Messages

1

24.7 Production Series / Cannot declare class Opnsense\Routing\Gateways

« on: July 30, 2024, 05:17:08 pm »

Unable to boot my opnsense after an upgrade due to the error in the title.

Name already in use /use/local/opnsense/MVC/app/library/opnsense/routing/gateways.php line 38

Any ideas to get me back up and running would be appreciated, thanks

24.7

2

23.7 Legacy Series / Re: 27.3.6 update failed and has left pkgs in a mess (or I have :-/)

« on: November 02, 2023, 05:38:07 pm »

Resolved with an edit to the bootstrap script of 'fetch -4' and core downloaded and the script completed.

So I am back

3

23.7 Legacy Series / Resolved: 27.3.6 update failed and has left pkgs in a mess (or I have :-/)

« on: November 02, 2023, 04:39:57 pm »

Hi all

I am in a mess and wondered if I could get some sensible direction before I need to reinstall

I updated to 23.7.6 and the update failed, (loss of internet midway) leaving me with a broken pkg system.

I have force updated the pkg system and the cli seems happy with that, I tried an opnsense-boostrap, and it seems it is not able to download core as it's trying to access GitHub via ipv6

I can ping GitHub with ipv4, but it fails when it tries ipv6 (I can also wget -4 if I can manually download bootstrap files somehow?)

The GUI is giving me the following;

The release type "opnsense" is not available on this repository.

full gui info;

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 23.7.6 at Thu Nov  2 15:34:36 GMT 2023
Fetching changelog information, please wait... Missing /usr/local/etc/pkg/repos/OPNsense.conf
Repository not found: OPNsense
Updating FreeBSD repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
FreeBSD repository update completed. 34071 packages processed.
All repositories are up to date.
pkg: Unknown repository: OPNsense
Checking for upgrades (1 candidates): . done
Processing candidates (1 candidates): . done
Checking integrity... done (0 conflicting)
Your packages are up to date.
self: No packages available to install matching 'opnsense'
***DONE***

I have tried to touch the missing file and force update → sudo pkg update --force which succeeds but gives me the same GUI error above.

It feels like my ipv6 has borked somehow and a bootstrap might work if I can force only trying to update using ipv4; is that possible?

Thanks in advance

4

General Discussion / Re: Enabling ipv6 via the docs for Sky/nowtv - Resolved

« on: September 03, 2023, 02:51:26 pm »

Finally making some progress thank you

I can now ping external ipv6 addresses and the https://ipv6-test.com/ shows some connectivity for ipv6 .. Cool.

I have ICMP shown as filtered which is odd, so will do some reading about, and I cannot get the ipv6 wan gateway to monitor at all, just shows as down (back to forcing up for the moment).

9/10 and 15/20 on the test site scores

Thanks again

5

General Discussion / Re: Enabling ipv6 via the docs for Sky/nowtv

« on: September 03, 2023, 01:52:24 pm »

Thank you, I have been checking ipv6 blocking rules and have made some changes.

I now see ipv6 rule "Default deny / state violation rule" denying a lot of ipv6 requests in the log.

I have created a floating ICMP IPV6 rule for LAN and WAN and I can now ping the LAN interface IP.

I wondered if there are any ipv6 rules that automatically get configured but might not have been?

I ask as I presume I don't need any outgoing rules to enable external outbound access like I do with ipv4, as that is not the way ipv6 works.

I note from the general ipv6 manual I do not get anything when running the following command;

netstat -nr6 | grep default

... but the default route is configured in the network manager config and I can ping it from my desktop.

6

General Discussion / Re: Enabling ipv6 via the docs for Sky/nowtv

« on: September 02, 2023, 09:30:10 pm »

Thanks for responding

Actually watching some YouTube videos, I do not see an ipv6 IP address listed in the interface summary page for the WAN.

The interface summary for LAN does show an ipv6 /64 address listed yes.

The gateway also has an ipv6 address.

I read/heard somewhere that pings are disabled by default for ipv6 opnsense, but not sure if that is the case, or I am mixing up videos :-/

Trying to ping the LAN interface with -> ping -v -6 <address> just hangs and does nothing, like it is not getting a reply.

I will try disconnecting and reconnecting my nix desktop to see if I get an ipv6 address now.

Edit: Okay, so I can see 4 ipv6 listed under ipv6 address in network manager, with default route having ipv4 and ipv6 addresses listed, as well as a DNS6 entry. With looks more promising...

Edit2: Strangely within DHCPv6 / leases my desktop showed but as a red icon ie offline. I enabled and disabled ipv4 and 6 in the linux settings and the DHCPv6 lease now shows as online.

7

General Discussion / Enabling ipv6 via the docs for Sky/nowtv - Resolved

« on: September 02, 2023, 02:22:11 pm »

Firstly, thanks for the how-to re sky UK which is what I am following here -> https://docs.opnsense.org/manual/how-tos/SkyUK.html#wan-interface

I have the following config, and I am trying to get ipv6 working after a couple of years with a stable ipv4 setup

Qotom Opnsense -> VMG3925-B10B (Modem mode) -> Nowtv (Sky)

So ipv4 is working, and I have a connection to the internet via ipv4.

I have this time added the ipv6 elements of this how-to and also enabled the general ones in the ipv6 docs (like un blocking ipv6 for the firewall).

I get an IPv6 prefix /56 seen in the overview of the WAN interface, and the single gateway is created by opnsense, with a gateway address.

My issue is that I cannot get any traffic through that single gateway and enabling gateway monitoring shows it as down.

Any pointers as what sort of rookie error I may have made please?

Thanks in advance

8

22.1 Legacy Series / Re: Alias based firewall rules doesn't work after upgrade to 22.1.8

« on: May 26, 2022, 09:53:46 am »

This was broken for me too, and it broke a lot of stuff. There were a bunch of new aliases in the aliases view that started with an underscore that I'd never seen before. I wish I'd taken a screenshot, sorry. I reverted to 22.1.7_1 and rebooted and it's fine again. All the new aliases have disappeared.

The same situation for me… I have circa 100 aliases, and it was hard to tell which were broke and which were okay.

It appears a lot was broken though, no internet on the few vlans I tried, and editing and saving aliases didn't work for me, although I did only try a dozen of what I thought were the key ones....with no change.

I, too, had the additional ones with underscores too.

Got to say, my updates have been flawless for many months, but this certainly got me to document the recovery plan better

9

22.1 Legacy Series / Re: Alias based firewall rules doesn't work after upgrade to 22.1.8

« on: May 25, 2022, 10:21:11 pm »

Yes, that's correct.  You'll want to run this:

Code: [Select]

opnsense-revert -r 22.1.7_1 opnsense
Then reboot, everything should come back up as it was.  If you can't reboot after install, you can probably do the disable/enable on aliases to bring them up for the current session, and then the reverted opnsense package will handle loading them correctly on the next reboot.

Thanks for confirming I was about to 'engage' and you confirmed, so thanks.

Restored my config back after the downgrade to be sure.....seems back...

10

22.1 Legacy Series / Re: Alias based firewall rules doesn't work after upgrade to 22.1.8

« on: May 25, 2022, 09:34:07 pm »

After the upgrade my rules weren't working either. After reading this post I opened my aliases and edited and re-saved each alias and they all started working.

Just sharing that a revert to 22.1.7_1 is the only durable fix for this I've found.  I tried the disable/enable alias trick as well.  It works, but after a reboot the aliases return to not working correctly, and of course neither will the rules that depend on them.

Did you use opnsense-revert to get to 22.1.7_1? Struggling to find the process...thx

11

22.1 Legacy Series / Re: Alias based firewall rules doesn't work after upgrade to 22.1.8

« on: May 25, 2022, 09:06:08 pm »

Became slack with the previous faultless releases, but this one borked me for sure.....downloading 22.1.7 now....

12

General Discussion / Nowtv / sky Lease Requirements Send Options not working for me?

« on: March 14, 2021, 01:54:45 pm »

Firstly, thanks for the howto re sky uk which is what I am following here -> https://docs.opnsense.org/manual/how-tos/SkyUK.html#

I have the following config and am struggling to get an ip address from now tv. The dsl connection appears up and okay.

Qotom Opnsense -> VMG3925-B10B (Modem mode) -> Nowtv (Sky)

I have used wireshark on the original nowtv router and gained the real dhcp-client-identifier and dhcp-class-identifier and used that to enter the details in Lease Requirements’ Send Options field.

dhcp-client-identifier “12345678@nowtv|12345678”,dhcp-class-identifier “7.16a4N_UNI|PCBAFAST2504Nv1.0”

Sadly when I wireshark the resulting dhcp from opnsense to the modem it doesn't have the client or class identifier set.

If I change the hostname in the dhcp settings I do see that change through wireguard at the modem.

I wondered if the quoted text format for the lease requirements send options field is correct?

Any help would be much appreciated

Edit: I should add this results in no ip address being assigned to the nowtv wan interface :-/

13

Virtual private networks / Re: Wireguard & Mullvad - I'm lost.....

« on: September 22, 2020, 12:38:27 pm »

There is now an easier way:

Assign Interface and tick "Dynamic Gateway", Add Gateway and in IP field type as usual "dynamic".
The Gateway field in Wireguard can be empty.

Hmm, I started off with that very configuration without much luck. Rules were ignored until I added that gateway IP everywhere.

Hi @sleepnow75 I have found the same, that just clicking this option and leaving the IP field 'dynamic' doesn't work.

I am expecting the dynamic field to be populated with an IP, like the WAN interface does, but it never happens for me, even though the VPN is up.

Setting the IP for the gateway and vpn config I found I have outbound traffic, but no inbound.

Do you have a pass rule in your firewall for this inbound traffic?

I have set an inbound rule for the vlan I want to go through the vpn, but it doesn't work.

14

Virtual private networks / Re: Wireguard & Mullvad - I'm lost.....

« on: September 20, 2020, 08:37:27 pm »

Please come to IRC tomorrow and Ping me there

Will do, thanks for your time 

15

Virtual private networks / Re: Wireguard & Mullvad - I'm lost.....

« on: September 20, 2020, 05:12:00 pm »

Packet Capture on the Azire Interface?

Not something I have done or am able to do quickly.

Edit: So I found the option in Opnsense, not seen it before.... any specific options needed apart from selecting azire interface?

So I captured for a couple of minutes and wireshark says 'no packet' when I open the cap file...