Messages

Yeah, the thumbdrive was dying. Got the SSD installed, re-installed OPNsence and restored the config and I'm back up and running. With some luck I've solved my main source of unplanned downtime.

Thanks. I'll look into that. It's not encouraging that when I tried to ssh in I got "/bin/tcsh: Input/output error" and the connection closed after the system banner/motd was printed. Logging in as root works fine, though, but I get i/o error when I try to open a shell.

I have an SSD sitting on my desk that I bought because I haven't been having good luck with USB thumbdrives. I just hadn't made time to install it...

This log is from the second time I tried to complete the upgrade, but the error is the same as the first time.

Installed packages to be UPGRADED:
   fontconfig: 2.14.2,1 -> 2.15.0_1,1
   opnsense: 23.7.11 -> 23.7.12

Number of packages to be upgraded: 2
[1/2] Upgrading fontconfig from 2.14.2,1 to 2.15.0_1,1...
Child process pid=79344 terminated abnormally: Bus error
Starting web GUI...done.
Generating RRD graphs...done.
***DONE***


The first time through it succeeded in updating a number of packages before hitting the failure on fontconfig

Hardware is a Dell Wyse 5070 Extended
CPU type   Intel(R) Pentium(R) Silver J5005 CPU @ 1.50GHz (4 cores, 4 threads)

My fiber connection becomes unreliable during periods of sub-freezing weather. My telco hasn't been able to fix it thus far.

My client devices (primarily Macs and iPhones) have ways of, individually, automatically failing over to alternative connectivity options, but they won't do it because as far as they are concerned, my Opnsense box is still the best way to get to the Internet at large.

It seems to me that if there were a way to instead provide clients with the route to 0.0.0.0 via automatic route advertisements instead of DHCP, the clients could automatically fail over when the connection goes down and recover when the connection comes back up.

It seems like this is already in place for IPv6. Is there some way to set it up for IPv4? Is there a plugin I need to install and configure?

Any guidance would be appreciated. Thanks!

Update: I found FRR, which seems like it would do what I want to do on the OpnSense end. Unfortunately I can't find any evidence that MacOS natively supports gateway discovery by any means other than DHCP.

I just got a Dell Wyse 5070 Extended with a Intel Pentium Silver J5005 off ebay for this purpose. I'm using it with a 4-port i350 card. It can get very close to line rate with a basic ruleset. There is a fair bit of variance in my testing, almost certainly due to the ISP.

One data point:

I have an HP T620 Plus with a 4-port Intel Ethernet card.

The CPU is an AMD GA-420CA, which is a lowish power (20W) 4-core 2GHz CPU. This CPU has a single-threaded passmark score of 667.

I get ~720down 750up over my CenturyLink Fiber (Gigabit Fiber with PPPoE) using OPNsense 22.1.2_1-amd64.
net.isr.dispatch = deferred
net.isr.maxthreads = 4

If I add - net.isr.bindthreads = 1, download drops and upload improves (610d/850u), it doesn't seem to make a difference whether I set maxthreads to -1 or 4.

One CPU core is saturated during the tests.

I figure I need at least 50% better single core performance to max out my connection. The Pentium J5005 mentioned above is in that ballpark, as is the Celeron J4105. I'd feel better with something that has at least 2x the single threaded performance.

I'm not sure if this is the same problem I have, but my work around was switching to a fresh install of the current version of PFSense.

Switching to a fresh install PFsense solved my problem, though I'd prefer OpnSense's much more coherent web UI (and available wireguard package)

[The problem:]

I've recently switched to OPNsense from OpenWRT as part of a switch from Comcast to CenturyLink.

I'm having trouble getting IPv6 (via 6rd) working on OPNsense 19.7_5 and I could use some help.

The problem:

• I can't reach (HTTP, ping, traceroute) any IPv6 hosts beyond the OPNsense firewall/gateway from either clients, or the OPNsense box itself.
• I can resolve IPv6 addresses for sites like Google.
• Pings from client and OPNsense die with "no route to host"
• Traceroutes from clients report one hop, the opnsense box, before complaining there is no route to host on the next hop.
• Traceroutes from the opnsense box complain "no route to host"

My configuration:

• I have a VLAN interface setup on the ethernet port connected to the CL ONT, which is a necessary part of bypassing the modem they provided.


• I have my WAN interface configured to use a PPPoE tunnel for IPv4 and a 6rd tunnel for IPv6.
• The PPPoE section is configured with the ISP login info.
• The 6rd section is configured with the 6rd tunnel config info from the ISP (details below).
• I've updated the automatically created Point-to-Point device to use the VLAN interface for the link interface.
• The LAN interface is configured with a static address for the IPv4 configuration type, and "Track Interface" for the IPv6 configuration type.
• The Track IPv6 section is set to use the WAN interface as the IPv6 Interface (WAN is the only available option). The IPv6 prefix ID is 0x0, which is what it defaulted to.
• I have also chosen to allow manual adjustment of DHCPv6and Router Advertisements because if I didn't LAN clients weren't aware of a gateway on the LAN, and traceroutes failed immediately, complaining of no route to host.
• Router advertisements are currently set to "Assisted"
• I'm using default/autogenerated firewall rules for both IPv4 and IPv6 (includes "default allow LAN IPv6 to any rule")
• Firewall:Settings:Advanced AllowIPv6 is checked
• System:Settings:General Prefer to use IPv4 even if IPv6 is available is unchecked
• I'm using autogenerated gateways (WAN_6rd, WAN_PPPOE). "Under System:Gateways:Single," a gateway address is listed for WAN_PPPOE but not for, WAN_6RD.

Further Details:

• IPv4 works as expected
• Clients obtain IPv6 addresses within the Centurylink Prefix

WAN 6rd Rapid Deployment Config settings
6RD prefix   2602::/24
6RD Border Relay   205.171.2.64
6RD IPv4 Prefix length   0 bits
6RD IPv4 Prefix address   Auto-detect

Interaces:Overview

[LAN interface (lan, igb0)   
Status   up
MAC address   a0:36:9f:XX:XX:XX - Intel Corporate
MTU   1500
IPv4 address   10.31.1.1 / 24
IPv6 Link Local   fe80::a236:9fff:fe0a:e870 / 64
IPv6 address   2602:ae:XXXX:XXXX::1 / 64
[...]

WAN interface (wan, pppoe0)
Status   up
PPPoE   
up    Reload  Disconnect
Uptime   00:35:57
MAC address   00:00:00:00:00:00 - XEROX CORPORATION
MTU   1492
IPv4 address   174.21.XXX.XXX / 32
Gateway IPv4   63.231.10.68
IPv6 Link Local   fe80::a236:9fff:fe0a:e870 / 64
DNS servers   205.171.3.25
205.171.2.25
[...]


That's all I can think of, now. I'll update if I think of anything else.

Suggestions on how I can get this working, or how to troubleshoot it further?

Thanks!