Messages

1

17.7 Legacy Series / Re: PPPoE over VLAN support?

« on: November 26, 2017, 10:07:31 pm »

Yep this ist working.-

I am also using pppoe with vlan.

Just create a vlan interface and use this as the pppoe parent interface.

2

German - Deutsch / Re: IPv6 HE.Net Tunnel nicht erreichbar bis Interface update

« on: September 03, 2017, 02:14:14 am »

GIF0 vor reload:

Code: [Select]

gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
        options=80000<LINKSTATE>
        tunnel inet 46.244.220.176 --> 216.66.80.30
        inet6 2001:470:1f0a:1252::2 --> 2001:470:1f0a:1252::1  prefixlen 128
        inet6 fe80::213:3bff:fe0f:cfd6%gif0 prefixlen 64 scopeid 0x10
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: gif

und danach:

Code: [Select]

gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
        options=80000<LINKSTATE>
        tunnel inet 46.244.220.176 --> 216.66.80.30
        inet6 2001:470:1f0a:1252::2 --> 2001:470:1f0a:1252::1  prefixlen 128
        inet6 fe80::213:3bff:fe0f:cfd6%gif0 prefixlen 64 scopeid 0x10
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: gif

öhh.. ist unverändert...

3

17.7 Legacy Series / Re: Resolve DNS by VPN

« on: August 28, 2017, 06:54:36 pm »

neither dnsmasq or unbound allow dynamic dns updates

in my case, i am using a windows dns for this task.

i have also seen that powerdns may allow dynamic dns updates.

4

17.7 Legacy Series / Re: DNS Resolver Slowness

« on: August 28, 2017, 03:28:55 pm »

Resolver is always(or in most cases) slower  than just redirecting.

Resolver is asking all the nameservers from the root ones down to the authoritative ones for a record.
This is slow.

If you need this to be done faster(resulting in faster DNS Resolution) you could stick with the DNS-Server of your provider or the googles ones.

these public nameserver are heavily used and are caching the responses for some time so they can answer without going all the way for name resolution for every query.

You still can use unbound without using its resolving features by enabling the forwarding mode and setting the correct DNS Servers in the system settings.

5

German - Deutsch / IPv6 HE.Net Tunnel nicht erreichbar bis Interface update

« on: August 28, 2017, 03:15:37 pm »

Ich habe einen HE.Net tunnel, der nach der Einrichtung super funktiert hat.
Nun habe ich das Problem, dass nach einem Neustart der Tunnel nicht funktioniert(Gateway down laut WebIf)

Wenn ich jetzt unter Interfaces=>"Tunnelbroker_V6" auf speichern und anschließend auf übernehmen drücke,
funktioniert es sofort ohne probleme.

Das Tunnelbroker_V6 ist dem GIF tunnel zugewiesen.
Dieser hat als Parent das WAN-Interface welches einem PPPoE Interface zugewiesen ist.

Ich tippe hier mal auf ein Timing-Problem nach dem Hochfahren... bin aber etwas ratlos, da ich keine möglichkeit finde, die Reihenfolge festzulegen in der die Interfaces initialisiert werden.

LG,
jwe

6

17.7 Legacy Series / Re: OPNsense 17.7-no internet access & no ping via domain name; can ping IP address

« on: August 28, 2017, 03:08:32 pm »

Hello

I am facing strange problem that I did not manage to resolve yet, so I am asking for your help.
I have fresh install of OPNsense 17.7. (never before have I used OPNsense, only pfSense). WAN connection type is PPPoE and it is established (ONPsense get public IP), but from PC I can not ping domain name or access any web page. I can ping IP (8.8.8.8, 8.8.4.4,...) without any problem.
Both pings (domain name and IP) works from OPNsense GUI.

OPNsense is connected to ISP's modem and if I setup PPPoE on modem and change WAN connection type on OPNsense to DHCP (OPNsense gets local IP from modem) internet access and pings works fine.

Any idea what am I doing wrong with PPPoE connection on OPNsense?

Assuming you are using a windows client:

Code: [Select]

ping 8.8.8.8 works. -?
what is the output of

Code: [Select]

ipconfig /all ? is it showing a defined dns server?

7

17.7 Legacy Series / Re: LAN tracks WAN IPv6 propagates DNS servers from general setup

« on: August 28, 2017, 03:05:07 pm »

I am not 100% sure how "Tracking" works,
but maybe you can set the correct DNS Servers in radvd and DHCPv6?
(Services=>DHCPv6=>Advertisements for radvd and Services=>DHCPv6=>Server for DHCPv6)

Thats what i did, but i am not using the tracking feature so... not sure if it works for you, but worth a try

8

17.7 Legacy Series / Re: incorrect display browser

« on: August 28, 2017, 03:02:16 pm »

https://[pfsense-ip]/system_advanced_admin.php

But it's the opnsense-ip

Oh my... sure.. opnsense correcting it now...

9

17.7 Legacy Series / Re: Resolve DNS by VPN

« on: August 28, 2017, 03:01:39 pm »

YOu could build up a central DNS Server for all you networks.
Then you can tell the DHCP Server to update this dns server with dynamic dns.

In OPNSense this setting is in DHCP-Server Settings, named:
"Enable registration of DHCP client names in DNS."

10

17.7 Legacy Series / Re: incorrect display browser

« on: August 28, 2017, 02:58:29 pm »

Damn Tell me plz, how can I enable ssh or sftp or ftp?

If it is working in your webinterface, you can try to enable ssh
under system=>Settings=>Administrator or under the following url:
https://[pfopnsense-ip]/system_advanced_admin.php

11

17.7 Legacy Series / Re: [NOT-SOLVED,WTF!?] PPPOE Crash

« on: August 28, 2017, 11:44:58 am »

jwe, will you mark it solved? Thanks!

done 

12

17.7 Legacy Series / Re: [NOT-SOLVED,WTF!?] PPPOE Crash

« on: August 28, 2017, 11:36:40 am »

Very nice!

Thanks for all the help, patches and images.

13

17.7 Legacy Series / Re: [NOT-SOLVED,WTF!?] PPPOE Crash

« on: August 26, 2017, 10:55:10 pm »

The new image is here:

https://pkg.opnsense.org/snapshots/OPNsense-17.7-test3-OpenSSL-vga-amd64.img.bz2


Cheers,
Franco

Hi Franco,

this seems to work, but as i did not always see the other AC,
and i cant load the img into my hyper-v to watch network traffic via wireshark, it would be nice if someone else can confirm this work.

Or - if you have some time for it- you could create the test image as an iso...

Hyper-v really sucks not beeing able to load img's

14

17.7 Legacy Series / Re: [NOT-SOLVED,WTF!?] PPPOE Crash

« on: August 25, 2017, 12:31:49 pm »

In the provider field, simply fill with "ac4.nue3\", the trailing backslash is important. The Host-Uniq field must be empty.

I dont have the provider field in my web-interface. Is there an option to make it visible?
(Looked in Interfaces/Point-to-Point/Devices(Interface type=pppoe))

Since blocking one AC seems to have fixed the issue, it'd be interesting to see if blocking the another one produces the same result.

It seems like the 2nd AC is only showing up after the session to the first AC is established.
This might be because the original router from my ISP is building a second pppoe session for voice and i assume that the second AC is for the voice connection. So i cant test using only the second AC as it is not responding to my PADI. It sends its PADO always about 1 second after the session with AC(1) is established.

15

17.7 Legacy Series / Re: [NOT-SOLVED,WTF!?] PPPOE Crash

« on: August 23, 2017, 11:24:46 pm »

Ok,
i think i have identified the problem.

What i have seen in the packetcapture:
Router sends PADI (Offer) | 585 in image
AC(1) sends PADO to Router |586
Router sends PADR to AC(1)|587
AC(1) send PADS to Router |588
=====Session is established, i also already have an ip via pppoe device=====
AC(2) sends PADO to router|589
=====Router crashes====


Thats what i have seen in the wireshark log.

AC(1) and AC(2) are sending the PADR's but the one from AC(2) is coming really late... as far as i could seen always after i have an established session with AC(1)

I can differntiate both AC's by their MAC-address.

So i blocked the MAC-address from the second AC on my switch.

Et voilà, problem solved.

I have attached a screenshot of the relevant captures.

so. by the RFC, if there are multiple AC's the client should be able to switch between them.
Possible workarounds for opnsense are, in my view:
1. a diagnostic 'pppoe -A' which sends the PADI to the ether and list the possible AC's
2. a possibility to select the AC to use in the configurator (for pppoe its parameter -C)

both commands are from https://www.freebsd.org/cgi/man.cgi?query=pppoe

hope that helps.




Edit:
I also noticed that the AC(2) (Cisco whatever by its MAC) has some more Vendor Specific PPPoE Tags(Cirguit ID and Remote ID, the Remote ID also contains my name in its value... 0o)