Messages

[cloudservices.roku.com]

Used to be, if you were setting up an alias for a Dnsmasq host entry, it was entered in a Hosts line of its own.  At some point recently, an update changed that behavior, and now you set up host override aliases in an edit field for the main entry being aliased.

So far so good, except when the transition to the new format happened, it doubled all the alias hostnames.  So for example, what was previously an alias cloudservices.roku.com wound up being cloudservices.roku.com.cloudservices.roku.com.  This broke all my aliases, and because they're now hidden in the edit popup and not visible in the main Hosts list anymore, it took me a while to track it down.

Is this a known issue?

An update: I had reverted to 24.7 to solve the issue.  When I saw 24.7.2 was available, I upgraded directly to that from 24.7 with no problems.

So I guess I will never know why 24.7.1 didn't work for me, but .2 seems okay.

Like I said... Could be related or not to your issue but this is my case since the last few updates and I thought I could share in case it helps.

Appreciated, thanks!  I will look there first.

I feel like this time it has less to do with the VLAN and more with the firewall.  Wi-fi devices get a local IP on the correct subnet, but can't reach internet.

I have two networks defined in the UniFi controller, one for the main subnet and another for a VLAN subnet (to isolate IOT devices).

After the 24.7.1 upgrade, nothing on either wi-fi network can reach the internet.  Wired connections are fine.

I can't spare the network downtime to troubleshoot it right now, so I reverted to 24.7 and reloaded the same configuration, and everything works again.  If anyone has any thoughts, it'd be welcome for when I can look at it. 

> Also, there's a lot more logs hosts than just cooper.

Didn't scroll down, did ya?  :)

First I manually set up one Kea reservation to serve as an example. Then I saved my config, and in a text editor I copied all the old <static> blocks and used find and replace to update their xml tags to Kea values. I deleted <cid> tags, and server tags <dnsserver/>, <winserver/>, and <ntpserver/>.

Each Kea reservation has its own uuid, so for each reservation I incremented the example value by 1, figuring it didn't matter if they were consecutive as long as they were unique. I added the subnet tag to each with cut and paste, saved all the reservation blocks into the Kea section of the config, and loaded the config back into OPNSense.

Worked perfectly and saved me a lot of setup time.

After upgrading to 24.7, half my network didn't work. So the last few days have been back and forth between my backup opnsense box and the production box, trying different things as time allowed.

I tried a clean install of 24.7 and applied backup config. No help. Then I remembered the upgrade notes mentioned some function had been removed from old DCHP for backward compatibility with Kea. So I switched to Kea on my 24.7 install. No help there. I migrated the same Kea setup back to 24.1.10. That worked.

Some more investigating and I determined all the problem devices were trying to connect through a VLAN interface I have set up to keep IOT devices isolated. I tried connecting to that network with my phone and it failed, telling me it couldn't get an IP. So I still thought it was a DCHP issue, but I decided to check the VLAN setup anyway, and in the Interfaces summary page, the parent interface was unpopulated. I opened the edit popup, and the parent WAS populated there. Saved it, and the summary page then showed that field populated, and everything started working normally.

So maybe this is an upgrade bug. The upgrade killed my VLAN but resaving its configuration fixed it.

Recently I switched to an Awow AZ51 micro PC for OPNSense.  This device has two 2.5Gb ports, and most users report having to change settings to get full throughput.  When I set it up initially, I got limited throughput, and found I needed to set the Speed and Duplex setting for each interface to 1000BaseT, and got full speed.

Today, to troubleshoot a different issue, I had to revert to an older saved configuration, which did not have the Speed and Duplex setting.  After a reboot, imagine my surprise when I got full speed without changing the Speed and Duplex setting from "Default."

I'm happy about it, but I don't understand it.  Could the hardware interface have remembered the setting?

This solved the same issue for me.  Thanks.

If you use a Roku, and you have dnsmasq enabled on your OPNsense box, you can add the following hosts and aliases to the dnsmasq hosts section of your xml configuration to block the annoying Roku ads.

Code Select Expand

    <hosts>
      <host>zp.ads.roku.com</host>
      <domain>zp.ads.roku.com</domain>
      <ip>127.0.0.1</ip>
      <descr>Block Roku ads</descr>
      <aliases>
        <item>
          <description>Block Roku ads</description>
          <domain>cooper.logs.roku.com</domain>
          <host>cooper.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>bif.sr.roku.com</domain>
          <host>bif.sr.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>traces.sr.roku.com</domain>
          <host>traces.sr.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>cloudservices.roku.com</domain>
          <host>cloudservices.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>d2n3pv3l9r5wp5.cloudfront.net</domain>
          <host>d2n3pv3l9r5wp5.cloudfront.net</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>scribe.logs.roku.com</domain>
          <host>scribe.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>amarillo.sb.roku.com</domain>
          <host>amarillo.sb.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>p.ads.roku.com</domain>
          <host>p.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>ads.roku.com</domain>
          <host>ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>amarillo.logs.roku.com</domain>
          <host>amarillo.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>amoeba-plus.web.roku.com</domain>
          <host>amoeba-plus.web.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>austin.logs.roku.com</domain>
          <host>austin.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>bryan.logs.roku.com</domain>
          <host>bryan.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>camden.logs.roku.com</domain>
          <host>camden.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>cloudservices.roku.com</domain>
          <host>cloudservices.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>cooper.logs.roku.com</domain>
          <host>cooper.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>customer-feedbacks.web.roku.com</domain>
          <host>customer-feedbacks.web.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>digdug-g2.logs.roku.com</domain>
          <host>digdug-g2.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>digdug.logs.roku.com</domain>
          <host>digdug.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>display.ravm.tv</domain>
          <host>display.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>esp.logs.roku.com</domain>
          <host>esp.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>giga.logs.roku.com</domain>
          <host>giga.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>gilbert.logs.roku.com</domain>
          <host>gilbert.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>griffin.logs.roku.com</domain>
          <host>griffin.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>hereford.logs.roku.com</domain>
          <host>hereford.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>i.ads.roku.com</domain>
          <host>i.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>identity-dev.ads.roku.com</domain>
          <host>identity-dev.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>identity.ads.roku.com</domain>
          <host>identity.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>lagrange.logs.roku.com</domain>
          <host>lagrange.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>liberty.logs.roku.com</domain>
          <host>liberty.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>littlefield.logs.roku.com</domain>
          <host>littlefield.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>logs.roku.com</domain>
          <host>logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>longview.logs.roku.com</domain>
          <host>longview.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>midland.logs.roku.com</domain>
          <host>midland.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>mobile.logs.roku.com</domain>
          <host>mobile.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>p.ads.roku.com</domain>
          <host>p.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>paolo.logs.roku.com</domain>
          <host>paolo.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>raps-perf.ravm.tv</domain>
          <host>raps-perf.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>raps.ravm.tv</domain>
          <host>raps.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>ravm.tv</domain>
          <host>ravm.tv</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>richmond.logs.roku.com</domain>
          <host>richmond.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>rollingwood.logs.roku.com</domain>
          <host>rollingwood.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>rxr.ravm.tv</domain>
          <host>rxr.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>samples.voice.cti.roku.com</domain>
          <host>samples.voice.cti.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>scribe.logs.roku.com</domain>
          <host>scribe.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>sugarland.logs.roku.com</domain>
          <host>sugarland.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>traces.sr.roku.com</domain>
          <host>traces.sr.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>track.sr.roku.com</domain>
          <host>track.sr.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>tyler.logs.roku.com</domain>
          <host>tyler.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>victoria.logs.roku.com</domain>
          <host>victoria.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>windsor.logs.roku.com</domain>
          <host>windsor.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>wwwimg.roku.com</domain>
          <host>wwwimg.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>amoeba-layers-prod.us-east-1.elasticbeanstalk.com</domain>
          <host>amoeba-layers-prod.us-east-1.elasticbeanstalk.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>d2n3pv3l9r5wp5.cloudfront.net</domain>
          <host>d2n3pv3l9r5wp5.cloudfront.net</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>dc7eeru7ckgwe.cloudfront.net</domain>
          <host>dc7eeru7ckgwe.cloudfront.net</host>
        </item>
      </aliases>
    </hosts>
    <hosts>
      <host>zz.cooper.logs.roku.com</host>
      <domain>zz.cooper.logs.roku.com</domain>
      <ip>0:0:0:0:0:0:0:1</ip>
      <descr>Block Roku IPV6</descr>
      <aliases>
        <item>
          <description>Block Roku IPV6</description>
          <domain>cooper.logs.roku.com</domain>
          <host>cooper.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>scribe.logs.roku.com</domain>
          <host>scribe.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>amarillo.logs.roku.com</domain>
          <host>amarillo.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>amoeba-plus.web.roku.com</domain>
          <host>amoeba-plus.web.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>austin.logs.roku.com</domain>
          <host>austin.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>bryan.logs.roku.com</domain>
          <host>bryan.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>camden.logs.roku.com</domain>
          <host>camden.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>cloudservices.roku.com</domain>
          <host>cloudservices.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>cooper.logs.roku.com</domain>
          <host>cooper.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>customer-feedbacks.web.roku.com</domain>
          <host>customer-feedbacks.web.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>digdug-g2.logs.roku.com</domain>
          <host>digdug-g2.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>digdug.logs.roku.com</domain>
          <host>digdug.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>display.ravm.tv</domain>
          <host>display.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>esp.logs.roku.com</domain>
          <host>esp.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>giga.logs.roku.com</domain>
          <host>giga.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>gilbert.logs.roku.com</domain>
          <host>gilbert.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>griffin.logs.roku.com</domain>
          <host>griffin.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>hereford.logs.roku.com</domain>
          <host>hereford.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>i.ads.roku.com</domain>
          <host>i.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>identity-dev.ads.roku.com</domain>
          <host>identity-dev.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>identity.ads.roku.com</domain>
          <host>identity.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>lagrange.logs.roku.com</domain>
          <host>lagrange.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>liberty.logs.roku.com</domain>
          <host>liberty.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>littlefield.logs.roku.com</domain>
          <host>littlefield.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>logs.roku.com</domain>
          <host>logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>longview.logs.roku.com</domain>
          <host>longview.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>midland.logs.roku.com</domain>
          <host>midland.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>mobile.logs.roku.com</domain>
          <host>mobile.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>p.ads.roku.com</domain>
          <host>p.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>paolo.logs.roku.com</domain>
          <host>paolo.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>raps-perf.ravm.tv</domain>
          <host>raps-perf.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>raps.ravm.tv</domain>
          <host>raps.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>ravm.tv</domain>
          <host>ravm.tv</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>richmond.logs.roku.com</domain>
          <host>richmond.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>rollingwood.logs.roku.com</domain>
          <host>rollingwood.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>rxr.ravm.tv</domain>
          <host>rxr.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>samples.voice.cti.roku.com</domain>
          <host>samples.voice.cti.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>scribe.logs.roku.com</domain>
          <host>scribe.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>sugarland.logs.roku.com</domain>
          <host>sugarland.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>traces.sr.roku.com</domain>
          <host>traces.sr.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>track.sr.roku.com</domain>
          <host>track.sr.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>tyler.logs.roku.com</domain>
          <host>tyler.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>victoria.logs.roku.com</domain>
          <host>victoria.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>windsor.logs.roku.com</domain>
          <host>windsor.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>wwwimg.roku.com</domain>
          <host>wwwimg.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>amoeba-layers-prod.us-east-1.elasticbeanstalk.com</domain>
          <host>amoeba-layers-prod.us-east-1.elasticbeanstalk.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>d2n3pv3l9r5wp5.cloudfront.net</domain>
          <host>d2n3pv3l9r5wp5.cloudfront.net</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>dc7eeru7ckgwe.cloudfront.net</domain>
          <host>dc7eeru7ckgwe.cloudfront.net</host>
        </item>
      </aliases>
    </hosts>


I discovered Unbound is playing a role in this too.  Not sure what the interaction is between Unbound and intrusion detection, but I did eventually figure out a few things.

First, those sites that were having problems had unusual dig results:

Code Select Expand

jon@Oberon:~$ dig A www.nerdwallet.com

; <<>> DiG 9.16.1-Ubuntu <<>> A www.nerdwallet.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2362
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;www.nerdwallet.com. IN A

;; ANSWER SECTION:
www.nerdwallet.com. 40 IN CNAME www.nerdwallet.com.cdn.cloudflare.net.
www.nerdwallet.com.cdn.cloudflare.net. 102 IN A 104.18.22.225
www.nerdwallet.com.cdn.cloudflare.net. 102 IN A 104.18.23.225

;; Query time: 59 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue Oct 12 13:28:12 CDT 2021
;; MSG SIZE  rcvd: 130

linode.com also resolves to a CNAME for Cloudflare.

Second, I remembered that on my mobile device, I have a VPN-based ad blocker which redirects DNS directly to Cloudflare, so a DNS caching problem at the OPNsense gateway would not affect it, and that's why the mobile device worked.

I disabled Unbound and activated dnsmasq in its place, and everything immediately went to normal.

So I'm still not sure what the actual issue was, but it looks like it was primarily Unbound and not intrusion detection. 

I notice recently that some sites (linode.com and nerdwallet.com for example) are inaccessible from a desktop browser while intrusion detection is enabled.  Turn it off, they come right up.  From a mobile device on the same network, they come right up.  But from a desktop browser with detection enabled, no dice. There is nothing relevant to those connection attempts in the alert log.  I've tried to narrow down what ruleset might be responsible by turning off rulesets in groups, and it doesn't look like it matters what rules are active.

Anyone else have this problem?

I don't know about low power, but an EOL Watchguard XTM 5 can be obtained cheaply on eBay.  Pop in a used Pentium E5800, 4GB of RAM, and a small SSD, and you've got a capable OPNsense box for about $100.

I only found them for >200 EUR. They are loud and weak and pull a lot of energy. Why not use an APU or IPU board instead of old hardware that requires BIOS reflashing.

For €200 I wouldn't buy it either, but the last one I bought was $50 US.  I paid $5 for an E5800 and $15 for 4GB of RAM, and used an SSD from my parts box.  With shipping and taxes I was at about $85 all told, which is about €72.  Just the system board alone for an APU costs more than that, without case or power supply. 

The APU's AMD GX-412 CPU runs at 1.2GHz clock and has a Passmark performance score of 1065, whereas the E5800 outperforms it at 3.2GHz clock with a Passmark score of 1145.  You're right about the power consumption and the noise, but it will be several years before it burns enough additional power to offset the cost savings of the hardware, and I don't care about the noise because it's with my other network and server hardware, not located in my workspace.

BIOS does not need to be reflashed.  A reflashed BIOS makes certain things easier but it is not a requirement.  I have not reflashed the BIOS on mine.

I don't know about low power, but an EOL Watchguard XTM 5 can be obtained cheaply on eBay.  Pop in a used Pentium E5800, 4GB of RAM, and a small SSD, and you've got a capable OPNsense box for about $100.