Topics

Thought I'd report that this package failed to automatically install as the release notes said it would, on update from 25.7.11 to 26.1.

It also fails to start and I now seem to have to configure all my old DHCP stuff into DNSmasq.

I have no idea what this BPF device is supposed to be. It seems that all the previously present config for DHCP has been removed, and the plugin fails to restore it. This is not a simple upgrade if you're using ISC DHCP and you need to warn about this mess..

Code Select Expand

2026-01-31T15:46:43-05:00    Error    dhcpd     exiting.
2026-01-31T15:46:43-05:00    Error    dhcpd   
2026-01-31T15:46:43-05:00    Error    dhcpd     process and the information we find helpful for debugging.
2026-01-31T15:46:43-05:00    Error    dhcpd     before submitting a bug.  These pages explain the proper
2026-01-31T15:46:43-05:00    Error    dhcpd     bugs on either our web page at www.isc.org or in the README file
2026-01-31T15:46:43-05:00    Error    dhcpd     than a configuration issue please read the section on submitting
2026-01-31T15:46:43-05:00    Error    dhcpd     If you think you have received this message due to a bug rather
2026-01-31T15:46:43-05:00    Error    dhcpd   
2026-01-31T15:46:43-05:00    Error    dhcpd     No bpf devices.   Please read the README section for your operating system.
2026-01-31T15:46:42-05:00    Error    dhcpd     exiting.
2026-01-31T15:46:42-05:00    Error    dhcpd   
2026-01-31T15:46:42-05:00    Error    dhcpd     process and the information we find helpful for debugging.
2026-01-31T15:46:42-05:00    Error    dhcpd     before submitting a bug.  These pages explain the proper
2026-01-31T15:46:42-05:00    Error    dhcpd     bugs on either our web page at www.isc.org or in the README file
2026-01-31T15:46:42-05:00    Error    dhcpd     than a configuration issue please read the section on submitting
2026-01-31T15:46:42-05:00    Error    dhcpd     If you think you have received this message due to a bug rather
2026-01-31T15:46:42-05:00    Error    dhcpd   
2026-01-31T15:46:42-05:00    Error    dhcpd     No bpf devices.   Please read the README section for your operating system.
2026-01-31T15:00:53-05:00    Error    dhcpd     Abandoning IP address 10.0.100.122: pinged before offer
2026-01-31T15:00:49-05:00    Error    dhcpd     Abandoning IP address 10.0.100.121: pinged before offer
2026-01-31T14:57:16-05:00    Error    dhcpd     No pool found for IA_NA address 2607:f2c0:b16f:7d04::2000
2026-01-31T14:57:16-05:00    Error    dhcpd     No pool found for IA_NA address 2607:f2c0:b16f:7d01::2000
2026-01-31T14:25:15-05:00    Error    dhcpd     No pool found for IA_NA address 2607:f2c0:b041:d301::2000
2026-01-31T14:25:15-05:00    Error    dhcpd     No pool found for IA_NA address 2607:f2c0:b041:d304::2000


EDIT: I had to restart opnsense to get the DHCP server to work... Thanks to previous poster from a few days ago who found the same problem.

Hi, I'm in the process of overhauling my OPNsense, so I'm rebuilding my config from scratch to clean out a lot of cruft in a new VM of 24.7.6. I'm trying to align my interfaces with the "prebuilt" setups as much as possible (lower friction, maybe?)

Something I've noticed - I have a fibre with PPPoE. It's working great, no problems, on the existing setup, but it's officially my "WAN" connection, not "opt2".

I'm trying to run the assignment "wizard" in the command line, but it refuses to let me select "pppoe0" as a WAN connection, even though it IS configured in the UI. I can assign it through the UI (but it gets an OPT name), but the command line seems to completely reject pppoe0 as a valid interface name.

Code Select Expand


MANAGEMENT (vtnet0_vlan1) -> v4: 10.10.0.250/24
                    v6: fdf5:7b89:4604::a0a:fa/128

HTTPS: sha256 CC 73 E3 5C AE B1 E3 48 66 C7 FE F5 C3 74 3A 46
               57 17 34 90 FB 9E D1 BB 36 E5 76 15 68 60 4E 41

  0) Logout                              7) Ping host
  1) Assign interfaces                   8) Shell
  2) Set interface IP address            9) pfTop
  3) Reset the root password            10) Firewall log
  4) Reset to factory defaults          11) Reload all services
  5) Power off system                   12) Update from console
  6) Reboot system                      13) Restore a backup

Enter an option: 1

Do you want to configure LAGGs now? [y/N]:
Do you want to configure VLANs now? [y/N]:

Valid interfaces are:

vtnet0           bc:24:11:96:b5:a0 VirtIO Networking Adapter
vtnet0_vlan1     00:00:00:00:00:00 VLAN tag 1, parent interface vtnet0
vtnet0_vlan20    00:00:00:00:00:00 VLAN tag 20, parent interface vtnet0
vtnet0_vlan40    00:00:00:00:00:00 VLAN tag 40, parent interface vtnet0
vtnet0_vlan39    00:00:00:00:00:00 VLAN tag 39, parent interface vtnet0
vtnet0_vlan10    00:00:00:00:00:00 VLAN tag 10, parent interface vtnet0
vtnet0_vlan30    00:00:00:00:00:00 VLAN tag 30, parent interface vtnet0
vtnet0_vlan50    00:00:00:00:00:00 VLAN tag 50, parent interface vtnet0
vtnet0_vlan60    00:00:00:00:00:00 VLAN tag 60, parent interface vtnet0
vtnet0_vlan100   00:00:00:00:00:00 VLAN tag 100, parent interface vtnet0

If you do not know the names of your interfaces, you may choose to use
auto-detection. In that case, disconnect all interfaces now before
hitting 'a' to initiate auto detection.

Enter the WAN interface name or 'a' for auto-detection: pppoe0

Invalid interface name 'pppoe0'

Enter the WAN interface name or 'a' for auto-detection:

Enter the LAN interface name or 'a' for auto-detection
NOTE: this enables full Firewalling/NAT mode.
(or nothing if finished): vtnet0_vlan1

Enter the Optional interface 1 name or 'a' for auto-detection
(or nothing if finished): pppoe0

Invalid interface name 'pppoe0'

Enter the Optional interface 1 name or 'a' for auto-detection
(or nothing if finished):




Is this a bug or oversight in the CLI utility behind "Assign Interfaces"?

Hi, I just upgraded from 24.1.10_8 to 24.7.4_1 (via 24.7.1) and it seems that IPv6 over PPPoE is no longer working for my setup. It worked perfectly prior to the upgrade.

I have "Use IPv4 Connectivity" selected, and it was working fine prior to the update. The IPv6 configuration type is "DHCPv6", again, same as prior to the update.

I am requesting a /56 PD and sending the prefix hint. Again, this all worked fine prior to the upgrade.

The change I see in the PPPoE log file is the presence of a new error message:

Code Select Expand


2024-09-18T10:09:07-04:00 Informational ppp [opt2_link0] rec'd unexpected protocol IPv6
2024-09-18T09:56:28-04:00 Informational ppp [opt2_link0] rec'd unexpected protocol IPv6



This has happened twice since the update (once at 24.7.1 and once at 24.7.4_1). It seems clear that this is now broken for me.

Some log file snippets from prior to the upgrade, and post upgrade.

Prior:


EDIT: Nevermind. It just took about 15 minutes for the IPv6 address to show up on the interface. Very slow, and the error message wasn't convincing, but it is there and I have a PD. Thanks for the software!

Hi
I have an annoyingly unreliable DSL/PPPoE link to upstream. It loses signal fairly regularly and needs to reauthenticate and rebuild the interface.

DPinger does NOT like this. Every time, since about the 23.7 series, I have to manually restart the dpinger processes (ipv4 and ipv6 monitors) monitoring the status of the link. The link itself comes back very reliably - a blessing I suppose - but dpinger is convinced its dead. I have previously solved this by monitoring the dpinger processes - but those don't seem to actually terminate anymore, just the monitoring.

Log file:

Code Select Expand


2024-01-05T16:52:27-05:00 Notice dpinger ALERT: DSL_DHCP6 (Addr: 2607:xxxx Alarm: down -> none RTT: 11.6 ms RTTd: 3.2 ms Loss: 0.0 %)
2024-01-05T16:52:15-05:00 Notice dpinger ALERT: DSL_PPPOE (Addr: 206.x.x.x Alarm: down -> none RTT: 11.5 ms RTTd: 1.3 ms Loss: 0.0 %)
2024-01-05T16:52:15-05:00 Notice dpinger Reloaded gateway watcher configuration on SIGHUP
2024-01-05T16:52:15-05:00 Notice dpinger Reloaded gateway watcher configuration on SIGHUP
2024-01-05T16:52:14-05:00 Warning dpinger send_interval 1000ms loss_interval 4000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 0ms loss_alarm 0% alarm_hold 10000ms dest_addr 2607:xxxx bind_addr 2607:x:x:x:x identifier "DSL_DHCP6 "
2024-01-05T16:52:14-05:00 Warning dpinger exiting on signal 15
2024-01-05T16:52:05-05:00 Warning dpinger send_interval 1000ms loss_interval 4000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 0ms loss_alarm 0% alarm_hold 10000ms dest_addr 206.x.x.x bind_addr 69.x.x.x identifier "DSL_PPPOE "
2024-01-05T16:52:05-05:00 Warning dpinger exiting on signal 15
2024-01-05T16:20:58-05:00 Notice dpinger Reloaded gateway watcher configuration on SIGHUP
2024-01-05T16:20:57-05:00 Warning dpinger exiting on signal 15
2024-01-05T16:20:37-05:00 Notice dpinger Reloaded gateway watcher configuration on SIGHUP
2024-01-05T16:20:37-05:00 Warning dpinger send_interval 1000ms loss_interval 4000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 0ms loss_alarm 0% alarm_hold 10000ms dest_addr 206.x.x.x bind_addr 69.x.x.x identifier "DSL_PPPOE "
2024-01-05T16:20:37-05:00 Warning dpinger exiting on signal 15
2024-01-05T16:20:36-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:35-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:35-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:34-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:34-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:33-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:33-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:32-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:32-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:31-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:31-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:30-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:30-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:29-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:29-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:28-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:28-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:27-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:27-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:26-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:26-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:25-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:25-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:24-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:24-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:23-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:23-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:22-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:22-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:21-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:21-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:20-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:20-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:19-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:19-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:18-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:18-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:17-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:17-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:16-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:16-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:15-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:15-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:14-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:14-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:13-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:13-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:12-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:12-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:11-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:11-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:10-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:10-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:09-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:09-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:08-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:08-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:07-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:07-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:06-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:06-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:05-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:05-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:04-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:04-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:03-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:03-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:02-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:02-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:01-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:01-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:20:00-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:20:00-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:59-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:59-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:58-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:58-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:57-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:57-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:56-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:56-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:55-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:55-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:54-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:54-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:53-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:53-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:52-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:52-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:51-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:51-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:50-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:50-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:49-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:49-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:48-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:48-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:47-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:47-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:46-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:45-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:45-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:44-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:44-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:43-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:43-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:42-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:42-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:41-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:41-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:40-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:40-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:39-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:39-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:38-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:38-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:37-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:37-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:36-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:36-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:35-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:35-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:34-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:34-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:33-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:33-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:32-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:32-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:31-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:31-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:30-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:30-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:29-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:29-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:28-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:28-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:27-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:27-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:26-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:26-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:25-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:25-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:24-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:24-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:23-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:23-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:22-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:19:22-05:00 Warning dpinger DSL_DHCP6 2607:xxxx: sendto error: 50
2024-01-05T16:19:21-05:00 Warning dpinger DSL_PPPOE 206.x.x.x: sendto error: 50
2024-01-05T16:18:39-05:00 Notice dpinger ALERT: DSL_PPPOE (Addr: 206.x.x.x Alarm: loss -> down RTT: 11.2 ms RTTd: 0.9 ms Loss: 33.0 %)
2024-01-05T16:18:39-05:00 Notice dpinger ALERT: DSL_DHCP6 (Addr: 2607:xxxx Alarm: loss -> down RTT: 10.6 ms RTTd: 0.2 ms Loss: 32.0 %)
2024-01-05T16:18:28-05:00 Notice dpinger ALERT: DSL_PPPOE (Addr: 206.x.x.x Alarm: none -> loss RTT: 11.3 ms RTTd: 1.6 ms Loss: 12.0 %)
2024-01-05T16:18:28-05:00 Notice dpinger MONITOR: DSL_DHCP6 (Addr: 2607:xxxx Alarm: none -> loss RTT: 10.6 ms RTTd: 0.2 ms Loss: 12.0 %)
2024-01-05T13:05:42-05:00 Notice dpinger ALERT: DSL_PPPOE (Addr: 206.x.x.x Alarm: down -> none RTT: 10.6 ms RTTd: 0.1 ms Loss: 0.0 %)
2024-01-05T13:05:42-05:00 Notice dpinger ALERT: DSL_DHCP6 (Addr: 2607:xxxx Alarm: down -> none RTT: 10.7 ms RTTd: 0.2 ms Loss: 0.0 %)



At 16:19 the DSL link went down and recycled - it came up at 16:20:36 - right before both dpinger processes died. Except they were still running - monit failed to detect that they had changed state at all.

It seems that dpinger is wedging somehow. How would I go about debugging this situation - I'm pretty sure I can cause this problem fairly easily by just unplugging the phone cable from the DSL modem, but I don't know how to debug. I have "debugging" turned on in the log file but nothing shows up.

I have a static PD from my ISP (yay!) and I'm trying to hand out static IP addresses to server clients via DHCP, so I can keep them accessible, and get nice automations around DNS and stuff.

Unfortunately, the "static PD" is a tad unstable at present, and sometimes things go a bit awry, and I get a different PD from my ISP. When this happens, I notice that a duplicate DHCP server starts up, serving the new PD to my clients, while the existing one is still running!. This is, as you can imagine, causing some serious headaches. I'm not sure why this happens, but it's happened about a few dozen times since IPv6 started being available on my system - about 3 weeks ago.

Code Select Expand


[root@wall /var/log/system]# ps aux | fgrep dhcp
root     4559   0.0  0.2  31228  17460  -  Is   30Mar23      0:06.65 /usr/local/sbin/dhcp6c -c /var/etc/dhcp6c.conf -p /var/run/dhcp6c.pid -D
root    16705   0.0  0.2  25764  15032  -  Ss   09:56        0:02.06 /usr/local/bin/python3 /usr/local/opnsense/scripts/dhcp/unbound_watcher.py --domain weeksfamily.ca (python3.9)
dhcpd   46539   0.0  0.2  25712  13264  -  Ss   09:55        0:00.74 /usr/local/sbin/dhcpd -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid lagg0_vlan1 lagg0_vlan20 lagg0_vlan30 lagg0_vlan40
dhcpd   63528   0.0  0.1  22768  10328  -  Ss   Tue02        0:06.05 /usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid lagg0_vlan10
_dhcp   68325   0.0  0.0  13076   2476  -  SCs  Tue10        0:00.71 dhclient: igb2 (dhclient)
dhcpd   96030   0.0  0.1  22768  10332  -  Ss   09:55        0:00.63 /usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid lagg0_vlan10
root    96473   0.0  0.0  12756   1860  -  Is   09:55        0:00.00 daemon: /usr/local/opnsense/scripts/dhcp/prefixes.sh[97087] (daemon)
root    97087   0.0  0.0  13504   2364  -  S    09:55        0:00.05 /bin/sh /usr/local/opnsense/scripts/dhcp/prefixes.sh
root     9761   0.0  0.0  12748   1996  0  S+   12:38        0:00.00 fgrep dhcp


Here you can see that PID 63528 and 96030 are both serving v6 on the lagg0_vlan10 interface, and I get a random assortment of IPs as a result, depending which one "wins".

I suspect this is a bug, but not sure how I would go about diagnosing it, especially since it's triggered by the upstream interface getting a new PD.

Hi,
Is there a recommended way to handle an IPv6 address assignment for the WAN interface, where I'm receiving a /56 PD from my ISP?

Details:
I have a static(!) IPv6 /56 PD from my ISP. The WAN interface receives it correctly from my ISP via DHCPv6, which is great. I also request a regular /128 IP address from my ISP (which I don't believe is static and is not from the PD). I would probably prefer to assign the WAN address from the /56, but I don't know how to do that. Perhaps I just assign a static address? But then, I don't think I can track interface to push the PD down to the "LAN" side, can I?

I've currently set the "LAN" interface to be the ::1 from the PD, which means it can be reached from the internet. But it's not the origin of packets from the firewall to the internet on IPv6 (that is the /128), which makes me slightly uncomfortable.

How is this recommended to be handled. I've seen other posts asking a similar question (getting a PD from ISP, how to assign from it) but never seen an actual answer saying "do this".

Thanks!

Hi
So, I have previously posted on this topic, and it still seems to be a problem even with latest 22.1.4. I have IPv6 available from my DSL provider (TekSavvy), via PPPoE. I can confirm I get an IPv6 address, and prefix delegated from them (via PPPoE IPv4 connection).

However, I never get any routes to the PPPoE connection for IPv6. These are the ONLY two routes related to pppoe0 in the entire route table.

Code Select Expand


ipv6 fe80::%pppoe0/64 link#17 U NaN 1492 pppoe0 DSL
ipv6 fe80::4262:31ff:fe06:af3c%pppoe0 link#17 UHS NaN 16384 lo0 Loopback


I have a multiwan setup, and the IPv6 routing on the cable connection works fine. I had a problem a few weeks ago with the cable connection however, and the cable connection was fully disabled, so my only connectivity for a couple of weeks was the DSL/PPPoE. This did NOT change anything about IPv6 routing for the PPPoE connection, so I was effectively off IPv6 for this period of time.

My speculation is that something about PPPoE is not updating the routing system when PPPoE fully provisions it's IPv6 route (which happens a short time after IPv4 comes up, because it has to wait for IPv4 connectivity to request the IPv6 information).

How would I go about trying to diagnose this problem?

Hi
So, I have unbound serving my local LAN as expected. In particular, it is serving DNS for the OPNsense box itself (named wall).

Unfortunately, it seems that all the WAN IP addresses for the device are being registered in unbound as valid IP addresses for wall as well. Particularly problematic, is that one of them is IPV6, which is HIGHLY preferred by other devices on network (obviously). Sadly, this WAN interface is a bit wobbly, and so I suddenly lose all connectivity to the OPNsense device (because I use it's DNS name) if the wobble takes this device out (and it thus loses it's IPV6 address, and so all public IPV6 becomes invalid in the network - yeah, fun I know).
I would like to force ONLY the addresses in the Override section to be valid (site local ipv6 and ipv4 addresses). But it seems unbound is determined to make sure it serves ALL addresses all the time. Is there any way to stop this behaviour?

So, this is confusing me. I'm not sure if it's a real issue, or something else. I'm trying to get my PPPoE connection's IPv6 working. I already have my "cable" IPv6 working. It's working fine as far as I can tell.

But the PPPoE seems to not be routing. I get an IPv6 address and delegation range (sometimes my ISP is a bit slow on responding the DHCP6 requests).

Compare the routing entries for CABLE vs DSL (PPPoE):

Code Select Expand

ipv6 default fe80::217:10ff:fe93:fd18%igb2 UG 991972 1500 igb2 CABLE
ipv6 ::1 link#6 UH 376 16384 lo0 Loopback
ipv6 2001:4860:4860::8844 fe80::217:10ff:fe93:fd18%igb2 UGHS 22834 1500 igb2 CABLE
ipv6 2604:5580:41:29::/64 link#3 U 0 1500 igb2 CABLE
ipv6 2604:5580:101:19::/64 link#3 U 0 1500 igb2 CABLE
ipv6 2607:9880:1:29::/64 link#3 U 0 1500 igb2 CABLE
ipv6 2607:f2c0:8006:2::aaaa link#17 UHS 0 16384 lo0 Loopback
ipv6 2607:f2c0:eb8a:d00::/64 link#11 U 4060 1500 lagg0_vlan20 LAN
ipv6 2607:f2c0:eb8a:d00:4262:31ff:fe06:af3a link#11 UHS 0 16384 lo0 Loopback
ipv6 2607:f2c0:eb8a:d04::/64 link#12 U 9165 1500 lagg0_vlan30 WIFI
ipv6 2607:f2c0:eb8a:d04:4262:31ff:fe06:af3a link#12 UHS 0 16384 lo0 Loopback
ipv6 2607:f2c0:f200:1909::/64 link#3 U 512 1500 igb2 CABLE
ipv6 2607:f2c0:f200:1909:aaaa:aaaa:aaaa:aaaa link#3 UHS 0 16384 lo0 Loopback
ipv6 2607:f798:70:10ad::/64 link#3 U 0 1500 igb2 CABLE
ipv6 2607:f798:80c:ba::/64 link#3 U 0 1500 igb2 CABLE
ipv6 fd07:f798:3:41f8::/64 link#3 U 0 1500 igb2 CABLE
ipv6 fdeb:df40:8dd7::/48 link#18 U 0 1420 wg0 WIREGUARD
ipv6 fdeb:df40:8dd7::1 link#18 UHS 0 16384 lo0 Loopback
ipv6 fe80::%igb2/64 link#3 U 36402 1500 igb2 CABLE
ipv6 fe80::4262:31ff:fe06:af3c%igb2 link#3 UHS 0 16384 lo0 Loopback
ipv6 fe80::%igb3/64 link#4 U 0 1500 igb3
ipv6 fe80::4262:31ff:fe06:af3d%igb3 link#4 UHS 0 16384 lo0 Loopback
ipv6 fe80::%lo0/64 link#6 U 0 16384 lo0 Loopback
ipv6 fe80::1%lo0 link#6 UHS 0 16384 lo0 Loopback
ipv6 fe80::%lagg0/64 link#9 U 0 1500 lagg0
ipv6 fe80::4262:31ff:fe06:af3a%lagg0 link#9 UHS 0 16384 lo0 Loopback
ipv6 fe80::%lagg0_vlan10/64 link#10 U 36 1500 lagg0_vlan10 DMZ
ipv6 fe80::4262:31ff:fe06:af3a%lagg0_vlan10 link#10 UHS 0 16384 lo0 Loopback
ipv6 fe80::%lagg0_vlan20/64 link#11 U 138311 1500 lagg0_vlan20 LAN
ipv6 fe80::4262:31ff:fe06:af3a%lagg0_vlan20 link#11 UHS 0 16384 lo0 Loopback
ipv6 fe80::%lagg0_vlan30/64 link#12 U 336006 1500 lagg0_vlan30 WIFI
ipv6 fe80::4262:31ff:fe06:af3a%lagg0_vlan30 link#12 UHS 0 16384 lo0 Loopback
ipv6 fe80::%lagg0_vlan40/64 link#13 U 0 1500 lagg0_vlan40 THINGS
ipv6 fe80::4262:31ff:fe06:af3a%lagg0_vlan40 link#13 UHS 0 16384 lo0 Loopback
ipv6 fe80::%lagg0_vlan50/64 link#14 U 0 1500 lagg0_vlan50 GUEST
ipv6 fe80::4262:31ff:fe06:af3a%lagg0_vlan50 link#14 UHS 0 16384 lo0 Loopback
ipv6 fe80::%lagg0_vlan1/64 link#15 U 0 1500 lagg0_vlan1 MGMT
ipv6 fe80::4262:31ff:fe06:af3a%lagg0_vlan1 link#15 UHS 0 16384 lo0 Loopback
ipv6 fe80::%pppoe0/64 link#17 U 23071 1492 pppoe0 DSL
ipv6 fe80::4262:31ff:fe06:af3c%pppoe0 link#17 UHS 0 16384 lo0 Loopback


The IPv6 address assigned to CABLE is

Code Select Expand


IPv6 address 2607:f2c0:f200:1909:aaaa:aaaa:aaaa:aaaa/128
IPv6 delegated prefix 2607:f2c0:eb8a:d00::/56
IPv6 gateway fe80::217:10ff:fe93:fd18


The IPv6 address assigned to DSL is

Code Select Expand


IPv6 address 2607:f2c0:8006:2::aaaa/128
IPv6 delegated prefix 2607:f2c0:95a5:c500::/56
IPv6 gateway fe80::200:ff:fe00:0


As you can see, I'm getting no routes to my DSL interface except the "link#17" loopback route.

I have dhcp6c logging turned up to debug, but i see no mention of routing. Is this how IPv6 over PPPoE should work? The lack of routes seems to be the reason why things aren't working. I can't ping anything through that interface as far as I can tell.

Hi,
So, locally, I've fixed the rfc2136 plugin to use the much more flexible auth mechanism in nsupdate (nsupdate -y <keytype>:<server>:<keystring>) man page for nsupdate here: https://linux.die.net/man/8/nsupdate

I would like to submit this back to the community but I have no idea how I would go about doing so. I think that it'd be a good idea to add a field to the UI to capture the key type string, and then construct the -y cmdline value from the three fields (I currently have everything smashed into the keystring field for testing and validation - it works!).

How would I go about helping here? I don't know my way around the UI aspects of opnsense at all (obviously, I've figured out how to generate the nsupdate command tho ;) )

Is this even a good idea? It seems the only way to expose non HMAC-MD5 keys to end users for usage in dns updates.

HHi,
So I tweaked my monit configuration to hopefully monitor dpinger a bit better. The configuration seems to be working, however the monit Web UI is stuck reporting "needs apply". Repeated selection of the button works to generate new config, that is accepted by monit (monit is running with new config), but the button itself never goes away.

configd.log file:

Code Select Expand

Jan  6 09:08:48 wall configd.py[45684]: [d2cd3e3e-78c4-4c5f-aaee-5ab69ac242bf] get monit status
Jan  6 09:08:48 wall configd.py[45684]: [d4af6713-acf7-4560-bc76-471489360c48] generate template OPNsense/Monit
Jan  6 09:08:48 wall configd.py[45684]: generate template container OPNsense/Monit
Jan  6 09:08:48 wall configd.py[45684]:  OPNsense/Monit generated //usr/local/etc/monitrc
Jan  6 09:08:48 wall configd.py[45684]:  OPNsense/Monit generated //etc/rc.conf.d/monit
Jan  6 09:08:48 wall configd.py[45684]: [ce69a8aa-4936-4ee8-a4d2-446dbb24bc93] testing monit configuration


I can't find any errors anywhere in the log files.

Edit: running latest opnsense regular build with libressl:

Code Select Expand

OPNsense 20.7.7_1-amd64
FreeBSD 12.1-RELEASE-p11-HBSD
LibreSSL 3.1.5

Hi, I would like to install jq - the json parsing utility - onto my opnsense box, as it would allow me to process various JSON data sources found therein. It seems it's not in the package repositories provided by OPN sense, so I guess I have to somehow build it manually. How would I go about that? Could I request that this tool be added to a future version of opnsense repositories?

JQ is here: https://stedolan.github.io/jq/download/ and is common in linux distributions. There seem to be some FreeBSD sources for it and a contemporary port as well.

Thanks

Is dpinger supposed to detect a working link, after a temporary outage?

It seems that on a pretty regular basis, dpinger detects down for a link, and continues doing so indefinitely, even if the interruption was momentary. It only recovers (and gateways associated with the dpinger process) when you restart the dpinger process manually.

Is this by design? Do I need to tell monit to kick them every 5 minutes to ensure they work somewhat reliably?

Is dpinger supposed to keep going into the "stopped" state?

It seems that quite frequently, dpinger has stopped working, and i need to manually restart it. This is obviously making it hard to get a reliable failover.

I have dpinger monitoring two ISP connections, one normal, one PPPoE. There is a third dpinger monitoring an upstream ipv6. They all seem to randomly go into the "stopped" state, and thus don't actually trigger gateway failover/failback actions. The stopped state seems to correlate with a short "low availability" blip on the respective connection. Perhaps the interface is glitching, and dpinger is subsequently crashing?

Is there any advice to improve the reliability here? Perhaps adding a monit script to kick the services up again?

Thoughts?
Thanks

Hi
I see rumours that multiwan ipv6 is soon to be working in OPNsense and I'd like to help out with testing.

I have two upstream ISP connections: One PPPoE, one normal, both allocate valid ipv6 prefixes using PD.

Currently, the "normal" connection provides PD to the LAN and WIFI local nets. I have no PD from the PPPoE connection because that stops all IPv6 working.

If possible, I'd like the "PPPoE" network to supply ipv6 PD by default to a "static LAN", as well as a "failover" PD to the rest of my local network, to be used only when the "normal" connection is not available.

In theory, this should allow me to do WAN failover for the ipv6 connectivity - currently, if the "normal" connection fails, I lose all ipv6 routing.

Is the new functionality aimed at helping with this? If so, how can I help with testing? What setup would I need to do?

Thanks!

Hi
I seem to be getting a dead unbound whenever a link changes state for some reason.

Code Select Expand


2020-04-30T15:17:41 configd.py: message c2a300b6-546a-43de-a439-881c67fc3ff3 [filter.refresh_aliases] returned {"status": "ok"}
2020-04-30T15:17:41 configd.py: [c2a300b6-546a-43de-a439-881c67fc3ff3] refresh url table aliases
2020-04-30T15:17:41 configd.py: OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-04-30T15:17:41 configd.py: OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-04-30T15:17:41 configd.py: generate template container OPNsense/Filter
2020-04-30T15:17:41 configd.py: [5d9a0fcc-1279-41d5-8c95-71604ef75565] generate template OPNsense/Filter
2020-04-30T15:17:40 configd.py: [9065aa66-743e-482a-b6a6-11a95e9bbc2f] Reloading filter
2020-04-30T15:17:39 configd.py: message 9f2df814-976c-48cc-be41-1d261e909ba5 [filter.refresh_aliases] returned {"status": "ok"}
2020-04-30T15:17:39 configd.py: message ac0718e4-092c-4bcc-97f7-28c30788ef86 [unbound.start] returned Error (1)
2020-04-30T15:17:39 configd.py: [ac0718e4-092c-4bcc-97f7-28c30788ef86] returned exit status 1
2020-04-30T15:17:39 configd.py: [ac0718e4-092c-4bcc-97f7-28c30788ef86] Start Unbound
2020-04-30T15:17:39 configd.py: OPNsense/Unbound/* generated //var/unbound/root.hints
2020-04-30T15:17:39 configd.py: generate template container OPNsense/Unbound/core
2020-04-30T15:17:39 configd.py: [da00957b-616a-45ff-87f2-35753f0d05a7] generate template OPNsense/Unbound/*
2020-04-30T15:17:39 configd.py: [9f2df814-976c-48cc-be41-1d261e909ba5] refresh url table aliases
2020-04-30T15:17:39 configd.py: OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2020-04-30T15:17:39 configd.py: OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2020-04-30T15:17:39 configd.py: generate template container OPNsense/Filter
2020-04-30T15:17:39 configd.py: [38bb817d-71e3-497d-bb5b-bf3c565f2d2a] generate template OPNsense/Filter
2020-04-30T15:17:37 configd.py: [07b6bf92-a183-41c7-bc36-6a917f9caa57] New IPv6 on pppoe0
2020-04-30T15:17:37 configd.py: [813cf8ea-6491-45d0-bcd7-ee5dbf9557ab] New IPv4 on pppoe0


It has to be manually restarted, which is less than desireable. This has only started happening since updating to 20.1.5.

Hi
So, I'm trying to enhance my netdata+prometheus and home-assistant installation to show status of outbound connections to upstream as well as maybe dpinger ping data.

I've been poking at the web console, and it seems the exact dataset I need is available from

Code Select Expand

/widgets/api/get.php?load=gateway

Sadly, that is not invokeable as a "machine to machine" request - it sends a redirect to a login page when run from curl, which is quite disappointing.

I've looked through the code at opnsense/core and I can't see any way to get that information from an API otherwise.

Is there perhaps a way to call this API without being in an existing browser context?

Thanks

Hi
I want to create a user I can use to access the console (including sudo power to reboot etc), but which has no web access.

I have a root user, but that user has full access to the whole GUI. Thusly, since the web UI is accessible from everywhere, it has a nice crazy long password (120 characters or so), kept in a password db. Trivially, using that user on the console is not fun. I'd like a user that can have a short "secure" password, but has no web UI access.

I can't see a way to give it sudo console access without being a member of the admins group, which also gives it full UI access, thus presenting a glaring security hole (IMO).

Thoughts?

Hi
So, I'm trying to see if I can use a prefix delegated address with NPTv6 and ULAs in my local networks.

The problem: I have several internal networks (DMZ, LAN, WIFI, GUEST, others). I would like to have IPv6 working uniformly across all of them. I have two upstream ISP providers (CABLE and DSL). Both provide IPv6 PD (though of differing sizes - CABLE is only giving out /64, DSL offers a full /56). By default I route all traffic through CABLE (it's about 5x faster than DSL), but DSL handles various server tasks as it has an IPv4 /29 allocated.

I would like WAN failover to work, for both IPv4 and IPv6. As far as I can tell, that requires that I setup ULAs for all my local systems, and use NPTv6 to translate to a prefix from my ISP.

Currently, it seems that I don't receive a prefix unless I use " Track Interface" on one of my local networks at all (though it's hard to verify - the log files are not clear at all about what is being requested). I seem to have to "request an IP" separately from the prefix for the WAN side interface to receive an IPv6 IP (can I not allocate one from the PD pool I'm requesting?). Finally, it seems that NPTv6 in OPNsense only supports fixed static translations - not really compatible with a potentially dynamic PD from my upstream, or WAN failover events (where the PD would change because different upstream).

https://github.com/opnsense/core/issues/2544 seems somewhat related, but there is little progress? Is there something I can do to help?

I'm a single family home, ARIN are not going to give me a /48. (I cannot believe that people seriously suggest this as a "multihome" solution, by the way!)

Hi
So I just bought new hardware that hopefully won't have the "realtek problem". Sadly, it looks like I've lost all my previous firewall configuration - all the interfaces have been wiped after importing into the new system. Is there anything I can do to perhaps remap the old reX interfaces to the new igpX interfaces, so I don't lose all my configuration. It took me about 4 days to get it all working before. It's all a bit depressing.