Messages

1

20.7 Legacy Series / Re: PPPoE LCP Terminate Requests - is it possible to increase logging debug level

« on: January 06, 2021, 05:47:59 pm »

Adding 'log +echo' to /var/etc/mpd_opt4.conf did not show anything.

Zen tech support asked me to jump through the usual hoops of reset, restart,
check cables, etc. and contact them again if the problem persists.

I am now running
tcpdump -v -i igb0 -n -s 0 -w test.cap  'ether[0x0c:2] == 0x8863 or (ether[0x0c:2] == 0x8864 and (ether[0x14:2] == 0xc021 or ether[0x14:2] == 0xc223 or ether[0x14:2] == 0x8021 or ether[0x14:2] == 0x8057))'
Will keep it running for a day or two, and will then check if there is anything in the cap file...

In the meantime, any additional suggestions would be most welcome.

2

20.7 Legacy Series / Re: PPPoE LCP Terminate Requests - is it possible to increase logging debug level

« on: January 05, 2021, 10:37:54 pm »

It looks like your ISP terminates the connection.

Yes, I agree - that's what I thought.

You can make a packet dump and look into in more detail.

Added to section pppoeclient: in /var/etc/mpd_opt4.conf:
  log +echo

Will check tomorrow if that shows any more info.

Doing a packet dump is not easy since the 'LCP Terminate Request' may not arrive for many hours...

3

20.7 Legacy Series / How to debug IPv6 issues after PPPoE reconnect

« on: January 05, 2021, 07:50:00 pm »

I have a native IPv6 connection running on top of my Zen (UK) PPPoE connection. IPv6 is set up using DHCPv6. Every time PPPoE reconnects, the IPv6 link also reconnects, but most of the time gets marked as link/gateway down by dpinger. When this happens, most of the time dpinger is still running, but occasionally it crashes completely. Re/starting dpinger fixes the issue, and it seems that the IPv6 link actually comes back up OK, only dpinger does not see it.

What is the best way of debugging this problem?

Thanks, John

P.S.
This may be the same problem as the one reported in the past:
https://forum.opnsense.org/index.php?topic=13375.0
https://forum.opnsense.org/index.php?topic=13660.0

--
OPNsense 20.7.3-amd64
FreeBSD 12.1-RELEASE-p10-HBSD
LibreSSL 3.1.4

4

20.7 Legacy Series / PPPoE LCP Terminate Requests - is it possible to increase logging debug level

« on: January 05, 2021, 07:21:49 pm »

I am connected to Zen (UK) via a Vigor modem (in bridge mode) and PPPoE, and getting regular (sort of) LCP terminate requests (see log below e.g. for today). There is no indication in the logs as to what is triggering
this.

Is there any way to increase the verbosity of PPPoE logging?

Thanks, John

OPNsense 20.7.3-amd64
FreeBSD 12.1-RELEASE-p10-HBSD
LibreSSL 3.1.4

# clog /var/log/ppps.log | grep 'Terminate Request'
Jan  5 00:30:57 gw ppp[86931]: [opt4_link0] LCP: rec'd Terminate Request #2 (Opened)
Jan  5 01:31:04 gw ppp[86931]: [opt4_link0] LCP: rec'd Terminate Request #2 (Opened)
Jan  5 02:31:16 gw ppp[86931]: [opt4_link0] LCP: rec'd Terminate Request #2 (Opened)
Jan  5 03:31:29 gw ppp[86931]: [opt4_link0] LCP: rec'd Terminate Request #2 (Opened)
Jan  5 04:31:34 gw ppp[86931]: [opt4_link0] LCP: rec'd Terminate Request #2 (Opened)
Jan  5 16:33:36 gw ppp[86931]: [opt4_link0] LCP: rec'd Terminate Request #2 (Opened)
Jan  5 17:33:50 gw ppp[86931]: [opt4_link0] LCP: rec'd Terminate Request #2 (Opened)

5

General Discussion / Status / basic stats page without logging in

« on: May 14, 2020, 03:09:54 pm »

Is it possible to view status / basic stats information without logging in? Perhaps by using a plug-in?

6

General Discussion / Firewall rules for incoming connections in an IPv6 multi WAN setup

« on: May 04, 2020, 10:57:43 pm »

I have an IPv6 multi WAN failover setup (see details at the bottom). Outgoing IPv6 connections work fine and the failover operates as expected.

However, hosts on the LAN net can only be pinged from the outside on the currently active interface. My understanding is that when a ping comes in on the "inactive" interface, the response is sent back on the gateway of the active interface - which is incorrect.

What rules / settings do I need so the correct gateway is used for any replies depending on which interface the ping arrived on?

Similarly, what rules / settings do I need if I want to make a server on the LAN net visible from the outside at both of the WAN1 and WAN2 prefixes, regardless of which gateway is active in the gateway group?

Details:
I have two WAN links with routable prefixes, say, 2001:1:1:0::/64 for WAN1 and 2001.2.2.0::/64 for WAN2. I assigned a static site local IP (fdaa:bbbb:cccc:0::1) to the LAN interface and created Firewall > NAT> NPTv6 rules to forward the routable global unicast addresses to the site local unicast addresses.
The router advertisement daemon is running in "Unmanaged" mode and hosts on the LAN net successfully assign addresses from the fdaa:bbbb:cccc:0::/64 prefix range.
I created a failover gateway group GWGR from WAN1_GW and WAN2_GW, and added the LAN firewall rule
in IPv6 "Lan net" * * * GWGR * "Failover gateway group".
and a Floating firewall rule
in first-match IPv6 IPV6-ICMP    *    *    LAN net    *    *    * "Allow ICMP"

7

General Discussion / How to change dpinger data length

« on: April 19, 2020, 11:11:49 am »

Is there a GUI option to change the data length (data payload) dpinger uses?
If not, which file(s)would I have to modify either to add the GUI option, or to 'hard code' the -d option where dpinger is called from?

I am running
  OPNsense 20.1.4-amd64
  FreeBSD 11.2-RELEASE-p18-HBSD
  LibreSSL 3.0.2
and there is no 'data length' under 'System: Gateways: Single > Advanced'...
Thanks, John

 

8

General Discussion / What determines whether new interface is treated as WAN or LAN type for routing

« on: April 16, 2020, 01:48:44 pm »

If I add a new interface, what settings determine whether it will be treated as WAN or LAN for routing?
Thanks, John