Topics

Updated my test system to RC and seeing error warning - the get_dyndns_ip() function is undefined. Checked and it's missing from util.inc where it used to be.

I have a new FTTH connection, wonderful. 900Mbps symmetrical. The issue I have is that the with new connection everything is dhcp, no statics. Well I can mostly live with that. IPv6 though will cause me issues, so I am using an HE tunnel which gives me static, all good and dandy, works perfectly. I am going to keep my existing VDSL line for a while and I've set up a failover which is working.


The issue I'm coming up against a brick wall with is the HE ( GIF ) tunnel; it uses a fixed parent, so it can either be, in my case, igb0 for the FTTH connection or igb1 for the VDSL connection. Is there a way to make the same tunnel change parent interfaces when WAN 1 fails over to WAN 2?


If not, maybe worth looking into?

I am looking for 20.7 testers who are willing to try out some mods to dhcp6c and gateways. If you are interested PM me and I'll fill you in on what I need you to do. Specifically I am looking for users who only get a link-local address on their WAN interface and do NOT get *routerv6 or *gatewayv6 files in thier /tmp folder. These will be missing where the ISP does not respond to rtsold advertisements.

There are now so many people running this now and I'm sending out a couple of PM links a day, so I'm just going to post it here. One day it will get officially taken up and will appear in the plugins. In the meantime should something change then I will update the pkg accordingly and post here.

You can grab it here. https://www.dropbox.com/s/no60byvyspab9m0/os-os-udpbroadcastrelay-devel-0.5_0.6.txz?dl=0

To install, copy the file to a your opnsense instance /tmp folder. Go to the shell, cd to the /tmp folder and issue the following command.

pkg install os-*.txz

You should then have a new menu item in services.

This is an updated version of udpbroadcastrelay that uses a new method of reflection detection. This can be overridden using the Use TTL for ID option, it then resorts to it's former operation, however the new method appears to work fine, so you should be able to leave that option un-ticked.

It now also supports multiple multicast addresses on the same port.

Add the relay you want, here are the values for some common ones. the --dev items refer to your interfaces, in the UDP Broadcast Relay menu you just select the interfaces from the dropdown box in the menu.

Syncthing discoveryudp_vars="--id 1 --port 21027 --dev igb1 --dev igb2"

mDNS / Multicast DNS (Chromecast Discovery + Bonjour + More)udp_vars="--id 1 --port 5353 --dev eth0 --dev eth1 --multicast 224.0.0.251 -s 1.1.1.1"(Chromecast requires broadcasts to originate from an address on its subnet)

SSDP (Roku Discovery, Sonos + More) --id 1 --port 1900 --dev eth0 --dev eth1 --multicast 239.255.255.250"


Lifx Bulb Discovery --id 1 --port 56700 --dev eth0 --dev eth1

Broadlink IR Emitter Discovery --id 1 --port 80 --dev eth0 --dev eth1


Warcraft 3 Server Discovery --id 1 --port 6112 --dev eth0 --dev eth1"

Once you have created the instance(s) you'll need to start them for the first time from the services widget in the lobby, just click on the start button that will have appeared there. After that you can start and stop them from the UDP Broadcast Relay menu itself.


NB - each instance should have a unique ID, 1 2 3 etc...

Opening a discussion here to move this daemon development forward. Although my work on the plugin is complete and working well, testing of the daemon itself, while not having any issues with it performing in the way it's designed, has brought up some options that may improve it further. We've been doing some of this by PMs, but it will be easier to throw it open to all.


@bertofurth has been doing some work on the daemon code and we want to reach out for further testing. I'll let him kick off with what he has discovered.

I ( and a few others ) have a need to be able to change the TTL of incoming packets on a specific interface. The reason for this is the Sky Q app. It appears that this app sends out an SSDP packet with a TTL of 1 to discover the existence of a Sky Q receiver on the same network, which is fine providing its on the same network, but if you use VLANs then even if you use something like PIMD to relay those packets across to the other VLAN(s) it will not get there due to the TTL.


Now it appears that you can do this with iptables on Linux but I'm yet to find a solution for FreeBSD, anyone have any ideas?

How about Andromeda for 19.1 ?


Take your pick:



http://www.constellation-guide.com/constellation-names/


Just a thought.

I am seeing a failure to start OpenVPN and this error whenever I reboot.

openvpn[34132]: Cannot open TUN/TAP dev /dev/tun2: Device busy (errno=16)

Doing a ps auxw | grep openvpn and then killing the existing instance allows me to manually restart OpenVPN and all is well.


Edit: Not sure if this is on the DEV only, just switched to release and it seems stable on that... very odd

Getting this...


I'm currently at b300 on my live system.

Code Select Expand

root@gateway:/usr/core # make upgrade
pkg: No package(s) matching isc-dhcp44-relay
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'isc-dhcp44-relay' have been found in the repositories
*** Error code 70


Stop.
make: stopped in /usr/core



As a former pfSense user, I still visit the site from time to time, to see whats new, whats broken etc.

PFsense forum now has a new website.....

I think the Web Developer is on Drugs!

Another reason to migrate to Opnsense.

I decided yesterday to have a look at implementing Dpinger, and I now have it working nicely.

There remains one issue, and I am not sure which direction to take. With Apinger there is one instance, no matter how many monitors are running, with Dpinger, it's once instance per monitor.

This leads to an issue with services, as we cannot have one service as is the case for Apinger, thus the service control for each instance needs to be added dynamically to the services list. This is an area I am totally unfamiliar with and need some advice/help to get this over the finishing line.

All input gratefully received.

@franco

What does '/usr/bin/true' do when running rtsold?

I'm trying to resolve an issue for one of my testers.

under pfSense, rtsold would return a gateway and this would be echoed to routerv6 etc when it got an RA. Under opnsense this is not happening.

This means his v6 gateway monitor does not work, it's missing. Although v6 does work. yes it's a link local address but he should still be able to use it to monitor a remote ping address.

Well I like it. :)

I hate to not be able to work something out, but I have tried various methods and have failed, so need a little pointer.

I am creating a new theme, it's pretty much there, apart from the colour ( color if you're in the U.S. but this side of the pond we use a 'u', and as we invented English we'll stick with it, no matter what Microsoft say. :P ) of the text. I have traced it as far as the nvd3 calls in traffic_graphs widget.php, but i'm unable make the colour change on all of the text no matter how I try.

BTW Red is just for testing. :)

Oh yes, this is what I am using:

d3.select("#traffic_graph_widget_chart_in").style('fill', "red");

Proceed with this action? [18.1.r1/y/N]: 18.1.r1

Fetching packages-18.1.r1-OpenSSL-amd64.tar: .. failed

I am trying and failing to get Ipv6 to work through a second router getting a prefix delegation from the primary router.

Let me explain. My primary router has static IPv6 on the WAN and LAN, my ISP gives me a /48 prefix. I delegate /64 prefixes to any router attached to the LAN. Second router gets its prefix all well and good.

Now, any devices attached to the secondary router cannot ping any v6 address on the WAN. I can see the packets going out of the primary router, but the responses appear not to be routed back to the secondary router.

Now, I had this working on pf****, and I am pretty sure I needed to add a route for the delegated prefix manually, however I cannot see a way in the GUI to do this.

Do I need to add a route from the shell or am I losing the plot?

Note:

I was not losing the plot, I've added the route manually and all working. Can I thank myself? :)

For those who may wish to do the same at some time:

route -6 add -net 2xxx:8xxx:6xxx:1::/64 2xxx:8xxx:6xxx:0:eeee:e98b:fc2:d2e9

or

route -6 add -net prefix_range/mask Second_router_WAN_IP

configd.py: [40318ebf-f10f-4e03-892b-8bcb1ebb183e] list systemhealth items

Is there a debug on/off for these?

Very useful to have, but useful also to disable from time to time.

Just installed a new VM for more 18.1 testing ( I have another but want to keep them seperate ) and I noticed this,  I did see it on my other VM but chose to ignore it at the time.

There is some stuff about syslog_ng_enable and adding entries to  /etc/rc.conf.

I do not have an /etc/rc.conf, so is this a typo or should I create one?

I am about to look at this as it's a requirement for Orange France users.

Now, there are three things, well probably more but at the moment only three come to mind. ;)

1. The addition of the priority setting to filter.lib.inc at line 294 this

'set-prio' => '2'

and I'm using the value 2 as an example (when implemented this will be selectable in the  GUI) it does show in rules.debug, but it has no effect, this leads us to 2.

1. I believe the lack of "net.link.vlan.mtag_pcp" => "1", from system.inc is the reason, I'm waiting on Kev to check this for me as he has a test unit with orange france settings. There are several other sysctl values that appear in p****** that are not in opnsense, perhaps this needs to be looked at. In this instance though, I am only looking at the vlan priority stuff.

3. Where to put this option - On the darkside I added it to the dhcp6c settings section, but I am not sure this is the correct location, perhaps the system->advanced.network.

Thoughts?

I like the new way of selecting countries to block, however I get an 'error cannot allocate memory'.

Now, this may be down to me being very anti social and blocking everywhere except the three IP addresses in the Faroe islands!  8)

It appears that I get the memory error until I reduce the number of countries I am blocking and that means the number of IP addresses or ranges.

I've not looked any deeper as this may mean something to the Devs, and may need just an increase in the allocation size.