Messages

Now that you wrote it I can suddenly see them myself, very embarrassing, so big thank you!
Teaching moment to NOT just copy&paste everything from the internet, just because one is lazy! ;-)

I ran into the problem of configuring a different dns server then my opnsense on an interface in either the Router Advertisement or the DHCPv6 settings. So its either that I am to dumb (which I hope) or found a bug. Hopefully you can help me decide which it is ;-)

In the settings I tried the following format of an ipv6 adress:

2606: 4700: 4700 :: 1111
2606: 4700: 4700 :: 1111/128
2606: 4700: 4700 :0000:0000:0000:0000: 1111
2606: 4700: 4700 :0000:0000:0000:0000: 1111/128
[2606: 4700: 4700 :: 1111] (yes I got desperate...)
[2606: 4700: 4700 :0000:0000:0000:0000: 1111]

But everytime I get the following error, so can not save it.

A valid IPv6 address must be specified for the primary/secondary DNS servers.

Version is OPNsense 24.7.3_1-amd64

So what am I doing wrong or is this really just a bug in checking the syntax?

I was trying to configure my sshd according to recommendations from the ssh-audit tool. Everything worked so far until I came to the dropdown about selcting host algorithms. It seems that not avaiable algorithms made it into the multi select, as having everything checked is not the same as "System defaults".

With system defaults you get the following from ssh-audit seen in the first screenshot.

Selecting everything in the host algo dropdown seen in picture two give you the result seen in picture three. Which kinda makes sense, because I was not able to select the now missing rsa-sha-256 and rsa-sha-512 from the dropdown.

So it would be nice, if you could add these two in one of the next patches/releases.

This was done with  23.1.5_4-amd64.

Thank you.

Ist hoffentlich eine einmalige Sache. Eventuell hat sich meine NIC nach dem update anders gemeldet. Meine "super tolle" (read: schwachsinns) Idee dann auch noch mein Kabel in der FW umzustecken auf eine andere NIC hat es sicherlich noch verschlimmert.
Denn ich hatte schon bei der Ersteinrichtung gelesen, dass DG wohl recht irritierend auf MAC Wechsel reagiert. Das ist mir natuerlich erst wieder eingefallen, NACHDEM ich umgesteckt hatte.

Aber ja, wie der Vorredner es auch schon formuliert hatte, ich hatte die Probleme nie mit dem (V)DSL Anschluß der Telekom. Da kam immer sofort ne IP am Anschluß.

Bei DG sehe ich auch beim Bootvorgang der sense immer das der Vorgang beim UP der WAN NIC einen Moment hängt. Der DHCP Server von DG ist einfach super schräg eingestellt (meiner Meinung nach).


Die 1.5h ist eventuell auch übertrieben von mir. Ich war in einer Videokonferenz und nicht permanent vor der Kiste.

Ging halt nicht direkt nach dem reboot, da wurde ich bisserl nervös  :P

hat sich gerade erledigt.
Jetzt nach fast 1:30h uptime ist auf einmal wieder alles da,  mittendrinn, ohne das ich was geändert habe. Also sozusagen "Selbstheilung".  ;)

Ich war wohl nur zu ungeduldig, hattest Du @tiermutter ja auch schon richtig erkannt.  ;D

Moin,

ich habe einen Anschluß der Deutschen Glasfaser. Der Anschluß lief bisher problemlos. v6 hatte ich hiernach eingerichtet:

https://forum.opnsense.org/index.php?topic=21225.0

Jetzt nach der Installation von 22.1 ist auf dem WAN Interface kein v6 mehr außer der local link. Die v4 ist noch da.
Entsprechend motzt dann natürlich mein DHCPDv6 weil er keine prefixes intern verteilen kann, aber das ist ja ein nachvollziehbarer Folgefehler.

Kann ich den dhcd client im debug modus laufen lassen? Mich würde interessieren, obs jetzt an meiner 22.1 Installation liegt das ich keine v6 inkl. prefix bekomme, oder obs an der DG hängt. Nicht das ich mir hier nen Kopf mache und deren DHCP Server gerade Blödsinn macht. :-)

Im system.log findet sich dazu nichts.

thank you.

I have a network setup with an "allow all out" rule which you can see in the screenshot in the first line. Still I get that second line claiming hitting the "default deny rule". That is the part I do not understand. Why is iptables ever getting to that point when I have an "allow all" in my rules?

https://docs.opnsense.org/manual/dynamic_dns.html says under "provider specific info" that one should leave the username blank for he.net and only put the generated key into the password field.

If you try that with current 21.7.7 you will notice that the form will not allow you to save as it insists on the username.

I got it working with the custom option, just wanted to let you know about the inconsistency between the form itself and the documentation. Should be fixed for both he.net and he.net (v6) as both work the same way.

I wanted to thank you guys for getting this into the 21.7.x release lately. After doing the works with the mentioned tunables, I know finally get my full internet I currently should have (1000/500). Before these changes the download side throttled around 500, so I ended up with a 500/500 line.

so THANK YOU!

Hello

whenever I want to reboot my opnsense, the most time a reboot takes is the part where the shutdown sequence is at "Backup Script Netflow". It is not just a few seconds more, its minutes, compared to all the rest.

So I was wondering if there is a way I can shorten that even if it means disabling backup/restore for netflow alltogether?

nm, figured it out myself. Used Felix wget on another computer and cat together the two (without a 3rd own) and imported that under Authorities as new trusted authrorities.

After that a pkg update worked again, so thanks for the pointers @Felix!

how would I fix my opnsense installation if pkg update already stopped working because if the issue? I do not seem to have the LE plugin installed (if its not in the base system I do not have it installed myself), so from what I get from this thread I can't just delete the old cert and let the plugin catch the new one, right?

Felix posted someting in his last post which seems to get me the correct cert chain, put where do I have to put this in order to get a pkg update running again?

The fix seems to lie in this thread, but I am still trying to figure out what to do exactly from there. But people got it working again over there.
https://forum.opnsense.org/index.php?topic=24950.0

I was about to answer that as well. Getting a update which would be able to fix that will be hard if a pkg update fails (which it does).