Messages

What is your common factor? I226-V as NIC? This does not apply for the APU2C4, so: PPPoE on WAN?

Yes,  PPPoE on the WAN side for me. Network Ports have the "Intel(R) I210" for me.

And this was stable as hell. For me it started with 23.1.2 and everytime i did a update check. Now with 23.1.3 it happens more often.

Its headless, so i really have to search to get my serial cable out of my "big box"  to see more. But it is really a crash with reboot not a simple "connection drop".

Ronny

Hi,

thanks for this information,

I also checked my sata ssd, as i suspected,that that was the case, but it also health, no issues here to see. I use a APU2C4 with Bios v4.17.0.3 if that is relevant.

Fot the moment , i live with the reboots, as its my 2nd internet Link, will have to move in the next weeks and then i have to check in detail.

@opnsense any hints or infos for us here ?

Ronny

Hi,

I have this to, it was also on 23.1.2 (check for updates -> kernel crash and reboot) its headless so hard to know more.
After a reboot and immedially update i could update to 23.1.3.
Now the reboots happen without interaction,  i heared the "boot up sound" yestern 11pm and today in the morning around 5:45am.

I follow this thread and try to get / find a serial or other console to get more output if needed.

Ronny

Ok,

got it solved. The cause was the firmware update of the vigor130 dsl modem, i did that in the same timeframe (2.8.4 -> 2.8.5) no special things mentioned only minor things.

As i also did test my linux maschine with ppp and it did not work and also my mint laptop dit not work, there were not much things left. So i tried the downgrade of the firmware and viola, session up all good.

Really weird, perhaps it helps someone in the future. Seems the 2.8.4.1 and 2.8.5 did show this behavior on my site.

Thanks for helping
Ronny

Since your installation seems older and now it does not work anymore - but also back on 22.1.7: You know that since 22.1.something, you have to define parent interfaces for VLANs (and probably for PPPoE as well)?
You can leave them unconfigured IP-wise, but they must exist for sub-interfaces to work.

I dont use vlans for the pppoe connection. It is a simple igb1 Port without anything, the vigor130 does the needed vlan7 tagging on itself. That makes my setup simpler. I have vlans for internal seperating devices, that work as they should and have the parent interface.
Sidenote, i also tried setting up the needed vlan and pppoe config and of course change the modem config, does either not help, problem exists.

Also, there is a problem with aliases on 22.1.8 that has been fixed by 22.1.8_1.

Thanks, i am already on the latest (and greatest) 22.1.8_1

Thanks,
Ronny

Hi,

i use this dsl line only as backup and noticed, that it was down. The mpd shows only tries, but not response. So i thought, its the fault of the isp.  But no infos on this. The sync is there, all seems right. I configured my vigor 130 to use its own pppoe client and this worked immedially. 
Searched the logs and its really since the update to 22.1.8 , bevor the pppoe session worked.

The night bevor the update (around 2am) all worked:

Code Select Expand


<30>1 2022-05-25T02:20:08+02:00 OPNsense.local ppp 57539 - [meta sequenceId="141"] [wan] IFACE: Up event
<30>1 2022-05-25T02:20:08+02:00 OPNsense.local ppp 57539 - [meta sequenceId="142"] [wan] IFACE: Rename interface ng0 to pppoe0
<30>1 2022-05-25T02:20:08+02:00 OPNsense.local ppp 57539 - [meta sequenceId="143"] [wan] IPCP: rec'd Configure Nak #2 (Ack-Sent)
<30>1 2022-05-25T02:20:08+02:00 OPNsense.local ppp 57539 - [meta sequenceId="144"] [wan]   IPADDR xx.xx.xx.xxx
<30>1 2022-05-25T02:20:08+02:00 OPNsense.local ppp 57539 - [meta sequenceId="145"] [wan]     xx.xx.xx.xx is OK
<30>1 2022-05-25T02:20:08+02:00 OPNsense.local ppp 57539 - [meta sequenceId="146"] [wan]   PRIDNS xx.xx.xx.xx
<30>1 2022-05-25T02:20:08+02:00 OPNsense.local ppp 57539 - [meta sequenceId="147"] [wan]   SECDNS xx.xx.xx.xx
<30>1 2022-05-25T02:20:08+02:00 OPNsense.local ppp 57539 - [meta sequenceId="148"] [wan] IPCP: SendConfigReq #3
<30>1 2022-05-25T02:20:08+02:00 OPNsense.local ppp 57539 - [meta sequenceId="149"] [wan]   IPADDR xx.xx.xx.xx
<30>1 2022-05-25T02:20:08+02:00 OPNsense.local ppp 57539 - [meta sequenceId="150"] [wan]   PRIDNS xx.xx.xx.xx
<30>1 2022-05-25T02:20:08+02:00 OPNsense.local ppp 57539 - [meta sequenceId="151"] [wan]   SECDNS xx.xx.xx.xx
<30>1 2022-05-25T02:20:08+02:00 OPNsense.local ppp 57539 - [meta sequenceId="152"] [wan] IPCP: rec'd Configure Ack #3 (Ack-Sent)
<30>1 2022-05-25T02:20:08+02:00 OPNsense.local ppp 57539 - [meta sequenceId="153"] [wan]   IPADDR xx.xx.xx.xx
<30>1 2022-05-25T02:20:08+02:00 OPNsense.local ppp 57539 - [meta sequenceId="154"] [wan]   PRIDNS xx.xx.xx.xx
<30>1 2022-05-25T02:20:08+02:00 OPNsense.local ppp 57539 - [meta sequenceId="155"] [wan]   SECDNS xx.xx.xx.xx
<30>1 2022-05-25T02:20:08+02:00 OPNsense.local ppp 57539 - [meta sequenceId="156"] [wan] IPCP: state change Ack-Sent --> Opened
<30>1 2022-05-25T02:20:08+02:00 OPNsense.local ppp 57539 - [meta sequenceId="157"] [wan] IPCP: LayerUp
<30>1 2022-05-25T02:20:08+02:00 OPNsense.local ppp 57539 - [meta sequenceId="158"] [wan]   xx.xx.xx.xx -> xx.xx.xx.xx
<30>1 2022-05-25T22:26:18+02:00 OPNsense.local ppp 57539 - [meta sequenceId="1"] [wan] error writing len 12 frame to b0: Network is down


The last line is caused from the update (i think), i did it right at that time.
And now, nothing works. From this point, it goes right that.

Code Select Expand


<30>1 2022-05-25T22:27:10+02:00 OPNsense.local ppp 57539 - [meta sequenceId="30"] [wan_link0] LCP: SendTerminateReq #4
<30>1 2022-05-25T22:27:10+02:00 OPNsense.local ppp 57539 - [meta sequenceId="31"] [wan_link0] LCP: LayerDown
<30>1 2022-05-25T22:27:14+02:00 OPNsense.local ppp 57539 - [meta sequenceId="32"] [wan_link0] LCP: SendTerminateReq #5
<30>1 2022-05-25T22:27:16+02:00 OPNsense.local ppp 57539 - [meta sequenceId="33"] [wan_link0] LCP: state change Stopping --> Stopped
<30>1 2022-05-25T22:27:16+02:00 OPNsense.local ppp 57539 - [meta sequenceId="34"] [wan_link0] LCP: LayerFinish
<30>1 2022-05-25T22:27:16+02:00 OPNsense.local ppp 57539 - [meta sequenceId="35"] [wan_link0] PPPoE: connection closed
<30>1 2022-05-25T22:27:16+02:00 OPNsense.local ppp 57539 - [meta sequenceId="36"] [wan_link0] Link: DOWN event
<30>1 2022-05-25T22:27:16+02:00 OPNsense.local ppp 57539 - [meta sequenceId="37"] [wan_link0] LCP: Down event
<30>1 2022-05-25T22:27:16+02:00 OPNsense.local ppp 57539 - [meta sequenceId="38"] [wan_link0] LCP: state change Stopped --> Starting
<30>1 2022-05-25T22:27:16+02:00 OPNsense.local ppp 57539 - [meta sequenceId="39"] [wan_link0] LCP: LayerStart
<30>1 2022-05-25T22:27:16+02:00 OPNsense.local ppp 57539 - [meta sequenceId="40"] [wan_link0] Link: reconnection attempt 1 in 2 seconds
<30>1 2022-05-25T22:27:18+02:00 OPNsense.local ppp 57539 - [meta sequenceId="41"] [wan_link0] Link: reconnection attempt 1
<30>1 2022-05-25T22:27:18+02:00 OPNsense.local ppp 57539 - [meta sequenceId="42"] [wan_link0] PPPoE: Connecting to ''
<30>1 2022-05-25T22:27:27+02:00 OPNsense.local ppp 57539 - [meta sequenceId="43"] [wan_link0] PPPoE connection timeout after 9 seconds
<30>1 2022-05-25T22:27:27+02:00 OPNsense.local ppp 57539 - [meta sequenceId="44"] [wan_link0] Link: DOWN event
<30>1 2022-05-25T22:27:27+02:00 OPNsense.local ppp 57539 - [meta sequenceId="45"] [wan_link0] LCP: Down event
<30>1 2022-05-25T22:27:27+02:00 OPNsense.local ppp 57539 - [meta sequenceId="46"] [wan_link0] Link: reconnection attempt 2 in 1 seconds
<30>1 2022-05-25T22:27:28+02:00 OPNsense.local ppp 57539 - [meta sequenceId="47"] [wan_link0] Link: reconnection attempt 2


I did downgrade the kernel to 22.1 and opnsense to 22.1.7, but it does not helped, this persists as it is.
I also tried to configure the old way with VLAN7 and on this the pppoe session (and disabled the vlan tag 7 addition in the vigor130), does not help, sadly.

Any hints on this :) ?

Thanks,
Ronny

Setup is:  APU2 with Vigor130 on the igb1 port, vlan 7 tag insserts the vigor130. The cable is directly from vigor130 to the apu2 on this port. I have an alias on this interface for the management address, that works flawlesse since ages. What is suspicious,  is that the counters only show out but NO in pakets since then:

Code Select Expand

Interfaces Overview for this:
Status up
PPPoE
up 
Uptime 00:00:0
MAC address 00:00:00:00:00:00 - XEROX CORPORATION
MTU 1492
IPv4 address pppoe/
IPv6 link-local fe80::20d:b9ff:fe4c:464/64
IPv6 address
In/out packets 0 / 36 (0 bytes / 3 KB)
In/out packets (pass) 0 / 36 (0 bytes / 3 KB)
In/out packets (block) 0 / 0 (0 bytes / 0 bytes)
In/out errors 0 / 0
Collisions 0

Hallo,

ich weiß nicht, ob es beim TC4400 auch so ist, aber in der Regel ist es so, das im Bridgemode das 1. Gerät die offizielle IP bekommt und das wars dann auch, wenn Du dann ein weiteres gerät ansteckst, wird es nix bekommen.
Dazu das Gerät neu starten und natürlich an die OPNsense anstecken, dann sollte es per DHCP eine offizielle IPv4 bekommen und das wars. Da ist nix mit Irgendwelchen Daten angeben oder so, durch den Aktivierungscode wird dem Modem die Konfiguration übermittelt und es regelt alle Dinge.

Versuchs mal ;) Ronny

Moin Andre2020,

es wäre toll, wenn Du Dir kurz die Zeit morgen dafür nehmen könntest.
Wir müssen dafür IPSec nutzen (das ist der einzige gemeinsame Nenner, der uns zur Verfügung steht).
Von daher ist Wireguard ne gute Sache, nur in diesem Fall für uns nicht nutzbar, leider.

Gruß Ronny

Hi,

Hallo zusammen, ich habs am Laufen mit mutual RSA ohne EAP.
Ich versuche in den kommenden Tagen mal Infos zu erstellen. Wenn ihr dem Wiki folgt: die dort angegebene PFS Key Group 14 wird von iOS nicht mehr akzeptiert. Ihr müsst 19 - 21 wählen. Daran habe ich mir am längsten die Zähne ausgebissen.
IPSec läuft sehr gut und schnell, und mein Hauptgrund es vor OpenVPN zu bevorzugen ist das "connect on demand".

@Andre2000 würdest Du die Infos mir bereitstellen. Wir versuchen uns auch gerade dran und sind am Verzweifeln  :-\

Danke Ronny

Hi,

Just for testing today I deactivated my PPPoE interface in OPNsense and - guess what - the performance on the other two (non-PPPoE)
[...]
I bought a DrayTek 165 (VDSL2+ 35b) modem now which is capable of handling the whole PPPoE stuff on its own. This way the OPNsense will only get IP traffic and it should finally work.

I have a vigor 130, this should also work with that, could you please give a link on what to change in the config. Actually i do vlan tagging on the vigor only. Do the pppoe stuff at the modem with vlan tagging is perhaps a better method, would like to dive in, if it is a better setup for me.

Thanks,
Ronny

Digged deeper and used the template file from "https://github.com/opnsense/plugins/blob/master/net/freeradius/src/opnsense/service/templates/OPNsense/Freeradius/users" to compare and found a missing line.

Dont know, why, but replaced the file with the one from the repo and it generates the file again, so it was really only a missing line:

Code Select Expand


root@OPNsense:/usr/local/opnsense/service/templates/OPNsense/Freeradius # diff -P users users1
54c54
<
---
> {%         endif %}


I do not think, that this is because of the upgrade, as the template file seems unchanged since months.

Will monitor, perhaps the issues is caused by layer 8 aka me, who knows :)

Sorry for confusion on this.  ( Perhaps it should print in the error log, that the template file is wrong ? )

Ronny

Hi, thanks.

the file does not change and timestamp does also not change.

configd.log from 2. sep

Code Select Expand


Sep  2 19:46:41 OPNsense configd.py[42340]: generate template container OPNsense/Freeradius
Sep  2 19:46:43 OPNsense configd.py[42340]: [07f343f5-35f7-4502-be99-e6081e01a596] starting FreeRADIUS
Sep  2 19:46:44 OPNsense configd.py[42340]: [a8175159-2b8f-4a74-a0c8-e9145b9d9e44] request FreeRADIUS status
Sep  2 19:46:45 OPNsense configd.py[42340]: [6224057f-eec1-400b-a859-165b3d8527ba] request FreeRADIUS status
Sep  2 19:46:45 OPNsense configd.py[42340]: [6fae2e40-e2f0-4aeb-a39a-a4cae5347135] stopping FreeRADIUS
Sep  2 19:46:45 OPNsense configd.py[42340]: [fde4ca8a-1573-4429-8ad3-0b83f4efff48] generate template OPNsense/Freeradius
Sep  2 19:46:45 OPNsense configd.py[42340]: generate template container OPNsense/Freeradius
Sep  2 19:46:48 OPNsense configd.py[42340]: [25646620-4cda-4de6-9964-ba50d28520cb] starting FreeRADIUS
Sep  2 19:47:18 OPNsense configd.py[42340]: [397dff4f-f3f5-4c7d-a46a-cc3375979edd] Show log
Sep  2 19:47:27 OPNsense configd.py[42340]: [40324d8d-8d2d-4e78-abe4-cc76cb135e0d] Show log
Sep  2 19:49:10 OPNsense configd.py[42340]: [9377e029-dba2-460a-bdc8-6d20ad04ac65] request FreeRADIUS status
Sep  2 19:49:12 OPNsense configd.py[42340]: [90146ab5-eaad-487f-8f4a-d5acf5f6bd96] Show log
Sep  2 19:49:20 OPNsense configd.py[42340]: [541e2b77-5a7b-43ab-acf5-f00ddbeaadaf] request FreeRADIUS status
Sep  2 19:49:32 OPNsense configd.py[42340]: [06ee9346-d822-4aa8-86e5-546706974ff4] request FreeRADIUS status
Sep  2 19:49:32 OPNsense configd.py[42340]: [f68bd20b-209a-46f4-b2e6-04a722ddd188] stopping FreeRADIUS
Sep  2 19:49:33 OPNsense configd.py[42340]: [80491915-e593-433b-90fc-21e052ae2613] generate template OPNsense/Freeradius
Sep  2 19:49:33 OPNsense configd.py[42340]: generate template container OPNsense/Freeradius
Sep  2 19:49:35 OPNsense configd.py[42340]: [f96d9f36-f79a-4292-ba8d-bce8ebe0009d] starting FreeRADIUS
Sep  2 19:49:36 OPNsense configd.py[42340]: [c14218f1-a3ce-4149-820a-014573a8694a] request FreeRADIUS status
Sep  2 19:49:36 OPNsense configd.py[42340]: [c044af7e-bdd6-4e73-a6c0-0cebcb7caaa8] request FreeRADIUS status
Sep  2 19:49:36 OPNsense configd.py[42340]: [1a84d05d-01b7-4589-9fe8-41829148fd7a] stopping FreeRADIUS
Sep  2 19:49:37 OPNsense configd.py[42340]: [c828e407-e194-466c-b57a-426583078061] generate template OPNsense/Freeradius
Sep  2 19:49:37 OPNsense configd.py[42340]: generate template container OPNsense/Freeradius
Sep  2 19:49:39 OPNsense configd.py[42340]: [c5c79f0f-be96-4ee1-85b9-fe8baca0bc19] starting FreeRADIUS
Sep  2 19:49:40 OPNsense configd.py[42340]: [e1b28e7d-3493-4598-9765-90a414e86d6c] restarting FreeRADIUS
Sep  2 19:49:41 OPNsense configd.py[42340]: [7416f0e7-96b1-493b-9dc8-94336746014b] request FreeRADIUS status
Sep  2 19:49:41 OPNsense configd.py[42340]: [873b40e1-7ff6-4308-9060-3f799149d3a2] request FreeRADIUS status
Sep  2 19:52:45 OPNsense configd.py[42340]: [2e489477-ea41-4ba0-938f-9af2e4c79e57] request FreeRADIUS status
Sep  2 19:52:46 OPNsense configd.py[42340]: [4cd95d7e-b531-46b4-bede-6d6e5a2e4790] stopping FreeRADIUS
Sep  2 19:52:46 OPNsense configd.py[42340]: [807fd364-7986-4f07-a28b-ad1cc175edcc] generate template OPNsense/Freeradius
Sep  2 19:52:46 OPNsense configd.py[42340]: generate template container OPNsense/Freeradius
Sep  2 19:52:49 OPNsense configd.py[42340]: [085ced2e-5bc5-4d3c-b7d1-05f17f5cf283] starting FreeRADIUS
Sep  2 19:52:50 OPNsense configd.py[42340]: [6034ce18-ddee-4e40-8d81-bb219fa72c7d] request FreeRADIUS status
Sep  2 19:52:50 OPNsense configd.py[42340]: [78ab7452-c325-4774-9d6c-5b9f3053bd0c] request FreeRADIUS status
Sep  2 19:52:50 OPNsense configd.py[42340]: [2843a1f3-28e0-4d17-9cb3-3536fd51aa27] stopping FreeRADIUS
Sep  2 19:52:51 OPNsense configd.py[42340]: [4c7ee8a1-ec8b-49bd-833e-d5f3e2dcda75] generate template OPNsense/Freeradius
Sep  2 19:52:51 OPNsense configd.py[42340]: generate template container OPNsense/Freeradius
Sep  2 19:52:54 OPNsense configd.py[42340]: [87294589-5890-4c9e-852c-5d20f44ac9bf] starting FreeRADIUS
Sep  2 19:53:07 OPNsense configd.py[42340]: [178ae2f0-706b-467b-a663-7dd6f5ee5a0b] request FreeRADIUS status
Sep  2 19:53:07 OPNsense configd.py[42340]: [d3d9944a-2609-46ae-8354-b4a1d09410d5] stopping FreeRADIUS
Sep  2 19:53:07 OPNsense configd.py[42340]: [a296a2ff-3cbf-44d6-86a7-e472e9980c97] generate template OPNsense/Freeradius
Sep  2 19:53:07 OPNsense configd.py[42340]: generate template container OPNsense/Freeradius
Sep  2 19:53:09 OPNsense configd.py[42340]: [097e7cdd-da2f-4b6d-a522-9db79a26d57b] starting FreeRADIUS
Sep  2 19:53:10 OPNsense configd.py[42340]: [c5fa64a9-92f0-4667-a407-52c0ebe370e2] request FreeRADIUS status
Sep  2 19:53:10 OPNsense configd.py[42340]: [f53fa2c4-74c2-4559-9090-3224daead32e] request FreeRADIUS status
Sep  2 19:53:10 OPNsense configd.py[42340]: [2c9654e1-b3b2-41a6-a4a9-edfe1b162627] stopping FreeRADIUS
Sep  2 19:53:10 OPNsense configd.py[42340]: [7605a3c6-6b48-46c4-8195-6018a5d37eb3] generate template OPNsense/Freeradius
Sep  2 19:53:10 OPNsense configd.py[42340]: generate template container OPNsense/Freeradius
Sep  2 19:53:13 OPNsense configd.py[42340]: [aafd4ed2-8cc6-4b31-808c-5a8c96b0fe8a] starting FreeRADIUS


And today:

Code Select Expand


Sep  6 11:57:08 OPNsense configd.py[42340]: [6ee67bcb-6bad-41ea-a3d6-01b15e1db029] request FreeRADIUS status
Sep  6 11:57:10 OPNsense configd.py[42340]: [916a91dd-0e06-45a5-9daa-277846488ca1] request FreeRADIUS status
Sep  6 11:57:10 OPNsense configd.py[42340]: [505651fe-5c04-439a-8bb6-79f5fdfff1d5] stopping FreeRADIUS
Sep  6 11:57:10 OPNsense configd.py[42340]: [dfc7d8f7-61bf-4cc9-a5bd-eae095befd43] generate template OPNsense/Freeradius
Sep  6 11:57:10 OPNsense configd.py[42340]: generate template container OPNsense/Freeradius
Sep  6 11:57:12 OPNsense configd.py[42340]: [34f49822-f767-45f6-bc7c-4978137e6d6f] starting FreeRADIUS
Sep  6 11:57:13 OPNsense configd.py[42340]: [1c46323e-c5d0-42aa-b0e5-520ad71e5b73] request FreeRADIUS status
Sep  6 11:57:13 OPNsense configd.py[42340]: [13625bf4-c90e-4c76-9968-f78f09b161f8] request FreeRADIUS status
Sep  6 11:57:13 OPNsense configd.py[42340]: [4991ad1b-a77e-40b8-9095-3ebe3d7cb46a] stopping FreeRADIUS
Sep  6 11:57:15 OPNsense configd.py[42340]: [2e03a089-a22e-4980-a0a5-19f0ca062698] generate template OPNsense/Freeradius
Sep  6 11:57:15 OPNsense configd.py[42340]: generate template container OPNsense/Freeradius
Sep  6 11:57:17 OPNsense configd.py[42340]: [e4c5246b-473a-4f51-9e17-7c8d9d255885] starting FreeRADIUS


Code Select Expand


-rwxr-x---  1 freeradius  freeradius    15K Sep  4 20:08 authorize


Hi,

since the 20.7.2 update my users (the link to the authorize file for radius" gets not updated anymore. I have had 2 users (mac pairs for mac based auth) which were not in the file but in the users list, apply or restart did not help.

The log sas "configd freedrius config generated" so all seems fine.

Any hint on how i can debug, whats going on ?

Thanks,
Ronny

Hallo,

das meinen die aber.

Dein Telefoniegerät nutzte "nur" den A Records (Also zu einer IPv4) Adresse. das ist bei denen wohl eher legacy Kram, daher wurde der wohl auch eher unterirdisch gepflegt :D.
Besser ist es natürlich die SRV Einträge zu nutzen, das muss aber vom SIP Server / Telefoniegerät erledigt werden, durch Deine neue Firmware, passiert das nun, ergo Problem erledigt.  Das ist aber echt traurig,was da an Support vom GILB kommt :D
Da würde aber mit der Telekombox auch nix funktionieren dann, solange die nur Router spielt, ich denke eher, die denke man hat "Box als SIP Engerät und Analoges Telefon oder so, an dieser" an :)

Hi,

i have an old hmac-md5 key, and the tooltip mentions md5 only, but i would suggest, try it and give feedback, if it works or not  ? :)

Ronny