Messages

Have you checked if your hard drive is fine? Perhaps do a Ram like memtest86+ test?

Ubuntu live can check S.M.A.R.T. status or other various tools can check sectors, however you mentioned even the Liveboot failed. Perhaps as an experiment try booting into live mode with hdd/ssd disconnected.

I noticed if on Windows side when I try to use rufus (usb tool) to write the .img after unbzp2 it it with BSOD, so generally i just download it on a linux live distro and dd to the proper flash drive. PFsense also did that, perhaps i need to use a different tool, like physdiskwrite or w/e. May i ask how you create your USB media?

I would start with a fresh install media rather than a upgrade to reduce likely problems

Looking more into this, just as an update

I think Curl is mostly used on lighthttp (http server opnsense uses by default) on most installs

So unless you really have remote web management turned on this is a non issue on the wan side
However on the LAN side, this is a issue if you still have a lan/vlan that can access the http management

I noticed OPNsense 19.1.1 (on lastest version) is still running 7.63.0_1 (from the package viewer)

I was wondering if OPNsense isn't vulnerable to the latest exploits via

https://nvd.nist.gov/vuln/detail/CVE-2018-16890
https://nvd.nist.gov/vuln/detail/CVE-2019-3822
https://nvd.nist.gov/vuln/detail/CVE-2019-3823

I really like OPNsense ALOT more than pfsense, (and i hate to point this out) but i noticed PFSENSE fixed this or released instructions on manually updating packages on Feb 15th, I haven't done an audit to confirm OPNsense is vulnerable, but I would assume so because of the versioning number. Could we have a small update to update this package to the latest or instructions on how-to? Or has the attack surface changed where this is a non issue?

Your problem sounds DNS related. IE when you use DNS to resolve the IP, it somehow is blocking or not replying to your request.

However when you use the IP and don't need DNS IE the domain name/website url it seems to work?

This is a OLD tutorial, but it might be applicable for OPNsense, since they share alot of the common base (for now)
https://www.netgate.com/docs/pfsense/nat/accessing-port-forwards-from-local-networks.html

Try turning on NAT REFLECTION in the advanced settings. or following this users remedy which may not be applicable given your different networking setup(s) looking at your post history

https://forum.opnsense.org/index.php?topic=3240.msg10433#msg10433

Make sure you have disable webConfigurator re-direct rule in OPNsense

I use proxmox in combo with Opnsense, it works well. Im assuming you're using the default setup on proxmox without any firewall rules on proxmox?


I'm only guessing at what happened (not enough detail like what the IP address was), but its possible OPNSENSE vm was installed/booted and probably is running DHCP services, and my guess is you didn't turn off your router/gateways DHCP server and therefore its reaching only 1 DHCP (proxmox).


Whats the IP address on proxmox? is it a private RFC like 192.168.X.X? often 192.168.1.X? Were you able to see the Wan IP address proxmox gave? was it also 192.168.X.X or some other private RFC?


Alltho this is a question more for proxmox, rather than OPNsense. If you remember the VMID on the proxmox host and you can't access the gui to proxmox or opnsense I recommend you go into the console of proxmox and type

qm shutdown <vmid>

<vmid> often being 100 and forwards, so if you cant remember the VMID run

qm list

which will list the running VM's try the shutdown. If for some reason the shutdown doesn't work (often broken on freebsd, so you'll probally have to issue this command) since underlying machine emulation proxmox is KVM then type

qm stop <vmid>

This should stop OPNsense and your DHCP on network should return where you should then be able to access the proxmox webgui.

I would strongly advice you use a VLAN for setting up OPNsense, so that way it doesn't conflict with your already existing DHCP/network topology

[The solution:]

Im so sorry have wasted your time. The issue isn't with OPNsense but rather on the end user (me). I just googled and found this forum because I assumed the issue was with OPNsense and charter spectrum's ipv6 or OPNsense routing, since my backup worked on PFsense (didnt try it for long just enough to test the website). I tried everything, manually adjusting the RA to assisted with a Lan ipv6 DHCP server, in the config
I got it to work. I feel so dumb.


The solution:
I've deployed this both pfsense and opnsense to a physical machine (athlon II x2) with actual nics, and problem gone. Both receive IPv6.
Now going to deploy opnsense to a Pentium4 i386 with these pci realtek based nics. Probably not the idea candidate, but its a way to recycle old hardware for the time being. Sorry for the long pauses, usb 2.0 is slow on these old machines

My setup was a thinkpad t510 (1st gen intel mobile) with 1g ram allocated to it, and having my hypervisor (proxmox) route the vlans to it and feeding wan ethernet to my switch/router (archer c7 v2) control the switches. This worked with ipv6 and everything as far as i can remember for a while, so I just assumed the firewall when ipv6 failed recently, i'm guessing my PFsense reverting that VM kept some older settings and worked.  I cannot explain why the old backup passed through ipv6 traffic, will investigate further. I know this isn't a Ideal setup, but I don't want to buy a usb dongle for two nics in a mobile laptop, and besides it keeps power $ lower. So I will look for the appropriate help where i find the actual issue with hypervisor/switch setup.

So sorry to have wasted your time chasing around a non existent issue in my OPNsense setup, and thank you OPNsense for being better than PFsense to the devs, and not reverting to the tactics that Netgate often tries on you. At least with your product I can still use my i386 hardware to run the latest versions, real shame what Netgate is forcing users to swallow requiring 64bit and soon AES support.

@marjohn56 Yes running 18.7, tried 18.1.x (same issue) and on pfsense: 2.4.3

On the lobby pages of both pfsense/opnsense I was given a ipv6 address, however only for OPNsense the IPv6 on the lan side refused to resolve or reach any ipv6 addresses with opnsense. One thing of interest from the OPNsense shell, ping6 was able to work with IPv6 addresses, but not anything on the lan side. It was giving me IPv6 addresses on lan, just refusing to not work with anything IPv6 from the lan

With PFsense everything was configured properly., was able to use IPv6 from the host and lan. Did you need screenshots/config notes from PFsense to tell me what to input?

[OPNsense-18.7-OpenSSL-vga-amd64.img.bz2]

Did you try the OPNsense-18.7-OpenSSL-vga-amd64.img.bz2 media? for the usb? abd for the Dvd/CD  OPNsense-18.7-OpenSSL-dvd-amd64.iso.bz2?


If so, what tools/commands did you use to set them up. Generally burning an iso is pretty easy, but its harder/eaiser to screw up on USB creation with the wrong knowledge.

The fact you got a stop error. might indicate something may be wrong with the PC or the image you downloaded.
You can also check hashes of the files you downloaded to ensure they are indeed the right

Can you walk me though the steps you used to create the usb/dvd media. Lets try the Usb method, mostly because blank dvd's cost $

The "Wizard" aka initial setup to input password prompt for the login is broken, you can change the password, however you have to do it within the Lobby>password field. I've replicated this on a VM 32bit and a physical 64bit machine on fresh installs

The remedy for me to fix was to goto the Lobby>Password and change it from there.  :) This issue seems to be isolated to just 18.7, as 18.1 didn't have that issue in my testing. The imputed values into the wizard initial setup aren't changing the default opnsense value for some reason.

I seem to be not the only user with this issue.

[Has OP solved his problem? if so what are the steps that you did?]

I also have Spectrum/Ex time Warner and I am unable to get DHCPv6 on lan host with OPNsense. However, Openwrt, and PFsense do work and hand out local ipv6 adresses.


using this to test: http://ipv6-test.com/
Also ping6 google.com fails
also ping6 2001:4860:4860::8888 (google dns) fails.
So its nothing related to dns/unbound/dnsmasq, its likely a gateway/addressing issue.

I've also tried mimicking ip wan6 :track  and pointing my RA assisted and making a local dhcpv6 server by overrides, but my understanding of IPv6 IPS and link local and other addressing schemes is limited based on my knowledge/experience. I know ipv6 doesn't use nat, but when I look at my OPENWRT/pfsense IPv6 address/gateway im rather perplexed how to mimic it to work on OPNsense.


Has OP solved his problem? if so what are the steps that you did?
I might consider making a new topic if none replies