Messages

1

24.7 Production Series / Re: DHCP Static Mapping within DHCP range

« on: October 26, 2024, 04:50:04 pm »

Reservations generally should be *outside* the range ("pool") of addresses that are "up for grabs". Kea DHCP supposedly allows for in-pool reservations, but I'm not sure that OPNsense leverages that properly. AFAIK, ISC DHCP doesn't support in-pool reservations at all.

Thank you for the answer!

Anyone else who can confirm how this works for OPNsense?

The same, I think. Best thing to do is follow best practice - keep your reserved addresses outside of the pool.

2

Zenarmor (Sensei) / Re: 1.18 Wireguard is disconnected

« on: October 25, 2024, 11:17:22 pm »

Same problem here. I removed the wireguard interface from my zenarmor settings and now I'm able to connect again. Hopefully they get it fixed soon.

Did you send feedback/logs to Sunneyvalley through the UI? Have you had any feedback from them?

3

Zenarmor (Sensei) / Re: 1.18 Wireguard is disconnected

« on: October 25, 2024, 05:41:04 pm »

Have those affected sent feedback/logs via the Zenarmor UI? What did the dev team say?

4

24.7 Production Series / Re: WireGuard not working ipv4 after update to opnsense 24.7.5

« on: September 27, 2024, 02:40:13 pm »

FWIW I have a PPPoE connection, and am using IPv4 Wireguard connections fine post upgrade.

One 'out', and also one back into the router from my mobile devices. All fine.

You haven't been tripped up by an earlier change, have you? What did you update from? I remember at some point if you were using FQDN as endpoints in your tunnels you had to change them to the IP, as they could no longer be resolved. Have you skipped a few upgrades and are perhaps affected by something like that?

5

Zenarmor (Sensei) / Re: live session not live

« on: September 15, 2024, 10:05:57 pm »

sending the feedback wont be a problem.

my issue is getting the logs required as ive just posted.

That is done through send feedback link, as the instructions posted by IHK said when he asked you to - tick the options to send logs, Zenarmor configuration, and related opnsense configuration.

6

Zenarmor (Sensei) / Re: live session not live

« on: September 15, 2024, 08:32:06 am »

understood that you need logs  like
/conf/config.xml

could you please guide me how to get this, as my shell is denying me
root@OPNsense:~ # /conf/config.xml
/conf/config.xml: Permission denied.

thx

Follow the instructions in the post before - just use the UI to 'Send feedback'

7

Tutorials and FAQs / Re: How to enable automatic microcode updates

« on: August 25, 2024, 12:27:11 pm »

How would effectively roll-back these steps / remove the functionality ready for the built-in version upcoming in a release. Do I need to, or can I leave as-is without issue/conflict?

8

24.7 Production Series / Re: With our new Dashboard, how many columns are you using?

« on: August 15, 2024, 08:26:26 pm »

3 columns here. Overall, I think it is a step forward.

One thing I'm not so sure on is that some of the widgets have a bit too much 'padding' / wasted space around the edges for me (especially gateways, for example'. If think if that was reduced a bit and the space used a bit more efficiently, then I'd warm to it much more.

That being said, I'm no coder, so not a complaint at all and I am genu8nelt grateful for the significant amount of work that has gone into making OPNSense great!

9

24.7 Production Series / Re: KEA Not respecting reservations during lease time

« on: August 15, 2024, 04:11:12 pm »

Static reservations must lie outside of the dynamic pool.

Agreed, and in my case they do - that is not the issue. Dynamic pool is x.1 - x.20 (hence being dynamically allocated x.1), and the static reservation is x.100

The issue is, having rebooted a device that had minutes before correctly renewed its static lease at x.100, when it came back up Kea said it was a duplicate/conflict and assigned it the first address from the dynamic pool. It wasn't a duplicate - there are two other devices on this vlan - one statically set to x.99 and one to x.101. Before the reboot, this device has just renewed correctly at x.100 - as per the logs.

10

24.7 Production Series / KEA Not respecting reservations during lease time

« on: August 15, 2024, 11:10:54 am »

Hi all,

Has anyone experienced Kea not respecting reservations? I have a static reservation set (172.16.60.100) that was successfully allocated to a device and renewed for several days. I rebooted the device (update), and upon coming back up and requesting an address, Kea tagged it as a conflict address and so allocated it from the pool, rather than static address. I have checked the MAC, and that has not changed.

Kea Log below (latest at top) - how can I stop this happening? Is it just a case of the renew/request after the reboot was too soon after than latest lease allocation (1.5 minutes or so).

Code: [Select]

2024-08-15T09:30:59 Informational kea-dhcp4 INFO [kea-dhcp4.packets.0x2e709a1b4000] DHCP4_PACKET_SEND [hwtype=1 04:17:b6:d2:59:c9], cid=[ff:b6:d2:59:c9:00:03:00:01:04:17:b6:d2:59:c9], tid=0x50e1f550: trying to send packet DHCPACK (type 5) from 172.16.60.254:67 to 172.16.60.1:68 on interface vlan06

2024-08-15T09:30:59 Informational kea-dhcp4 INFO [kea-dhcp4.leases.0x2e709a1b4000] DHCP4_LEASE_ALLOC [hwtype=1 04:17:b6:d2:59:c9], cid=[ff:b6:d2:59:c9:00:03:00:01:04:17:b6:d2:59:c9], tid=0x50e1f550: lease 172.16.60.1 has been allocated for 4000 seconds

2024-08-15T09:30:59 Informational kea-dhcp4 INFO [kea-dhcp4.packets.0x2e709a1b4000] DHCP4_PACKET_RECEIVED [hwtype=1 04:17:b6:d2:59:c9], cid=[ff:b6:d2:59:c9:00:03:00:01:04:17:b6:d2:59:c9], tid=0x50e1f550: DHCPREQUEST (type 3) received from 0.0.0.0 to 255.255.255.255 on interface vlan06

2024-08-15T09:30:59 Informational kea-dhcp4 INFO [kea-dhcp4.dhcp4.0x2e709a1b4000] DHCP4_QUERY_LABEL received query: [hwtype=1 04:17:b6:d2:59:c9], cid=[ff:b6:d2:59:c9:00:03:00:01:04:17:b6:d2:59:c9], tid=0x50e1f550

2024-08-15T09:30:59 Informational kea-dhcp4 INFO [kea-dhcp4.packets.0x2e709a1b4000] DHCP4_PACKET_SEND [hwtype=1 04:17:b6:d2:59:c9], cid=[ff:b6:d2:59:c9:00:03:00:01:04:17:b6:d2:59:c9], tid=0x50e1f550: trying to send packet DHCPOFFER (type 2) from 172.16.60.254:67 to 172.16.60.1:68 on interface vlan06

2024-08-15T09:30:59 Informational kea-dhcp4 INFO [kea-dhcp4.leases.0x2e709a1b4000] DHCP4_LEASE_OFFER [hwtype=1 04:17:b6:d2:59:c9], cid=[ff:b6:d2:59:c9:00:03:00:01:04:17:b6:d2:59:c9], tid=0x50e1f550: lease 172.16.60.1 will be offered
  Remote ID: (none)
  Relay ID: (none)
  State: default
  Pool ID: 0
  Subnet ID: 3
  Client id: ff:b6:d2:59:c9:00:01:00:01:2d:1d:cc:fb:04:17:b6:d2:59:c9
  Hardware addr: 04:17:b6:d2:59:c9
  Cltt: 1723710562
  Valid life: 4000

[b]2024-08-15T09:30:59 Warning kea-dhcp4 WARN [kea-dhcp4.alloc-engine.0x2e709a1b4000] ALLOC_ENGINE_V4_DISCOVER_ADDRESS_CONFLICT [hwtype=1 04:17:b6:d2:59:c9], cid=[ff:b6:d2:59:c9:00:03:00:01:04:17:b6:d2:59:c9], tid=0x50e1f550: conflicting reservation for address 172.16.60.100 with existing lease Address: 172.16.60.100

2024-08-15T09:30:59 Informational kea-dhcp4 INFO [kea-dhcp4.packets.0x2e709a1b4000] DHCP4_PACKET_RECEIVED [hwtype=1 04:17:b6:d2:59:c9], cid=[ff:b6:d2:59:c9:00:03:00:01:04:17:b6:d2:59:c9], tid=0x50e1f550: DHCPDISCOVER (type 1) received from 0.0.0.0 to 255.255.255.255 on interface vlan06

2024-08-15T09:30:59 Informational kea-dhcp4 INFO [kea-dhcp4.dhcp4.0x2e709a1b4000] DHCP4_QUERY_LABEL received query: [hwtype=1 04:17:b6:d2:59:c9], cid=[ff:b6:d2:59:c9:00:03:00:01:04:17:b6:d2:59:c9], tid=0x50e1f550

2024-08-15T09:29:22 Informational kea-dhcp4 INFO  [kea-dhcp4.packets.0x2e709a1b4000] DHCP4_PACKET_SEND [hwtype=1 04:17:b6:d2:59:c9], cid=[ff:b6:d2:59:c9:00:01:00:01:2d:1d:cc:fb:04:17:b6:d2:59:c9], tid=0x7232ff65: trying to send packet DHCPACK (type 5) from 172.16.60.254:67 to 172.16.60.100:68 on interface vlan06

2024-08-15T09:29:22 Informational kea-dhcp4 INFO  [kea-dhcp4.leases.0x2e709a1b4000] DHCP4_LEASE_ALLOC [hwtype=1 04:17:b6:d2:59:c9], cid=[ff:b6:d2:59:c9:00:01:00:01:2d:1d:cc:fb:04:17:b6:d2:59:c9], tid=0x7232ff65: lease 172.16.60.100 has been allocated for 4000 seconds[/b]

2024-08-15T09:29:22 Informational kea-dhcp4 INFO  [kea-dhcp4.packets.0x2e709a1b4000] DHCP4_PACKET_RECEIVED [hwtype=1 04:17:b6:d2:59:c9], cid=[ff:b6:d2:59:c9:00:01:00:01:2d:1d:cc:fb:04:17:b6:d2:59:c9], tid=0x7232ff65: DHCPREQUEST (type 3) received from 172.16.60.100 to 172.16.60.254 on interface vlan06

2024-08-15T09:29:22 Informational kea-dhcp4 INFO  [kea-dhcp4.dhcp4.0x2e709a1b4000] DHCP4_QUERY_LABEL received query: [hwtype=1 04:17:b6:d2:59:c9], cid=[ff:b6:d2:59:c9:00:01:00:01:2d:1d:cc:fb:04:17:b6:d2:59:c9], tid=0x7232ff65

2024-08-15T08:56:02 Informational kea-dhcp4 INFO  [kea-dhcp4.packets.0x2e709a018200] DHCP4_PACKET_SEND [hwtype=1 04:17:b6:d2:59:c9], cid=[ff:b6:d2:59:c9:00:01:00:01:2d:1d:cc:fb:04:17:b6:d2:59:c9], tid=0xc0de8be8: trying to send packet DHCPACK (type 5) from 172.16.60.254:67 to 172.16.60.100:68 on interface vlan06

2024-08-15T08:56:02 Informational kea-dhcp4 INFO  [kea-dhcp4.leases.0x2e709a018200] DHCP4_LEASE_ALLOC [hwtype=1 04:17:b6:d2:59:c9], cid=[ff:b6:d2:59:c9:00:01:00:01:2d:1d:cc:fb:04:17:b6:d2:59:c9], tid=0xc0de8be8: lease 172.16.60.100 has been allocated for 4000 seconds

2024-08-15T08:56:02 Informational kea-dhcp4 INFO  [kea-dhcp4.packets.0x2e709a018200] DHCP4_PACKET_RECEIVED [hwtype=1 04:17:b6:d2:59:c9], cid=[ff:b6:d2:59:c9:00:01:00:01:2d:1d:cc:fb:04:17:b6:d2:59:c9], tid=0xc0de8be8: DHCPREQUEST (type 3) received from 172.16.60.100 to 172.16.60.254 on interface vlan06

2024-08-15T08:56:02 Informational kea-dhcp4 INFO  [kea-dhcp4.dhcp4.0x2e709a018200] DHCP4_QUERY_LABEL received query: [hwtype=1 04:17:b6:d2:59:c9], cid=[ff:b6:d2:59:c9:00:01:00:01:2d:1d:cc:fb:04:17:b6:d2:59:c9], tid=0xc0de8be8
Thanks.

11

24.7 Production Series / Re: Traceroute / ICMP issue after 24.7.1 update

« on: August 15, 2024, 08:53:49 am »

Agree with newsense FWIW. Ship the fixes gets my vote.

12

24.7 Production Series / Re: Traceroute / ICMP issue after 24.7.1 update

« on: August 14, 2024, 08:01:20 pm »

In the name of science, why not? It's online.

Seems like it's finally working with IPv4 and IPv6... Waiting for others here to chime in:

Code: [Select]

opnsense-update -zkr 24.7.1-icmp2
and reboot.

Can confirm, works here too.

13

24.7 Production Series / Re: 24.7 Memory Widget

« on: August 07, 2024, 07:52:25 pm »

Memory Cache associated with ZFS, which presumably you are using as the file system.

14

24.7 Production Series / Re: puzzled by the ISC/KEA DHCP direction

« on: July 29, 2024, 10:58:53 pm »

Thanks!
I use the default unbound. Just to clarify:
> If you edit static mappings and use DHCP registration in DNS services Unbound or Dnsmasq simply restart your DNS service at the earliest convenience to allow your new static lease(s) to be resolved by clients.

I didn't have to manually restart unbound before when setting up a static mapping for a lease. I assume ISC/some other component restarted Unbound when I hit the [ APPLY ] button in the GUI?

I think you're misunderstanding. If you set a static lease, and all you want is for that IP to be assigned to the client you have to do nothing more.

If you set a static lease, and subsequently want to refer to that client by it's host name, rather than IP, then you need to restart your DNS service so it 'picks up' the new host/lease.

15

24.1 Legacy Series / Re: WAN IPv6 address not renewing after initial dhcp request

« on: July 06, 2024, 09:47:55 am »

I know it doesn't help anyone with an issue, but a useful data point for Franco perhaps- no issues here. Straight upgrade and no issues with IPv6 on a Zen PPPoE UK FTTP  connection.

Been up 24 hours now since a reboot after upgrade, and not an issue at all.