit/be42113a (which is likely the real culprit for the nptd behaviour)

Too much for 24.7.x but luckily 25.1 is almost there :)


Cheers,
Franco
January 09, 2025, 07:58:35 PM #48
Quote from: planetf1 on January 09, 2025, 07:31:24 PMI tried the patch (25.1 beta, with updated base/kernel), and with wan, lan + a virtual ipv6 /64 address (all selected in ntp config) ntp starts up ok :)

Yup, it works great. Thanks franco :)
January 13, 2025, 12:35:48 AM #49
Hi,

is there any changes in the repository scheme or anything else?

I have the repository set up the same as before, but I keep getting this message:

Code Select
Could not verify the repository fingerprint.
I have the repo fingerprint under /usr/local/etc/pkg/fingerprints/OPNsense/trusted/, the repo has all packages signed with that, and it is not working :(

thanks,

none
"We will call you Cygnus,
the God of balance you shall be."
January 13, 2025, 09:43:48 AM #50
Quote from: pataps on January 09, 2025, 07:58:35 PM
Quote from: planetf1 on January 09, 2025, 07:31:24 PMI tried the patch (25.1 beta, with updated base/kernel), and with wan, lan + a virtual ipv6 /64 address (all selected in ntp config) ntp starts up ok :)

Yup, it works great. Thanks franco :)

I guess I spoko too soon. After OPNSense reboot I get the same issue..

Code Select

<101>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 7902 - [meta sequenceId="8"] ----------------------------------------------------
<102>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="9"] proto: precision = 0.109 usec (-23)
<102>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="10"] basedate set to 2024-12-27
<102>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="11"] gps base set to 2024-12-29 (week 2347)
<102>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="12"] initial drift restored to 7.743286
<102>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="13"] Listen and drop on 0 v6wildcard [::]:123
<102>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="14"] Listen and drop on 1 v4wildcard 0.0.0.0:123
<102>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="15"] Listen normally on 2 re0 [fe80::5e85:7eff:fe47:f51a%1]:123
<102>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="16"] Listen normally on 3 re1 [fe80::5e85:7eff:fe47:f51b%2]:123
<102>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="17"] Listen normally on 4 re1 192.168.1.1:123
<99>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="18"] bind(25) AF_INET6 [fdf3:e453:45bc::]:123 flags 0x11 failed: Can't assign requested address
<99>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 8583 - [meta sequenceId="19"] unable to create socket on re1 (5) for [fdf3:e453:45bc::]:123
<99>1 2025-01-12T21:12:00+01:00 OPNsense.lan ntpd 7902 - [meta sequenceId="20"] daemon child died with signal 11

It still doesn't like the virtual ip added to "Lan".

OPNsense 25.1.b_108
January 13, 2025, 10:53:00 AM #51
Yep, my bad:

# opnsense-patch https://github.com/opnsense/core/commit/26de190ba


Cheers,
Franco
January 14, 2025, 01:51:15 AM #52
On OPNsense 25.1.b_108 there's no IPSec Phase 2 anymore on 3 FWs - no change in the configuration on any prior to the upgrade to the -devel version. Things were also fine on 14.2 K&B with the packages from 24.7

Also on one FW which has policy routing (almost) nothing works anymore on the main VLAN, all the policy routed traffic is ignored and is sent out an arbitrary openvpn GW.
January 14, 2025, 07:18:51 AM #53 Last Edit: January 14, 2025, 07:20:42 AM by hoehoe


all seems ok, apart from some ghost sensors.....

Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz (4 cores, 4 threads)
January 14, 2025, 09:11:44 AM #54
That's a bit expected... Can you run this for me and share the output? Thanks!

# sh -c 'sysctl $(configctl system sensors)'
January 14, 2025, 09:14:30 AM #55
Quote from: newsense on January 14, 2025, 01:51:15 AMOn OPNsense 25.1.b_108 there's no IPSec Phase 2 anymore on 3 FWs - no change in the configuration on any prior to the upgrade to the -devel version. Things were also fine on 14.2 K&B with the packages from 24.7

Also on one FW which has policy routing (almost) nothing works anymore on the main VLAN, all the policy routed traffic is ignored and is sent out an arbitrary openvpn GW.

You got any static routes in the configuration that are not showing up?
January 14, 2025, 09:27:53 AM #56
Negative, static routing is not enabled.
January 14, 2025, 10:21:26 AM #57
I was wondering if these IKE patches from yesterday would help, but it seems I'm either missing some other patch or they need more tweaking, so I'll undo it for now.

Code Select

 # opnsense-patch e8f6a825b75c6a38183e98e24fa4139e2070a89c e58197e5a5dc686671b115f4e7efad4aaedb523d 88530c33dfb3be4c7c0396b275054deb11dec467

When reloading services this message appears:

Code Select
Generating /etc/hosts...done.

Fatal error: Uncaught OPNsense\Base\ModelException: class OPNsense\IPsec\FieldTypes\IKEAddressField missing in /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php:158
Stack trace:
#0 /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php(205): OPNsense\Base\BaseModel->getNewField('OPNsense\\IPsec\\...')
#1 /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php(278): OPNsense\Base\BaseModel->parseXml(Object(SimpleXMLElement), Object(SimpleXMLElement), Object(OPNsense\Base\FieldTypes\ContainerField))
#2 /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php(299): OPNsense\Base\BaseModel->parseXml(Object(SimpleXMLElement), Object(SimpleXMLElement), Object(OPNsense\Base\FieldTypes\ContainerField))
#3 /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php(385): OPNsense\Base\BaseModel->parseXml(Object(SimpleXMLElement), Object(SimpleXMLElement), Object(OPNsense\Base\FieldTypes\ContainerField))
#4 /usr/local/etc/inc/plugins.inc.d/ipsec.inc(204): OPNsense\Base\BaseModel->__construct()
#5 /usr/local/etc/inc/plugins.inc(112): ipsec_devices()
#6 /usr/local/etc/inc/interfaces.inc(634): plugins_devices()
#7 /usr/local/etc/rc.reload_all(53): interfaces_configure(true)
#8 {main}
  thrown in /usr/local/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php on line 158

*** OPNsense.localdomain: OPNsense 25.1.b_108 (amd64) ***

 
January 14, 2025, 10:46:51 AM #58
Patches renaming files are tricky even with opnsense-patch. I'm intending to update 25.1.b packages later today.


Cheers,
Franco
January 14, 2025, 09:04:02 PM #59
Print
Go Up Pages 1 2 3 4 5
User actions