Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - itn3rd77

Pages: [1] 2

24.7 Production Series / NAT Port Forward from WAN to ::1 not working

« on: October 06, 2024, 03:11:58 pm »

Hi,

I am asking for help in a case I could swear it worked in the past.

Some days ago I received a mail fom Let's Encrypt about my certificates are about to expire and looked in the ACME Client logs and yeap all attempts to renew where failed.

I briefly describe what was working in the past:

- NAT Port Forward on WAN to ::1 port 80
- HAProxy listening on [::1]:80 and forward ACME HTTP-01 challange requests to [::1]:43580

The redirect is working according to Firewall Live View (see screenshot) but even a tcpdump (/usr/sbin/tcpdump -i lo0 -vv -n port 80) on the loopback device shows no traffic for port 80 and therefore nothing in the logs of HAproxy. I don't see anything blocked and redirects on LAN interface to ::1 are working

As I urgently needed to renew my Let's Encrypt certificates I just added a the VIP fd00:61:63:6d::65 to my LAN interface and changed the NAT Port Forward on WAN to fd00:61:63:6d::65 port 80 and changed the listen address for HAproxy. That worked but no way to get redirect on WAN working again with ::1.

I really don't get into it. Am I missing something?

Thanks and best regards
Ingo

24.7 Production Series / Re: 24.7.2 IPv6 woes

« on: August 29, 2024, 01:09:57 pm »

Quote from: CruxtheNinth on August 29, 2024, 12:59:30 pm

you reverted dhcp6c to 24.7.1 version (dhcp6c-20240710) and installed another newer one with pkg-add later.
Did you test in-between (and rebooted)?

Please test with dhcp6c-20240710 again as it seems you did some changes to the interfaces in between

Also please note that IPv6 DHCP on Deutsche Glasfaser takes 30-60 minutes depending on if you miss the Advertisement

Thanks for jumping in CruxtheNinth. I testet in between with a reboot. After that I switched back to bare 24.7.2 and than added the newer one with pkg-add. So currently I am on 24.7.2 with the debug package from Franco.

24.7 Production Series / Re: 24.7.2 IPv6 woes

« on: August 29, 2024, 01:04:06 pm »

Quote from: CruxtheNinth on August 29, 2024, 12:51:50 pm

why do you need PPP for DG? That should not longer be necessary according to their own published specs.
Both IPv4 and IPv6 should do DHCP (via IPOE)

Are you mistaking DG with Deutsche GigaNetz? DG in this thread is Deutsche Glasfaser, not Deutsche Giganetz.

No no

I have a LTE modem (PPP) that was also requesting a dhcpv6 address. I have disabled that to not mix up the logs. I am a poor Deutsche Glasfaser customer

24.7 Production Series / Re: 24.7.2 IPv6 woes

« on: August 29, 2024, 12:43:51 pm »

Ok Franco I disabled the PPP device. This was also requesting an IPv6 for no reason. Output looks ok now for my limited knowledge. But nothing happens ...

<13>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 65073 - [meta sequenceId="392"] RTSOLD script - Sending SIGHUP to dhcp6c
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="393"] restarting
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="394"] removing an event on igb0, state=SOLICIT
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="395"] listing event on igb0, state=SOLICIT
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="396"] <3>[interface] (9)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="397"] <5>[igb0] (4)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="398"] <3>begin of closure [{] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="399"] <3>[send] (4)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="400"] <3>[ia-na] (5)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="401"] <3>

<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="402"] <3>end of sentence [;] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="403"] <3>comment [# request stateful address] (26)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="404"] <3>[send] (4)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="405"] <3>[ia-pd] (5)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="406"] <3>

<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="407"] <3>end of sentence [;] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="408"] <3>comment [# request prefix delegation] (27)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="409"] <3>[request] (7)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="410"] <3>[domain-name-servers] (19)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="411"] <3>end of sentence [;] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="412"] <3>[request] (7)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="413"] <3>[domain-name] (11)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="414"] <3>end of sentence [;] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="415"] <3>[script] (6)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="416"] <3>["/var/etc/dhcp6c_wan_script.sh"] (31)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="417"] <3>end of sentence [;] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="418"] <3>comment [# we'd like some nameservers please] (35)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="419"] <3>end of closure [}] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="420"] <3>end of sentence [;] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="421"] <3>[id-assoc] (

<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="422"] <13>[na] (2)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="423"] <13>

<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="424"] <13>begin of closure [{] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="425"] <3>end of closure [}] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="426"] <3>end of sentence [;] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="427"] <3>[id-assoc] (

<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="428"] <13>[pd] (2)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="429"] <13>

<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="430"] <13>begin of closure [{] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="431"] <3>[prefix] (6)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="432"] <3>[::] (2)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="433"] <3>[/] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="434"] <3>[56] (2)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="435"] <3>[infinity] (

<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="436"] <3>end of sentence [;] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="437"] <3>[prefix-interface] (16)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="438"] <5>[vlan0.13] (

<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="439"] <3>begin of closure [{] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="440"] <3>[sla-id] (6)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="441"] <3>[1] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="442"] <3>end of sentence [;] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="443"] <3>[sla-len] (7)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="444"] <3>[8] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="445"] <3>end of sentence [;] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="446"] <3>end of closure [}] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="447"] <3>end of sentence [;] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="448"] <3>[prefix-interface] (16)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="449"] <5>[igb1] (4)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="450"] <3>begin of closure [{] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="451"] <3>[sla-id] (6)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="452"] <3>

<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="453"] <3>end of sentence [;] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="454"] <3>[sla-len] (7)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="455"] <3>[8] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="456"] <3>end of sentence [;] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="457"] <3>end of closure [}] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="458"] <3>end of sentence [;] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="459"] <3>[prefix-interface] (16)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="460"] <5>[vlan0.42] (

<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="461"] <3>begin of closure [{] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="462"] <3>[sla-id] (6)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="463"] <3>[2] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="464"] <3>end of sentence [;] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="465"] <3>[sla-len] (7)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="466"] <3>[8] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="467"] <3>end of sentence [;] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="468"] <3>end of closure [}] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="469"] <3>end of sentence [;] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="470"] <3>end of closure [}] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="471"] <3>end of sentence [;] (1)
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="472"] called
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="473"] duplicated interface: igb0
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="474"] called
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="475"] creating an event on igb0, state=INIT
<29>1 2024-08-29T12:02:23+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="476"] reset a timer on igb0, state=INIT, timeo=0, retrans=540
<29>1 2024-08-29T12:02:24+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="493"] Sending Solicit
<29>1 2024-08-29T12:02:24+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="494"] a new XID (2e4d29) is generated
<29>1 2024-08-29T12:02:24+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="495"] set client ID (len 14)
<29>1 2024-08-29T12:02:24+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="496"] set identity association
<29>1 2024-08-29T12:02:24+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="497"] set elapsed time (len 2)
<29>1 2024-08-29T12:02:24+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="498"] set option request (len 4)
<29>1 2024-08-29T12:02:24+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="499"] set IA_PD prefix
<29>1 2024-08-29T12:02:24+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="500"] set IA_PD
<29>1 2024-08-29T12:02:24+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="501"] send solicit to ff02::1:2%igb0
<29>1 2024-08-29T12:02:24+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="502"] reset a timer on igb0, state=SOLICIT, timeo=0, retrans=1098
<29>1 2024-08-29T12:02:25+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="503"] Sending Solicit
<29>1 2024-08-29T12:02:25+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="504"] set client ID (len 14)
<29>1 2024-08-29T12:02:25+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="505"] set identity association
<29>1 2024-08-29T12:02:25+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="506"] set elapsed time (len 2)
<29>1 2024-08-29T12:02:25+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="507"] set option request (len 4)
<29>1 2024-08-29T12:02:25+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="508"] set IA_PD prefix
<29>1 2024-08-29T12:02:25+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="509"] set IA_PD
<29>1 2024-08-29T12:02:25+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="510"] send solicit to ff02::1:2%igb0
<29>1 2024-08-29T12:02:25+02:00 fw.local.home dhcp6c 28307 - [meta sequenceId="511"] reset a timer on igb0, state=SOLICIT, timeo=1, retrans=117408

No more output since last line. Can you spot anything relevant or is this just an DG issue and waiting should help

24.7 Production Series / Re: 24.7.2 IPv6 woes

« on: August 29, 2024, 10:13:25 am »

Hi,

I still don't get an IPv6 from DG. Don't know if this is an DG issue or related to the problem discussed here.

I did the following:

opnsense-revert -r 24.7.1 dhcp6c
opnsense-update -zkr 24.7.2-nd

But nothing changed for hours so I reverted to to 24.7.2 original state.

I installed

# pkg add -f https://pkg.opnsense.org/FreeBSD:14:amd64/snapshots/misc/dhcp6c-20240820_1.pkg

and rebooted. But I don't see any 'dhcp6c.*event' messages (I enabled DHCPv6 logging on INFO).

I only see the following messages for dhcpv6:

<13>1 2024-08-29T09:56:59+02:00 fw.local.home dhcp6c 727 - [meta sequenceId="224"] RTSOLD script - Sending SIGHUP to dhcp6c
<29>1 2024-08-29T09:56:59+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="225"] restarting
<29>1 2024-08-29T09:56:59+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="226"] duplicated interface: igb0
<29>1 2024-08-29T09:56:59+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="240"] Sending Solicit
<29>1 2024-08-29T09:56:59+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="251"] Sending Solicit
<27>1 2024-08-29T09:56:59+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="252"] transmit failed: Network is down
<29>1 2024-08-29T09:57:00+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="256"] Sending Solicit
<29>1 2024-08-29T09:57:01+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="257"] Sending Solicit
<27>1 2024-08-29T09:57:01+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="258"] transmit failed: Network is down
<29>1 2024-08-29T09:57:03+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="270"] Sending Solicit
<29>1 2024-08-29T09:57:07+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="276"] Sending Solicit
<29>1 2024-08-29T10:01:06+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="4"] restarting
<29>1 2024-08-29T10:01:06+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="5"] duplicated interface: igb0
<29>1 2024-08-29T10:01:07+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="6"] Sending Solicit
<29>1 2024-08-29T10:01:07+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="7"] Sending Solicit
<27>1 2024-08-29T10:01:07+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="8"] transmit failed: Network is down
<29>1 2024-08-29T10:01:08+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="9"] Sending Solicit
<29>1 2024-08-29T10:01:08+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="10"] Sending Solicit
<27>1 2024-08-29T10:01:08+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="11"] transmit failed: Network is down
<29>1 2024-08-29T10:01:10+02:00 fw.local.home dhcp6c 44898 - [meta sequenceId="15"] Sending Solicit

24.7 Production Series / Re: 24.7.2 IPv6 woes

« on: August 27, 2024, 08:43:59 pm »

Same thing happened to me. Suddently IPv6 was lost on my DG installation and not coming back to life since 6 hours. I'll see if I can catch the logs requested.

24.7 Production Series / Re: Access to IPv6 link-local stopped working with 24.7

« on: August 09, 2024, 06:41:21 pm »

For ping I certainly did. Besides this I never cared about the scope in link-local. Shouldn't it work without scope $:-\$
Are you able to ping a IPv6 link-local address on your network? Than there must be something wrong in my setup

24.7 Production Series / Access to IPv6 link-local stopped working with 24.7

« on: August 09, 2024, 06:11:58 pm »

Hi!

I updated today from 24.1.10 to 24.7.1. At a first glance everything worked smooth and I was happy and very pleased.

But it turned out that with release 24.7 I was no longer able to get any connectivity to IPv6 link-local addresses from the OPNsense box itself. I can not ping, telnet or access any IPv6 link-local address on my network. I require IPv6 link-local addresses for several services e.g. HAProxy as I use "Track IPv6 Interface" on all interfaces on my OPNsense box that's why I don't want to deal with changing prefixes.

In the live view of firewall logs I can see the packages pass (ICMP and telnet to port) but I don't get any response back. Ping from a Windows machine to an IPv6 link-local address works with not problem.

I am not sure if I missed something in the release notes and I am not an IPv6 expert. It just worked in the past.

Any help is really appreciated!

Attached you can find some screenshots.

Thanks and best regards
Ingo

24.1 Legacy Series / Re: 24.1 Sip Phone on Internet cannot contact FreePBX Voip server behind firewall

« on: February 24, 2024, 09:49:22 am »

Please check https://forum.opnsense.org/index.php?topic=38961.0 if you are affected by the same.

24.1 Legacy Series / Re: After update OPNsense 24.1.2 and Suricata 7 VoIP is dead

« on: February 22, 2024, 04:22:52 pm »

Hi,

sorry for my false positive. It does not work for me either after 21.1.2_1

I got my hands on mimugmail post and searched eve.json for my drops:

Code: [Select]

{"timestamp":"2024-02-22T07:52:13.119012+0100","flow_id":1076748976560117,"in_iface":"igb1","event_type":"drop","vlan":[42],"src_ip":"192.168.42.100","src_port":20538,"dest_ip":"185.22.44.186","dest_port":5060,"proto":"UDP","pkt_src":"wire/pcap","direction":"to_server","drop":{"len":48,"tos":104,"ttl":64,"ipid":8685,"udplen":28,"reason":"applayer error"}}

As described I added the following to /usr/local/etc/suricata/custom.yaml and restarted Suricata:

Code: [Select]

app-layer:
  error-policy: ignore

No more drops in eve.json for 30 minutes and phone still connected.

I can't judge if this is harmless and the way to go. Besides that if you click "Apply" button in the UI the /usr/local/etc/suricata/custom.yaml get's overwriten with the template /usr/local/opnsense/service/templates/OPNsense/IDS/custom.yaml.sample.

What's the right way to do customizations?

Best regards and sorry again for my false positve
Ingo

24.1 Legacy Series / Re: After update OPNsense 24.1.2 and Suricata 7 VoIP is dead

« on: February 21, 2024, 09:12:03 pm »

After install of patch OPNsense 24.1.2_1 today my VoIP phone is working again with Suricata 7 and IPS enabled. I don't get the point but will not complain.

Can anybody confirm this?

Best regards
Ingo

24.1 Legacy Series / After update OPNsense 24.1.2 and Suricata 7 VoIP is dead

« on: February 21, 2024, 08:58:07 am »

Hi,

after the update to 24.1.2 and Suricata 7 on board back again my VoIP stopped working. My VoIP phone (a Grandstream) sometimes gets a connection to my provider but no outgoing or incoming calls are posible.

Disabling Suricata brings everything back to life instantly. Enabling Suricata breaks the setup again. Nothing related is shown in the logs of Suricata or that anything is blocked. No other changes done on system just the update to update to 24.1.2.

Running without Suricata now. Any help is appreciated!

Thanks and best regards
Ingo

General Discussion / ntpd high cpu usage

« on: February 04, 2024, 02:12:23 pm »

Hi everyone,

I figured out that my ntpd process is always the second top process behind suricata regarding cpu usage.
Suricata is mostly around 25% followed by ntpd with around 10-12%, followed by ntopng.

Is this a normal figure for ntpd? It feels a lot to high from my prespective but I lack any comparisons.
The logfile is fine. No errors and and even on debug not much is shown. Any ideas what is causing ntpd to use so much cpu?

My CPU is a i5-7200U CPU @ 2.50GHz (2 cores, 4 threads).

Thanks and best regards
Ingo

22.1 Legacy Series / Re: unbound died after new wanip

« on: February 02, 2022, 10:18:19 am »

The behaviour with the command /usr/local/opnsense/scripts/dns/unbound_dhcpd.py --domain 'local.home' is reproducible. I executed the command (after the #kill -TERM 11057) and it succeeded. The next execution fails with 'Unable to lock on the pidfile'.

Code: [Select]

root@fw:~ # /usr/local/opnsense/scripts/dns/unbound_dhcpd.py --domain 'local.home'
root@fw:~ # /usr/local/opnsense/scripts/dns/unbound_dhcpd.py --domain 'local.home'
Unable to lock on the pidfile.

I'll drop you a note once this happenes again out of nowhere.

Best regards
Ingo

22.1 Legacy Series / Re: unbound died after new wanip

« on: February 02, 2022, 10:00:14 am »

Ok, process termiated.

Code: [Select]

root@fw:~ # ps aux | grep 11057
root     11057   0.0  0.0   25416   14940  -  Ss   08:58       0:03.08 /usr/local/bin/python3 /usr/local/opnsense/scripts/dns/unbound_dhcpd.py --domain local.home (python3.8)
root     71577   0.0  0.0   12740    2532  0  S+   09:55       0:00.00 grep 11057
root@fw:~ #  kill -TERM 11057
root@fw:~ # ps aux | grep 11057
root     78974   0.0  0.0   12740    2532  0  S+   09:56       0:00.00 grep 11057

Is this good or bad news?

Pages: [1] 2