Messages

Hallo zusammen,

danke für Eure Antworten zu Euren Erfahrungen. Der Hinweis, dass 4 x 1 GB nicht unbedingt 4 GB bedeuten, meine bisherigen guten Erfahrungen mit der getrennten Nutzung und um nicht noch mehr Komplexität in das ganze Setup zu bekommen, haben mich dazu bewogen, die Karte wie bislang (4 einzelne Interfaces) zu verwenden. Die gebe ich an die OPNSense und die anderen VMs als Bridge vom Proxmox weiter.

Funktioniert prima und ich habe sogar den Eindruck etwas stabiler als unter XEN. Unter Xen hat oft das durchgereichte Interface für WAN nach einem Reboot der OPNSense nicht richtig funktioniert.

Viele Grüße
Torsten

Hi,

danke für Deine Rückmeldung. Würde dafür sprechen, die Karte wie gehabt mit einzelnen Interfaces zu betreiben.

Mal sehen, ob es noch weitere Antworten gibt.

VG
Torsten

Hallo zusammen,

ich will meine Infrastruktur umbauen und meinen Ubuntu XEN Server, auf dem auch eine OPNsense VM läuft durch Proxmox ablösen.

Im Server steckt eine I350-T4, deren Interfaces ich aktuell individuell für verschiedene Netze mit VLANs nutze. Die individuelle Nutzung geht auf meine Versuche zurück, die SR-IOV Funktionalität mit XEN und den VMs zu verwenden. Das hat aber nie so richtig funktioniert.

Bei der Umstellung auf Proxmox stellt sich für mich jetzt die Frage, wieder jedes Interface einzeln zu nutzen oder die 4 Interfaces über bonding gemeinsam zum Einsatz zu bringen. SR-IOV scheint ja immer noch problematisch zu sein.

Ergänzend noch die Bemerkung, dass der Server 2 weitere Netzwerk-Interfaces hat, von denen eines mein Management-LAN ist und das andere für WAN an die OPNsense durchgereicht wird.

Gibt es Empfehlungen, Vor- / Nachteile für die beiden Szenarien?

Viele Grüße
Torsten

Upgraded my OPNsense to 24.7.5 and lost connection to my webserver in the DMZ. Opening the websites from inside my LAN or from WAN timed out.

If I try a ping via CLI from my OPNsense I get
ping sendto no buffer space available

Traceroute from the OPNsense GUI to the webserver also timed out (ping and IMCP).

From the webserver (ubuntu) itself, there seems to be no internet connection. Can't ping google or update ubuntu.

Reverted to 24.7.4_1 and everything works like a charm.

Anybody else has similar experiences after the update?

Thx Franco for the clarification and your relentless commitment

So it is not a special kernel which should be generally used with opnsense in a Xen hypervisor scenario?

# opnsense-update -zkr 24.7-xen3

I'll leave it there for a while longer then.

What are the differences and benefits of that "xen Kernel"?

Your proxmox version is not the newest one:
https://www.proxmox.com/de/downloads/proxmox-virtual-environment

U have to upgrade as described on proxmox.

If that doesn't help, I'm sure there is a missconfiguration of your bridge(s) in proxmox. Have a look here:
https://homenetworkguy.com/how-to/virtualize-opnsense-on-proxmox-as-your-primary-router/

Perhaps there are scripts that also restart other components depending on the radvd restart?

@OzziGoblin

Have you noticed that you can add more widgets to the dashboard, e.g. interface statistic? The view also depends how large you make the widgets.

Will there be widgets for speedtest and NTP be added?
They have been there in the old version of the dashboard.

Good morning,

I did a reboot meanwhile, the gateway settings are retained. gateway is shown online and the monitoring works. I'm still not sure, if this workaround with the VIP Ipv6 address in the gateway config is ok or not.

Also no idea why the automatic assigned IPv6 is detached, which maybe the reason that the gateway is offline / monitoring doesn't work.

If I can provide any logs let me know.

I use unmanaged RA on all my VLANs for different devices (Linux, Android, MS Windows) and advertise the default gateway too. Works for me before and after the upgrade without problems.

Hi Franco, hi Patrick,

sorry for the confusing statement. ifconfig shows the automatically assigned and the VIP address in the CLI as described. The automatically assigned one is shown as detached.

What was meant was that after logging on to the CLI, only the IPv4 is displayed in the overview of interfaces for the WAN interface and no IPv6.

Incidentally, the gatway and the monitoring have been running stably since yesterday evening. However, I have not yet rebooted to see if this changes the configuration of the WAN_DHCP6 gateway.

Hi Franco,

I did further tests after applying the patch and a reboot. There is nothing better and nothing worth in my installation (Deutsche Telelkom business static IP). Everything with IPv6 is working only the gateway monitoring still didn't work.

Using DHCPv6 without selecting "Request Prefix only" results in
- WAN getting assigned an IPv6 address from my WAN net (/64) automatically, but still showed as detached in CLI
- WAN getting assigned the configured VIP IPv6 from my WAN net (/64) and shown in the GUI
- WAN_DHCP6 gateway is generated automatically with the automatically assigned gateway (fe80...) and it shows in the GUI offline (monitoring activated). Restarting dpinger, saving the gateway with changed selections etc. doesn't change anything
- LAN and other interfaces get there static IPv6
- IPv6 traffic works (pings to outside, my website is reachable via IPv6,...)

In CLI I can ping the IPv6 address used for gateway monitoring only via the VIP. Using the automatically assigned but detached IPv6 as source results in an error message

Code Select Expand

ping: bind: Can't assign requested address

This brought me to the idea to change the automatically assigned IP address for the gateway in the configuration to the VIP I configured for the WAN interface. And after saving the monitoring works as expected and the gateway is shown as online. 

One more hint, in CLI the WAN interface doesn't show any IPv6 address at all.

I dont't know if this kind of gateway configuration is completely bullshit, but maybe this information will help you to find out what is missing or maybe need some configuration changes.

If it is better to open a new post, let me know

Torsten