Messages

1

23.1 Legacy Series / Re: Can't enable Ipv6 gateway

« on: June 01, 2023, 10:20:07 am »

Hi Franco,

Thanks for your info.
That was indeed the problem.
I hadn't spotted that there was a change required to move to PPPoEv6 on the interface config.

May I say you have provided great support here! Thanks again.

2

23.1 Legacy Series / Re: Can't enable Ipv6 gateway

« on: May 31, 2023, 02:13:04 pm »

Thanks, will try that.
Will have to wait a while as I have active VoIP sessions for some people on the phones here.
I would be unpopular if I dropped all those sessions.

3

23.1 Legacy Series / Re: Can't enable Ipv6 gateway

« on: May 31, 2023, 01:42:08 pm »

Okay, thanks for the pointers...

So, it looks like I should investigate the WAN1 interfaces.
This is PPPoE, has a static IPv6 address and uses IPv4 for connectivity is ticked.
 Indeed the static IPv6 address on the outside interface isn't pingable from the internet, nor the inside of the firewall.

Mybe our ISP has changed something and it just roughly coincided with the last firewall update (or only became applied at the point of that reboot).

4

23.1 Legacy Series / Re: Can't enable Ipv6 gateway

« on: May 31, 2023, 01:24:26 pm »

Update: Even more odd.

I have a 'spare' IPv4 gateway that is to be used for a second WAN connection in due course.
At present, it doesn't have anything plugged in to the ethernet port.

That too shows as online, and trying to enable it either via the config screen or the 'play' button doesn't work.

Not too concerned about this at present, but it may add some extra info to help sort my IPv6 gateway issue.
I have one gateway up... I don't want to make changes there in case I end of disconnected!

5

23.1 Legacy Series / Re: Can't enable Ipv6 gateway

« on: May 31, 2023, 11:14:37 am »

Thanks again for the quick reply.

I attach a couple of screen prints for reference.
Today, I have found that if I hold the XML file open in the console by using a text editor - then the save button doesn't work on the GUI. Quite right - that was a bit of learing for me!

However, that isn't the issue. Still, every time I clear the disabled box, it reappears. Also, clicking the enable triangle doesn't change it from grey to green.

I suppose there may be something deeper in which means the IPv6 gateway can't be controlled.
The dashboard does show both the WAN and the LAN to have IPv6 configured... and as I say, this had been working previously.

6

23.1 Legacy Series / Re: Can't enable Ipv6 gateway

« on: May 31, 2023, 10:12:13 am »

Thanks for the quick reply.

I have taken a look as suggested, but I only see one entry in that XML file for this gateway.
I did remove it by editing that file, then doing a restart service in the web console.
I end up with the same issue in that the disabled tick box is checked, and any amount of trying to alter that doesn't seem to work.
I have done a cheeky edit to the XML and removed the line <disabled>1</disabled>
In the gateways | Single screen, I see the gateway now shows as pending.
However, the enabled triangle is still grey.
There are no ping times shown.
Pinging IPv6 from the command line gets a 'no route to host'
Going in to edit the gateway, again shows the tick box as disabled.

See below for an extract of the XML file...
    <gateway_item>
      <interface>wan</interface>
      <gateway>dynamic</gateway>
      <name>WAN1_IPv6</name>
      <priority>2</priority>
      <weight>1</weight>
      <ipprotocol>inet6</ipprotocol>
      <interval/>
      <descr/>
      <monitor>2001:4860:4860::8888</monitor>
      <disabled>1</disabled>
    </gateway_item>



The gateway doesn't show in the dashboard.

7

23.1 Legacy Series / Can't enable Ipv6 gateway

« on: May 30, 2023, 10:37:49 pm »

Hi Guys,
very occasional poster here and for the most part OPNsense has been pretty faultless.

I have run in to an odd problem, in that I can no longer enable an IPv6 gateway.
System | Gateways | Single .. the gateway shows as 'pending'
It is setup with gateway monitoring pinging Google's DNS.
Every time I go in to the config screen, 'Disabled' is ticked. Unchecking that and saving results in 'offline'
Re-entering the config and again the disabled box is checked.
Pressing the arrow prior to 'name' returns the pending status, but it never enables.
Again going in to the config, we see the disabled box checked.
Restarting the gateway has no effect.
Restarting the firewall has no effect.

The history here is that is WAS working. The update prior to the one I applied today seemed to kill it. I put the issue on the back burner, but hoped a patch might resolve it. Well, we have had that further update and it is still broken.
We have a /48 from our upstream provider, and I have a /64 from that allocated to inside our network.

Any ideas as to what I should look at?

Thanks

8

22.1 Legacy Series / Re: Multiple Virtual IPs not working with PPPoE

« on: May 18, 2022, 02:52:28 pm »

An update for those who come across this later...

It appears I may have misread the Virtual IP config screen.
I had a missing gateway for each VirtualIP.
Adding the gateway as reported as WAN_PPPOE 'gateways' in the lobby screen then made the IP show up when using ifconfig in the command line console.

I can now bind the services as I intended.

Thanks all for reading, and those who gave me a few pointers.

9

22.1 Legacy Series / Re: Multiple Virtual IPs not working with PPPoE

« on: May 17, 2022, 02:31:01 pm »

Hi Patrick,

Thanks for the reply.

With the Cisco device, I just assigned the x.x.x.14/28 address to the interface and the dialer picked up the PPPoE IP that just got used for the 'dial-up'.

So, at present I have Virtual IPs labeled 'Outside01 -> Outside14' for my /28 block.
I can do a static NAT from say Outside02 -> mailserver.inside and the mailserver is accessible as you would expect.
It isn't quite how I would expect it to look, but it is working.
I can't however, bind my OpenVPN to Outside01

In the VPN console, if I select all or WAN then the VPN binds, if I select Outside01, then it does not bind.
I just want the VPN service to be listening on Outside01 only.
(Bound to 'all' then the external IP doesn't appear to respond, so then the client cant access it)

Thanks for your help so far.

10

22.1 Legacy Series / Re: Multiple Virtual IPs not working with PPPoE

« on: May 17, 2022, 01:30:24 pm »

Just 'bumping' this thread as I got a lot of 'reads' but no replies.
Back on trying to solve this now, with little success.

ISP tells me the netblock is just routed to us, my OPNsense question must therefore be;
How do I assign a static netblock to the PPPoE interface?

Thanks

11

22.1 Legacy Series / Multiple Virtual IPs not working with PPPoE

« on: April 15, 2022, 02:59:19 pm »

Hi, first time question having setup OPNsense a few weeks ago...

Basic problem is that I don't seem to be able to get services 'bound' to the virtual IPs.
I have a range of 16 IPs (a /28) provided by the ISP. I am using em0 which then uses pppoe0(em0) for its connection. I have enties for each of the 14 usable IPs in the interfaces | Virtual IPs page.
(I have also tried entering a IP/28 range in this section)
I tried entering a static IP range for em0, but this disappears when saved.

OPNsense is up and running, and also IS mapping some of those virtual IPs to inside services via Port Forwarding - which is working.

My issue was revealed when I wished to set up a VPN... I couldn't apparently bind to the VPN external IP.

Using the SSH console, I can see from netstat that the services seem to bind to another IP given by the ISP (they give us one static, then the additional netblock that we use).
It isn't an ISP issue as we have just switched form a Cisco solution that was running fine.

If I temporarily swap to configure the interface as PPP, then the Virtual IPs do bind to services. Of course PPP won't goive me any service as that won't log in to the ISP - it was just for test.

With PPPoE, I see
udp4       0      0 xxxxx.ISP-address.co.uk.openvpn  *.*

with PPP (just as a test), I see
udp4       0      0 our-IPs-01.co.uk.openvpn   *.*
udp4       0      0 our-IPs-02.co.uk.ntp       *.*
udp4       0      0 our-IPs-03.co.uk.ntp       *.*
udp4       0      0 our-IPs-04.co.uk.ntp       *.*
udp4       0      0 our-IPs-05.co.uk.ntp       *.*
etc.

It seems that I should be able to bind our netblock to the outside interface - there is even a place to do it - it just gets ignored.

Firstly, should my Virtual IPs be a 'network' i.e. IP/28 or should it be a separate list of 14 IPs?
If the former, I assume then I should just have Firewall | Aliasses to access the individual IPs by name.

Any clues as to how to solve this?

Thanks