Messages

1

23.1 Legacy Series / ddclient with opnsense backend and cloudflare - more problems

« on: May 09, 2023, 07:12:15 pm »

I opened a post a couple of days ago about ddclient not starting nor logging. Apparently, my configs weren't correct and it failed silently, so I lost a couple of days on that instead of it saying there were some problem.

Anyway, it starts now, and I've found the following problems, just checking if anybody has a solution and this "new and improved" version of a working plugin that caused no problems to anybody can get to a working state, or even feature parity:

- With the opnsense backend, there's no way of using an API token. The global token has to be used, otherwise it complains about:

Code: [Select]

error receiving ZoneID [[{"code": 6003, "message": "Invalid request headers", "error_chain": [{"code": 6103, "message": "Invalid format for X-Auth-Key header"}]}]]

Using global token instead of an API one is a serious security issue.

- When using more than one hostname in a config, it gives the error:

Code: [Select]

failed to set new ip XXXX [{"result":null,"success":false,"errors":[{"code":9000,"message":"DNS name is invalid."}],"messages":[]}]

- More importantly: I have some proxied domains and some unproxied. Updating them via opnsense backend set all of them as unproxied. There is an optional parameter in the body of the query (see here), but there's no way of setting it. I guess a frontend change should be made, and have a checkbox to control this.

2

23.1 Legacy Series / Re: ddclient with opnsense backend doesn't start

« on: May 05, 2023, 07:00:11 pm »

As expected, the recent update 23.1.7 solved absolute nothing. I can paste the same command outputs and ps output if you want.

3

23.1 Legacy Series / Re: ddclient with opnsense backend doesn't start

« on: May 04, 2023, 09:30:00 pm »

No offense, but can you start.a new topic with your problem instead of using this one, which has nothing to do?

4

23.1 Legacy Series / Re: ddclient with opnsense backend doesn't start

« on: May 03, 2023, 08:29:11 pm »

Not sure, could be a configuration issue leading to faulty configuration... And this?

# service ddclient_opn start


Cheers,
Franco

# service ddclient_opn start
Cannot 'start' ddclient_opn. Set ddclient_opn_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'.


If I do onestart:
# service ddclient_opn onestart
Starting ddclient_opn.

but then:
# service ddclient_opn onestatus
ddclient_opn is not running.


As I said, the same config works with ddclient backend (but no dual stack, so no bueno)

Edit: ddclient was disabled. I just enabled it, and now "start" and "status" work, but with the same result.

5

23.1 Legacy Series / Re: ddclient with opnsense backend doesn't start

« on: May 03, 2023, 07:14:45 pm »

> As I said in the post title, other than there are no logs, it doesn't even start, so it's not doing anything in the server.

What is this based on? A red light in a GUI widget?

Well, yes. What else?

The bug really only applies there, not even the ddclient MVC page. And I don't see any ps output backing up the claim further.

I would have posted a ps output if I was asked. Here's it then, output of ps axu. Note the lack of anything ddclient related:

Code: [Select]

root@firewall:~ # ps axu
USER      PID  %CPU %MEM    VSZ    RSS TT  STAT STARTED        TIME COMMAND
root       11 378.2  0.0      0     64  -  RNL  26Apr23 39508:32.50 [idle]
root    40771   1.4  1.6 198336 131912  -  S    26Apr23   121:43.52 /usr/local/bin/python3 /usr/local/opnsense/scripts/unbound/logger.py (python3.9)
root    39846   0.2  0.4  61568  35932  -  S    Sun11       0:03.42 /usr/local/bin/php-cgi
root        0   0.0  0.0      0   1488  -  DLs  26Apr23   176:18.33 [kernel]
root        1   0.0  0.0  11408   1016  -  SLs  26Apr23     0:00.11 /sbin/init
root        2   0.0  0.0      0     64  -  DL   26Apr23     0:00.00 [KTLS]
root        3   0.0  0.0      0     80  -  DL   26Apr23     0:00.00 [crypto]
root        4   0.0  0.0      0     32  -  DL   26Apr23     0:00.00 [cam]
root        5   0.0  0.0      0    944  -  DL   26Apr23    10:03.96 [zfskern]
root        6   0.0  0.0      0     16  -  DL   26Apr23     5:58.45 [pf purge]
root        7   0.0  0.0      0     16  -  DL   26Apr23     2:21.09 [rand_harvestq]
root        8   0.0  0.0      0     48  -  DL   26Apr23     1:24.25 [pagedaemon]
root        9   0.0  0.0      0     16  -  DL   26Apr23     0:00.00 [vmdaemon]
root       10   0.0  0.0      0     16  -  DL   26Apr23     0:00.00 [audit]
root       12   0.0  0.0      0    256  -  WL   26Apr23     8:16.94 [intr]
root       13   0.0  0.0      0     48  -  DL   26Apr23     0:00.05 [geom]
root       14   0.0  0.0      0     16  -  DL   26Apr23     0:00.00 [sequencer 00]
root       15   0.0  0.0      0     80  -  DL   26Apr23     0:06.29 [usb]
root       16   0.0  0.0      0     80  -  DL   26Apr23     0:25.57 [bufdaemon]
root       17   0.0  0.0      0     16  -  DL   26Apr23     0:08.28 [syncer]
root       18   0.0  0.0      0     16  -  DL   26Apr23     0:06.05 [vnlru]
root       20   0.0  0.4  52924  30520  -  I    Sun11       0:01.42 /usr/local/bin/php-cgi
root       29   0.0  0.0      0     16  -  DL   26Apr23     0:00.19 [aiod1]
root       30   0.0  0.0      0     16  -  DL   26Apr23     0:00.19 [aiod2]
root       31   0.0  0.0      0     16  -  DL   26Apr23     0:00.19 [aiod3]
root       32   0.0  0.0      0     16  -  DL   26Apr23     0:00.19 [aiod4]
root      446   0.0  0.0  11448   1524  -  Is   26Apr23     0:00.43 /sbin/devd
root     4170   0.0  0.2  23736  12480  -  S    Sun10       0:57.02 /usr/local/bin/python3 /usr/local/sbin/configctl -e -t 0.5 system event config_changed (python3.9)
dhcpd    4236   0.0  0.2  29424  14188  -  Is   26Apr23     0:00.76 /usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid igb2_vlan10 igb2_vlan50 igb2_vlan30
root     4750   0.0  0.2  23972  12588  -  S    Sun10       0:52.02 /usr/local/bin/python3 /usr/local/opnsense/scripts/syslog/lockout_handler (python3.9)
root     5666   0.0  0.4  61440  35224  -  S    Sun11       0:02.17 /usr/local/bin/php-cgi
root     6043   0.0  0.0  12756   2228  -  Is   26Apr23     0:00.01 daemon: /usr/local/opnsense/scripts/dhcp/prefixes.sh[7154] (daemon)
root     7154   0.0  0.0  13504   2644  -  S    26Apr23     0:12.67 /bin/sh /usr/local/opnsense/scripts/dhcp/prefixes.sh
root     8237   0.0  0.0  12924   2508  -  ICs  26Apr23     0:18.59 /usr/sbin/rtsold -p /var/run/rtsold.pid -M /var/etc/rtsold_script.sh -O /var/etc/rtsold_script.sh -R /usr/local/opnsense/scripts/interfaces/rtsold_resolvconf.sh -a -u -D
root     9933   0.0  0.0  12920   2456  -  Is   26Apr23     0:00.00 rtsold: rtsold.llflags (rtsold)
root    10377   0.0  0.0  12920   2452  -  Is   26Apr23     0:01.17 rtsold: rtsold.script (rtsold)
root    11312   0.0  0.0  12920   2440  -  Is   26Apr23     0:00.00 rtsold: rtsold.sendmsg (rtsold)
root    11597   0.0  0.0  12920   2596  -  Is   26Apr23     0:24.87 rtsold: system.syslog (rtsold)
root    14092   0.0  0.0  12796   2536  -  Is   26Apr23     0:00.08 /usr/local/sbin/dhcp6c -c /var/etc/dhcp6c.conf -p /var/run/dhcp6c.pid -D
root    18271   0.0  0.1  18060   6716  -  Is   26Apr23     0:00.00 sshd: /usr/local/sbin/sshd [listener] 0 of 10-100 startups (sshd)
root    22046   0.0  0.0  12648   2112  -  SC   19:10       0:00.00 sleep 20
root    22657   0.0  0.1  21172   8304  -  S    26Apr23     0:28.61 /usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf
root    23182   0.0  0.3  49148  23560  -  Is   26Apr23     0:00.07 /usr/local/bin/php-cgi
root    24060   0.0  0.3  49148  23620  -  Is   26Apr23     0:00.09 /usr/local/bin/php-cgi
root    25543   0.0  0.1  22208   7936  -  I    26Apr23     0:00.00 /usr/local/sbin/syslog-ng -f /usr/local/etc/syslog-ng.conf -p /var/run/syslog-ng.pid
root    26386   0.0  0.2  43400  13228  -  Ss   26Apr23     6:09.06 /usr/local/sbin/syslog-ng -f /usr/local/etc/syslog-ng.conf -p /var/run/syslog-ng.pid
unbound 35192   0.0  0.9 213772  75356  -  Is   26Apr23    18:36.19 /usr/local/sbin/unbound -c /var/unbound/unbound.conf
root    35818   0.0  0.4  61440  35192  -  I    Sun11       0:00.53 /usr/local/bin/php-cgi
root    40203   0.0  0.0  12756   2228  -  Is   26Apr23     0:00.00 daemon: /usr/local/opnsense/scripts/unbound/logger.py[40771] (daemon)
dhcpd   45393   0.0  0.1  25712  11648  -  Is   26Apr23     0:01.61 /usr/local/sbin/dhcpd -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid igb1 igb2 igb2_vlan50 igb2_vlan30 igb2_vlan20 igb2_vlan10 igb2_vlan128
root    47067   0.0  0.0  13072   3100  -  Ss   26Apr23     2:52.32 /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
root    50987   0.0  0.0  12724   2476  -  Is   26Apr23     0:17.87 /usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/etc/radvd.conf -m syslog
root    53488   0.0  0.4  57340  34588  -  I    19:08       0:00.87 /usr/local/bin/php-cgi
root    64134   0.0  0.0  12848   2572  -  Ss   19:09       0:00.00 /usr/sbin/cron -s
root    67758   0.0  0.0  12752   2244  -  Ss   26Apr23     5:30.52 /usr/sbin/powerd -b hadp -a hadp -n hadp
root    69030   0.0  0.4  59388  35336  -  I    Sun11       0:04.31 /usr/local/bin/php-cgi
root    82358   0.0  0.2  25764  15496  -  Ss   26Apr23     5:08.99 /usr/local/bin/python3 /usr/local/opnsense/scripts/dhcp/unbound_watcher.py --domain lan (python3.9)
root    86837   0.0  0.1  21780   6980  -  Ss   26Apr23     2:06.26 /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf
root    91516   0.0  0.3  36260  23460  -  Is   Sun10       0:03.58 /usr/local/bin/python3 /usr/local/opnsense/service/configd.py (python3.9)
root    96165   0.0  0.1  18436   7788  -  Ss   19:09       0:00.09 sshd: root@pts/0 (sshd)
root    96356   0.0  0.5  82488  41000  -  S    Sun10       1:11.10 /usr/local/bin/python3 /usr/local/opnsense/service/configd.py console (python3.9)
root    98209   0.0  0.0      0     64  -  DL   26Apr23     0:01.79 [ng_queue]
root    98510   0.0  0.1  23912   6924  -  Ss   26Apr23     0:19.72 /usr/local/sbin/mpd5 -b -d /var/etc -f mpd_wan.conf -p /var/run/pppoe_wan.pid -s ppp pppoeclient
root     2339   0.0  0.1  14700   4256 u0- I+   26Apr23     1:00.02 /usr/local/bin/bash /usr/local/bin/wg-quick up wg0
root     4714   0.0  0.0  12676   2336 u0- I+   26Apr23     0:03.10 route -n monitor
root    45053   0.0  0.0  12780   2284 v0  Is+  26Apr23     0:00.00 /usr/libexec/getty Pc ttyv0
root    45319   0.0  0.0  12780   2284 v1  Is+  26Apr23     0:00.00 /usr/libexec/getty Pc ttyv1
root    45331   0.0  0.0  12780   2284 v2  Is+  26Apr23     0:00.00 /usr/libexec/getty Pc ttyv2
root    45504   0.0  0.0  12780   2284 v3  Is+  26Apr23     0:00.00 /usr/libexec/getty Pc ttyv3
root    46184   0.0  0.0  12780   2284 v4  Is+  26Apr23     0:00.00 /usr/libexec/getty Pc ttyv4
root    47056   0.0  0.0  12780   2284 v5  Is+  26Apr23     0:00.00 /usr/libexec/getty Pc ttyv5
root    48029   0.0  0.0  12780   2284 v6  Is+  26Apr23     0:00.00 /usr/libexec/getty Pc ttyv6
root    48129   0.0  0.0  12780   2284 v7  Is+  26Apr23     0:00.00 /usr/libexec/getty Pc ttyv7
root    20227   0.0  0.0  13812   4064  0  S    19:09       0:00.04 /bin/csh
root    22075   0.0  0.0  13372   3088  0  R+   19:10       0:00.00 ps axu
root    97475   0.0  0.0  13504   3068  0  Is   19:09       0:00.01 /bin/sh /usr/local/sbin/opnsense-shell


In any case 23.1.7 will be out this week with said fix.

I will report after the update, and then open a new post when still doesn't work.

6

23.1 Legacy Series / Re: ddclient with opnsense backend doesn't start

« on: May 01, 2023, 10:18:27 pm »

Don't trust the logs. Check on the portal of your dynDNS service or via pingin your domain name if the update works. I downgrade ddclient for the time being, but the package  lock will not survive the 23.7 upgrade...

As I said in the post title, other than there are no logs, it doesn't even start, so it's not doing anything in the server.

7

23.1 Legacy Series / Re: ddclient with opnsense backend doesn't start

« on: May 01, 2023, 08:28:45 pm »

Scrap os-ddclient. Doesn't work. Use the legacy plug-in. Every time it gets updated it gets worse. I had to switch back. Going with ddclient is a losing battle. I heard next OPNsense release the devs are removing the legacy from the repository. Big mistake. Get it while you can.

Excuse me, but why are the devs getting rid of something that just works with a piece of garbage code that barely works. Doesn't make sense to me.

Yeah, OK, whatever, ddclient is here to stay, so I would like to migrate. Any help?

8

23.1 Legacy Series / Re: ddclient with opnsense backend doesn't start

« on: April 30, 2023, 10:16:02 pm »

That looks like a different problem. I don't get any log or info.

9

23.1 Legacy Series / Re: ddclient with opnsense backend doesn't start

« on: April 30, 2023, 09:07:54 pm »

What version of opnsense are you running? Using 23.1.6 with CloudFlare token and ddclient backend, I needed to turn verbose logging on in order to see anything happening. I am not using IP v6.

I'm using the last version, and verbose logging is on

10

23.1 Legacy Series / ddclient with opnsense backend doesn't start

« on: April 30, 2023, 11:28:29 am »

Hello everybody,

I'm trying to migrate from the working-but-soon-to-be-deprecated dyndns service to the new-but-barely-working ddclient for the 4th or 5th time. I'm using cloudflare with a DNS token and dual stack.

If I use the ddclient backend, it works, but it doesn't work dual stack, so it's useless for me. If I try the opnsense backend, which apparently supports dual stack, it refuses to start. I have applied the patch f920b48a94, as suggested in this link, but it doesn't fix anything.

I would like to post some logs or something, but there's nothing, nor in the ddclient logs, nor in the backend logs, nor in the console. If I try to start it from the console with

Code: [Select]

/usr/local/sbin/pluginctl -s ddclient start it says

Code: [Select]

Service `ddclient' has been started. but it doesn't really do it.

Code: [Select]

/usr/local/sbin/pluginctl -s ddclient status says

Code: [Select]

ddclient is not running.

11

23.1 Legacy Series / os-ddclient does not update IPv4

« on: February 12, 2023, 07:43:35 pm »

Hello,

I have a domain with cloudflare, and I'm trying to update the dynamic IPs (both 4 and 6), but only IPv6 gets updated. I have tried all the IP check methods, with wildcard, without wildcard, a single entry, one entry for IPv4 and another for IPv6. It simply doesn't work. I attach a screenshot of my latest config attempt.

The old deprecated dyndns plugin works perfectly (and it has more options, a widget, actually works, and it's in general better).

Another thing is that the new ddclient occasionally stops working, and it's only fixed by restarting.

12

22.1 Legacy Series / Re: IPv6: static ULAs help

« on: July 10, 2022, 07:38:10 pm »

I haven't got as far as VLANs in my IPv6 journey, but shouldn't the first line "subnet6" allow for space in the prefix for the VLAN ID?  I.e., should it be a /60 (I'm making an assumption from the "prefix6" line at the bottom) so that for each subnet, the ULA's VLAN bits can be made to match the corresponding GUA/GUAs for that interface?

(That "matches multiple shared networks" part of the error message is what got me thinking this...)

That subnet6 already has the prefix for the VLAN ID, cd in the example (actually 02 in real life). I just copied the existing config for an existing VLAN and changed the IP addresses to ULA. Maybe you are right, I'm going to try it.

I've just naively changed the mask to 60 and it said "New subnet mask too short"

13

22.1 Legacy Series / IPv6: static ULAs help

« on: July 10, 2022, 01:22:11 pm »

Hello everybody,

I'm having trouble configuring DHCPv6 for ULA.

I have a working ipv6 situation using SLAAC. I get a dynamic prefix from my ISP, and I have a bunch of VLANs tracking it, so the clients receive a couple of ipv6 addresses via SLAAC. Since the prefix is dynamic, I also have ULAs for internal network use. I have some virtual IPs with them, and the router advertisments configured so they give out the prefixes, and every client is also getting a couple of ULAs via SLAAC. I can put them in the override list of unbound and they are being used, I can ping, everything.

Because I want to have a server with some services, I thought I could try to configure DHCPv6 so it can give out static addresses to these services. Since I only want to use them from the internal network, I thought I would only distribute the ULAs with DHCPv6, and the global addresses with SLAAC (I wouldn't mind if SLAAC also gives ULAs and DHCPv6 GUAs).

When I activated the DHCPv6, I found no way for it to give out ULAs, no matter how I configured, it only gives GUAs. Then I saw this pull request https://github.com/opnsense/core/pull/5313, which looked that it could help. I used the following file for a VLAN (not the real prefix):

Code: [Select]

subnet6 fd01:2345:6789:abcd::/64 {
  # Range for clients
  range6 fd01:2345:6789:abcd:ffff:: fd01:2345:6789:abcd:ffff:ffff:ffff:ffff;

   # Range for clients requesting a temporary address
  range6 fd01:2345:6789:abcd::/64 temporary;

   # Additional options
  option dhcp6.name-servers fd01:2345:6789:abcd::;

  # Prefix range for delegation to sub-routers
  prefix6 fd01:2345:6789:abef:: fd01:2345:6789:abff::/60;
}


DHCPv6 fails to start with the following error:

/status_services.php: The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid igb2_vlan20 igb2_vlan50 igb2_vlan30 igb2_vlan128' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.4.2-P1 Copyright 2004-2021 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Config file: /etc/dhcpdv6.conf Database file: /var/db/dhcpd6.leases PID file: /var/run/dhcpdv6.pid Wrote 3 NA, 0 TA, 0 PD leases to lease file. Interface igb2_vlan20 matches multiple shared networks If you think you have received this message due to a bug rather than a configuration issue please read the section on submitting bugs on either our web page at www.isc.org or in the README file before submitting a bug. These pages explain the proper process and the information we find helpful for debugging. exiting.'

   
Commenting the different config lines doesn't help (I'm not sure if it was properly configured). Removing the ULA prefix from the router advertisments doesn't help neiter. Only removing the virtual IP for this VLAN allows it to start, but then DHCPv6 doesn't give out any ULA address, and ipv6 with ULAs stops working.

Could somebody help me to configure it, or maybe tell me another way of achieving what I want, static ULAs?

Thanks in advance

14

22.1 Legacy Series / Re: No IPv6 to the internet, works locally

« on: March 08, 2022, 09:57:00 am »

I can confirm that I have the same problem. I have RA enabled and none of the clients get ipv6 addresses assigned. This setup without any modification has worked until the recent upgrade 22.1.1 -> 22.1.2

I am willing to provide any debug information needed.

It's not the same problem. As I said, clients get ipv6 addresses and it works locally, even across vlans, but it's not being routed to the internet.

15

22.1 Legacy Series / Re: No IPv6 to the internet, works locally

« on: March 07, 2022, 06:37:02 pm »

Have the same issue.

What ISP you have?

Deutsche Telekom. I doubt it has anything to do, as I said, it was working before with the same config.