Topics - Chura

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - Chura

Pages1

24.1, 24.4 Legacy Series / Kea and MACs

May 07, 2024, 07:57:28 PM

I've migrated to Kea while back, and I'm not sure its corollated to that but asking anyway.
My and my wife Macbooks (Intel, Apple) sometimes, too often, fail to get IP from the DHCP.
disconnecting and reconnecting the cable usually works, sometimes required few times.
Setting static IP solve this immediately.

Did anyone experience such thing as well ?

24.1, 24.4 Legacy Series / Kea DHCP Lease start

February 20, 2024, 08:37:04 PM

Hi

Why Kea lease tables doesn't have lease start ?
It's easy for me when I search for new device IP

24.1, 24.4 Legacy Series / Kea DHCP not saving dhcp options

February 05, 2024, 06:10:50 PM

I was trying Kea DHCP yesterday, however my device complaind about internet access
I then notices that while I edited the DNS, NTP, it kept rolling back to settings that I didnt want to, for example interface IP as DNS while I need them manually configured.

Zenarmor (Sensei) / 30ish% CPU when Zenarmor

December 30, 2023, 04:48:28 PM

I have a OPNsense running on Proxmox host with 9400T CPU.
When I enable Zenarmor, with my idle traffic of 2-3mb even, CPU is running at approximately 30%.
Is that desired? when I full load my firewall to 1gbps CPU raise to 80% which makes sense, but when idle and nothing almost is being processed, a 30% is what I should expect?
My only issue with that is the fan runs loader then I want it to :)

23.7 Legacy Series / Acme client 3.0.7 and Synology automation

December 10, 2023, 11:36:58 AM

Hi

I'm using Synology automation after my LE renewal.
Its not working anymore (The deployment piece)

I see that version 3.0.7 of Acme.sh changed the behaviour, and not the DeviceID (to bypass the 2FA) is created part of the script. While the Opensense adoption of it ask for device ID in the configuration.
What I've found:
* Device ID is not being send part of the request anymore
* New method should ask you for token on first run and update it in config file
* I've tried to add the device id manually to the config at /var/etc/acme-client/home/domain.com.conf however it fails
* I've tried to run acme.sh command manually with user root - I get
[Sun Dec 10 12:24:18 IST 2023] The deploy hook synology_dsm is not found.
* I've tried so su - acme and run this, and I get error that certificate it missing
probably because of permission issue to that user ?
$ ls -al /var/etc/acme-client/home/domain.com.conf
ls: /var/etc/acme-client/home/domain.com.conf: Permission denied

All per documentation here :
https://github.com/acmesh-official/acme.sh/wiki/deployhooks#20-deploy-the-certificate-to-synology-dsm

Any idea how to solve this ?

23.1 Legacy Series / Vlan mismatch on reply packet

June 26, 2023, 10:32:17 AM

I'm having weird issues for my VLANS, that surprisingly fixed by reboot to OPNsense, but after few hours/days it comes back.

I have router on a stick, one interface that serves both tagged and untagged packets

Code Select

mlxen1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	description: LAN (opt2)
	options=9c00a8<VLAN_MTU,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,LINKSTATE,NETMAP>
	ether 7c:55:30:90:ce:e0
	inet 192.168.192.99 netmask 0xffffff00 broadcast 192.168.192.255
	status: active
vlan098: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	description: WifiGuests (opt3)
	options=180000<LINKSTATE,NETMAP>
	ether 7c:55:30:90:ce:e0
	inet 192.168.195.99 netmask 0xffffff00 broadcast 192.168.195.255
	groups: vlan
	vlan: 98 vlanproto: 802.1q vlanpcp: 0 parent interface: mlxen1
	status: active
vlan099: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	description: IoT (opt4)
	options=180000<LINKSTATE,NETMAP>
	ether 7c:55:30:90:ce:e0
	inet 192.168.199.99 netmask 0xffffff00 broadcast 192.168.199.255
	groups: vlan
	vlan: 99 vlanproto: 802.1q vlanpcp: 0 parent interface: mlxen1
	status: active

when I try to ping 192.168.199.x, OPNsense sends ARP request on the right VLAN, which is recivied by the client and answered.

Request seen by OPNSense in correct vlan:

Code Select

11:25:29.540675 7c:55:30:90:ce:e0 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 99, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.199.101 tell 192.168.199.99, length 28

Client (which is access and don't know about anything about VLANs):

Code Select

11:25:29.556193 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.199.101 tell 192.168.199.99, length 42
11:25:29.556199 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.199.101 is-at c2:f0:c0:81:73:22, length 28

but OPN sense see the reply untagged!

Code Select

11:29:39.182949 c2:f0:c0:81:73:22 > 7c:55:30:90:ce:e0, ethertype ARP (0x0806), length 56: Ethernet (len 6), IPv4 (len 4), Reply 192.168.199.101 is-at c2:f0:c0:81:73:22, length 42

Is there a fix to this ? config error ?
I have OPNsense hosted on proxmox, however the mlxenX is a passthroughed pci-e NIC
My other options would be :
1. Disable passthrough, create vmbr for each vlan - might effect high speed internet link in future ? (2.5gb planned)
2. not sure if the cause is the combination of tagged and untagged, but maybe start tagging the untagged as well (switch configured with native vlan 1), another port for untagged traffic is not possible for me.

23.1 Legacy Series / VLANs stop working after while

June 19, 2023, 12:49:11 PM

OPNsense running over Promox, with MellanoxConnectX3 as passthrough
My lan interface is using the native vlan and works great, however it also carry 2 vlans

vlan098: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
   description: WifiGuests (opt3)
   options=80000<LINKSTATE>
   ether 7c:55:30:90:ce:e0
   inet 192.168.195.99 netmask 0xffffff00 broadcast 192.168.195.255
   groups: vlan
   vlan: 98 vlanproto: 802.1q vlanpcp: 0 parent interface: mlxen1
   media: Ethernet autoselect (1000baseT <full-duplex,rxpause,txpause>)
   status: active
   nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vlan099: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
   description: IoT (opt4)
   options=80000<LINKSTATE>
   ether 7c:55:30:90:ce:e0
   inet 192.168.199.99 netmask 0xffffff00 broadcast 192.168.199.255
   groups: vlan
   vlan: 99 vlanproto: 802.1q vlanpcp: 0 parent interface: mlxen1
   media: Ethernet autoselect (1000baseT <full-duplex,rxpause,txpause>)
   status: active
   nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

those vlans stops working after few min, if i'll restart again they will work for few min and then again stop
I tried to get DHCP when its not working, I've seen that I'm being offerer DHCP from the native vlan
<190>1 2023-06-19T13:48:41+03:00 opn.i.reshef.org dhcpd 52290 - [meta sequenceId="817"] DHCPDISCOVER from cc:66:0a:34:da:78 (ChuraDev) via mlxen1
<190>1 2023-06-19T13:48:41+03:00 opn.i.reshef.org dhcpd 52290 - [meta sequenceId="818"] DHCPOFFER on 192.168.192.147 to cc:66:0a:34:da:78 (ChuraDev) via mlxen1

can it be that tagging is gone after few min ? bug ?

Pages1