Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - aefainoh

Pages1
#1
General Discussion / Lots of firewall logs for lo0 in live view
May 01, 2020, 04:13:40 AM
I've noticed recently that opnsense is logging a lot of accepted connections on lo0 and also in this case NTP connections to itself.  I have not noticed this in the past.  Is this something that was changed recently or is it possible I've misconfigured something to produce this extra logging?  Is there a way to exclude a specific RID, or interface?

I've included a sample screenshot of the logs I am seeing, there are several logs per second for lo0 most of which seem to be for ntp.  It's quite difficult to see anything else in live view.
#2
General Discussion / dynv6 with dhcpv6 (using TSIG keys) to auto add AAAA records for all leases
April 23, 2020, 04:19:03 AM
Has anyone ever used TSIG keys with dynv6 (or any dynamic dns service) under the `Dynamic DNS` section of the DHCPv6 server configuration?  The path is /services_dhcpv6.php?if=lan.  Not the regular dynv6 configuration at /services_dyndns.php.

I can't seem to get it to work although everything suggests it probably should.  Dynv6 has an nsupdate example here: https://dynv6.com/docs/apis#dns-update .  Opnsense's config is very similar as far as I can tell.

The first issue I ran into is that the key name looks like `_XXXXXX._tsig.dynv6.com`.  It appears that the string needs to be quoted in the /var/dhcpd/etc/dhcpdv6.conf file generated by that configuration page because of the underscores but it isn't by default.

The next problem is that even if I hack together a working config file and start the service it never actually updates anything or uses the key and I can't seem to figure out where logs would be to start debugging it.  Maybe there is a way to turn on logging for that specific service that I'm missing?

It's also possible that I have completely misunderstood how this feature is suppose to work.  There isn't a lot of documentation that I could find but if someone knows please feel free to point me in the right direction.

I have been able to update dynv6's records using the regular http api and the built in dynv6 option in /services_dyndns.php however I'd like to create records for individual hosts.  I do realize that I could run nsupdate or some other utility on the host itself but I think the above should work as well.
Pages1