Messages

We have some hints here:

https://docs.opnsense.org/manual/how-tos/carp.html#known-limitations

Last two times I saw dups with pings in customer support was firmware bug in a switch that caused the CAM table to misbehave, and the other time it was switches that were not stacked (even though they should have been)

Most of the time its the switch being weird.

Specifically read this:
https://docs.opnsense.org/manual/how-tos/carp.html#stacking

Intern ist es domain:

https://github.com/opnsense/core/blob/8ae0a6c158d3fc92e055932af676887248b908bf/src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/PortField.php#L48

Code Select Expand

root@opn-dev-02:# cat /etc/services | grep -i "53"
# Dynamic and/or Private Ports are those from 49152 through 65535.
domain 53/tcp    #Domain Name Server
domain 53/udp    #Domain Name Server

Ich kann mich nicht daran erinnern das da mal DNS stand, aber vielleicht erinnere ich mich auch falsch.

https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

53   Yes         Domain Name System (DNS)[39][11]

Alles gut, Domain ist nur eine andere Abkürzung für das selbe.

Hello, yes the update is legitimate. Its a small hotfix that fixes this issue:

https://forum.opnsense.org/index.php?topic=51905.0

Hello, please use the forum search. There have been quite some threads about this issue already. Thank you :)

Hello,

after spending months with our KEA implementation, improving it with lots features that were highly requested, the natural conclusion of this development cycle arrived with the biggest feature.

We implemented a new option "Dynamic Prefix" which provides these new functionality:
- DHCPv6 Subnets (IA_NA) can be marked as "Dynamic", which will automatically "track" the IA_NA pool and optionally the DNS server option
- DHCPv6 PD Pools (IA_PD) can be attached to a dynamic prefix subnet, offering an automatically "tracked" IA_PD pool to allow prefix delegation to other routers behind the OPNsense even if your WAN has a dynamic prefix.

The big difference to ISC here is that multiple WANs are supported, as well as multiple internal interfaces can all provide a IA_NA and IA_PD pool (if your dynamic prefix(es) are large enough to split them)

The documentation how it works has been updated here:
https://github.com/opnsense/docs/blob/master/source/manual/kea.rst#prefix-delegation-ia-pd

The code itself is currently on master, so you either need a development version with the latest core.git or install in a running 26.1.8 using the patch method:

# opnsense-patch 91093f3344 5b7c8e6a2f 5c51ecdee11

References:
https://github.com/opnsense/core/commit/91093f3344
https://github.com/opnsense/core/commit/5b7c8e6a2f
https://github.com/opnsense/core/commit/5c51ecdee11

Thank you for any feedback,
Monviech

Sadly it's just mid.

(Sorry had to make that joke.)

In dnsmasq: Create a new DHCP Tag, set it inside the host reservation of the Switch. Then create a DHCP option with the DNS server you want and the same Tag assigned.

In KEA: Create a new dns server option and set it in a reservation.

Im not sure I can help debug this if you are not using the GUI to generate your current configuration.

We don't have a common baseline here.

I just tried in my test installation on latest community and I get returns:

Code Select Expand

root@OPNsense:~ # /usr/local/opnsense/scripts/kea/get_kea_leases.py --proto inet6
{"records":[{"address":"fd10::1","prefix_len":128,"type":"IA_NA","hwaddr":"00:15:5d:00:ad:3e","duid":"00:01:00:01:31:3d:5f:3e:00:15:5d:00:ad:3c","client_id":"","iaid":3,"valid_lifetime":4000,"expire":1778876996,"hostname":"","state":0,"if":null,"if_descr":"","is_reserved":[]},{"address":"fd10:0:0:1000::","prefix_len":56,"type":"IA_PD","hwaddr":"00:15:5d:00:ad:3e","duid":"00:01:00:01:31:3d:5f:3e:00:15:5d:00:ad:3c","client_id":"","iaid":3,"valid_lifetime":4000,"expire":1778876996,"hostname":"","state":0,"if":null,"if_descr":"","is_reserved":[]}]}

So if nothing is returned, either KEA's socket really knows no leases, or there is some logic error somewhere (which I don't expect right now).

Quite strange.

Well tell the script to return IPv6 leases.

https://github.com/opnsense/core/blob/49b54ef032124e36eed2ad6fb19a9cc518f576a1/src/opnsense/scripts/kea/get_kea_leases.py#L106

--proto inet6

The GUI does not use the lease files anymore to display leases, it interacts directly with the unix socket now.

You need the leases hook library in your config file.

https://github.com/opnsense/core/blob/49b54ef032124e36eed2ad6fb19a9cc518f576a1/src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.php#L387

Afterward try executing the leases script to see if it returns anything:

https://github.com/opnsense/core/blob/master/src/opnsense/scripts/kea/get_kea_leases.py

We hotfixed it today, search for updates.

It was a very KEA thing, here some references:
https://github.com/opnsense/core/pull/10297

No problem :)

Remove and reinstall the caddy plugin once and it will have the latest binary with the cloudflare changes.