Messages

I changed Interfaces / WAN / DHCPv6 client configuration prefix delegation size from 64 to 56 and now I got:
WAN ipv6 address zzz/128
LAN ipv6 address yyy/64

Also, the IPv6 connections are working after reboot without any manual work. Thanks!

WAN ipv6 address is zzz/128
LAN ipv6 address is yyy/56

LAN should be a /64. If it's showing /56, the prefix delegation size probably isn't configured correctly (Interfaces / WAN / DHCPv6 client configuration). This needs to be set to the prefix length actually delegated by your ISP.

Cheers
Maurice

Thanks for the hint. I checked that Interfaces / WAN / DHCPv6 client configuration has 64 as prefix delegation size.

[WAN]

Problems and steps to reproduce:
1. When I reboot the OPNsense box, WAN and LAN interfaces get the IPv4 and IPv6 addresses. Also, client in the LAN network get their IPv4 and IPv6 addresses correctly.
2. OPNsense box has both IPv4 and IPv6 connectivity to the internet. However, LAN clients can connect only using IPv4 trough the OPNsense box. IPv6 to the internet does not work.
3. When I disable IPv6 for LAN and immediately enable it back to "Track interface", LAN clients can connect to the internet using both IPv4 and IPv6 through the OPNsense box.
4. Both IPv4 and IPv6 connections remain stable until next time I reboot the system.

Just realized that I had a typo. Here are the correct steps to reproduce:
Problems and steps to reproduce:
1. When I reboot the OPNsense box, WAN and LAN interfaces get the IPv4 and IPv6 addresses. Also, client in the LAN network get their IPv4 and IPv6 addresses correctly.
2. OPNsense box has both IPv4 and IPv6 connectivity to the internet. However, LAN clients can connect only using IPv4 trough the OPNsense box. IPv6 to the internet does not work.
3. When I disable IPv6 for LAN WAN and immediately enable it back to "Track interface" DHCPv6, LAN clients can connect to the internet using both IPv4 and IPv6 through the OPNsense box.
4. Both IPv4 and IPv6 connections remain stable until next time I reboot the system.

Hi! I'm having the following issue with IPv6.

My OPNsense box is acting as firewall and router between WAN/LAN with the following setup:

Code Select Expand


TOPOLOGY
Internet -- WAN|opnsense|LAN -- LAN network

WAN igb0 IPv4 DHCP
WAN igb0 IPv6 DHCPv6

LAN em0 IPv4 static KEA DHCP serving the IPv4 LAN network (192.168.xx.yy/24)
LAN em0 IPv6 Track interface ISC DHCPv6 running on the interface

OPNsense addresses:
WAN ipv6 address is zzz/128
LAN ipv6 address is yyy/56

Router advertisement daemon enabled
pf enabled for both IPv4 and IPv6


Problems and steps to reproduce:
1. When I reboot the OPNsense box, WAN and LAN interfaces get the IPv4 and IPv6 addresses. Also, client in the LAN network get their IPv4 and IPv6 addresses correctly.
2. OPNsense box has both IPv4 and IPv6 connectivity to the internet. However, LAN clients can connect only using IPv4 trough the OPNsense box. IPv6 to the internet does not work.
3. When I disable IPv6 for LAN and immediately enable it back to "Track interface", LAN clients can connect to the internet using both IPv4 and IPv6 through the OPNsense box.
4. Both IPv4 and IPv6 connections remain stable until next time I reboot the system.

Restarting DHCP servers or router advertisement daemon doesn't help. So far the only way to get the IPv6 connectivity seems to be temporarily disabling IPv6 and then enabling it again.

Would anybody have any idea what might be wrong with my setup? What additional information you would need to help narrowing down the issue?

I started testing IPv6 with OPNsense 25.7.9 which was also the first time I observed the issue.

Now I am running OPNsense 25.7.10-amd64 and the issue is the same.

I have two firewalls which both are running 1.18 on OPNsense 24.7.7.

Wireguard is working without issues on both systems.

Are you running an untagged vlan on the same trunk? Thats not recommended. If you are running vlans all of them should be tagged, even vlan 1. Freebsd doesnt like this.

The untagged parent interface doesnt need to be assigned. If you use a switch with native vlan id (or how its called) use a sacrafice vlan like 2000 or something for the untagged traffic so it doesnt collide with tagged traffic on the connected trunk interface.

Dont know if thats related to the KEA issue.

Thank you! This was indeed the issue. Now all VLANs (including VLAN 1) are tagged and KEA is also working as expected after a system reboot.

KEA does not even issue a warning "em0 is not running" now that VLANs are properly configured (not mixing tagged and untagged).

I am testing KEA dhcpd on OPNsense 24.1.2_1-amd64.

I have configured five subnets (LAN + four VLANs) for which KEA is the dhcp server:
192.168.22.0/24 (LAN)
192.168.202.0/24 (VLAN 2)
192.168.205.0/24 (VLAN 5)
192.168.210.0/24 (VLAN 10)
192.168.220.0/24 (VLAN 20)

Everything is fine until I reboot the system. After reboot I see the following warning in the KEA log file:

WARN [kea-dhcp4.dhcpsrv.0x835bc5000] DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: the interface em0 is not running

It seems like KEA is starting before the em0 interface (which is the interface for the LAN and VLANs).

However, KEA seems to start and servers fine on the VLAN-intefaces but does not provide DHCP leases for the LAN interface. Once I restart the KEA service, it starts serving on both LAN interface and VLANs.

Again, when I reboot the system, the same issue occurs until I manually restart KEA.

Is this a known issue and is there any workaround for the issue? Is there any information I can provide for inspecting this further?

Please run the following commands

rm -fr /usr/local/opnsense/version/sensei-db
rm -fr /usr/local/sensei-db
Click in System - Firmware - Resolve Plugin Conflicts - Reset All Local Conflicts

Thank you! This did the trick! Rebooted the system to confirm everything is running fine - all good.

Just upgraded my OPNsense installation from 23.7.11 to 24.1.2.

I also upgraded Zenarmor from 1.16.1 to 1.16.3.

Now I see red os-sensei-db (missing) line at System -> Firmware -> Plugins.

I have tried both Resolve Plugin Conflicts -> Run the automatic resolver and Reset all local conflicts but the problem remains.

Some old threads suggest to reinstall Zenarmor to solve this issue but I was wondering if there is a way to fix whit problem without reinstalling Zenarmor.

OPNsense 24.1.2_1-amd64
FreeBSD 13.2-RELEASE-p10
OpenSSL 3.0.13

Hi,

A network issue is occurred. It should be ok now. Can you confirm?

Thanks!
Looks OK now, had to re-check with the button there though. Did not resolve on it's own.

Thanks! It works now!

In my case both systems show that the status has been UP for about 5 hours. It fixed without any interaction from my side.

Hello all and thanks for the great Zenarmor software!

I am having the following issue with cloude nodes:
Europe & Europe2 are DOWN. When I click "check now" (on Zenarmor status page) they become UP for a while but then eventually down again. Rebooting the system does not help. I have this issue on two separate firewalls. Both are running:
Engine version 1.12.1
DB version 1.12.22112919
OPNsense 22.7.10_2-amd64
FreeBSD 13.1-RELEASE-p5
OpenSSL 1.1.1s 1 Nov 2022

ping 35.198.172.108 and ping 34.65.117.157 seem to be alright.

Any ideas how to analyze this further?

Same here! Congratulations!

Hi all,

Please reinstall the package with the following command to solve the Safari browser issue.

pkg install -fy os-sensei

I can confirm that this works on iOS Safari now. Thanks, great work!

Check this thread:
https://forum.opnsense.org/index.php?topic=27744.0

Do you have a similar issue?

In my case, it appears to be working on Windows machines but not on iOS machines.