OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of chris42 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - chris42

Pages: [1] 2 3 4
1
Virtual private networks / Re: Wireguard for all ipv4 and ipv6 traffic
« on: April 09, 2024, 12:26:24 am »
So it seems, that I got this working:
As per guide I created the VPN Interface. Either "Block bogon networks" is activated by default or I activated it. That however blocked all traffic from the tunnel. Interestingly only for ipv6, not ipv4.

I am not sure, if this is supposed to be. Shouldn't Opnsense be aware of the Wireguard networks and not treat them as Bogon?

2
Virtual private networks / Re: Surfshark Wireguard connection on PPPoe Wan Not working
« on: April 02, 2024, 06:59:47 pm »
Hi there,
just skipped over her from my post.

As I understand, you are trying to dial into a public server with your opnsense box? The setup I am doing is exactly the other way around. I am phoning home from my devices.
So I am sorry, but I do not have experience with that. What was most troubling in my setup was the whole switcharoo of keys. Took me quite a drawing to make sure I understand which key goes where in the configs.

3
Virtual private networks / Wireguard for all ipv4 and ipv6 traffic
« on: April 02, 2024, 05:59:06 pm »
I am trying to get a simple setup running: Route all traffic through wireguard for a roadwarrior, ipv4 and ipv6.

I got ipv4 working with no issues whatsoever, however ipv6 seems to be more tricky.
The original guide is not very specific with examples and I feel it is missing routes?
https://docs.opnsense.org/manual/how-tos/wireguard-client.html

I also checked this setup, but it seems more to be about reaching local servers.
https://forum.opnsense.org/index.php?topic=36082.0

What I am looking for, is to connect to wireguard and then have all traffic routed through the tunnel. So far I only get so far, that the client is getting ipv4 and ipv6 out of the VPN network. I am not sure, if this is actually needed for the ipv6 part? I would think, that my prefix would extend ipv6s into the tunnel for the calling client and that one would need to route all traffic into the tunnel?
Added complexity: I have a dynamic prefix on the ipv6 of the server.

Anyone knows where to look, to figure out what is wrong or how to set it up?

4
24.1 Legacy Series / OPNsense unresponsive - Swap full
« on: March 06, 2024, 08:36:23 am »
So the issue I had in 23.7, persists in 24.1: https://forum.opnsense.org/index.php?topic=38109.0

Randomly I wake up to an unresponsive opnsense and the concole only prints:
Code: [Select]
swap_pager: out of swap space
swp_pager_getswapspace(3): failed
It seems to be connected to log2ram and some logspam. This nights crash came only after reactivating log2ram a few days ago.
As written in the other thread, I observed (log2ram deactivated), that DHCP6 seems to crash after some time and then log gets spammed with:
Code: [Select]
<13>1 2024-03-01T23:05:33+01:00 opnsense.xxx.xxx kernel - - [meta sequenceId="6806"] <7>cannot forward src fe80:b::xxxx:xxxx:xxxx:xxxx, dst xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, nxt 6, rcvif bridge0, outif pppoe1
I am yet not sure why DHCP6 crashes? I am only running it on my WAN interface. Also I do not see any logging options for DHCP specifically? Is there a way to activate it somewhere?

Kind regards
  Christian

5
23.7 Legacy Series / Re: OPNsense unresponsive after a week - Swap full
« on: March 01, 2024, 11:17:22 pm »
So after some observation, I now found, that I have massive logspam with some routing information:

Code: [Select]
<13>1 2024-03-01T23:05:33+01:00 opnsense.xxx.xxx kernel - - [meta sequenceId="6806"] <7>cannot forward src fe80:b::xxxx:xxxx:xxxx:xxxx, dst xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, nxt 6, rcvif bridge0, outif pppoe1
I get that nearly every 10 seconds. Which is slowly filling my log ramdisk.
For some reason the DHCP6 crashed / is not running anymore.
Not sure if this is all connected, but something is wrong.

6
23.7 Legacy Series / Re: OPNsense unresponsive after a week - Swap full
« on: January 14, 2024, 11:49:00 pm »
This happened already a week ago, so was monitoring the week and checking, but RAM and swap was ok. This setup runs for some years now, so not sure what happened to it, that I now get that situation. I have minimal services running on the box, so doubt that it is overloaded.
I had log2ram activated, that is why I suspected an out of memory due to some service log spamming. However logs are not available after the "crash". I now deactivated log2ram, hence expect to see something now on disk. That might give better clues on what is happening.
Last things I changed is switching to native ddclient and testing some virtual ULA ipv6 addresses.

7
23.7 Legacy Series / OPNsense unresponsive after a week - Swap full
« on: January 14, 2024, 12:45:16 pm »
Hi there,
I have a weird phenomenon. OPNsense works fine for about a week, but then it completely becomes unresponsive. No routing, no webUI, nothing.
Have to log in via serial console. On there, I get only the following message repeated:
Code: [Select]
swp_pager_getswapspace(2): failed
swap_pager: out of swap space
I am not sure, if out of swap is the error causing this or a result of another error (e.g., then filling up the logs).
Not sure on how to analyze this properly. Any ideas?

Kind regards
  Chris

8
23.1 Legacy Series / Re: After update: Starting web GUI...failed. | 503 - service unavailable
« on: February 21, 2023, 09:06:13 pm »
Having the same problem, I opened an issue: https://github.com/opnsense/core/issues/6351

9
22.7 Legacy Series / [SOLVED] IPv6 working only on one interface
« on: January 19, 2023, 10:26:05 pm »
Ok, following the white rabbit to github I found the solution in:
https://github.com/opnsense/core/issues/5651

LAN network is build on a bridge to combine different ports. The bridge needs to have link-local addresses enables. After that a reboot sets everything in order.

Apparently I did not need help on debugging.  ;D

10
22.7 Legacy Series / Re: IPv6 working only on one interface - need help on debugging
« on: January 19, 2023, 10:03:24 pm »
So I checked a few logs and suspect that it is a routing problem.

In dhcpd logs I get everytime LAN device (Prefix ID 2) asks for an IP:
Code: [Select]
[meta sequenceId="1"] Solicit message from fe80::xxx:1c96 port 546, transaction ID 0x54B07100
[meta sequenceId="2"] Picking pool address 2001:xxx:5002::2000
[meta sequenceId="3"] Advertise NA: address 2001:xxx5002::2000 to client with duid xxx iaid = xxx valid for 7200 seconds
[meta sequenceId="4"] Sending Advertise to fe80::xxx:1c96 port 546
[meta sequenceId="5"] send_packet6: No route to host

Checking the routes there is actually a difference:
Code: [Select]
ipv4 192.168.2.0/24 link#10 U NaN 1500 bridge0 LAN
ipv4 192.168.3.0/24 link#8 U NaN 1500 igb1_vlan3 WLAN_AP_GUEST
ipv6 2001:xxx:5002::/64 link#10 U NaN 1500 bridge0 LAN
ipv6 2001:xxx:5003::/64 link#8 U NaN 1500 igb1_vlan3 WLAN_AP_GUEST
ipv6 fe80::%igb1_vlan3/64 link#8 U NaN 1500 igb1_vlan3 WLAN_AP_GUEST

All routes are automatically generated and I am too much of a noob to figure what that means.

11
22.7 Legacy Series / [SOLVED] IPv6 working only on one interface
« on: January 19, 2023, 08:26:30 pm »
Hi there,
I have a bit of a trouble pinning down an issue.
Configured IPv6 and normally it was working on 2 interfaces. A LAN with physical connection and a WLAN_GUEST, based on a vlan coming from an access point.

I get an IPv6 from my ISP and a /56 prefix. Can easily ping IPv6 addresses from opnsense.
Also I get IPV6 working in the WLAN_GUEST. Devices get an IPv6 and can communicate with websites on that.

But for some reason devices in the LAN are not getting any IPv6. I compared all the configs and they seem to be the same.
Only difference is the different Prefix ID.

I know IPv6 was working in LAN before but I have no clue on how to debug this now. Does anyone has a hint?

Kind regards
  Chris

12
22.7 Legacy Series / Re: Having crash/panic, where is report send?
« on: November 13, 2022, 02:40:44 pm »
So that is the endpoint it is reported to. It just ends up with the developers?

13
22.7 Legacy Series / Having crash/panic, where is report send?
« on: November 13, 2022, 07:56:01 am »
Hi there,

after some time my connectivity gets lost. I need to then connect via serial console and reload all services. When doing so the box crashes with a panic.
After rebooting, I get a crash reporter offering me to send a report. However the report contains quite a bit personal information. So where is this send to? Any open space, like forum or github issue?

Kind regards
  Christian

14
22.1 Legacy Series / Re: WAN Interface lost connection after "reset interface" (pppoe)
« on: February 03, 2022, 09:35:09 am »
Yes, patch was working tonight in one single cron job, so far no issues. Definitely applied the cron table, as I changed it multiple times yesterday for testing.

15
22.1 Legacy Series / Re: WAN Interface lost connection after "reset interface" (pppoe)
« on: February 03, 2022, 08:59:34 am »
Nothing in my logs, however I have the patch installed. I assume this would only occur without the patch?

Pages: [1] 2 3 4
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2