1
24.7 Production Series / announcements widget
« on: August 04, 2024, 03:25:09 pm »
I like the announcement widget on the dashboard however in my opinion it needs to include the date of the announcement as well.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
22.7 Legacy Series / Re: ia-na and ia-pd on a the wan interface
« on: April 11, 2023, 10:16:21 pm »
never said the script was pretty, but for right now until a better solution is identified and deployed this is remains a workable option, at least for me at the moment.
3
22.7 Legacy Series / Re: ia-na and ia-pd on a the wan interface
« on: March 29, 2023, 06:28:22 pm »
I've come up with a not so elegant solution based upon a posting I found elsewhere directed towards pfsense. If I enable log level debug under "interfaces -> Settings" I can get the IA_PD address to appear in the files in /var/log/system/, I found it doesn't always show in "latest.log" so I simply cat all the files run it through grep and take the last IA_PD entry found and apply that address to the WAN interface.
After a reboot I simply run the script eg "./assign_ip6.sh <wan interface>" and the script will apply the last address from the assigned prefix to the wan interface. (ugly script attached)
I'm sure somebody can figure out a better way to put IA_PD and clean up the script, but at least it solves the problem for now, if not a little (ok very) kludgy.
Jef
After a reboot I simply run the script eg "./assign_ip6.sh <wan interface>" and the script will apply the last address from the assigned prefix to the wan interface. (ugly script attached)
I'm sure somebody can figure out a better way to put IA_PD and clean up the script, but at least it solves the problem for now, if not a little (ok very) kludgy.
Jef
4
22.7 Legacy Series / Re: ia-na and ia-pd on a the wan interface
« on: March 24, 2023, 04:07:13 pm »
Where you ever successful? If so what was the final solution? I too get a delegated /56 but no address assigned to the WAN interface, yes everything works with a link local on the wan interface unless I need/want to source something from the firewall itself.
Thanks, Jeff
Thanks, Jeff
5
23.1 Legacy Series / Re: IPv6 constant dhcp request and solicits
« on: March 24, 2023, 01:42:53 am »
a little drastic but it did solve the problem, at least I was able to restore individual portions of the configuration without causing a problem, restoring the complete configuration will trigger the problem.
I found I was able to trigger the issue once when creating vlan's on my inside interface.
I really wish I know what was triggering the failure.
Next issue, the ISP (Verizon FiOS) doesn't issue a IPv6 address to the WAN interface, it instead relies on a link-local address, just a /56 prefix, is there a way to automatically assign a /64 to the WAN interface? I would like all my systems behind the opnsense device to query unbound for dns and let unbound do the query to the outside, I'm assuming it wants to use the WAN interface's address.
I found I was able to trigger the issue once when creating vlan's on my inside interface.
I really wish I know what was triggering the failure.
Next issue, the ISP (Verizon FiOS) doesn't issue a IPv6 address to the WAN interface, it instead relies on a link-local address, just a /56 prefix, is there a way to automatically assign a /64 to the WAN interface? I would like all my systems behind the opnsense device to query unbound for dns and let unbound do the query to the outside, I'm assuming it wants to use the WAN interface's address.
6
23.1 Legacy Series / IPv6 constant dhcp request and solicits
« on: March 22, 2023, 04:30:22 pm »
I've been trying to get IPv6 working with Verizon FiOS and I actually received a /56 prefix along with a link local address on my wan interface. I'm successfully able to apply an IPv6 address to my LAN interfaces (utilizing 3 vlans on the lan interface) by tracking the WAN interface and specifying an IPv6 prefix ID, however the connectivity only works for a few seconds and then stops working. If I do a simple tcpdump on my wan interface "tcpdump -igb4 ipv6" I see the following:
11:11:52.450942 IP6 2600:4040:af10::1 > ff02::1:ff6d:f468: ICMP6, neighbor solicitation, who has fe80::20e:b6ff:fe6d:f468, length 32
11:11:52.846407 IP6 fe80::20e:b6ff:fe6d:f468 > ff02::1:ff1c:a00c: ICMP6, neighbor solicitation, who has fe80::8aa2:5eff:fe1c:a00c, length 32
11:11:52.852941 IP6 fe80::20e:b6ff:feb0:6dc2.546 > ff02::1:2.547: dhcp6 request
11:11:53.002705 IP6 fe80::20e:b6ff:feb0:6dc2.546 > ff02::1:2.547: dhcp6 solicit
11:11:53.846201 IP6 fe80::20e:b6ff:fe6d:f468 > ff02::1:ff1c:a00c: ICMP6, neighbor solicitation, who has fe80::8aa2:5eff:fe1c:a00c, length 32
11:11:54.012969 IP6 fe80::20e:b6ff:feb0:6dc2.546 > ff02::1:2.547: dhcp6 request
11:11:54.362938 IP6 fe80::20e:b6ff:feb0:6dc2.546 > ff02::1:2.547: dhcp6 solicit
11:11:54.846199 IP6 fe80::20e:b6ff:fe6d:f468 > ff02::1:ff1c:a00c: ICMP6, neighbor solicitation, who has fe80::8aa2:5eff:fe1c:a00c, length 32
11:11:55.372914 IP6 fe80::20e:b6ff:feb0:6dc2.546 > ff02::1:2.547: dhcp6 request
11:11:55.456058 IP6 2600:4040:af10::1 > ff02::1:ff6d:f468: ICMP6, neighbor solicitation, who has fe80::20e:b6ff:fe6d:f468, length 32
This repeats continuously in rapid succession and never stops.
I have configured IPv6 for a friend utilizing the same hardware and was successful with the configuration and I noted that that setup does not generate the continuous stream of requests and solicits.
I attempted to back everything out and have gone so far as to disable every IPv6 setting on the firewall that I could find and the firewall continues to send the same IPv6 request and solicit packets. I have tried reinstalling the software and then reimporting my configuration and the solicits and requests start all over again. My next attempt will be to simply recreate the configuration from scratch and not import my configuration.
One thing to note, I originally was using IPv6 over hurricane electric via GIT tunnel, could this be causing me grief? I've deleted all the remnants of this configuration from the GUI.
Where is this coming from? Why can I not stop it?
Jeff
11:11:52.450942 IP6 2600:4040:af10::1 > ff02::1:ff6d:f468: ICMP6, neighbor solicitation, who has fe80::20e:b6ff:fe6d:f468, length 32
11:11:52.846407 IP6 fe80::20e:b6ff:fe6d:f468 > ff02::1:ff1c:a00c: ICMP6, neighbor solicitation, who has fe80::8aa2:5eff:fe1c:a00c, length 32
11:11:52.852941 IP6 fe80::20e:b6ff:feb0:6dc2.546 > ff02::1:2.547: dhcp6 request
11:11:53.002705 IP6 fe80::20e:b6ff:feb0:6dc2.546 > ff02::1:2.547: dhcp6 solicit
11:11:53.846201 IP6 fe80::20e:b6ff:fe6d:f468 > ff02::1:ff1c:a00c: ICMP6, neighbor solicitation, who has fe80::8aa2:5eff:fe1c:a00c, length 32
11:11:54.012969 IP6 fe80::20e:b6ff:feb0:6dc2.546 > ff02::1:2.547: dhcp6 request
11:11:54.362938 IP6 fe80::20e:b6ff:feb0:6dc2.546 > ff02::1:2.547: dhcp6 solicit
11:11:54.846199 IP6 fe80::20e:b6ff:fe6d:f468 > ff02::1:ff1c:a00c: ICMP6, neighbor solicitation, who has fe80::8aa2:5eff:fe1c:a00c, length 32
11:11:55.372914 IP6 fe80::20e:b6ff:feb0:6dc2.546 > ff02::1:2.547: dhcp6 request
11:11:55.456058 IP6 2600:4040:af10::1 > ff02::1:ff6d:f468: ICMP6, neighbor solicitation, who has fe80::20e:b6ff:fe6d:f468, length 32
This repeats continuously in rapid succession and never stops.
I have configured IPv6 for a friend utilizing the same hardware and was successful with the configuration and I noted that that setup does not generate the continuous stream of requests and solicits.
I attempted to back everything out and have gone so far as to disable every IPv6 setting on the firewall that I could find and the firewall continues to send the same IPv6 request and solicit packets. I have tried reinstalling the software and then reimporting my configuration and the solicits and requests start all over again. My next attempt will be to simply recreate the configuration from scratch and not import my configuration.
One thing to note, I originally was using IPv6 over hurricane electric via GIT tunnel, could this be causing me grief? I've deleted all the remnants of this configuration from the GUI.
Where is this coming from? Why can I not stop it?
Jeff
7
General Discussion / IPv6 client requests on the WAN interface
« on: August 27, 2022, 03:46:15 am »
I have IPv6 turned off on the WAN interface with the IPv6 Configuration Type is set to "None" however I see that every second I have the router sending out dhcpv6 requests, why?
21:40:24.255657 IP6 fe80::20e:b6ff:feb0:6dc2.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 request
21:40:24.335396 IP6 fe80::20e:b6ff:feb0:6dc2.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
21:40:25.345685 IP6 fe80::20e:b6ff:feb0:6dc2.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 request
21:40:25.615473 IP6 fe80::20e:b6ff:feb0:6dc2.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
21:40:26.625721 IP6 fe80::20e:b6ff:feb0:6dc2.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 request
21:40:26.995474 IP6 fe80::20e:b6ff:feb0:6dc2.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
21:40:28.005709 IP6 fe80::20e:b6ff:feb0:6dc2.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 request
21:40:28.625461 IP6 fe80::20e:b6ff:feb0:6dc2.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
Current version is OPNsense 22.7.2-amd64 and there currently no updates available.
Thanks, Jeff
21:40:24.255657 IP6 fe80::20e:b6ff:feb0:6dc2.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 request
21:40:24.335396 IP6 fe80::20e:b6ff:feb0:6dc2.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
21:40:25.345685 IP6 fe80::20e:b6ff:feb0:6dc2.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 request
21:40:25.615473 IP6 fe80::20e:b6ff:feb0:6dc2.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
21:40:26.625721 IP6 fe80::20e:b6ff:feb0:6dc2.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 request
21:40:26.995474 IP6 fe80::20e:b6ff:feb0:6dc2.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
21:40:28.005709 IP6 fe80::20e:b6ff:feb0:6dc2.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 request
21:40:28.625461 IP6 fe80::20e:b6ff:feb0:6dc2.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
Current version is OPNsense 22.7.2-amd64 and there currently no updates available.
Thanks, Jeff
8
19.7 Legacy Series / DNS filtering
« on: December 06, 2019, 01:02:20 am »
I like many others have run into a problem with using an IPv6 tunnel broker and Netflix where Netflix rejects the IPv6 connection.
I attempted to configure and DNS server on the firewall and everything was working fine until I attempted to use the command in bind "filter-aaaa-on-v4 yes;" it turns out that in order to use the command bind has to be built with the option "--enable-filter-aaaa". The supplied version of bind9 for OPNsense doesn't have that option compiled in.
I'm not necessarily against recompiling bind however given the choice I would rather stay with the pre-built programs as it will make my life a lot easier in the future when it comes time to upgrading.
In case I was going about this the wrong way I was simply going to use unbound to query bind on port 10053 for anything in the netflix.com domain and allow bind to filter out the aaaa responses.
Jeff
I attempted to configure and DNS server on the firewall and everything was working fine until I attempted to use the command in bind "filter-aaaa-on-v4 yes;" it turns out that in order to use the command bind has to be built with the option "--enable-filter-aaaa". The supplied version of bind9 for OPNsense doesn't have that option compiled in.
I'm not necessarily against recompiling bind however given the choice I would rather stay with the pre-built programs as it will make my life a lot easier in the future when it comes time to upgrading.
In case I was going about this the wrong way I was simply going to use unbound to query bind on port 10053 for anything in the netflix.com domain and allow bind to filter out the aaaa responses.
Jeff
9
General Discussion / interface gif0 bouncing
« on: February 22, 2019, 08:48:40 pm »
I have enabled a gif interface for use with Hurricane Electric for IPv6 connectivity. I have noticed in the dmesg logs thousands of the message:
gif0: link state changed to UP
gif0: link state changed to DOWN
The IPv6 connectivity appears to be working fine however
Software on my unit from the dashboard page is:
OPNsense 19.1.1-amd64
FreeBSD 11.2-RELEASE-p8-HBSD
OpenSSL 1.0.2q 20 Nov 2018
Suggestions as to what I might need to change to correct the issue?
Thanks,
Jeff
gif0: link state changed to UP
gif0: link state changed to DOWN
The IPv6 connectivity appears to be working fine however
Software on my unit from the dashboard page is:
OPNsense 19.1.1-amd64
FreeBSD 11.2-RELEASE-p8-HBSD
OpenSSL 1.0.2q 20 Nov 2018
Suggestions as to what I might need to change to correct the issue?
Thanks,
Jeff
Pages: [1]