Messages

Is this the same ISP? https://forum.opnsense.org/index.php?topic=7267.0

Yes it's the same. I did try unchecking everything as stated in that thread and followed every step but still no ipv6 on the test.

Hello all,

I'm trying to configure my opnsense router for Digi with IPV6

Strangely enough it works on my desktop PC, but even when using a different PC with the same cable it doesn't work.

Also on https://test-ipv6.com/ i don't have an ipv6


This are my settings:

Interfaces: [LAN]

IPv4 Configuration Type: Static IPV4

IPv6 Configuration Type: Track interface

IPv4 address: 192.168.1.1

IPv4 Upstream Gateway: Auto-Detect

IPv6 Interface: WAN

IPv6 Prefix ID: 0


Interfaces: [WAN]

IPv4 Configuration Type PPPoE

IPv6 Configuration Type: DHPCv6

Configuration Mode: Basic

Request only an IPv6 prefix : X

Prefix delegation size: 64

Send IPv6 prefix hint: X

Use IPv4 connectivity: X

Hi, i'm trying to do a SFTP certificate transmission on my Sinology but every time i get this:

Code Select Expand

Host does not permit a connection for the specified user & identity.

{ "actions": [ "connecting" ], "success": false, "permission_denied": true, "error": "MyUsername@192.168.0.7: Permission denied (publickey,password).", "connect_failed": true }

If i try to access instad with ssh from my router with

Code Select Expand

ssh -v MyUsername@192.168.0.7 everything it's working fine.

My configuration are:

Code Select Expand

SFTP Host : 192.168.0.7

Username : MyUsername

Identity Type : RSA

Remote Path : /

Thanks for your help and time.

Edit: apparently the problem resides in the rsa key i've used. The actual rsa key is located at /var/etc/acme-client/sftp-config/id.rsa.pub

I thought you were not seeing packets on port 853 on WAN??

Sorry i did check udp on 853 at first that's why i didn't see anything. Because the normal query where on udp on port 53

Apparently https://cloudflare-dns.com/help/ isn't accurate. I've tried spoofing on port udp 53 and tcp 853 and indeed it works.
Strangely any online test like this or tenta tells me it isn't covered by TLS, can't understand why.

can you disable custom settings, enable dot via view and post content of /var/unbound/unbound.conf

I've removed the custom settings, saved, added the 1.1.1.1@853 and 1.0.0.1@853 to the DNS over TLS form in miscellaneous, saved and restarted unbound

Here is the unbound.conf
https://pastebin.com/Gqt8vitF

I've tried the new DNS over TLS function present in Miscelaneous but with 1.1.1.1@853 and 1.0.0.1@853 it doesn't work, there is no request on the 853 port and everything in port 53 is clear.

Then i've tried to use this custom config that should work but still same thing, no DNS over TLS and nothing on 853

Code Select Expand

server:
  minimal-responses: yes
  qname-minimisation: yes
  rrset-roundrobin: yes
  use-caps-for-id: yes
  tls-cert-bundle: /etc/ssl/cert.pem

forward-zone:
  name: "."
  forward-addr: 1.1.1.1@853
  forward-addr: 1.0.0.1@853
  forward-ssl-upstream: yes

Here there are my settings https://postimg.cc/gallery/fM2mBRh i've also disabled the rewrite of DNS in general config.

The view will be rewritten to use a grid layout, so currently the hash sign is forbidden.

Yes but shouldn't the custom setting works?

I think if you trust google in general you can also trust DNS connection to 8.8.8.8 without the certificate verification?

Just to test if the dns over lts works, i've always used cloudflare.

Btw here are my current non working settings
https://postimg.cc/gallery/fM2mBRh

9.9.9.9@853#dns.quad9.net is currently not supported yet, only without verification

Not even cloudflare or googledns?

I've tried also this configuration i've found in this forum but it doesen't works either

Code Select Expand

server:
  minimal-responses: yes
  qname-minimisation: yes
  rrset-roundrobin: yes
  use-caps-for-id: yes
  tls-cert-bundle: /etc/ssl/cert.pem

forward-zone:
  name: "."
  forward-addr: 1.1.1.1@853
  forward-addr: 1.0.0.1@853
  forward-ssl-upstream: yes

Which is the correct syntax: 9.9.9.9@853#dns.quad9.net or 9.9.9.9@853 ?

The second one, if you try to add any dns with #domain.something it gives validation error

I remember reading in another post that 'Enable Forwarding Mode' can be unchecked

I did uncheck it, like i've showed in the pictures. I've tried restarting unbound and also i've tried reinstalling unbound.

Here is my settings https://imgur.com/a/koO1LWY

Can't find any option regardin DoT, i've also added to the DNS over TLS field 1.0.0.1@853  (under miscellaneous tab) but on https://cloudflare-dns.com/help/ i keep on getting no to the DNS over TLS check.
Please could you tell us how to do it? Thanks.

You need a function like that one to register it:

https://github.com/opnsense/plugins/blob/master/www/nginx/src/etc/inc/plugins.inc.d/nginx.inc#L38

Thanks a lot, i've succeded but i can't figure a way of adding the check for $config[node-red][enabled]
i've checked other rc.d files but couldn't find a way of implementing or understanding how it works.
I'm using this rc.d script to handle node-red.
https://gist.github.com/apearson/56a2cd137099dbeaf6683ef99aa43ce0

Could you please tell me how to do it?

EDIT: it appears to be related to "pluginctl -s", but there isn't any nodered service in the list.

Hi, i wanted to know how i can add a service to the diagnostic service list in the frontend.
I've created the rc.d script and the action config file but it won't appear.




action_node-red.conf

Code Select Expand

[start]
command:/usr/local/etc/rc.d/node-red start
parameters:
type:script
message:starting node-red
[restart]
command:/usr/local/etc/rc.d/node-red restart
parameters:
type:script
message:restarting node-red
[stop]
command:/usr/local/etc/rc.d/node-red stop
parameters:
type:script
message:stopping node-red

Thanks for the response.
There is any mqtt broker alternative that i can use?

EDIT: i've found a mqtt broker for node.js called aedes