1
24.7 Production Series / Re: Using Caddy for local subdomains
« on: September 26, 2024, 08:24:04 am »
You just need to turn off 'proxying' in Cloudflare.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
24.7 Production Series / Re: Using Caddy for local subdomains
« on: September 20, 2024, 08:23:05 am »
For this to work you need to point your ha / pikvm DNS records to the IP address of the Caddy proxy. This can either be your internal FW ip or if you have turned on hairpinning you can use your external IP address.
I'm using it in the exact same fashion as what you are trying to achieve.
I'm using a DDNS record for my router at Bunny and CNAME all the internal domains I want accessible to that DDNS record. This way I can use hairpinning to the services on my DMZ to which I proxy.
I'm using it in the exact same fashion as what you are trying to achieve.
I'm using a DDNS record for my router at Bunny and CNAME all the internal domains I want accessible to that DDNS record. This way I can use hairpinning to the services on my DMZ to which I proxy.
3
24.7 Production Series / Re: dhcp6c fails to pick up new address from ISP
« on: September 09, 2024, 09:48:10 am »
Have a look at this topic :
https://forum.opnsense.org/index.php?topic=42632.0
See if reverting your kernel to the non_sa version makes life better. I still got a ton of blocked icmp ipv6 issues with the 24.7.x kernel before this.
https://forum.opnsense.org/index.php?topic=42632.0
See if reverting your kernel to the non_sa version makes life better. I still got a ton of blocked icmp ipv6 issues with the 24.7.x kernel before this.
4
24.7 Production Series / Re: Log flooded with "pf: ICMP error message too short (ip6)"
« on: September 06, 2024, 08:48:09 pm »
Are these also known to -hog- a device like the DEC740? I really saw lag spikes / interrupt spikes when it was turned on.
5
24.7 Production Series / Re: [Solved] Log flooded with "pf: ICMP error message too short (ip6)"
« on: September 06, 2024, 03:35:35 pm »You can easily check if the SA is the culprit by trying the kernel with the SA completely removed viaCode: [Select]opnsense-update -zkr 24.7.3-no_sa
and reboot, see this.
With that kernel and the logging set to various errors, the issue is gone. I do get a lot of
Code: [Select]
<13>1 2024-09-06T15:34:20+02:00 opn.x100.be kernel - - [meta sequenceId="68"] pf: dropping packet with ip options
<13>1 2024-09-06T15:34:21+02:00 opn.x100.be kernel - - [meta sequenceId="69"] pf: dropping packet with ip options
6
24.7 Production Series / Re: Log flooded with "pf: ICMP error message too short (ip6)"
« on: September 06, 2024, 03:21:12 pm »
The underlying cause is indeed not solved -- but changing the logging level stopped it from creating the entries in my log files. Removed the [solved] tag for now.
Turning the logging lower also stopped my latency spikes.
Turning the logging lower also stopped my latency spikes.
7
24.7 Production Series / Re: [Solved] Log flooded with "pf: ICMP error message too short (ip6)"
« on: September 03, 2024, 06:48:11 pm »
Firewall > Settings > Advanced : Debug - Generate debug messages for various errors
This was the culprit. Still means there is something wrong in the ND/PF story. Might this be worth looking at, @Franco?
This was the culprit. Still means there is something wrong in the ND/PF story. Might this be worth looking at, @Franco?
8
24.7 Production Series / Re: Log flooded with "pf: ICMP error message too short (ip6)"
« on: September 03, 2024, 06:16:16 pm »
I've done a tcpdump on the internal interface (LAN) and it's a 100% match with the ND process NS/NA on that interface.
9
24.7 Production Series / [solved] Log flooded with "pf: ICMP error message too short (ip6)"
« on: September 03, 2024, 04:36:12 pm »
At this moment, my logs are flooded with the "pf: ICMP error message too short (ip6)" message.
Grepping & counting the latest.log gives me 53k entries and it spams at a rate of 10/s.
Does anyone know/understand where this comes from and what I need to do to stop it?
Going back a few days gives me numbers of up to 350k/day.
Grepping & counting the latest.log gives me 53k entries and it spams at a rate of 10/s.
Does anyone know/understand where this comes from and what I need to do to stop it?
Going back a few days gives me numbers of up to 350k/day.
10
24.7 Production Series / Re: N100 Box - update from 24.7.1 to 24.7.2 results in much higher power draw
« on: August 26, 2024, 04:35:11 pm »
I saw a lot more power being consumed with the IPv6 issues & the health reporting hogging the CPU.
Fixed with the -nd kernel.
Fixed with the -nd kernel.
11
24.7 Production Series / Re: Intermittent IPv6 drops
« on: August 23, 2024, 07:51:18 pm »
There is an issue being tracked : https://github.com/opnsense/src/issues/218
Useful to follow that one.
Useful to follow that one.
12
24.7 Production Series / Re: clients loosing ipv6 internet now and then
« on: August 21, 2024, 06:19:16 pm »
I tried to roll back the kernel and unbound wasn't planning to start anymore. Back @ 24.7.2 with IPv6 turned off. Hope you can find the reason, @franco.
13
24.7 Production Series / Re: clients loosing ipv6 internet now and then
« on: August 21, 2024, 11:03:57 am »
Yes -- I went to the 24.7 kernel and that caused the drops to disappear but sometimes high spikes in CPU / interrupts which caused issues on IPv4 instead. But I did it with opnsense-revert & the update to the old kernel so might have caused some inconsistencies there.
14
24.7 Production Series / Re: clients loosing ipv6 internet now and then
« on: August 21, 2024, 10:57:55 am »
But it's not happening on 24.7 and before. I do see very high pings towards Google -- so that's a routing issue. These pings are to the modem/ipv6 bridge itself.
15
24.7 Production Series / Re: clients loosing ipv6 internet now and then
« on: August 21, 2024, 07:47:15 am »
Thanks, much appreciated.