Messages

1

General Discussion / Could you add init7.net mirror as a option?

« on: May 25, 2024, 03:32:29 pm »

Hi OPNsense-Team

Could you add the init7.net mirror to https://opnsese/ui/core/firmware#settings

Code: [Select]

https://mirror.init7.net/opnsense/FreeBSD:13:amd64/24.1
I can't add to the menu only in the config file for

https://opnsense/ui/core/firmware#status

Code: [Select]

type opnsense-devel
Version 24.7.b
Architecture amd64
Commit 4e1613489
Mirror https://mirror.init7.net/opnsense/FreeBSD:13:amd64/24.1
Repositories OPNsense
Updated on Tue May 21 17:39:20 CEST 2024
Checked on Sat May 25 15:10:50 CEST 2024
Much appreciated

2

23.7 Legacy Series / reboot of opnsense every time after kernel update of client

« on: November 11, 2023, 02:12:35 pm »

Hi!

I have a ArchLinux client with bond0 interface and a OPNsense router. I have to reboot the router every time after a kernel update on the client.

the habits is that he lost connection on ping.

Code: [Select]

[morta@5erver ~]$ ping google.ch
PING google.ch (142.250.203.99) 56(84) bytes of data.
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=1 ttl=110 time=3.30 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=2 ttl=110 time=3.25 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=3 ttl=110 time=3.25 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=4 ttl=110 time=3.26 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=5 ttl=110 time=3.25 ms
From 5erver (192.168.1.100) icmp_seq=6 Destination Host Unreachable
From 5erver (192.168.1.100) icmp_seq=7 Destination Host Unreachable
From 5erver (192.168.1.100) icmp_seq=8 Destination Host Unreachable
From 192.168.1.100 (192.168.1.100) icmp_seq=9 Destination Host Unreachable
From 5erver (192.168.1.100) icmp_seq=10 Destination Host Unreachable
From 5erver (192.168.1.100) icmp_seq=11 Destination Host Unreachable
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=12 ttl=110 time=186 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=13 ttl=110 time=3.27 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=14 ttl=110 time=3.38 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=15 ttl=110 time=3.27 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=16 ttl=110 time=3.28 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=17 ttl=110 time=3.29 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=18 ttl=110 time=3.25 ms
q64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=19 ttl=110 time=3.26 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=20 ttl=110 time=3.27 ms

after reboot of the router isn't anymore packet loss. On the router isn't it at anytime packet loss.

My toughts goes to the DHCP-server of OPNsense....

Why?

3

23.7 Legacy Series / Re: How I can tell unbound to use DoT if ISP nativly?

« on: August 07, 2023, 09:15:09 pm »

Thx

4

23.7 Legacy Series / Re: How I can tell unbound to use DoT if ISP nativly?

« on: August 07, 2023, 08:49:34 pm »

Sorry DoT

5

23.7 Legacy Series / How I can tell unbound to use DoT if ISP nativly?

« on: August 07, 2023, 08:04:12 pm »

Hi!

How I can tell Unbound to use DoT of my ISP? They provide both DNS and DoT.

Cheers

6

Development and Code Review / Re: Run GUI for development with own webserver

« on: August 06, 2023, 08:41:00 pm »

7

Development and Code Review / Re: Run GUI for development with own webserver

« on: August 06, 2023, 08:07:43 pm »

Thx!

The server runs now under 192.168.1.100:8000 but I have the problem that System -> Backup doesn't display me is this not in the core?

My config looks like this

Code: [Select]

// copy this template to config.local.php and adjust settings
return new PhalconConfig(array(
    'application' => array(
            /* Usually keep defaults as is */
            'cacheDir'       => __DIR__ . '/../cache/',
            'baseUri'        => '/opnsense_gui/',
    ),
    'globals' => array(
        /* Usually keep defaults as is */
        'config_path'    => __DIR__ . '/../conf/',
        'temp_path'      => __DIR__ . '/../temp/',
        'debug'          => false,
        'simulate_mode'  => true
    ),
    'environment' => array(
        /* packages to include in setup */
'packages'      => array(
     '/usr/share/webapps/opnsense/www/plugins/sysutils/nextcloud-backup'
        ),
        /* location of OPNsense core package */
        'coreDir'        => '/usr/share/webapps/opnsense/www/core',
    )
));

8

Development and Code Review / Run GUI for development with own webserver

« on: August 04, 2023, 05:15:06 pm »

Hi
Is there a way to run the GUI only on a webserver?

I know the vagrant image for developing propse.

Thx 4 input
Modify message

9

Development and Code Review / Re: OPNsense Vagrant project updated for 23.7

« on: August 04, 2023, 05:12:01 pm »

I wull give a try

10

23.7 Legacy Series / Re: DHCPv6 range

« on: August 02, 2023, 07:09:06 pm »

One question more... Why are the static and dynamic leases not shown in the NDP table of DHCPv6 in spite of applied the two patches from the other thread?

11

23.7 Legacy Series / Re: DHCPv6 range

« on: August 02, 2023, 05:17:32 pm »

Seems to work. The long IPv6 prefix is disappeared and the DHCPV6 serves only one dynamic IPv6 from the range to the clients. It’s not IPv6 only. Thanks for the inputs.

12

23.7 Legacy Series / Re: DHCPv6 range

« on: August 02, 2023, 06:09:07 am »

Where can I check if it’s SLAAC adresses?

Are your router advertisements set to "managed"? (Services -> Router Advertisements -> LAN)  Your devices won't try to talk to a DHCP server unless the M (managed) flag is set.

Is there any thoughts to change from assited to managed?


I changed to managed. I will give a look if it's do the changes...

No changes at first look. Also no addresses under DHCPv6 leases....

Take a look at this thread: https://forum.opnsense.org/index.php?topic=35135.0

There's currently a bug where dynamic leases aren't showing up in the GUI.  There's a patch available in that thread.  But yes, it should be set to managed if you want DHCP to work. 

Try restarting networking on the client (systemctl restart systemd-networkd) or just rebooting it.

Also, do you have a static IP assigned to the LAN interface?  I remember there being bugs in the past if you were using "track interface"

Edit: actually, assisted should work also.

SLAAC stands for stateless address auto configuration, meaning, your workstation assigns itself an IP address based on what it sees in the router advertisements.  It's kind of like a 169.254 address in ipv4.  These self-assigned addresses COULD be based on your MAC address, unless your client has security extensions enabled, in which case they won't be based off your MAC.

Maybe you'll see something interesting if you tail your dhcp logs: tail -f /var/log/dhcpd/latest.log

Edit #2: is there anything in your /var/dhcpd/var/db/dhcpd6.leases file?

1. I did the both patch and rebooted the router no affects...

2.

Code: [Select]

<190>1 2023-08-02T06:01:08+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="26"] Renew message from fe80::3e01:efff:fe53:31f6 port 546, transaction ID 0x78137F00
<190>1 2023-08-02T06:01:08+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="27"] Sending Reply to fe80::3e01:efff:fe53:31f6 port 546
<190>1 2023-08-02T06:01:08+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="28"] Request message from fe80::3e01:efff:fe53:31f6 port 546, transaction ID 0x7731700
<191>1 2023-08-02T06:01:08+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="29"] Picking pool address 2a02:168:a774::bdcb
<190>1 2023-08-02T06:01:08+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="30"] Reply NA: address 2a02:168:a774::bdcb to client with duid 00:01:00:01:2c:3e:a1:c8:3c:01:ef:53:31:f6 iaid = -279760394 valid for 7200 seconds
<190>1 2023-08-02T06:01:08+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="31"] Sending Reply to fe80::3e01:efff:fe53:31f6 port 546
<190>1 2023-08-02T06:01:18+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="32"] Solicit message from fe80::be3b:ea53:bdd:9f8c port 546, transaction ID 0x43DB4400
<190>1 2023-08-02T06:01:18+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="33"] Reply NA: address 2a02:168:a774::f3b8 to client with duid

3.

Code: [Select]

# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.4.3-P1

# authoring-byte-order entry is generated, DO NOT DELETE
authoring-byte-order little-endian;

server-duid "\000\001\000\001)'\263\200\002z\367U`\000";

ia-na "\000\000\000\000\000\003\000\001\276\315\010\016\303\227" {
  cltt 2 2023/08/01 08:01:08;
  iaaddr 2a02:168:a774::c931 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:01:08;
  }
}

ia-na "\036\2758[\000\004i&\023\306\263\032\217\367o\265\343\371%\334MB" {
  cltt 2 2023/08/01 08:06:03;
  iaaddr 2a02:168:a774::9efd {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:06:03;
  }
}

ia-na "i\217\226\015\000\004W\232\274\312\221\"\331\202\206\365\010b\324\001\3036" {
  cltt 2 2023/08/01 08:05:47;
  iaaddr 2a02:168:a774::98ba {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:05:47;
  }
}

ia-na "\241\033\316\370\000\002\000\000\253\021\220\331iz\030\2217\255" {
  cltt 2 2023/08/01 08:06:11;
  iaaddr 2a02:168:a774::dd07 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:06:11;
  }
}

server-duid "\000\001\000\001)'\263\200\002z\367U`\000";

ia-na "\000\000\000\000\000\003\000\001\276\315\010\016\303\227" {
  cltt 2 2023/08/01 08:01:08;
  iaaddr 2a02:168:a774::c931 {
    binding state expired;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:01:08;
  }
}

ia-na "i\217\226\015\000\004W\232\274\312\221\"\331\202\206\365\010b\324\001\3036" {
  cltt 2 2023/08/01 08:05:47;
  iaaddr 2a02:168:a774::98ba {
    binding state expired;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:05:47;
  }
}

ia-na "\036\2758[\000\004i&\023\306\263\032\217\367o\265\343\371%\334MB" {
  cltt 2 2023/08/01 08:06:03;
  iaaddr 2a02:168:a774::9efd {
    binding state expired;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:06:03;
  }
}

ia-na "\241\033\316\370\000\002\000\000\253\021\220\331iz\030\2217\255" {
  cltt 2 2023/08/01 08:06:11;
  iaaddr 2a02:168:a774::dd07 {
    binding state expired;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:06:11;
  }
}

ia-na "\241\033\316\370\000\002\000\000\253\021\220\331iz\030\2217\255" {
  cltt 3 2023/08/02 03:11:41;
  iaaddr 2a02:168:a774::dd07 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:11:41;
  }
}

ia-na "\337\232\205F\000\004\250'\325\215\376d_\263\002\000w\022O4\037\023" {
  cltt 3 2023/08/02 03:11:48;
  iaaddr 2a02:168:a774::f3b8 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:11:48;
  }
}

ia-na "i\217\226\015\000\004W\232\274\312\221\"\331\202\206\365\010b\324\001\3036" {
  cltt 3 2023/08/02 03:12:03;
  iaaddr 2a02:168:a774::98ba {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:12:03;
  }
}

ia-na "\036\2758[\000\004i&\023\306\263\032\217\367o\265\343\371%\334MB" {
  cltt 3 2023/08/02 03:12:20;
  iaaddr 2a02:168:a774::9efd {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:12:20;
  }
}

ia-na "\000\000\000\000\000\003\000\001\276\315\010\016\303\227" {
  cltt 3 2023/08/02 03:16:33;
  iaaddr 2a02:168:a774::c931 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:16:33;
  }
}

ia-na "i\217\226\015\000\004W\232\274\312\221\"\331\202\206\365\010b\324\001\3036" {
  cltt 3 2023/08/02 03:42:09;
  iaaddr 2a02:168:a774::98ba {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:42:09;
  }
}

ia-na "\337\232\205F\000\004\250'\325\215\376d_\263\002\000w\022O4\037\023" {
  cltt 3 2023/08/02 03:42:14;
  iaaddr 2a02:168:a774::f3b8 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:42:14;
  }
}

ia-na "\036\2758[\000\004i&\023\306\263\032\217\367o\265\343\371%\334MB" {
  cltt 3 2023/08/02 03:42:50;
  iaaddr 2a02:168:a774::9efd {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:42:50;
  }
}

ia-na "\000\000\000\000\000\003\000\001\276\315\010\016\303\227" {
  cltt 3 2023/08/02 03:54:03;
  iaaddr 2a02:168:a774::c931 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:54:03;
  }
}

ia-na "\3661S\357\000\001\000\001,>\241\310<\001\357S1\366" {
  cltt 3 2023/08/02 04:01:08;
  iaaddr 2a02:168:a774::bdcb {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 06:01:08;
  }
}

ia-na "\241\033\316\370\000\002\000\000\253\021\220\331iz\030\2217\255" {
  cltt 3 2023/08/02 04:07:11;
  iaaddr 2a02:168:a774::dd07 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 06:07:11;
  }
}


13

23.7 Legacy Series / Re: DHCPv6 range

« on: August 02, 2023, 05:13:47 am »

Where can I check if it’s SLAAC adresses?

Are your router advertisements set to "managed"? (Services -> Router Advertisements -> LAN)  Your devices won't try to talk to a DHCP server unless the M (managed) flag is set.

Is there any thoughts to change from assited to managed?


I changed to managed. I will give a look if it's do the changes...

No changes at first look. Also no addresses under DHCPv6 leases....

14

23.7 Legacy Series / Re: DHCPv6 range

« on: August 02, 2023, 05:07:38 am »

Where can I check if it’s SLAAC adresses?

Are your router advertisements set to "managed"? (Services -> Router Advertisements -> LAN)  Your devices won't try to talk to a DHCP server unless the M (managed) flag is set.

Is there any thoughts to change from assited to managed?

I changed to managed. I will give a look if it's do the changes...

15

23.7 Legacy Series / Re: DHCPv6 range

« on: August 02, 2023, 04:59:46 am »

Where can I check if it’s SLAAC adresses?

Are your router advertisements set to "managed"? (Services -> Router Advertisements -> LAN)

Assisted