Messages

Hi OPNsense-Team

Could you add the init7.net mirror to https://opnsese/ui/core/firmware#settings

Code Select Expand

https://mirror.init7.net/opnsense/FreeBSD:13:amd64/24.1

I can't add to the menu only in the config file for

https://opnsense/ui/core/firmware#status

Code Select Expand

type opnsense-devel
Version 24.7.b
Architecture amd64
Commit 4e1613489
Mirror https://mirror.init7.net/opnsense/FreeBSD:13:amd64/24.1
Repositories OPNsense
Updated on Tue May 21 17:39:20 CEST 2024
Checked on Sat May 25 15:10:50 CEST 2024

Much appreciated

Hi!

I have a ArchLinux client with bond0 interface and a OPNsense router. I have to reboot the router every time after a kernel update on the client.

the habits is that he lost connection on ping.

Code Select Expand

[morta@5erver ~]$ ping google.ch
PING google.ch (142.250.203.99) 56(84) bytes of data.
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=1 ttl=110 time=3.30 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=2 ttl=110 time=3.25 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=3 ttl=110 time=3.25 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=4 ttl=110 time=3.26 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=5 ttl=110 time=3.25 ms
From 5erver (192.168.1.100) icmp_seq=6 Destination Host Unreachable
From 5erver (192.168.1.100) icmp_seq=7 Destination Host Unreachable
From 5erver (192.168.1.100) icmp_seq=8 Destination Host Unreachable
From 192.168.1.100 (192.168.1.100) icmp_seq=9 Destination Host Unreachable
From 5erver (192.168.1.100) icmp_seq=10 Destination Host Unreachable
From 5erver (192.168.1.100) icmp_seq=11 Destination Host Unreachable
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=12 ttl=110 time=186 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=13 ttl=110 time=3.27 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=14 ttl=110 time=3.38 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=15 ttl=110 time=3.27 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=16 ttl=110 time=3.28 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=17 ttl=110 time=3.29 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=18 ttl=110 time=3.25 ms
q64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=19 ttl=110 time=3.26 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=20 ttl=110 time=3.27 ms


after reboot of the router isn't anymore packet loss. On the router isn't it at anytime packet loss.

My toughts goes to the DHCP-server of OPNsense....

Why?

Thx

Sorry DoT

Hi!

How I can tell Unbound to use DoT of my ISP? They provide both DNS and DoT.

Cheers

Thx!

The server runs now under 192.168.1.100:8000 but I have the problem that System -> Backup doesn't display me is this not in the core?

My config looks like this

Code Select Expand

// copy this template to config.local.php and adjust settings
return new PhalconConfig(array(
    'application' => array(
            /* Usually keep defaults as is */
            'cacheDir'       => __DIR__ . '/../cache/',
            'baseUri'        => '/opnsense_gui/',
    ),
    'globals' => array(
        /* Usually keep defaults as is */
        'config_path'    => __DIR__ . '/../conf/',
        'temp_path'      => __DIR__ . '/../temp/',
        'debug'          => false,
        'simulate_mode'  => true
    ),
    'environment' => array(
        /* packages to include in setup */
'packages'      => array(
     '/usr/share/webapps/opnsense/www/plugins/sysutils/nextcloud-backup'
        ),
        /* location of OPNsense core package */
        'coreDir'        => '/usr/share/webapps/opnsense/www/core',
    )
));

Hi
Is there a way to run the GUI only on a webserver?

I know the vagrant image for developing propse.

Thx 4 input
Modify message

I wull give a try

One question more... Why are the static and dynamic leases not shown in the NDP table of DHCPv6 in spite of applied the two patches from the other thread?

Seems to work. The long IPv6 prefix is disappeared and the DHCPV6 serves only one dynamic IPv6 from the range to the clients. It's not IPv6 only. Thanks for the inputs.

Where can I check if it's SLAAC adresses?

Are your router advertisements set to "managed"? (Services -> Router Advertisements -> LAN)  Your devices won't try to talk to a DHCP server unless the M (managed) flag is set.

Is there any thoughts to change from assited to managed?


I changed to managed. I will give a look if it's do the changes...

No changes at first look. Also no addresses under DHCPv6 leases....

Take a look at this thread: https://forum.opnsense.org/index.php?topic=35135.0

There's currently a bug where dynamic leases aren't showing up in the GUI.  There's a patch available in that thread.  But yes, it should be set to managed if you want DHCP to work. 

Try restarting networking on the client (systemctl restart systemd-networkd) or just rebooting it.

Also, do you have a static IP assigned to the LAN interface?  I remember there being bugs in the past if you were using "track interface"

Edit: actually, assisted should work also.

SLAAC stands for stateless address auto configuration, meaning, your workstation assigns itself an IP address based on what it sees in the router advertisements.  It's kind of like a 169.254 address in ipv4.  These self-assigned addresses COULD be based on your MAC address, unless your client has security extensions enabled, in which case they won't be based off your MAC.

Maybe you'll see something interesting if you tail your dhcp logs: tail -f /var/log/dhcpd/latest.log

Edit #2: is there anything in your /var/dhcpd/var/db/dhcpd6.leases file?

1. I did the both patch and rebooted the router no affects...

2.

Code Select Expand

<190>1 2023-08-02T06:01:08+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="26"] Renew message from fe80::3e01:efff:fe53:31f6 port 546, transaction ID 0x78137F00
<190>1 2023-08-02T06:01:08+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="27"] Sending Reply to fe80::3e01:efff:fe53:31f6 port 546
<190>1 2023-08-02T06:01:08+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="28"] Request message from fe80::3e01:efff:fe53:31f6 port 546, transaction ID 0x7731700
<191>1 2023-08-02T06:01:08+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="29"] Picking pool address 2a02:168:a774::bdcb
<190>1 2023-08-02T06:01:08+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="30"] Reply NA: address 2a02:168:a774::bdcb to client with duid 00:01:00:01:2c:3e:a1:c8:3c:01:ef:53:31:f6 iaid = -279760394 valid for 7200 seconds
<190>1 2023-08-02T06:01:08+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="31"] Sending Reply to fe80::3e01:efff:fe53:31f6 port 546
<190>1 2023-08-02T06:01:18+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="32"] Solicit message from fe80::be3b:ea53:bdd:9f8c port 546, transaction ID 0x43DB4400
<190>1 2023-08-02T06:01:18+02:00 r0uter.netw0rk dhcpd 24269 - [meta sequenceId="33"] Reply NA: address 2a02:168:a774::f3b8 to client with duid


3.

Code Select Expand


# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.4.3-P1

# authoring-byte-order entry is generated, DO NOT DELETE
authoring-byte-order little-endian;

server-duid "\000\001\000\001)'\263\200\002z\367U`\000";

ia-na "\000\000\000\000\000\003\000\001\276\315\010\016\303\227" {
  cltt 2 2023/08/01 08:01:08;
  iaaddr 2a02:168:a774::c931 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:01:08;
  }
}

ia-na "\036\2758[\000\004i&\023\306\263\032\217\367o\265\343\371%\334MB" {
  cltt 2 2023/08/01 08:06:03;
  iaaddr 2a02:168:a774::9efd {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:06:03;
  }
}

ia-na "i\217\226\015\000\004W\232\274\312\221\"\331\202\206\365\010b\324\001\3036" {
  cltt 2 2023/08/01 08:05:47;
  iaaddr 2a02:168:a774::98ba {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:05:47;
  }
}

ia-na "\241\033\316\370\000\002\000\000\253\021\220\331iz\030\2217\255" {
  cltt 2 2023/08/01 08:06:11;
  iaaddr 2a02:168:a774::dd07 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:06:11;
  }
}

server-duid "\000\001\000\001)'\263\200\002z\367U`\000";

ia-na "\000\000\000\000\000\003\000\001\276\315\010\016\303\227" {
  cltt 2 2023/08/01 08:01:08;
  iaaddr 2a02:168:a774::c931 {
    binding state expired;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:01:08;
  }
}

ia-na "i\217\226\015\000\004W\232\274\312\221\"\331\202\206\365\010b\324\001\3036" {
  cltt 2 2023/08/01 08:05:47;
  iaaddr 2a02:168:a774::98ba {
    binding state expired;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:05:47;
  }
}

ia-na "\036\2758[\000\004i&\023\306\263\032\217\367o\265\343\371%\334MB" {
  cltt 2 2023/08/01 08:06:03;
  iaaddr 2a02:168:a774::9efd {
    binding state expired;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:06:03;
  }
}

ia-na "\241\033\316\370\000\002\000\000\253\021\220\331iz\030\2217\255" {
  cltt 2 2023/08/01 08:06:11;
  iaaddr 2a02:168:a774::dd07 {
    binding state expired;
    preferred-life 4500;
    max-life 7200;
    ends 2 2023/08/01 10:06:11;
  }
}

ia-na "\241\033\316\370\000\002\000\000\253\021\220\331iz\030\2217\255" {
  cltt 3 2023/08/02 03:11:41;
  iaaddr 2a02:168:a774::dd07 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:11:41;
  }
}

ia-na "\337\232\205F\000\004\250'\325\215\376d_\263\002\000w\022O4\037\023" {
  cltt 3 2023/08/02 03:11:48;
  iaaddr 2a02:168:a774::f3b8 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:11:48;
  }
}

ia-na "i\217\226\015\000\004W\232\274\312\221\"\331\202\206\365\010b\324\001\3036" {
  cltt 3 2023/08/02 03:12:03;
  iaaddr 2a02:168:a774::98ba {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:12:03;
  }
}

ia-na "\036\2758[\000\004i&\023\306\263\032\217\367o\265\343\371%\334MB" {
  cltt 3 2023/08/02 03:12:20;
  iaaddr 2a02:168:a774::9efd {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:12:20;
  }
}

ia-na "\000\000\000\000\000\003\000\001\276\315\010\016\303\227" {
  cltt 3 2023/08/02 03:16:33;
  iaaddr 2a02:168:a774::c931 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:16:33;
  }
}

ia-na "i\217\226\015\000\004W\232\274\312\221\"\331\202\206\365\010b\324\001\3036" {
  cltt 3 2023/08/02 03:42:09;
  iaaddr 2a02:168:a774::98ba {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:42:09;
  }
}

ia-na "\337\232\205F\000\004\250'\325\215\376d_\263\002\000w\022O4\037\023" {
  cltt 3 2023/08/02 03:42:14;
  iaaddr 2a02:168:a774::f3b8 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:42:14;
  }
}

ia-na "\036\2758[\000\004i&\023\306\263\032\217\367o\265\343\371%\334MB" {
  cltt 3 2023/08/02 03:42:50;
  iaaddr 2a02:168:a774::9efd {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:42:50;
  }
}

ia-na "\000\000\000\000\000\003\000\001\276\315\010\016\303\227" {
  cltt 3 2023/08/02 03:54:03;
  iaaddr 2a02:168:a774::c931 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 05:54:03;
  }
}

ia-na "\3661S\357\000\001\000\001,>\241\310<\001\357S1\366" {
  cltt 3 2023/08/02 04:01:08;
  iaaddr 2a02:168:a774::bdcb {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 06:01:08;
  }
}

ia-na "\241\033\316\370\000\002\000\000\253\021\220\331iz\030\2217\255" {
  cltt 3 2023/08/02 04:07:11;
  iaaddr 2a02:168:a774::dd07 {
    binding state active;
    preferred-life 4500;
    max-life 7200;
    ends 3 2023/08/02 06:07:11;
  }
}


Where can I check if it's SLAAC adresses?

Are your router advertisements set to "managed"? (Services -> Router Advertisements -> LAN)  Your devices won't try to talk to a DHCP server unless the M (managed) flag is set.

Is there any thoughts to change from assited to managed?


I changed to managed. I will give a look if it's do the changes...

No changes at first look. Also no addresses under DHCPv6 leases....

Where can I check if it's SLAAC adresses?

Are your router advertisements set to "managed"? (Services -> Router Advertisements -> LAN)  Your devices won't try to talk to a DHCP server unless the M (managed) flag is set.

Is there any thoughts to change from assited to managed?

I changed to managed. I will give a look if it's do the changes...

Where can I check if it's SLAAC adresses?

Are your router advertisements set to "managed"? (Services -> Router Advertisements -> LAN)

Assisted