Messages

1

24.7 Production Series / WireGuard - After Reboot, Clients Can't Connect

« on: October 26, 2024, 08:59:29 pm »

Anecdotally after the most recent update, WireGuard seems to be having issues after a reboot of OPNsense now. WG clients aren't able to connect, I restart the WG service, and they're able to connect again. Easy to mitigate, but it's very manual intervention, and not sure why it started happening. Just thought I'd mention it.

2

24.1 Legacy Series / Re: WAN IPv6 address not renewing after initial dhcp request

« on: July 10, 2024, 05:32:06 pm »

I've tracked down what is happening on my simple setup (address only, no prefix) and created a PR for discussion:-

https://github.com/opnsense/dhcp6c/pull/36

Wondering if my situation over the past couple of weeks could be related, this was working before:

1. WAN pulls IPv6 fine via DHCPv6 client.
2. LAN has a static IPv6 address. Clients pull an IPv6 address via routing advertisement (managed mode) and DHCPv6 server (so I can control the address they receive). This stopped working though I noticed one day on my phone when I saw it didn't pull an IPv6 address.
3. So I dropped back versions of dhcpv6c and opnsense proper ( 24.1.8 ) as stated in the thread. This only allowed me to serve out clients via unmanaged routing advertisements and not via the DHCPv6 server I have running.

So with that background, the question is does anyone think this issue would affect the ability to use the DHCPv6 server to serve out static-mapped addresses with routing advertisements set to managed (not working) instead of unmanaged (working) as it is now?

3

24.1 Legacy Series / Re: Cannot route to internet after upgrade

« on: February 05, 2024, 11:07:24 pm »

Thanks for the quick reply! That was definitely it.

4

24.1 Legacy Series / Cannot route to internet after upgrade

« on: February 05, 2024, 10:49:45 pm »

Upgraded to 24.1_1, cannot ping out to the internet now. Not sure what changed.

Pinging from OPNsense command line:

PING 8.8.8.8 (8.8.8.: 56 data bytes
ping: sendto: No route to host

Has anyone else seen this?

I have stopped suricata, zenarmor, crowdsec, and nothing seems to help.

5

23.7 Legacy Series / Re: Upgradethread 23.1.11_1 to 23.7

« on: August 09, 2023, 03:02:31 pm »

Upgraded yesterday and I must say: superb job! I've been up almost 24 hours and it's smooth sailing so far.

6

23.1 Legacy Series / Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6

« on: May 31, 2023, 06:24:09 pm »

Yeah I updated mid-typing.

7

23.1 Legacy Series / Re: IPv6 PD not work after update OPNSense from 22.7.11->23.1_6

« on: May 31, 2023, 05:47:06 pm »

Update: whatever was fixed regarding IPv6, DHCPv6 and delegated prefixes in the 23.1.8 update seems to have resolved my IPv6 dropping issues. I rebooted afterward and at the very least, so far, have not had to touch it. It just works. 

8

23.1 Legacy Series / Re: [CALL FOR TESTING] Netmap generic mode queue stall fixes

« on: May 08, 2023, 03:33:30 pm »

Understood.

Question on ZenArmor config: Do I need to use the Emulated driver for this or can I use Native?

9

23.1 Legacy Series / Re: [CALL FOR TESTING] Netmap generic mode queue stall fixes

« on: May 04, 2023, 09:39:42 pm »

Ohhh. Geez man, I'm slow. Hmm, well I'm wondering then why I'm still getting these drop issues when I switch ZenArmor out of monitoring-only mode. :\ Oh well, thanks for the help.

10

23.1 Legacy Series / Re: [CALL FOR TESTING] Netmap generic mode queue stall fixes

« on: May 04, 2023, 09:03:23 pm »

We are looking for internal approval between participating parties on the last published state for 23.1.6. Overall it looks like we are better off with the patches than without and we likely won't get broader feedback otherwise. If not I expect 23.1.7 to have it in a few weeks.

Based on this comment, I was thinking the patches for netmap issues were going to be a part of the 23.1.7 release. Guess that's not the case.

11

23.1 Legacy Series / Re: [CALL FOR TESTING] Netmap generic mode queue stall fixes

« on: May 03, 2023, 07:49:40 pm »

Hi @dfw3xam1n3r
Did you test Zenarmor with Routed (L3 Mode, Reporting and Blocking available) with emulated netmap driver on OPNsense 23.1.6 and have any issues? Some users reported that their problems are resolved with this configuration.

Yeah I did and the same thing happened, so I'm just in monitoring mode until 23.1.7 comes out.

12

23.1 Legacy Series / Re: After 3 days, LAN interface completely drops connectivity

« on: April 26, 2023, 05:10:23 pm »

We have the exact same issue running 23.1 with an Watchguard M370 appliance.

Lan port appears up but the connectivity is lost and it is not visible from the lat network even with arp -a.

The problem happens infrequently every 7-14 days and is very difficult to track down. VPN and WAN interface work and the firewall management is acccessible when this happens (Through VPN). Zenarmor is activated, but it is not really doing much besides reporting: Routed Mode (L3 Mode, Reporting + Blocking) with native netmap driver.

Will try with the emulated driver if that will fix the issue. The logs have nothing noteworthy from the time of the issue happening.

Just installed the latest 23.1.6 patches but not feeling optimistic since this has happened multiple times already.

Any ideas on tracking down the issue?

This issue will be fixed in 23.1.7 coming out in a couple of weeks, re: netmap/ZenArmor issue. Here is a thread on it. https://forum.opnsense.org/index.php?topic=32114.75. In the thread there were patches you can apply in the interim. I just have my ZenArmor set to monitoring only for now.

13

23.1 Legacy Series / Re: [CALL FOR TESTING] Netmap generic mode queue stall fixes

« on: April 23, 2023, 04:29:39 pm »

[EDIT: Franco: Just realized you said it will be in 23.1.7, not .6. Nevermind!]

My connection still dropped. I don't know why. I was away when it happened and was able to bring it back up remotely. Restarting ZenArmor didn't help though, only a reboot. Currently have ZenArmor set to monitor only for now.

Just for my confirmation, I've upgraded to 23.1.6, and re: ZenArmor (when I take it out of monitoring only) I'm supposed to be using the emulated netmap driver not the native correct? Do I need to do anything with IDS/IPS/Suricata since I'm running that as well?

14

23.1 Legacy Series / Re: [CALL FOR TESTING] Netmap generic mode queue stall fixes

« on: April 18, 2023, 05:23:35 pm »

Thanks Franco.

Hate to report though that with all of the right things in place, I still dropped early this morning and had to restart ZenArmor to resolve it. It was a longer uptime duration this time, but it still wound up dropping packets on LAN. :/

15

23.1 Legacy Series / Re: [CALL FOR TESTING] Netmap generic mode queue stall fixes

« on: April 17, 2023, 05:50:21 pm »

I'm up four days now after applying the patch (correctly, don't think I did the first time) and using netmap emulator for ZenArmor config. This is the longest I've been running since upgrading to 23.1. Things have been, dare I say it, stable? Fingers crossed.