Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - mlazzarotto

Pages: [1]

General Discussion / Re: Unbound returns IPs of all interfaces OPNsense

« on: August 03, 2024, 08:02:03 pm »

Quote from: myradon on April 18, 2020, 06:49:02 pm

@stefanpf Thanks a lot! It works great

Maybe for someone else comes in handy; Add to field "Custom options";

Code: [Select]
#Access control for remote IP Range access-control-view: 192.168.130.128/25 bridgelan access-control-view: 192.168.131.128/29 wirelessguest access-control-view: 192.168.132.1/24 bridgeiot access-control-view: 192.168.133.128/29 dmz #View to return for external range only defined ip for firewall, assumed 192.168.100.254 is the IP of opnsense view: name: "bridgelan" local-zone: "myradon.net" transparent local-data: "opnsense.myradon.net A 192.168.130.129" local-data: "opnsense A 192.168.130.129" #view-first Unbound will try to use the view’s local-zone tree, and if there is no match it will search the global tree. view-first: yes view: name: "wirelessguest" local-zone: "myradon.net" transparent local-data: "opnsense.myradon.net A 192.168.131.129" local-data: "opnsense A 192.168.131.129" #view-first Unbound will try to use the view’s local-zone tree, and if there is no match it will search the global tree. view-first: yes view: name: "bridgeiot" local-zone: "myradon.net" transparent local-data: "opnsense.myradon.net A 192.168.132.1" local-data: "opnsense A 192.168.132.1" #view-first Unbound will try to use the view’s local-zone tree, and if there is no match it will search the global tree. view-first: yes view: name: "dmz" local-zone: "myradon.net" transparent local-data: "opnsense.myradon.net A 192.168.133.129" local-data: "opnsense A 192.168.133.129" #view-first Unbound will try to use the view’s local-zone tree, and if there is no match it will search the global tree. view-first: yes

Hey, have you found a better option? I was thinking of adding an override to have just 1 IP

21.7 Legacy Series / Re: Wireguard service not starting at boot

« on: March 20, 2022, 06:15:24 pm »

Quote from: mimugmail on March 18, 2022, 08:26:35 pm

So you dont have to use fqdn if resolver cant start to work

I guess so, if there's no solution...

21.7 Legacy Series / Re: Wireguard service not starting at boot

« on: March 18, 2022, 06:15:08 pm »

Quote from: mimugmail on March 03, 2022, 07:37:13 pm

Can you have a look at the console during startup?

This is what I've found (see attached pic).

21.7 Legacy Series / Re: Wireguard service not starting at boot

« on: February 03, 2022, 05:27:25 pm »

bump
my idea is that the wireguard service should be started later during the boot
in the meantime I scheduled a cronjob to start the service every 30 minutes $:-\$

21.7 Legacy Series / Wireguard service not starting at boot

« on: January 30, 2022, 04:45:12 pm »

I have Wireguard installed on my OPNsense, it's working fine, but the service is not starting up automatically at boot.

Looking at the logs I've found this:

Code: [Select]

Jan 30 16:21:58 OPNsense.mlazzarotto.local opnsense[32132]: plugins_configure openvpn_prepare (,wg0)
Jan 30 16:21:58 OPNsense.mlazzarotto.local opnsense[32132]: plugins_configure openvpn_prepare (execute task : openvpn_prepare(,wg0))
Jan 30 16:21:58 OPNsense.mlazzarotto.local opnsense[32132]: /usr/local/etc/rc.bootup: The command '/sbin/ifconfig 'wg0' inet '10.6.0.4'/'24'' returned exit code '1', the output was 'ifconfig: interface wg0 does not exist'
Jan 30 16:21:58 OPNsense.mlazzarotto.local opnsense[32132]: /usr/local/etc/rc.bootup: The command '/sbin/ifconfig 'wg0' inet6 -accept_rtadv' returned exit code '1', the output was 'ifconfig: interface wg0 does not exist'
Jan 30 16:21:58 OPNsense.mlazzarotto.local opnsense[32132]: /usr/local/etc/rc.bootup: The command '/sbin/ifconfig 'wg0' -staticarp' returned exit code '1', the output was 'ifconfig: interface wg0 does not exist'

And on dmesg, the following

Code: [Select]

tun0: link state changed to UP
tun0: changing name to 'wg0'
wg0: link state changed to DOWN
WARNING: attempt to domain_add(netgraph) after domainfinalize()
tun0: link state changed to UP
tun0: changing name to 'wg0'
arp: 192.168.1.99 moved from 5c:3a:45:b0:b0:1f to 54:a0:50:58:62:24 on vtnet0
arp: 192.168.1.99 moved from 54:a0:50:58:62:24 to 5c:3a:45:b0:b0:1f on vtnet0
arp: 192.168.1.99 moved from 5c:3a:45:b0:b0:1f to 54:a0:50:58:62:24 on vtnet0
arp: 192.168.1.99 moved from 54:a0:50:58:62:24 to 5c:3a:45:b0:b0:1f on vtnet0
pid 87946 (syslog-ng), jid 0, uid 0: exited on signal 6 (core dumped)
pid 7483 (syslog-ng), jid 0, uid 0: exited on signal 6 (core dumped)
pid 55579 (syslog-ng), jid 0, uid 0: exited on signal 6 (core dumped)
pid 5568 (syslog-ng), jid 0, uid 0: exited on signal 6 (core dumped)
pid 39078 (syslog-ng), jid 0, uid 0: exited on signal 6 (core dumped)
[HBSD SEGVGUARD] [syslog-ng (39078)] Suspending execution for 600 seconds after 5 crashes.
 -> pid: 39078 ppid: 52292 p_pax: 0xa50<SEGVGUARD,ASLR,NOSHLIBRANDOM,NODISALLOWMAP32BIT>
[HBSD SEGVGUARD] [syslog-ng (52292)] Preventing execution due to repeated segfaults.
 -> pid: 52292 ppid: 1 p_pax: 0xa50<SEGVGUARD,ASLR,NOSHLIBRANDOM,NODISALLOWMAP32BIT>
wg0: link state changed to DOWN
Waiting (max 60 seconds) for system process `vnlru' to stop... done
Waiting (max 60 seconds) for system process `syncer' to stop... fsync: giving up on dirty (error = 35) 0xfffff80003b21000: tag devfs, type VCHR
    usecount 1, writecount 0, refcount 130 rdev 0xfffff80003c5c200
    flags (VI_ACTIVE)
    v_object 0xfffff80003a8c800 ref 0 pages 4066 cleanbuf 127 dirtybuf 1
    lock type devfs: EXCL by thread 0xfffff80003abe5e0 (pid 95591, syncer, tid 100126)
        dev gpt/rootfs

os-wireguard: version 1.10
opnsense version: 21.7.8
When I start it manually, it works.

Pages: [1]