Messages

So it seems, that I got this working:
As per guide I created the VPN Interface. Either "Block bogon networks" is activated by default or I activated it. That however blocked all traffic from the tunnel. Interestingly only for ipv6, not ipv4.

I am not sure, if this is supposed to be. Shouldn't Opnsense be aware of the Wireguard networks and not treat them as Bogon?

Hi there,
just skipped over her from my post.

As I understand, you are trying to dial into a public server with your opnsense box? The setup I am doing is exactly the other way around. I am phoning home from my devices.
So I am sorry, but I do not have experience with that. What was most troubling in my setup was the whole switcharoo of keys. Took me quite a drawing to make sure I understand which key goes where in the configs.

I am trying to get a simple setup running: Route all traffic through wireguard for a roadwarrior, ipv4 and ipv6.

I got ipv4 working with no issues whatsoever, however ipv6 seems to be more tricky.
The original guide is not very specific with examples and I feel it is missing routes?
https://docs.opnsense.org/manual/how-tos/wireguard-client.html

I also checked this setup, but it seems more to be about reaching local servers.
https://forum.opnsense.org/index.php?topic=36082.0

What I am looking for, is to connect to wireguard and then have all traffic routed through the tunnel. So far I only get so far, that the client is getting ipv4 and ipv6 out of the VPN network. I am not sure, if this is actually needed for the ipv6 part? I would think, that my prefix would extend ipv6s into the tunnel for the calling client and that one would need to route all traffic into the tunnel?
Added complexity: I have a dynamic prefix on the ipv6 of the server.

Anyone knows where to look, to figure out what is wrong or how to set it up?

So the issue I had in 23.7, persists in 24.1: https://forum.opnsense.org/index.php?topic=38109.0

Randomly I wake up to an unresponsive opnsense and the concole only prints:

Code Select Expand

swap_pager: out of swap space
swp_pager_getswapspace(3): failed

It seems to be connected to log2ram and some logspam. This nights crash came only after reactivating log2ram a few days ago.
As written in the other thread, I observed (log2ram deactivated), that DHCP6 seems to crash after some time and then log gets spammed with:

Code Select Expand

<13>1 2024-03-01T23:05:33+01:00 opnsense.xxx.xxx kernel - - [meta sequenceId="6806"] <7>cannot forward src fe80:b::xxxx:xxxx:xxxx:xxxx, dst xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, nxt 6, rcvif bridge0, outif pppoe1

I am yet not sure why DHCP6 crashes? I am only running it on my WAN interface. Also I do not see any logging options for DHCP specifically? Is there a way to activate it somewhere?

Kind regards
  Christian

So after some observation, I now found, that I have massive logspam with some routing information:

Code Select Expand

<13>1 2024-03-01T23:05:33+01:00 opnsense.xxx.xxx kernel - - [meta sequenceId="6806"] <7>cannot forward src fe80:b::xxxx:xxxx:xxxx:xxxx, dst xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, nxt 6, rcvif bridge0, outif pppoe1

I get that nearly every 10 seconds. Which is slowly filling my log ramdisk.
For some reason the DHCP6 crashed / is not running anymore.
Not sure if this is all connected, but something is wrong.

This happened already a week ago, so was monitoring the week and checking, but RAM and swap was ok. This setup runs for some years now, so not sure what happened to it, that I now get that situation. I have minimal services running on the box, so doubt that it is overloaded.
I had log2ram activated, that is why I suspected an out of memory due to some service log spamming. However logs are not available after the "crash". I now deactivated log2ram, hence expect to see something now on disk. That might give better clues on what is happening.
Last things I changed is switching to native ddclient and testing some virtual ULA ipv6 addresses.

Hi there,
I have a weird phenomenon. OPNsense works fine for about a week, but then it completely becomes unresponsive. No routing, no webUI, nothing.
Have to log in via serial console. On there, I get only the following message repeated:

Code Select Expand

swp_pager_getswapspace(2): failed
swap_pager: out of swap space

I am not sure, if out of swap is the error causing this or a result of another error (e.g., then filling up the logs).
Not sure on how to analyze this properly. Any ideas?

Kind regards
  Chris

Having the same problem, I opened an issue: https://github.com/opnsense/core/issues/6351

Ok, following the white rabbit to github I found the solution in:
https://github.com/opnsense/core/issues/5651

LAN network is build on a bridge to combine different ports. The bridge needs to have link-local addresses enables. After that a reboot sets everything in order.

Apparently I did not need help on debugging.  ;D

So I checked a few logs and suspect that it is a routing problem.

In dhcpd logs I get everytime LAN device (Prefix ID 2) asks for an IP:

Code Select Expand


[meta sequenceId="1"] Solicit message from fe80::xxx:1c96 port 546, transaction ID 0x54B07100
[meta sequenceId="2"] Picking pool address 2001:xxx:5002::2000
[meta sequenceId="3"] Advertise NA: address 2001:xxx5002::2000 to client with duid xxx iaid = xxx valid for 7200 seconds
[meta sequenceId="4"] Sending Advertise to fe80::xxx:1c96 port 546
[meta sequenceId="5"] send_packet6: No route to host


Checking the routes there is actually a difference:

Code Select Expand


ipv4 192.168.2.0/24 link#10 U NaN 1500 bridge0 LAN
ipv4 192.168.3.0/24 link#8 U NaN 1500 igb1_vlan3 WLAN_AP_GUEST
ipv6 2001:xxx:5002::/64 link#10 U NaN 1500 bridge0 LAN
ipv6 2001:xxx:5003::/64 link#8 U NaN 1500 igb1_vlan3 WLAN_AP_GUEST
ipv6 fe80::%igb1_vlan3/64 link#8 U NaN 1500 igb1_vlan3 WLAN_AP_GUEST


All routes are automatically generated and I am too much of a noob to figure what that means.

Hi there,
I have a bit of a trouble pinning down an issue.
Configured IPv6 and normally it was working on 2 interfaces. A LAN with physical connection and a WLAN_GUEST, based on a vlan coming from an access point.

I get an IPv6 from my ISP and a /56 prefix. Can easily ping IPv6 addresses from opnsense.
Also I get IPV6 working in the WLAN_GUEST. Devices get an IPv6 and can communicate with websites on that.

But for some reason devices in the LAN are not getting any IPv6. I compared all the configs and they seem to be the same.
Only difference is the different Prefix ID.

I know IPv6 was working in LAN before but I have no clue on how to debug this now. Does anyone has a hint?

Kind regards
  Chris

So that is the endpoint it is reported to. It just ends up with the developers?

Hi there,

after some time my connectivity gets lost. I need to then connect via serial console and reload all services. When doing so the box crashes with a panic.
After rebooting, I get a crash reporter offering me to send a report. However the report contains quite a bit personal information. So where is this send to? Any open space, like forum or github issue?

Kind regards
  Christian

Yes, patch was working tonight in one single cron job, so far no issues. Definitely applied the cron table, as I changed it multiple times yesterday for testing.

Nothing in my logs, however I have the patch installed. I assume this would only occur without the patch?