"
Thanks franco!
Works again as intended :)
Works again as intended :)
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
23.7 Legacy Series / [23.7.8] wireguard ip assignment
November 13, 2023, 09:09:09 AM
Hello everyone,
I updated to 23.7.8 and wireguard is showing a strange behavior. It has an assigned ipv4 and ipv6 address. The webgui shows both, in the shell only ipv4.
I also cannot add a gateway (ipv6) and therefore no routing, because opnsense is complaining not having a ipv6 address assigned to the interface (wg1).
Deleting the ip and reassigning did not help at all.
I updated to 23.7.8 and wireguard is showing a strange behavior. It has an assigned ipv4 and ipv6 address. The webgui shows both, in the shell only ipv4.
I also cannot add a gateway (ipv6) and therefore no routing, because opnsense is complaining not having a ipv6 address assigned to the interface (wg1).
Deleting the ip and reassigning did not help at all.
#3
22.7 Legacy Series / Firewall ignores DHCPv6 address
November 13, 2022, 12:37:24 AM
Hello everyone,
OPNsense setup as VM with a single LAN interface (VM for testing purposes). IPv4 static ip, DHCPv6 address (global, non link-local) assigned from local DHCPv6 server.
Following behavior is observed:
Ping Remote Host -> OPNsense with link-local address -> successful
Ping Remote Host -> OPNsense with DHCPv6 address -> host not reachable
Ping Remote Host -> OPNsense with DHCPv6 address (firewall allow any/any) -> host not reachable
Ping Remote Host -> OPNsense with DHCPv6 address (firewall disabled via settings) -> successful
Ping Remote Host -> OPNsense with static global v6 address -> successful
(Remote Host is either a local Win10 or Linux machine)
It seems to me the firewall does not recognise the assigned DHCPv6 address and the packet is drop somewhere(?). I could not find the dropped packet in the firewall live view. Packet sniffing on LAN shows the received ICMP packet. Firewall diagnostics/aliases show for LANnet the static ipv4 and dhcpv6 address.
Any suggestions on this topic?
Thanks for the help.
OPNsense setup as VM with a single LAN interface (VM for testing purposes). IPv4 static ip, DHCPv6 address (global, non link-local) assigned from local DHCPv6 server.
Following behavior is observed:
Ping Remote Host -> OPNsense with link-local address -> successful
Ping Remote Host -> OPNsense with DHCPv6 address -> host not reachable
Ping Remote Host -> OPNsense with DHCPv6 address (firewall allow any/any) -> host not reachable
Ping Remote Host -> OPNsense with DHCPv6 address (firewall disabled via settings) -> successful
Ping Remote Host -> OPNsense with static global v6 address -> successful
(Remote Host is either a local Win10 or Linux machine)
It seems to me the firewall does not recognise the assigned DHCPv6 address and the packet is drop somewhere(?). I could not find the dropped packet in the firewall live view. Packet sniffing on LAN shows the received ICMP packet. Firewall diagnostics/aliases show for LANnet the static ipv4 and dhcpv6 address.
Any suggestions on this topic?
Thanks for the help.
#4
20.1 Legacy Series / php7.2 array error - system_authservers.php
April 01, 2020, 02:07:51 PM
Hi everyone,
for test purposes on a vm, I set up auth server (voucher) & captive portal and deleted it afterwards. Since then, the following php error occurs. Has anyone an idea how to fix it? Thanks for your help.
system information:
php error:
dmesg.boot
health audit:
for test purposes on a vm, I set up auth server (voucher) & captive portal and deleted it afterwards. Since then, the following php error occurs. Has anyone an idea how to fix it? Thanks for your help.
system information:
Code Select
User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0
FreeBSD 11.2-RELEASE-p17-HBSD b0b3393e380(stable/20.1) amd64
OPNsense 20.1.3 17a08bc1b
Time Wed, 01 Apr 2020 14:02:56 +0200
OpenSSL 1.1.1d 10 Sep 2019
PHP 7.2.28php error:
Code Select
[01-Apr-2020 02:37:46 Europe/Berlin] PHP Warning: in_array() expects parameter 2 to be array, null given in /usr/local/www/system_authservers.php on line 756dmesg.boot
Code Select
Copyright (c) 2013-2018 The HardenedBSD Project.
Copyright (c) 1992-2018 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 11.2-RELEASE-p17-HBSD b0b3393e380(stable/20.1) amd64
FreeBSD clang version 6.0.0 (tags/RELEASE_600/final 326565) (based on LLVM 6.0.0)
VT(vga): text 80x25
HardenedBSD: initialize and check features (__HardenedBSD_version 1100056 __FreeBSD_version 1102000).
CPU: Common KVM processor (3210.80-MHz K8-class CPU)
Origin="AuthenticAMD" Id=0xf61 Family=0xf Model=0x6 Stepping=1
Features=0x1783fbff
Features2=0x80202001
AMD Features=0x20100800
AMD Features2=0x3
Hypervisor: Origin = "KVMKVMKVM"
real memory = 3221225472 (3072 MB)
avail memory = 3074670592 (2932 MB)
Event timer "LAPIC" quality 100
ACPI APIC Table:
FreeBSD/SMP: Multiprocessor System Detected: 6 CPUs
FreeBSD/SMP: 1 package(s) x 6 core(s)
ioapic0 irqs 0-23 on motherboard
SMP: AP CPU #2 Launched!
SMP: AP CPU #1 Launched!
SMP: AP CPU #3 Launched!
SMP: AP CPU #5 Launched!
SMP: AP CPU #4 Launched!
wlan: mac acl policy registered
random: entropy device external interface
000.000016 [4213] netmap_init netmap: loaded module
module_register_init: MOD_LOAD (vesa, 0xffffffff8114aef0, 0) error 19
kbd1 at kbdmux0
nexus0
vtvga0: on motherboard
cryptosoft0: on motherboard
acpi0: on motherboard
acpi0: Power Button (fixed)
cpu0: on acpi0
cpu1: on acpi0
cpu2: on acpi0
cpu3: on acpi0
cpu4: on acpi0
cpu5: on acpi0
atrtc0: port 0x70-0x71,0x72-0x77 irq 8 on acpi0
atrtc0: registered as a time-of-day clock, resolution 1.000000s
Event timer "RTC" frequency 32768 Hz quality 0
hpet0: iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 100000000 Hz quality 950
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x608-0x60b on acpi0
pcib0: port 0xcf8-0xcff on acpi0
pci0: on pcib0
isab0: at device 1.0 on pci0
isa0: on isab0
atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xe0a0-0xe0af at device 1.1 on pci0
ata0: at channel 0 on atapci0
ata1: at channel 1 on atapci0
uhci0: port 0xe040-0xe05f irq 11 at device 1.2 on pci0
usbus0 on uhci0
usbus0: 12Mbps Full Speed USB v1.0
pci0: at device 1.3 (no driver attached)
vgapci0: mem 0xfd000000-0xfdffffff,0xfea50000-0xfea50fff at device 2.0 on pci0
vgapci0: Boot video device
virtio_pci0: port 0xe060-0xe07f mem 0xfe400000-0xfe403fff irq 11 at device 3.0 on pci0
vtballoon0: on virtio_pci0
virtio_pci1: port 0xe000-0xe03f mem 0xfea51000-0xfea51fff,0xfe404000-0xfe407fff irq 10 at device 5.0 on pci0
vtscsi0: on virtio_pci1
virtio_pci2: port 0xe080-0xe09f mem 0xfea52000-0xfea52fff,0xfe408000-0xfe40bfff irq 10 at device 18.0 on pci0
vtnet0: on virtio_pci2
vtnet0: Ethernet address: 8a:94:c1:21:0d:af
vtnet0: netmap queues/slots: TX 1/256, RX 1/128
000.001096 [ 503] vtnet_netmap_attach vtnet attached txq=1, txd=256 rxq=1, rxd=128
pcib1: mem 0xfea53000-0xfea530ff irq 10 at device 30.0 on pci0
pci1: on pcib1
pcib2: mem 0xfea54000-0xfea540ff irq 11 at device 31.0 on pci0
pci2: on pcib2
acpi_syscontainer0: on acpi0
acpi_syscontainer1: port 0xaf00-0xaf0b on acpi0
acpi_syscontainer2: port 0xafe0-0xafe3 on acpi0
acpi_syscontainer3: port 0xae00-0xae13 on acpi0
atkbdc0: port 0x60,0x64 irq 1 on acpi0
atkbd0: irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
psm0: irq 12 on atkbdc0
psm0: [GIANT-LOCKED]
psm0: model IntelliMouse Explorer, device ID 4
fdc0: port 0x3f2-0x3f5,0x3f7 irq 6 drq 2 on acpi0
fdc0: does not respond
device_attach: fdc0 attach returned 6
orm0: at iomem 0xc0000-0xc97ff,0xea800-0xeffff on isa0
vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
attimer0: at port 0x40 on isa0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
fdc0: No FDOUT register!
ppc0: cannot reserve I/O port range
Timecounters tick every 10.000 msec
ugen0.1: at usbus0
uhub0: on usbus0
cd0 at ata1 bus 0 scbus1 target 0 lun 0
cd0: Removable CD-ROM SCSI device
da0 at vtscsi0 bus 0 scbus2 target 0 lun 0
da0: Fixed Direct Access SPC-3 SCSI device
cd0: Serial Number QM00003
da0: 300.000MB/s transfers
da0: Command Queueing enabled
cd0: 16.700MB/s transfersda0: 32768MB (67108864 512 byte sectors)
(WDMA2, ATAPI 12bytes, PIO 65534bytes)
cd0: Attempt to query device size failed: NOT READY, Medium not present
Trying to mount root from ufs:/dev/gpt/rootfs [rw,noatime]...
uhub0: 2 ports with 2 removable, self powered
ugen0.2: at usbus0
random: unblocking device.health audit:
Code Select
***GOT REQUEST TO AUDIT HEALTH***
>>> Check installed kernel version
Version 20.1.2 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 20.1.2 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for and install missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Checking core packages: ..................................................................... done
***DONE***
#5
19.1 Legacy Series / Re: Running in "boot loop" with KVM/Proxmox
October 08, 2019, 06:30:42 PMQuote from: KiX on July 06, 2019, 07:05:24 PM
Hi guys,
I've figured out, that it's an issue from the BSD/HardenedBSD kernel, an erratum/bug from the AMD 10h CPU :Code Selectpve01 kernel: [ 284.573818] SVM: KVM: Guest triggered AMD Erratum 383
Has anyone some experience with an secure workaround for this? Or have I really switch CPU/Server to get an VM running for OPNsense :(
Had same issue running into boot-loop with AMD Phenom II X6 1090T cpu. Found a workaround in the following post:
https://forum.opnsense.org/index.php?topic=11419.msg52375#msg52375
Pages1
