Messages

[cloudservices.roku.com]

Used to be, if you were setting up an alias for a Dnsmasq host entry, it was entered in a Hosts line of its own.  At some point recently, an update changed that behavior, and now you set up host override aliases in an edit field for the main entry being aliased.

So far so good, except when the transition to the new format happened, it doubled all the alias hostnames.  So for example, what was previously an alias cloudservices.roku.com wound up being cloudservices.roku.com.cloudservices.roku.com.  This broke all my aliases, and because they're now hidden in the edit popup and not visible in the main Hosts list anymore, it took me a while to track it down.

Is this a known issue?

An update: I had reverted to 24.7 to solve the issue.  When I saw 24.7.2 was available, I upgraded directly to that from 24.7 with no problems.

So I guess I will never know why 24.7.1 didn't work for me, but .2 seems okay.

Like I said... Could be related or not to your issue but this is my case since the last few updates and I thought I could share in case it helps.

Appreciated, thanks!  I will look there first.

I feel like this time it has less to do with the VLAN and more with the firewall.  Wi-fi devices get a local IP on the correct subnet, but can't reach internet.

I have two networks defined in the UniFi controller, one for the main subnet and another for a VLAN subnet (to isolate IOT devices).

After the 24.7.1 upgrade, nothing on either wi-fi network can reach the internet.  Wired connections are fine.

I can't spare the network downtime to troubleshoot it right now, so I reverted to 24.7 and reloaded the same configuration, and everything works again.  If anyone has any thoughts, it'd be welcome for when I can look at it. 

> Also, there's a lot more logs hosts than just cooper.

Didn't scroll down, did ya?  :)

First I manually set up one Kea reservation to serve as an example. Then I saved my config, and in a text editor I copied all the old <static> blocks and used find and replace to update their xml tags to Kea values. I deleted <cid> tags, and server tags <dnsserver/>, <winserver/>, and <ntpserver/>.

Each Kea reservation has its own uuid, so for each reservation I incremented the example value by 1, figuring it didn't matter if they were consecutive as long as they were unique. I added the subnet tag to each with cut and paste, saved all the reservation blocks into the Kea section of the config, and loaded the config back into OPNSense.

Worked perfectly and saved me a lot of setup time.

After upgrading to 24.7, half my network didn't work. So the last few days have been back and forth between my backup opnsense box and the production box, trying different things as time allowed.

I tried a clean install of 24.7 and applied backup config. No help. Then I remembered the upgrade notes mentioned some function had been removed from old DCHP for backward compatibility with Kea. So I switched to Kea on my 24.7 install. No help there. I migrated the same Kea setup back to 24.1.10. That worked.

Some more investigating and I determined all the problem devices were trying to connect through a VLAN interface I have set up to keep IOT devices isolated. I tried connecting to that network with my phone and it failed, telling me it couldn't get an IP. So I still thought it was a DCHP issue, but I decided to check the VLAN setup anyway, and in the Interfaces summary page, the parent interface was unpopulated. I opened the edit popup, and the parent WAS populated there. Saved it, and the summary page then showed that field populated, and everything started working normally.

So maybe this is an upgrade bug. The upgrade killed my VLAN but resaving its configuration fixed it.

There were bugs in the One-to-one rewrite in 24.1.9 preventing the rules from being properly translated. 1) was one of them and they were subsequently hotfixed. 2) is an imprecise question but my guess is you were on 24.1.8 upgraded to a bad early 24.1.9 and didn't change the system (like reboot) so it keep working until 24.1.10 came along and you did a reboot for unrelated reasons which is when the bad one-to-one kicked in.

Thanks for the reply!  Yes, I believe your guess about point 2 is exactly what happened.

Well, I figured it out, but it leads to a different mystery.

I have one server open on a different IP, and I found that connections to that server were getting through.  I didn't realize it before, because everything important to the primary server was being blocked.  So I went poking around and discovered that the one-to-one NAT rule between that server and its external static IP was missing.  I manually restored the rule, and hey presto, all is working.

But this opens two more questions:

• What happened to the rule?  It was there in my backups from February but not in the configs I reloaded when testing.  I am 100% sure I did not delete it.
• Why did it work at all without the rule before 24.1.10?

Glad to have it fixed but still scratching my head.

After upgrading to 24.1.10_2, OPNSense started rejecting all inbound traffic. Every incoming connection is blocked by Default deny / State violation rule. The version is 24.1.10_2-amd64.  ISP is Comcast Business USA.

I reverted to 24.1 with a fresh install (from a fresh download), loaded the same config from a backup, and everything worked again with the same config. Because I am apparently a glutton for punishment, I upgraded the new installation to 24.1.10_2 to see if it would break. Result: it broke. All inbound connections were again blocked with Default deny / State violation rule.  So I rebuilt again with 24.1, reloaded the same config (again), and that works (again).

Not sure where to look to figure out what's going on.  Right now I'm running 24.1 because the update process would take me right to 24.1.10_2 again.

I'm not sure this is related, but after the upgrade, OPNSense started rejecting all inbound traffic. I haven't done any research yet, just switched over to my backup machine running an older version, but the log errors were mentioning something about default blocking due to state.  Will post the exact error when I get back to that machine.

EDIT: The error is Default deny / State violation rule, and the version is 24.1.10_2-amd64.  ISP is Comcast Business USA.  Is this related, do you think?

EDIT EDIT: I reverted to 24.1 with a fresh install, and everything is working again with the same config.  I'll pass on 24.1.10_x and wait for next update in hope it will settle down.

EDIT³ - Because I am apparently a glutton for punishment, I upgraded the new working installation to 24.1.10_2 to see what would happen. Result: the same thing. All inbound connections blocked with Default deny / State violation rule.

The more I think about it, the more I conclude this is an unrelated issue, so I'm starting a separate thread for the question.

Recently I switched to an Awow AZ51 micro PC for OPNSense.  This device has two 2.5Gb ports, and most users report having to change settings to get full throughput.  When I set it up initially, I got limited throughput, and found I needed to set the Speed and Duplex setting for each interface to 1000BaseT, and got full speed.

Today, to troubleshoot a different issue, I had to revert to an older saved configuration, which did not have the Speed and Duplex setting.  After a reboot, imagine my surprise when I got full speed without changing the Speed and Duplex setting from "Default."

I'm happy about it, but I don't understand it.  Could the hardware interface have remembered the setting?

This solved the same issue for me.  Thanks.

If you use a Roku, and you have dnsmasq enabled on your OPNsense box, you can add the following hosts and aliases to the dnsmasq hosts section of your xml configuration to block the annoying Roku ads.

Code Select Expand

    <hosts>
      <host>zp.ads.roku.com</host>
      <domain>zp.ads.roku.com</domain>
      <ip>127.0.0.1</ip>
      <descr>Block Roku ads</descr>
      <aliases>
        <item>
          <description>Block Roku ads</description>
          <domain>cooper.logs.roku.com</domain>
          <host>cooper.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>bif.sr.roku.com</domain>
          <host>bif.sr.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>traces.sr.roku.com</domain>
          <host>traces.sr.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>cloudservices.roku.com</domain>
          <host>cloudservices.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>d2n3pv3l9r5wp5.cloudfront.net</domain>
          <host>d2n3pv3l9r5wp5.cloudfront.net</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>scribe.logs.roku.com</domain>
          <host>scribe.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>amarillo.sb.roku.com</domain>
          <host>amarillo.sb.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>p.ads.roku.com</domain>
          <host>p.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>ads.roku.com</domain>
          <host>ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>amarillo.logs.roku.com</domain>
          <host>amarillo.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>amoeba-plus.web.roku.com</domain>
          <host>amoeba-plus.web.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>austin.logs.roku.com</domain>
          <host>austin.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>bryan.logs.roku.com</domain>
          <host>bryan.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>camden.logs.roku.com</domain>
          <host>camden.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>cloudservices.roku.com</domain>
          <host>cloudservices.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>cooper.logs.roku.com</domain>
          <host>cooper.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>customer-feedbacks.web.roku.com</domain>
          <host>customer-feedbacks.web.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>digdug-g2.logs.roku.com</domain>
          <host>digdug-g2.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>digdug.logs.roku.com</domain>
          <host>digdug.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>display.ravm.tv</domain>
          <host>display.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>esp.logs.roku.com</domain>
          <host>esp.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>giga.logs.roku.com</domain>
          <host>giga.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>gilbert.logs.roku.com</domain>
          <host>gilbert.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>griffin.logs.roku.com</domain>
          <host>griffin.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>hereford.logs.roku.com</domain>
          <host>hereford.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>i.ads.roku.com</domain>
          <host>i.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>identity-dev.ads.roku.com</domain>
          <host>identity-dev.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>identity.ads.roku.com</domain>
          <host>identity.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>lagrange.logs.roku.com</domain>
          <host>lagrange.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>liberty.logs.roku.com</domain>
          <host>liberty.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>littlefield.logs.roku.com</domain>
          <host>littlefield.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>logs.roku.com</domain>
          <host>logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>longview.logs.roku.com</domain>
          <host>longview.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>midland.logs.roku.com</domain>
          <host>midland.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>mobile.logs.roku.com</domain>
          <host>mobile.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>p.ads.roku.com</domain>
          <host>p.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>paolo.logs.roku.com</domain>
          <host>paolo.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>raps-perf.ravm.tv</domain>
          <host>raps-perf.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>raps.ravm.tv</domain>
          <host>raps.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>ravm.tv</domain>
          <host>ravm.tv</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>richmond.logs.roku.com</domain>
          <host>richmond.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>rollingwood.logs.roku.com</domain>
          <host>rollingwood.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>rxr.ravm.tv</domain>
          <host>rxr.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>samples.voice.cti.roku.com</domain>
          <host>samples.voice.cti.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>scribe.logs.roku.com</domain>
          <host>scribe.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>sugarland.logs.roku.com</domain>
          <host>sugarland.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>traces.sr.roku.com</domain>
          <host>traces.sr.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>track.sr.roku.com</domain>
          <host>track.sr.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>tyler.logs.roku.com</domain>
          <host>tyler.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>victoria.logs.roku.com</domain>
          <host>victoria.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>windsor.logs.roku.com</domain>
          <host>windsor.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>wwwimg.roku.com</domain>
          <host>wwwimg.roku.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>amoeba-layers-prod.us-east-1.elasticbeanstalk.com</domain>
          <host>amoeba-layers-prod.us-east-1.elasticbeanstalk.com</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>d2n3pv3l9r5wp5.cloudfront.net</domain>
          <host>d2n3pv3l9r5wp5.cloudfront.net</host>
        </item>
        <item>
          <description>Block Roku ads</description>
          <domain>dc7eeru7ckgwe.cloudfront.net</domain>
          <host>dc7eeru7ckgwe.cloudfront.net</host>
        </item>
      </aliases>
    </hosts>
    <hosts>
      <host>zz.cooper.logs.roku.com</host>
      <domain>zz.cooper.logs.roku.com</domain>
      <ip>0:0:0:0:0:0:0:1</ip>
      <descr>Block Roku IPV6</descr>
      <aliases>
        <item>
          <description>Block Roku IPV6</description>
          <domain>cooper.logs.roku.com</domain>
          <host>cooper.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>scribe.logs.roku.com</domain>
          <host>scribe.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>amarillo.logs.roku.com</domain>
          <host>amarillo.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>amoeba-plus.web.roku.com</domain>
          <host>amoeba-plus.web.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>austin.logs.roku.com</domain>
          <host>austin.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>bryan.logs.roku.com</domain>
          <host>bryan.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>camden.logs.roku.com</domain>
          <host>camden.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>cloudservices.roku.com</domain>
          <host>cloudservices.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>cooper.logs.roku.com</domain>
          <host>cooper.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>customer-feedbacks.web.roku.com</domain>
          <host>customer-feedbacks.web.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>digdug-g2.logs.roku.com</domain>
          <host>digdug-g2.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>digdug.logs.roku.com</domain>
          <host>digdug.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>display.ravm.tv</domain>
          <host>display.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>esp.logs.roku.com</domain>
          <host>esp.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>giga.logs.roku.com</domain>
          <host>giga.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>gilbert.logs.roku.com</domain>
          <host>gilbert.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>griffin.logs.roku.com</domain>
          <host>griffin.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>hereford.logs.roku.com</domain>
          <host>hereford.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>i.ads.roku.com</domain>
          <host>i.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>identity-dev.ads.roku.com</domain>
          <host>identity-dev.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>identity.ads.roku.com</domain>
          <host>identity.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>lagrange.logs.roku.com</domain>
          <host>lagrange.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>liberty.logs.roku.com</domain>
          <host>liberty.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>littlefield.logs.roku.com</domain>
          <host>littlefield.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>logs.roku.com</domain>
          <host>logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>longview.logs.roku.com</domain>
          <host>longview.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>midland.logs.roku.com</domain>
          <host>midland.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>mobile.logs.roku.com</domain>
          <host>mobile.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>p.ads.roku.com</domain>
          <host>p.ads.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>paolo.logs.roku.com</domain>
          <host>paolo.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>raps-perf.ravm.tv</domain>
          <host>raps-perf.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>raps.ravm.tv</domain>
          <host>raps.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>ravm.tv</domain>
          <host>ravm.tv</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>richmond.logs.roku.com</domain>
          <host>richmond.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>rollingwood.logs.roku.com</domain>
          <host>rollingwood.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>rxr.ravm.tv</domain>
          <host>rxr.ravm.tv</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>samples.voice.cti.roku.com</domain>
          <host>samples.voice.cti.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>scribe.logs.roku.com</domain>
          <host>scribe.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>sugarland.logs.roku.com</domain>
          <host>sugarland.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>traces.sr.roku.com</domain>
          <host>traces.sr.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>track.sr.roku.com</domain>
          <host>track.sr.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>tyler.logs.roku.com</domain>
          <host>tyler.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>victoria.logs.roku.com</domain>
          <host>victoria.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>windsor.logs.roku.com</domain>
          <host>windsor.logs.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>wwwimg.roku.com</domain>
          <host>wwwimg.roku.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>amoeba-layers-prod.us-east-1.elasticbeanstalk.com</domain>
          <host>amoeba-layers-prod.us-east-1.elasticbeanstalk.com</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>d2n3pv3l9r5wp5.cloudfront.net</domain>
          <host>d2n3pv3l9r5wp5.cloudfront.net</host>
        </item>
        <item>
          <description>Block Roku IPV6</description>
          <domain>dc7eeru7ckgwe.cloudfront.net</domain>
          <host>dc7eeru7ckgwe.cloudfront.net</host>
        </item>
      </aliases>
    </hosts>