Messages

1

23.7 Legacy Series / Intermittent packet loss?

« on: December 01, 2023, 12:12:06 am »

So I think this is my ISP, and I have done everything I can think of short of putting a computer in front of the opnsense firewall (Which I am not above doing, but that requires some time I havent carved out yet). Opnsense is installed on a Protectli FW4B - 4 Port Intel® J3160

However I am sure there are other things I can check so here I am!

So I am getting (on average) 1-2% packet loss.  I live in place where a company runs fiber to the building, and then they just run copper (Cat5e/Cat6) to the units.

I also run smokeping in a VM within my network, as well as a VPS.  The VPS shows 0.0% packet loss over any period of time.  However my network is showing 1.47% (on average) over 3 hours




One thing I read that could be coming from me was to look at the processor interrupts.  But I could not find a good comparison or good information on what this should look like.  But here is the report from system -> report -> health -> Processor



Not sure if there is anything I missed that I should check, but would love some input!

2

23.7 Legacy Series / Re: WAN_DHCP6 gateway missing

« on: October 31, 2023, 06:49:09 pm »

Now there definitely seems to be a routing issue.  opnsense itself can ping via ipv6, but my LAN side cannot.  Checking the routing table, I only see ipv4 entries.

So I need to figure out why my LAN clients arent getting any of that information.

3

23.7 Legacy Series / Re: WAN_DHCP6 gateway missing

« on: October 30, 2023, 08:17:48 pm »

Thanks! I will give this a whirl.  ipv6 works on the WAN, but not on the LAN side.  But the guide gives me some good things to try.  Thanks.

4

23.7 Legacy Series / Re: WAN_DHCP6 gateway missing

« on: October 30, 2023, 06:35:58 pm »

No PPPOE is involved. 

I actually didnt realize my opnsense was running the legacy version, so I went ahead and upgraded to 23.  This is running 23.7.4, I will update to 23.7.7 this evening.

So I also realized I had an old interface setup for my openvpn configuration, which was the "active" IPv6 gateway. I disabled that interface, and the WAN_DHCP6 magically appeared.  So much better there...

However, I am still having the same issues.  My interface that I am using "Track Interface" for ipv6, is getting IP addresses, but when I try to ping something simple, like google.com using ipv6 (I.E ping6) it just seems to fail, nothing in the firewall log views.

5

23.7 Legacy Series / WAN_DHCP6 gateway missing

« on: October 29, 2023, 02:40:19 am »

Probably user error.  My ISP only gives me a single /64 block and I have a single interface set to track, and devices receive valid ipv6 addresses from the block.

However I can't ping anything using ipv6 except internally.  Also if I go to one of the *whatsmyip" websites, I doesn't detect anything for ipv6.

One odd thing I noticed was that I do not have a WAN_DHCP6 gateway.  But I do have a WAN_DHCP.  So if seems like his is missing and I cannot figure out how to make it work. I tried to manually recreate it, but no good. 

I'm not even sure where to start and would love some advice.  Thank you!

6

23.1 Legacy Series / Trouble with getting ipv6 working

« on: January 30, 2023, 04:13:11 am »

My ISP seems to have a fairly simple ipv6 deployment.  However I can ping out from my WAN, but I cannot from my LAN interface.

DHCPv6
Request only an ipv6 prefix
It seems they only offer a /64
And I send this as a preix hint.

I think set one of my LAN interfaces track -> WAN.  For ease, I set the router advertisements to unmanaged (But have tried managed and assisted as well)

My WAN still seems to pull an ipv6 address and I also see the /64 prefix in the overview page.  My LAN devices also seem to pull IPv6 addresses.  However I can ping out via IPv6 and my WAN,  but my LAN devices fail.  Usually due to no route to host, or a "Beyond scope of source address" message.

I have ipv6 in/out ANY to ANY rules on WAN and LAN for testing.

One thing I found strange, was that my WAN interface still receives an IPv6 address, but it appears to be using another prefix.  My pulled prefix is:
XXXX:XXXX:XXXX:f735::/64

And my WAN pulls an ipv6 address of
XXXX:XXXX:XXXX:12e3:2e0:67ff:fe2c:65bc/64

Is it normal for this ipv6 to be outside of the /64 block?  While I am trying to figure out how to add working ipv6, I found this odd.

Thanks!

7

22.7 Legacy Series / Re: Missing something with ipv6

« on: December 17, 2022, 02:06:24 pm »

Thanks for the explanation.

After reading that I decided to backup. I deleted all my dhcpv6 servers and I set a single interface to "tracked" and pointed it to my WAN that pulled the prefix.

My LAN interface pulls an ipv6, but I cannot ping6 from the WAB or the LAN.  It either just gets 100% packet loss or a "no route to host"

8

22.7 Legacy Series / Missing something with ipv6

« on: December 16, 2022, 11:30:18 pm »

My ISP gives me a single /64 block, and I was hoping to share this across multiple interfaces/VLAN (About 3 in total,  not very many.

While I can easily track the WAN interface using the /64 block, this isnt ideal.

What I was going to try, was to create a DHCPv6 server for each interface with a /72 block, and then use a router advertisment.  This seems to work, and the clients on the specific interfaces do get a valid IPV6 address, but I cannot ping/access anything externally.

I.E: ping6 google.com does not get replies.  I feel like there is fundamentally something I am missing here, and was curious if anyone had any ideas what I am doing wrong (If this is even possible!)

Thank you!

Few additional details while I am thinking about it.
Ipv6 is enabled in the firewall settings.
I also added incoming and outgoing allow all rules for ipv6 on the interface.

9

General Discussion / Having trouble understanding why traffic is being blocked.

« on: May 09, 2022, 04:12:58 pm »

Hello, and I apologize if this is not the right place to post this.  I am not sure what is going on and I can't figure it out! I have a VPS connected to my internal network via my proteclt box (Currently running 22.1.6).

Everything was working, until sometime a couple of days ago.  I have not changed anything but certain traffic to/from my kubernetes node in the cloud started to be blocked.

Here it is, 6443, kubernetes traffic being blocked.  (I blacked out part of my vlan name as it has some identifying information.


And then I have another rule that allows all 192.168.0.0/16.  Due to some of my cloud things, I have created an alias that I call "localnet" that has a few addresses in it.



From my understanding this should not be blocked.  I have no other block rules.  And "block private subnets" is unchecked.  Any ideas?