Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Realterminator

Pages1
#1
German - Deutsch / DHCPv6 vergibt immer ipv6 mit Prefix 128 statt 64
April 28, 2022, 11:40:32 PM
Provider T-Com, bekome auf LAN DHCPv6 nicht zum korekten laufen

Interface-> WAN ->DHCPv6 client configuration
Configuration Mode: Basic
Request only an IPv6 prefix: An
Prefix delegation size: 56
Send IPv6 prefix hint: An
use IPv4 connectivity: An
Use VLAN priority: Disabled

Interface WAN
IPv6 link-local   fe80::2f4:21ff:fe68:6abe/64
IPv6 address   2003:xxxx:xxxx:2625:2f4:21ff:fe68:6abc/64
IPv6 delegated prefix   2003:xxxx:yyyy:1200::/56
IPv6 gateway   fe80::8aa2:5eff:fe1e:62d5

Interface-> WAN -> Generic configuration
IPv6 Configuration Type: Track Interface
IPv6 Interface: WAN
Pv6 Prefix ID: 0
Manual configuration: An

Interface LAN
IPv6 link-local   fe80::2f4:21ff:fe68:6abd/64
IPv6 address   2003:xxxx:yyyy:1200:2f4:21ff:fe68:6abd/64

Service -> Router Advertisements -> LAN
Router Advertisements: Managed     wenn ich hier Unmanaged  angebe läuft alles ohne DHCPv6 
Router Priority: Hight
ource Address: Automatic
Advertise Default Gateway: An
Advertise Routes: nichts angegeben
DNS servers: 2003:xxxx:yyyy:1200:2f4:21ff:fe68:6abd
Use the DNS settings of the DHCPv6 server: Aus
Do not send DNS settings to clients: Aus

SERVICES: DHCPV6: [LAN]
Enable: An
Subnet: 2003:xxxx:yyyy:1200::
Subnet mask: 64 bits
Current LAN IPv6 prefix: 2003:xxxx:yyyy:1200::
Available prefix delegation size: 57
Available range   2003:xxxx:yyyy:1200:: - 2003:xxxx:yyyy:1200:ffff:ffff:ffff:ffff
Range from ::1000 to ::2000
Prefix Delegation Range:  nichts angegeben


IP vom Linux Client:
2003:xxxx:yyyy:1200::2000/128

Wie bekomme ich eine ipv6 2003:xxxx:yyyy:1200::2000/64 hin?
Hoffe jemand von euch findet den meinen Fehler in der Config
#2
German - Deutsch / Re: [Siproxd & VOIP Support] Problem- und Lösungsthread
August 15, 2021, 08:14:16 PM
Hallo in die Runde,

Ist das Plugin siptrunk mit integriert, und wen ja wo kann man es konfigurieren?

https://sourceforge.net/p/siproxd/discussion/203640/thread/88c1929a8d/#a5de

Vielen Dank im Voraus für eure Hilfe
#3
21.1 Legacy Series / Re: 21.1.5 LET'S ENCRYPT: CAA record for [Domain] prevents issuance
April 23, 2021, 10:16:32 AM
You save my day

home.example.com.   IN   CAA   0 issue "letsencrypt.org"
home.example.com.   IN   CAA   0 iodef "mailto:webmaster@example.com"
#4
21.1 Legacy Series / 21.1.5 LET'S ENCRYPT: CAA record for [Domain] prevents issuance (SOLVED)
April 23, 2021, 09:42:05 AM
Hello Knowledgeable,
I hope that one of you can tell me what is wrong.
I have Opnsense set up from scratch and get above error

Log is attached

Code Select

[Fri Apr 23 09:31:50 CEST 2021] Using config home:/var/etc/acme-client/home
[Fri Apr 23 09:31:50 CEST 2021] Running cmd: issue
[Fri Apr 23 09:31:50 CEST 2021] _main_domain='opnsense.home.example.com'
[Fri Apr 23 09:31:50 CEST 2021] _alt_domains='no'
[Fri Apr 23 09:31:50 CEST 2021] Using config home:/var/etc/acme-client/home
[Fri Apr 23 09:31:50 CEST 2021] default_acme_server
[Fri Apr 23 09:31:50 CEST 2021] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Fri Apr 23 09:31:50 CEST 2021] DOMAIN_PATH='/var/etc/acme-client/home/opnsense.home.example.com'
[Fri Apr 23 09:31:50 CEST 2021] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Fri Apr 23 09:31:50 CEST 2021] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Fri Apr 23 09:31:50 CEST 2021] GET
[Fri Apr 23 09:31:50 CEST 2021] url='https://acme-v02.api.letsencrypt.org/directory'
[Fri Apr 23 09:31:50 CEST 2021] timeout=
[Fri Apr 23 09:31:50 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  --trace-ascii /tmp/tmp.j3HZeIHf '
[Fri Apr 23 09:31:51 CEST 2021] ret='0'
[Fri Apr 23 09:31:51 CEST 2021] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Fri Apr 23 09:31:51 CEST 2021] ACME_NEW_AUTHZ
[Fri Apr 23 09:31:51 CEST 2021] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri Apr 23 09:31:51 CEST 2021] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Fri Apr 23 09:31:51 CEST 2021] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Fri Apr 23 09:31:51 CEST 2021] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Fri Apr 23 09:31:51 CEST 2021] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri Apr 23 09:31:51 CEST 2021] ACME_VERSION='2'
[Fri Apr 23 09:31:51 CEST 2021] Le_NextRenewTime
[Fri Apr 23 09:31:51 CEST 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri Apr 23 09:31:51 CEST 2021] _on_before_issue
[Fri Apr 23 09:31:51 CEST 2021] _chk_main_domain='opnsense.home.example.com'
[Fri Apr 23 09:31:51 CEST 2021] _chk_alt_domains
[Fri Apr 23 09:31:51 CEST 2021] Le_LocalAddress
[Fri Apr 23 09:31:51 CEST 2021] d='opnsense.home.example.com'
[Fri Apr 23 09:31:51 CEST 2021] Check for domain='opnsense.home.example.com'
[Fri Apr 23 09:31:51 CEST 2021] _currentRoot='dns_doapi'
[Fri Apr 23 09:31:51 CEST 2021] d
[Fri Apr 23 09:31:51 CEST 2021] _saved_account_key_hash is not changed, skip register account.
[Fri Apr 23 09:31:51 CEST 2021] Read key length:4096
[Fri Apr 23 09:31:51 CEST 2021] _createcsr
[Fri Apr 23 09:31:51 CEST 2021] Single domain='opnsense.home.example.com'
[Fri Apr 23 09:31:51 CEST 2021] Getting domain auth token for each domain
[Fri Apr 23 09:31:51 CEST 2021] d
[Fri Apr 23 09:31:51 CEST 2021] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri Apr 23 09:31:51 CEST 2021] payload='{"identifiers": [{"type":"dns","value":"opnsense.home.example.com"}]}'
[Fri Apr 23 09:31:51 CEST 2021] RSA key
[Fri Apr 23 09:31:52 CEST 2021] HEAD
[Fri Apr 23 09:31:52 CEST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Fri Apr 23 09:31:52 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  --trace-ascii /tmp/tmp.bZupw9Cb  -I  '
[Fri Apr 23 09:31:53 CEST 2021] _ret='0'
[Fri Apr 23 09:31:53 CEST 2021] POST
[Fri Apr 23 09:31:53 CEST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Fri Apr 23 09:31:53 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  --trace-ascii /tmp/tmp.bZupw9Cb '
[Fri Apr 23 09:31:54 CEST 2021] _ret='0'
[Fri Apr 23 09:31:54 CEST 2021] code='201'
[Fri Apr 23 09:31:54 CEST 2021] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/120250055/9241257541'
[Fri Apr 23 09:31:54 CEST 2021] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/120250055/9241257541'
[Fri Apr 23 09:31:54 CEST 2021] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/12555764122'
[Fri Apr 23 09:31:54 CEST 2021] payload
[Fri Apr 23 09:31:54 CEST 2021] POST
[Fri Apr 23 09:31:54 CEST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/12555764122'
[Fri Apr 23 09:31:54 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  --trace-ascii /tmp/tmp.bZupw9Cb '
[Fri Apr 23 09:31:55 CEST 2021] _ret='0'
[Fri Apr 23 09:31:55 CEST 2021] code='200'
[Fri Apr 23 09:31:55 CEST 2021] d='opnsense.home.example.com'
[Fri Apr 23 09:31:55 CEST 2021] Getting webroot for domain='opnsense.home.example.com'
[Fri Apr 23 09:31:55 CEST 2021] _w='dns_doapi'
[Fri Apr 23 09:31:55 CEST 2021] _currentRoot='dns_doapi'
[Fri Apr 23 09:31:55 CEST 2021] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/12555764122/MrEyTg","token":"soaovEwT3XYXmWIrfhuA3W32BpkOP-sJ8Pm-yf_hM3c"'
[Fri Apr 23 09:31:55 CEST 2021] token='soaovEwT3XYXmWIrfhuA3W32BpkOP-sJ8Pm-yf_hM3c'
[Fri Apr 23 09:31:55 CEST 2021] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/12555764122/MrEyTg'
[Fri Apr 23 09:31:55 CEST 2021] keyauthorization='soaovEwT3XYXmWIrfhuA3W32BpkOP-sJ8Pm-yf_hM3c.D4qT5LVa92mckKnQMnTveG8T0qwEDojFoqSZamw7NBE'
[Fri Apr 23 09:31:55 CEST 2021] dvlist='opnsense.home.example.com#soaovEwT3XYXmWIrfhuA3W32BpkOP-sJ8Pm-yf_hM3c.D4qT5LVa92mckKnQMnTveG8T0qwEDojFoqSZamw7NBE#https://acme-v02.api.letsencrypt.org/acme/chall-v3/12555764122/MrEyTg#dns-01#dns_doapi'
[Fri Apr 23 09:31:55 CEST 2021] d
[Fri Apr 23 09:31:55 CEST 2021] vlist='opnsense.home.example.com#soaovEwT3XYXmWIrfhuA3W32BpkOP-sJ8Pm-yf_hM3c.D4qT5LVa92mckKnQMnTveG8T0qwEDojFoqSZamw7NBE#https://acme-v02.api.letsencrypt.org/acme/chall-v3/12555764122/MrEyTg#dns-01#dns_doapi,'
[Fri Apr 23 09:31:55 CEST 2021] d='opnsense.home.example.com'
[Fri Apr 23 09:31:55 CEST 2021] _d_alias
[Fri Apr 23 09:31:55 CEST 2021] txtdomain='_acme-challenge.opnsense.home.example.com'
[Fri Apr 23 09:31:55 CEST 2021] txt='_uncpSBWS5RZbjow2ouFzICGEPDJU6RMOZ69JoXek6g'
[Fri Apr 23 09:31:55 CEST 2021] d_api='/usr/local/share/examples/acme.sh/dnsapi/dns_doapi.sh'
[Fri Apr 23 09:31:55 CEST 2021] Found domain api file: /usr/local/share/examples/acme.sh/dnsapi/dns_doapi.sh
[Fri Apr 23 09:31:55 CEST 2021] Adding txt value: _uncpSBWS5RZbjow2ouFzICGEPDJU6RMOZ69JoXek6g for domain:  _acme-challenge.opnsense.home.example.com
[Fri Apr 23 09:31:55 CEST 2021] Adding TXT record to _acme-challenge.opnsense.home.example.com
[Fri Apr 23 09:31:55 CEST 2021] GET
[Fri Apr 23 09:31:55 CEST 2021] url='https://www.do.de/api/letsencrypt?token=geheim&domain=_acme-challenge.opnsense.home.example.com&value=_uncpSBWS5RZbjow2ouFzICGEPDJU6RMOZ69JoXek6g'
[Fri Apr 23 09:31:55 CEST 2021] timeout=
[Fri Apr 23 09:31:55 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  --trace-ascii /tmp/tmp.bZupw9Cb '
[Fri Apr 23 09:31:56 CEST 2021] ret='0'
[Fri Apr 23 09:31:56 CEST 2021] The txt record is added: Success.
[Fri Apr 23 09:31:56 CEST 2021] Sleep 20 seconds for the txt records to take effect
[Fri Apr 23 09:32:16 CEST 2021] ok, let's start to verify
[Fri Apr 23 09:32:16 CEST 2021] Verifying: opnsense.home.example.com
[Fri Apr 23 09:32:16 CEST 2021] d='opnsense.home.example.com'
[Fri Apr 23 09:32:16 CEST 2021] keyauthorization='soaovEwT3XYXmWIrfhuA3W32BpkOP-sJ8Pm-yf_hM3c.D4qT5LVa92mckKnQMnTveG8T0qwEDojFoqSZamw7NBE'
[Fri Apr 23 09:32:16 CEST 2021] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/12555764122/MrEyTg'
[Fri Apr 23 09:32:16 CEST 2021] _currentRoot='dns_doapi'
[Fri Apr 23 09:32:16 CEST 2021] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/12555764122/MrEyTg'
[Fri Apr 23 09:32:16 CEST 2021] payload='{}'
[Fri Apr 23 09:32:16 CEST 2021] POST
[Fri Apr 23 09:32:16 CEST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/12555764122/MrEyTg'
[Fri Apr 23 09:32:16 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  --trace-ascii /tmp/tmp.bZupw9Cb '
[Fri Apr 23 09:32:17 CEST 2021] _ret='0'
[Fri Apr 23 09:32:17 CEST 2021] code='200'
[Fri Apr 23 09:32:17 CEST 2021] trigger validation code: 200
[Fri Apr 23 09:32:17 CEST 2021] sleep 2 secs to verify
[Fri Apr 23 09:32:19 CEST 2021] checking
[Fri Apr 23 09:32:19 CEST 2021] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/12555764122/MrEyTg'
[Fri Apr 23 09:32:19 CEST 2021] payload
[Fri Apr 23 09:32:19 CEST 2021] POST
[Fri Apr 23 09:32:19 CEST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/12555764122/MrEyTg'
[Fri Apr 23 09:32:19 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  --trace-ascii /tmp/tmp.bZupw9Cb '
[Fri Apr 23 09:32:20 CEST 2021] _ret='0'
[Fri Apr 23 09:32:20 CEST 2021] code='200'
[Fri Apr 23 09:32:20 CEST 2021] opnsense.home.example.com:Verify error:CAA record for opnsense.home.example.com prevents issuance
[Fri Apr 23 09:32:20 CEST 2021] Skip for removelevel:
[Fri Apr 23 09:32:20 CEST 2021] pid
[Fri Apr 23 09:32:20 CEST 2021] No need to restore nginx, skip.
[Fri Apr 23 09:32:20 CEST 2021] _clearupdns
[Fri Apr 23 09:32:20 CEST 2021] dns_entries='opnsense.home.example.com,_acme-challenge.opnsense.home.example.com,,dns_doapi,_uncpSBWS5RZbjow2ouFzICGEPDJU6RMOZ69JoXek6g,/usr/local/share/examples/acme.sh/dnsapi/dns_doapi.sh
'
[Fri Apr 23 09:32:20 CEST 2021] Removing DNS records.
[Fri Apr 23 09:32:20 CEST 2021] d='opnsense.home.example.com'
[Fri Apr 23 09:32:20 CEST 2021] txtdomain='_acme-challenge.opnsense.home.example.com'
[Fri Apr 23 09:32:20 CEST 2021] aliasDomain='_acme-challenge.opnsense.home.example.com'
[Fri Apr 23 09:32:20 CEST 2021] _currentRoot='dns_doapi'
[Fri Apr 23 09:32:20 CEST 2021] txt='_uncpSBWS5RZbjow2ouFzICGEPDJU6RMOZ69JoXek6g'
[Fri Apr 23 09:32:20 CEST 2021] d_api='/usr/local/share/examples/acme.sh/dnsapi/dns_doapi.sh'
[Fri Apr 23 09:32:20 CEST 2021] Removing txt: _uncpSBWS5RZbjow2ouFzICGEPDJU6RMOZ69JoXek6g for domain: _acme-challenge.opnsense.home.example.com
[Fri Apr 23 09:32:20 CEST 2021] Deleting resource record _acme-challenge.opnsense.home.example.com
[Fri Apr 23 09:32:20 CEST 2021] GET
[Fri Apr 23 09:32:20 CEST 2021] url='https://www.do.de/api/letsencrypt?token=geheim&domain=_acme-challenge.opnsense.home.example.com&action=delete'
[Fri Apr 23 09:32:20 CEST 2021] timeout=
[Fri Apr 23 09:32:20 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  --trace-ascii /tmp/tmp.bZupw9Cb '
[Fri Apr 23 09:32:21 CEST 2021] ret='0'
[Fri Apr 23 09:32:21 CEST 2021] Removed: Success
[Fri Apr 23 09:32:21 CEST 2021] _on_issue_err
[Fri Apr 23 09:32:21 CEST 2021] Please check log file for more details: /var/log/acme.sh.log
[Fri Apr 23 09:32:21 CEST 2021] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/12555764122/MrEyTg'
[Fri Apr 23 09:32:21 CEST 2021] payload='{}'
[Fri Apr 23 09:32:21 CEST 2021] POST
[Fri Apr 23 09:32:21 CEST 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/12555764122/MrEyTg'
[Fri Apr 23 09:32:21 CEST 2021] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header  -L  --trace-ascii /tmp/tmp.bZupw9Cb '
[Fri Apr 23 09:32:21 CEST 2021] _ret='0'
[Fri Apr 23 09:32:21 CEST 2021] code='400'
[Fri Apr 23 09:32:21 CEST 2021] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.1d-freebsd  10 Sep 2019
apache:
apache doesn't exist.
nginx:
nginx doesn't exist.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.4.1 on Apr 20 2021 04:27:51
   running on FreeBSD version FreeBSD 12.1-RELEASE-p16-HBSD #0  b531d3958f5(stable/21.1)-dirty: Tue Apr 20 11:00:08 CEST 2021     root@sensey:/usr/obj/usr/src/amd64.amd64/sys/SMP, release 12.1-RELEASE-p16-HBSD, machine amd64
features:
  #define WITH_STDIO 1
  #define WITH_FDNUM 1
  #define WITH_FILE 1
  #define WITH_CREAT 1
  #define WITH_GOPEN 1
  #define WITH_TERMIOS 1
  #define WITH_PIPE 1
  #define WITH_UNIX 1
  #undef WITH_ABSTRACT_UNIXSOCKET
  #define WITH_IP4 1
  #define WITH_IP6 1
  #define WITH_RAWIP 1
  #define WITH_GENERICSOCKET 1
  #undef WITH_INTERFACE
  #define WITH_TCP 1
  #define WITH_UDP 1
  #define WITH_SCTP 1
  #define WITH_LISTEN 1
  #define WITH_SOCKS4 1
  #define WITH_SOCKS4A 1
  #undef WITH_VSOCK
  #define WITH_PROXY 1
  #define WITH_SYSTEM 1
  #define WITH_EXEC 1
  #undef WITH_READLINE
  #undef WITH_TUN
  #define WITH_PTY 1
  #define WITH_OPENSSL 1
  #undef WITH_FIPS
  #define WITH_LIBWRAP 1
  #define WITH_SYCLS 1
  #define WITH_FILAN 1
  #define WITH_RETRY 1
  #define WITH_MSGLEVEL 0 /*debug*/
Pages1