Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Snowstorm1491

Pages1
#1
23.1 Legacy Series / Re: How do I set up SOCKS5 proxy forwarder?
November 24, 2023, 11:48:32 PM
Quote from: GabriellaConrad on November 24, 2023, 08:45:27 AM
To set up a SOCKS5 proxy forwarder, follow these steps:
1. In your ShadowSocks Local settings, use Mullvad's SOCKS5 proxy server address and port. Ensure correct encryption settings.
2. Configure your OPNsense firewall to allow wg1 clients to access Mullvad's SOCKS5 proxy without routing all traffic through VPN wg2.
3. Make sure ShadowSocks Local is running on the correct port (e.g., 1080).
4. Test your setup with:
curl ip4.me/api/ --socks5 10.10.10.1:1080


Does this work for you? I found a simpler way: just NAT a port of your selection on the server to the Mullvad SOCK5 address and port and add outbound rule to change the source address
#2
23.1 Legacy Series / Re: How do I set up SOCKS5 proxy forwarder?
April 22, 2023, 07:34:49 PM
After a lot of search and trial and error, I realized my mistakes.

Mistakes:

  • ShadowSocks != SOCKS5
  • ShadowSocks cannot connect to SOCKS5 proxy
  • ShadowSocks from Mullvad is only used to connect to the VPN servers, any other Internet traffic will have to run inside the VPN connection inside ShadowSocks connection
  • Password cannot be blank

Only now I understand how the suite of ShadowSocks softwares work. I can't find this anywhere on the web, so I'm going to post this here in case someone else is searching too.

"ShadowSocks: Server" (ss-server/ssserver-rust on other supposrted platforms) is exactly what is sounds like: it lets ShadowSocks clients connect to it and the clients can tunnel their traffic via this server (and hence have the IP of the server).
"ShadowSocks: Local" (ss-local/sslocal-rust on other supported platforms) is the client that is mentioned above, it connects to ss-server and open a SOCKS5 server for SOCKS5 clients, and forward the requests from the SOCKS5 clients to the ss-server, and from the ss-server the requests go to the final destination.

SOCKS5 clients --[SOCKS5]--> ss-local --[ShadowSocks]--> ss-server --[any protocol]--> destination

So now I have it set up that wg1 clients can use any SOCKS5 supporting clients to use the WAN on the OPNsense VPS. I have attached screenshots on my current settings. I believe this is what most people will try to do.

Code Select
curl ip4.me/api/ --socks5 10.10.10.1:1080 on wg1 clients will work and show OPNsense's external IP.

Now for my use case, I have to figure out a way to make traffic from ss-server go through wg2 (Mullvad VPN, not Mullvad SOCKS5 proxy) instead of WAN.
#3
23.1 Legacy Series / How do I set up SOCKS5 proxy forwarder?
April 21, 2023, 04:17:58 PM
I have a VPS running OPNsense, so it has only WAN and no LAN.

I have set up "WireGuard Road-Warrior" as wg1, so now wg1 is my "LAN".

I have also set up "WireGuard Selective Routing to External VPN Endpoint" with Mullvad as wg2, so some of the clients from wg1 will be routed through Mullvad, and other routed through WAN of the VPS.

With the clients that are routed through Mullvad, I can just use 10.64.0.1 at the end devices to connect to Mullvad's SOCKS5 proxy without additional setup.

Currently I'm trying to set up so that even clients that are not routed through Mullvad, can use Mullvad's SOCKS5 proxy, without having all their network requests to the Internet being routed through the VPN wg2.

I have installed ShadowSocks on the OPNsense, but I can't find a guide online to set up to achieve what I want.

I'm currently doing trial and error, but I don't understand the difference between "ShadowSocks: Server" and "ShadowSocks: Local".

I have attached my current settings which does not work. Anyone can give me some pointers as to what I'm doing wrong? End devices from wg1 can access the ports 8388 and 1080 on the OPNsense, but
Code Select
curl ip4.me/api/ --socks5 10.10.10.1:1080 gives
Code Select
curl: (52) Empty reply from server, while
Code Select
curl ip4.me/api/ --socks5 10.10.10.1:8388 gets timeout.
#4
Virtual private networks / Re: Wireguard Road Warrior with IPv6
August 19, 2022, 12:50:36 AM
Quote from: Cerberus on August 19, 2022, 12:43:18 AM
I use netcup myself to provide my location with IPv6. I use Zerotier to tunnel the traffic from OPNsense at Netcup to my home OPNsense, but i need atleast 3 /64 to do that.

Route48 project looks really interesting, providing /48 with BGP, WIreguard or Zerotier is very exotic, i give it a try.

It is much easier to set up, but for some reason I cannot access my university's websites from it. Maybe it's still very new, so their IP range reputation are not that good yet. I have no issues with other websites tho.

With Hurricane Electric's IPv6s I have no problem with my university's websites. So despite higher latency (one more hop from my router to the netcup VPS), I have to fall back to Hurricane Electric's instead of using Route48. But I see potential with Route48 for it providing Wireguard for much easier setup. I believe they're the only broker that provides that right now.
#5
Virtual private networks / Re: Wireguard Road Warrior with IPv6
August 10, 2022, 01:00:52 AM
For future reference, I found Route 48 (https://route48.org/?act=privacy), it supports Wireguard, so it's much easier to setup for people with Internet that are behind CGNAT or ISP-filtered networks. They are very new, so I don't know how reliable they are. They provide /48 subnets, 5 tunnels for free.
#6
Virtual private networks / Re: Wireguard Road Warrior with IPv6
August 09, 2022, 03:44:11 PM
Thanks for the instructions! It worked!

QuoteNo IPv6 and filtered IPv4? What kind of ISP is this? :o

It's actually my university's network, and every single device (even smartphones and such) gets its own public IPv4 (and IPv6 for some network, but my home network does not have IPv6), so it makes sense to filter everything incoming from outside.

Quote(As a side note, some commercial VPN providers offer IPv6 prefixes via WireGuard. No need to run your own server.)

Yeah I know that but my current VPN provider does not support IPv6 at all, so I'm waiting for it to expire and get one that does.

#7
Virtual private networks / Re: Wireguard Road Warrior with IPv6
August 09, 2022, 12:02:20 PM
I see. I'm currently testing with an individual PC, but subsequently I will need to route all the LAN via OPNsense box at home, so I have created a TunnelBroker account and requested a /48 subnet. Unfortunately my home Internet is behind an ISP firewall, so I can't allow ICMP to reach my home Internet to set up the tunnel. That means I will still have to use the VPS to somehow route the TunnelBroker's IPv6 to my home.

I followed the guide to add the subnet to OPNsense on the VPS. How do I proceed with Wireguard?
#8
Virtual private networks / Re: Wireguard Road Warrior with IPv6
August 09, 2022, 01:04:42 AM
Is there any significance about /64? Can't I just split it into two /65 subnets? I apologize if this is a dumb question, I don't know much about IPv6
#9
Virtual private networks / Wireguard Road Warrior with IPv6
August 08, 2022, 11:35:22 PM
I have only IPv4 at home, and I would like to use Wireguard to add the possibility to get to IPv6 only servers.

I rented a VPS at netcup, installed OPNsense there, with the IPv6 subnet aaaa:bbbb:cccc:dddd::/64 and a IPv4 of www.xxx.yyy.zzz. In OPNsense, for WAN, I have set to use DCHP for IPv4 and Static for IPv6 with aaaa:bbbb:cccc:dddd::1/64 as my WAN IPv6 and fe00::1 as gateway. I check with ping that both IPv4 and IPv6 work.

I have followed the Road Warrior guide, initially with only IPv4 to test it out. So the Wireguard tunnel have the IPv4 subnet of 10.10.10.0/24. With only IPv4, the tunnel worked.

Now that I have IPv4 tunnel working, I started to add IPv6 to the Wireguard local interface (aaaa:bbbb:cccc:dddd::a:1/64 in addition to 10.10.10.1/24), and endpoint Allowed IPs (aaaa:bbbb:cccc:dddd::a:2/128 in addition to 10.10.10.2/32).

Client interface IP is aaaa:bbbb:cccc:dddd::a:2/64 and 10.10.10.2/24, allowed ips 0.0.0.0/0, ::/0

After applying the settings, I am able to connect to the tunnel on the client, ping works for aaaa:bbbb:cccc:dddd::1, aaaa:bbbb:cccc:dddd::a:1, but everything outside outside of the OPNsense's aaaa:bbbb:cccc:dddd::/64 is not reachable (I can't ping 2606:4700:4700::1111). However, IPv4 internet is available (I can ping 1.1.1.1).

What did I miss?
#10
General Discussion / Re: Connections dropped when renewing WAN DHCP lease
August 05, 2022, 01:01:50 PM
Even after clean installation of 22.7, apply updates, apply patches, still the same.

After reinstallation:
Code Select
root@ocelot:~ # opnsense-patch 7aaa6a263b1 bb4743a7322
Fetched 7aaa6a263b1 via https://github.com/opnsense/core
Fetched bb4743a7322 via https://github.com/opnsense/core
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|From 7aaa6a263b1351f74408038dd8d339e7deb4aafa Mon Sep 17 00:00:00 2001                                                                                     
|From: Franco Fichtner <franco@opnsense.org>                                                                                                               
|Date: Tue, 2 Aug 2022 08:21:18 +0200
|Subject: [PATCH] system: do not reload unbound/dnsmasq "hosts" by default                                                                                 
|
|Number of people noted spurious restarts of Unbound and this seems                                                                                         
|to be the cause.  However, the real cause of hammering rc.newwanip                                                                                         
|is in 797c18641944 and to avoid other side effects like the GIF/GRE                                                                                       
|stuff we should consider reverting part of it.
|---
| src/etc/inc/system.inc      | 2 --
| src/www/services_dhcp.php   | 1 +
| src/www/services_dhcpv6.php | 1 +
| 3 files changed, 2 insertions(+), 2 deletions(-)
|
|diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc                                                                                               
|index 1972606927..917e83d4c4 100644
|--- a/src/etc/inc/system.inc
|+++ b/src/etc/inc/system.inc
--------------------------
Patching file etc/inc/system.inc using Plan A...
Hunk #1 succeeded at 449 (offset -15 lines).
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|diff --git a/src/www/services_dhcp.php b/src/www/services_dhcp.php                                                                                         
|index 099a1d42fb..85c8429b36 100644
|--- a/src/www/services_dhcp.php
|+++ b/src/www/services_dhcp.php
--------------------------
Patching file www/services_dhcp.php using Plan A...
Hunk #1 succeeded at 49.
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|diff --git a/src/www/services_dhcpv6.php b/src/www/services_dhcpv6.php                                                                                     
|index 679b357054..8174e9edb8 100644
|--- a/src/www/services_dhcpv6.php
|+++ b/src/www/services_dhcpv6.php
--------------------------
Patching file www/services_dhcpv6.php using Plan A...
Hunk #1 succeeded at 37.
done
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|From bb4743a732243a3e5bd55f1586bbe5e3a2739d1d Mon Sep 17 00:00:00 2001                                                                                     
|From: Franco Fichtner <franco@opnsense.org>
|Date: Tue, 2 Aug 2022 09:04:12 +0200
|Subject: [PATCH] interfaces: stop DHCP from calling rc.newwanip when no                                                                                   
| changes are being done
|
|This is a partial revert of 797c1864194 which has good intentions but rc.newwanip(v6)                                                                     
|isn't equipped with being called a lot of times yet.  We want to improve this for 23.1.                                                                   
|---
| src/opnsense/scripts/interfaces/dhclient-script | 9 ++++++++-                                                                                             
| 1 file changed, 8 insertions(+), 1 deletion(-)
|
|diff --git a/src/opnsense/scripts/interfaces/dhclient-script b/src/opnsense/scripts/interfaces/dhclient-script                                             
|index 5c8bfe9c60..6fd5c5b212 100755
|--- a/src/opnsense/scripts/interfaces/dhclient-script
|+++ b/src/opnsense/scripts/interfaces/dhclient-script
--------------------------
Patching file opnsense/scripts/interfaces/dhclient-script using Plan A...                                                                                   
Hunk #1 succeeded at 296 (offset -2 lines).
Hunk #2 succeeded at 314 (offset -2 lines).
done
All patches have been applied successfully.  Have a nice day.                                                                                               

root@ocelot:~ # reboot


Ping test:
Code Select
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
From 192.168.1.1 icmp_seq=1075 Destination Host Unreachable
From 192.168.1.1 icmp_seq=1076 Destination Host Unreachable

System log:
Code Select
<13>1 2022-08-05T12:41:03+02:00 ocelot.localdomain dhclient 54217 - [meta sequenceId="1"] Creating resolv.conf
<13>1 2022-08-05T12:51:06+02:00 ocelot.localdomain dhclient 78943 - [meta sequenceId="1"] New IP Address (vtnet1): xxx.yyy.182.81
<13>1 2022-08-05T12:51:06+02:00 ocelot.localdomain dhclient 80106 - [meta sequenceId="2"] New Subnet Mask (vtnet1): 255.255.254.0
<13>1 2022-08-05T12:51:06+02:00 ocelot.localdomain dhclient 81393 - [meta sequenceId="3"] New Broadcast Address (vtnet1): xxx.yyy.183.255
<13>1 2022-08-05T12:51:06+02:00 ocelot.localdomain dhclient 82718 - [meta sequenceId="4"] New Routers (vtnet1): xxx.yyy.182.1
<13>1 2022-08-05T12:51:06+02:00 ocelot.localdomain dhclient 85317 - [meta sequenceId="5"] route add default xxx.yyy.182.1
<13>1 2022-08-05T12:51:06+02:00 ocelot.localdomain dhclient 87187 - [meta sequenceId="6"] Creating resolv.conf
<11>1 2022-08-05T12:51:06+02:00 ocelot.localdomain opnsense 89605 - [meta sequenceId="7"] /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'vtnet1'
<11>1 2022-08-05T12:51:06+02:00 ocelot.localdomain opnsense 89605 - [meta sequenceId="8"] /usr/local/etc/rc.newwanip: On (IP address: xxx.yyy.182.81) (interface: WAN[wan]) (real interface: vtnet1).
<13>1 2022-08-05T12:57:49+02:00 ocelot.localdomain dhclient 99774 - [meta sequenceId="1"] Creating resolv.conf
#11
General Discussion / Re: Connections dropped when renewing WAN DHCP lease
August 05, 2022, 12:05:37 PM
Indeed, running
Code Select
opnsense-patch 7aaa6a263b1 bb4743a7322 as suggested only applied bb4743a7322. So I had to patch both separately. After reboot I made sure both patches are applied:

Code Select
root@Ocelot:~ # opnsense-patch 7aaa6a263b1
Found local copy of 7aaa6a263b1, skipping fetch.
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|From 7aaa6a263b1351f74408038dd8d339e7deb4aafa Mon Sep 17 00:00:00 2001
|From: Franco Fichtner <franco@opnsense.org>
|Date: Tue, 2 Aug 2022 08:21:18 +0200
|Subject: [PATCH] system: do not reload unbound/dnsmasq "hosts" by default
|                                                                                                                                                           
|Number of people noted spurious restarts of Unbound and this seems
|to be the cause.  However, the real cause of hammering rc.newwanip
|is in 797c18641944 and to avoid other side effects like the GIF/GRE
|stuff we should consider reverting part of it.
|---
| src/etc/inc/system.inc      | 2 --
| src/www/services_dhcp.php   | 1 +
| src/www/services_dhcpv6.php | 1 +
| 3 files changed, 2 insertions(+), 2 deletions(-)
|
|diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc
|index 1972606927..917e83d4c4 100644
|--- a/src/etc/inc/system.inc
|+++ b/src/etc/inc/system.inc                                                                                                                               
--------------------------
Patching file etc/inc/system.inc using Plan A...
Reversed (or previously applied) patch detected!  Assuming -R.Hunk #1 succeeded at 449 (offset -15 lines).
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------                                                                                                                                 
|diff --git a/src/www/services_dhcp.php b/src/www/services_dhcp.php
|index 099a1d42fb..85c8429b36 100644
|--- a/src/www/services_dhcp.php
|+++ b/src/www/services_dhcp.php
--------------------------
Patching file www/services_dhcp.php using Plan A...                                                                                                         
Reversed (or previously applied) patch detected!  Assuming -R.Hunk #1 succeeded at 49.
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|diff --git a/src/www/services_dhcpv6.php b/src/www/services_dhcpv6.php
|index 679b357054..8174e9edb8 100644
|--- a/src/www/services_dhcpv6.php
|+++ b/src/www/services_dhcpv6.php
--------------------------
Patching file www/services_dhcpv6.php using Plan A...
Reversed (or previously applied) patch detected!  Assuming -R.Hunk #1 succeeded at 37.
done
All patches have been applied successfully.  Have a nice day.

root@Ocelot:~ # opnsense-patch bb4743a7322
Found local copy of bb4743a7322, skipping fetch.
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|From bb4743a732243a3e5bd55f1586bbe5e3a2739d1d Mon Sep 17 00:00:00 2001
|From: Franco Fichtner <franco@opnsense.org>
|Date: Tue, 2 Aug 2022 09:04:12 +0200
|Subject: [PATCH] interfaces: stop DHCP from calling rc.newwanip when no
| changes are being done
|
|This is a partial revert of 797c1864194 which has good intentions but rc.newwanip(v6)
|isn't equipped with being called a lot of times yet.  We want to improve this for 23.1.
|---
| src/opnsense/scripts/interfaces/dhclient-script | 9 ++++++++-
| 1 file changed, 8 insertions(+), 1 deletion(-)
|
|diff --git a/src/opnsense/scripts/interfaces/dhclient-script b/src/opnsense/scripts/interfaces/dhclient-script
|index 5c8bfe9c60..6fd5c5b212 100755
|--- a/src/opnsense/scripts/interfaces/dhclient-script
|+++ b/src/opnsense/scripts/interfaces/dhclient-script
--------------------------
Patching file opnsense/scripts/interfaces/dhclient-script using Plan A...
Reversed (or previously applied) patch detected!  Assuming -R.Hunk #1 succeeded at 296 (offset -2 lines).
Hunk #2 succeeded at 311 (offset -2 lines).
done
All patches have been applied successfully.  Have a nice day.

Then ping test:
Code Select
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
From 192.168.1.1 icmp_seq=999 Destination Host Unreachable
From 192.168.1.1 icmp_seq=1000 Destination Host Unreachable

System log:
Code Select
<13>1 2022-08-05T11:49:09+02:00 Ocelot.localdomain dhclient 16916 - [meta sequenceId="1"] Creating resolv.conf
<11>1 2022-08-05T11:49:09+02:00 Ocelot.localdomain opnsense 18228 - [meta sequenceId="2"] /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'vtnet1'
<11>1 2022-08-05T11:49:09+02:00 Ocelot.localdomain opnsense 18228 - [meta sequenceId="3"] /usr/local/etc/rc.newwanip: On (IP address: xxx.yyy.182.81) (interface: WAN[wan]) (real interface: vtnet1).
<13>1 2022-08-05T11:49:09+02:00 Ocelot.localdomain opnsense 18228 - [meta sequenceId="4"] plugins_configure hosts ()
<13>1 2022-08-05T11:49:09+02:00 Ocelot.localdomain opnsense 18228 - [meta sequenceId="5"] plugins_configure hosts (execute task : dnsmasq_hosts_generate())
<13>1 2022-08-05T11:49:09+02:00 Ocelot.localdomain opnsense 18228 - [meta sequenceId="6"] plugins_configure hosts (execute task : unbound_hosts_generate())
<13>1 2022-08-05T11:59:12+02:00 Ocelot.localdomain dhclient 36325 - [meta sequenceId="1"] New IP Address (vtnet1): xxx.yyy.182.81
<13>1 2022-08-05T11:59:12+02:00 Ocelot.localdomain dhclient 37087 - [meta sequenceId="2"] New Subnet Mask (vtnet1): 255.255.254.0
<13>1 2022-08-05T11:59:12+02:00 Ocelot.localdomain dhclient 37924 - [meta sequenceId="3"] New Broadcast Address (vtnet1): xxx.yyy.183.255
<13>1 2022-08-05T11:59:12+02:00 Ocelot.localdomain dhclient 38442 - [meta sequenceId="4"] New Routers (vtnet1): xxx.yyy.182.1
<13>1 2022-08-05T11:59:12+02:00 Ocelot.localdomain dhclient 39929 - [meta sequenceId="5"] route add default xxx.yyy.182.1
<13>1 2022-08-05T11:59:12+02:00 Ocelot.localdomain dhclient 40632 - [meta sequenceId="6"] Creating resolv.conf
<11>1 2022-08-05T11:59:12+02:00 Ocelot.localdomain opnsense 41911 - [meta sequenceId="7"] /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'vtnet1'
<11>1 2022-08-05T11:59:12+02:00 Ocelot.localdomain opnsense 41911 - [meta sequenceId="8"] /usr/local/etc/rc.newwanip: On (IP address: xxx.yyy.182.81) (interface: WAN[wan]) (real interface: vtnet1).
<13>1 2022-08-05T11:59:12+02:00 Ocelot.localdomain opnsense 41911 - [meta sequenceId="9"] plugins_configure hosts ()
<13>1 2022-08-05T11:59:12+02:00 Ocelot.localdomain opnsense 41911 - [meta sequenceId="10"] plugins_configure hosts (execute task : dnsmasq_hosts_generate())<13>1 2022-08-05T11:59:12+02:00 Ocelot.localdomain opnsense 41911 - [meta sequenceId="11"] plugins_configure hosts (execute task : unbound_hosts_generate())

After applying patches, "Error opnsense/usr/local/etc/rc.newwanip" still appears in my system log, as opposed to the other users on that thread.
#12
General Discussion / Re: Connections dropped when renewing WAN DHCP lease
August 05, 2022, 01:01:56 AM
After applying the patch it still happens.

Code Select
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
From 192.168.1.1 icmp_seq=1032 Destination Host Unreachable
From 192.168.1.1 icmp_seq=1033 Destination Host Unreachable
From 192.168.1.1 icmp_seq=2069 Destination Host Unreachable
From 192.168.1.1 icmp_seq=2070 Destination Host Unreachable
From 192.168.1.1 icmp_seq=2071 Destination Host Unreachable
From 192.168.1.1 icmp_seq=3089 Destination Host Unreachable
From 192.168.1.1 icmp_seq=3090 Destination Host Unreachable

Code Select
<13>1 2022-08-05T00:14:34+02:00 Ocelot.localdomain dhclient 56322 - [meta sequenceId="1"] New IP Address (vtnet1): xxx.yyy.182.81
<13>1 2022-08-05T00:14:34+02:00 Ocelot.localdomain dhclient 57732 - [meta sequenceId="2"] New Subnet Mask (vtnet1): 255.255.254.0
<13>1 2022-08-05T00:14:34+02:00 Ocelot.localdomain dhclient 58693 - [meta sequenceId="3"] New Broadcast Address (vtnet1): xxx.yyy.183.255
<13>1 2022-08-05T00:14:34+02:00 Ocelot.localdomain dhclient 59902 - [meta sequenceId="4"] New Routers (vtnet1): xxx.yyy.182.1
<13>1 2022-08-05T00:14:34+02:00 Ocelot.localdomain dhclient 61997 - [meta sequenceId="5"] route add default xxx.yyy.182.1
<13>1 2022-08-05T00:14:34+02:00 Ocelot.localdomain dhclient 63282 - [meta sequenceId="6"] Creating resolv.conf
<11>1 2022-08-05T00:14:34+02:00 Ocelot.localdomain opnsense 65222 - [meta sequenceId="7"] /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'vtnet1'
<11>1 2022-08-05T00:14:34+02:00 Ocelot.localdomain opnsense 65222 - [meta sequenceId="8"] /usr/local/etc/rc.newwanip: On (IP address: xxx.yyy.182.81) (interface: WAN[wan]) (real interface: vtnet1).
<13>1 2022-08-05T00:21:48+02:00 Ocelot.localdomain dhclient 98174 - [meta sequenceId="1"] Creating resolv.conf
<13>1 2022-08-05T00:31:52+02:00 Ocelot.localdomain dhclient 34620 - [meta sequenceId="1"] New IP Address (vtnet1): xxx.yyy.182.81
<13>1 2022-08-05T00:31:52+02:00 Ocelot.localdomain dhclient 35946 - [meta sequenceId="2"] New Subnet Mask (vtnet1): 255.255.254.0
<13>1 2022-08-05T00:31:52+02:00 Ocelot.localdomain dhclient 36662 - [meta sequenceId="3"] New Broadcast Address (vtnet1): xxx.yyy.183.255
<13>1 2022-08-05T00:31:52+02:00 Ocelot.localdomain dhclient 37553 - [meta sequenceId="4"] New Routers (vtnet1): xxx.yyy.182.1
<13>1 2022-08-05T00:31:52+02:00 Ocelot.localdomain dhclient 39110 - [meta sequenceId="5"] route add default xxx.yyy.182.1
<13>1 2022-08-05T00:31:52+02:00 Ocelot.localdomain dhclient 40114 - [meta sequenceId="6"] Creating resolv.conf
<11>1 2022-08-05T00:31:52+02:00 Ocelot.localdomain opnsense 41889 - [meta sequenceId="7"] /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'vtnet1'
<11>1 2022-08-05T00:31:52+02:00 Ocelot.localdomain opnsense 41889 - [meta sequenceId="8"] /usr/local/etc/rc.newwanip: On (IP address: xxx.yyy.182.81) (interface: WAN[wan]) (real interface: vtnet1).
<13>1 2022-08-05T00:38:50+02:00 Ocelot.localdomain dhclient 50066 - [meta sequenceId="1"] Creating resolv.conf
<13>1 2022-08-05T00:48:53+02:00 Ocelot.localdomain dhclient 81788 - [meta sequenceId="1"] New IP Address (vtnet1): xxx.yyy.182.81
<13>1 2022-08-05T00:48:53+02:00 Ocelot.localdomain dhclient 82268 - [meta sequenceId="2"] New Subnet Mask (vtnet1): 255.255.254.0
<13>1 2022-08-05T00:48:53+02:00 Ocelot.localdomain dhclient 83213 - [meta sequenceId="3"] New Broadcast Address (vtnet1): xxx.yyy.183.255
<13>1 2022-08-05T00:48:53+02:00 Ocelot.localdomain dhclient 83721 - [meta sequenceId="4"] New Routers (vtnet1): xxx.yyy.182.1
<13>1 2022-08-05T00:48:53+02:00 Ocelot.localdomain dhclient 85506 - [meta sequenceId="5"] route add default xxx.yyy.182.1
<13>1 2022-08-05T00:48:53+02:00 Ocelot.localdomain dhclient 86074 - [meta sequenceId="6"] Creating resolv.conf
<11>1 2022-08-05T00:48:53+02:00 Ocelot.localdomain opnsense 88985 - [meta sequenceId="7"] /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'vtnet1'
<11>1 2022-08-05T00:48:53+02:00 Ocelot.localdomain opnsense 88985 - [meta sequenceId="8"] /usr/local/etc/rc.newwanip: On (IP address: xxx.yyy.182.81) (interface: WAN[wan]) (real interface: vtnet1).
<13>1 2022-08-05T00:56:31+02:00 Ocelot.localdomain dhclient 56815 - [meta sequenceId="1"] Creating resolv.conf
#13
General Discussion / Re: Connections dropped when renewing WAN DHCP lease
August 05, 2022, 12:07:32 AM
This also happened in 22.1 before upgrading, that's why I thought it's not version dependent and hence I posted in General Discussion.

I will apply the patch and see if it solves the problem.
#14
General Discussion / Connections dropped when renewing WAN DHCP lease
August 04, 2022, 11:39:42 PM
For some reason, my WAN DHCP is renewing every few minutes. When this happens, connections from LAN to Internet is dropped for 2 seconds. So every few minutes I lose Internet connection for 2 seconds. Is it to be expected that connections will be dropped when WAN DHCP is renewing lease?

ping logs from LAN client:
Code Select
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
From 192.168.1.1 icmp_seq=983 Destination Host Unreachable
From 192.168.1.1 icmp_seq=984 Destination Host Unreachable
From 192.168.1.1 icmp_seq=2053 Destination Host Unreachable
From 192.168.1.1 icmp_seq=2054 Destination Host Unreachable
From 192.168.1.1 icmp_seq=2603 Destination Host Unreachable
From 192.168.1.1 icmp_seq=2604 Destination Host Unreachable
From 192.168.1.1 icmp_seq=2605 Destination Host Unreachable

From system logs:
Code Select
<13>1 2022-08-04T23:03:53+02:00 Ocelot.localdomain dhclient 14374 - [meta sequenceId="1"] New IP Address (vtnet1): xxx.yyy.182.81
<13>1 2022-08-04T23:03:53+02:00 Ocelot.localdomain dhclient 15362 - [meta sequenceId="2"] New Subnet Mask (vtnet1): 255.255.254.0
<13>1 2022-08-04T23:03:53+02:00 Ocelot.localdomain dhclient 16206 - [meta sequenceId="3"] New Broadcast Address (vtnet1): xxx.yyy.183.255
<13>1 2022-08-04T23:03:53+02:00 Ocelot.localdomain dhclient 17299 - [meta sequenceId="4"] New Routers (vtnet1): xxx.yyy.182.1
<13>1 2022-08-04T23:03:53+02:00 Ocelot.localdomain dhclient 18878 - [meta sequenceId="5"] route add default xxx.yyy.182.1
<13>1 2022-08-04T23:03:53+02:00 Ocelot.localdomain dhclient 19817 - [meta sequenceId="6"] Creating resolv.conf
<11>1 2022-08-04T23:03:53+02:00 Ocelot.localdomain opnsense 21296 - [meta sequenceId="7"] /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'vtnet1'
<11>1 2022-08-04T23:03:53+02:00 Ocelot.localdomain opnsense 21296 - [meta sequenceId="8"] /usr/local/etc/rc.newwanip: On (IP address: xxx.yyy.182.81) (interface: WAN[wan]) (real interface: vtnet1).
<13>1 2022-08-04T23:03:53+02:00 Ocelot.localdomain opnsense 21296 - [meta sequenceId="9"] plugins_configure hosts ()
<13>1 2022-08-04T23:03:53+02:00 Ocelot.localdomain opnsense 21296 - [meta sequenceId="10"] plugins_configure hosts (execute task : dnsmasq_hosts_generate())
<13>1 2022-08-04T23:03:53+02:00 Ocelot.localdomain opnsense 21296 - [meta sequenceId="11"] plugins_configure hosts (execute task : unbound_hosts_generate())
<13>1 2022-08-04T23:11:41+02:00 Ocelot.localdomain dhclient 23714 - [meta sequenceId="1"] Creating resolv.conf
<11>1 2022-08-04T23:11:41+02:00 Ocelot.localdomain opnsense 25784 - [meta sequenceId="2"] /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'vtnet1'
<11>1 2022-08-04T23:11:41+02:00 Ocelot.localdomain opnsense 25784 - [meta sequenceId="3"] /usr/local/etc/rc.newwanip: On (IP address: xxx.yyy.182.81) (interface: WAN[wan]) (real interface: vtnet1).
<13>1 2022-08-04T23:11:41+02:00 Ocelot.localdomain opnsense 25784 - [meta sequenceId="4"] plugins_configure hosts ()
<13>1 2022-08-04T23:11:41+02:00 Ocelot.localdomain opnsense 25784 - [meta sequenceId="5"] plugins_configure hosts (execute task : dnsmasq_hosts_generate())
<13>1 2022-08-04T23:11:41+02:00 Ocelot.localdomain opnsense 25784 - [meta sequenceId="6"] plugins_configure hosts (execute task : unbound_hosts_generate())
<13>1 2022-08-04T23:21:44+02:00 Ocelot.localdomain dhclient 13102 - [meta sequenceId="1"] New IP Address (vtnet1): xxx.yyy.182.81
<13>1 2022-08-04T23:21:44+02:00 Ocelot.localdomain dhclient 13960 - [meta sequenceId="2"] New Subnet Mask (vtnet1): 255.255.254.0
<13>1 2022-08-04T23:21:44+02:00 Ocelot.localdomain dhclient 14594 - [meta sequenceId="3"] New Broadcast Address (vtnet1): xxx.yyy.183.255
<13>1 2022-08-04T23:21:44+02:00 Ocelot.localdomain dhclient 15499 - [meta sequenceId="4"] New Routers (vtnet1): xxx.yyy.182.1
<13>1 2022-08-04T23:21:44+02:00 Ocelot.localdomain dhclient 17181 - [meta sequenceId="5"] route add default xxx.yyy.182.1
<13>1 2022-08-04T23:21:44+02:00 Ocelot.localdomain dhclient 18506 - [meta sequenceId="6"] Creating resolv.conf
<11>1 2022-08-04T23:21:44+02:00 Ocelot.localdomain opnsense 19811 - [meta sequenceId="7"] /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'vtnet1'
<11>1 2022-08-04T23:21:44+02:00 Ocelot.localdomain opnsense 19811 - [meta sequenceId="8"] /usr/local/etc/rc.newwanip: On (IP address: xxx.yyy.182.81) (interface: WAN[wan]) (real interface: vtnet1).
<13>1 2022-08-04T23:21:44+02:00 Ocelot.localdomain opnsense 19811 - [meta sequenceId="9"] plugins_configure hosts ()
<13>1 2022-08-04T23:21:44+02:00 Ocelot.localdomain opnsense 19811 - [meta sequenceId="10"] plugins_configure hosts (execute task : dnsmasq_hosts_generate())
<13>1 2022-08-04T23:21:44+02:00 Ocelot.localdomain opnsense 19811 - [meta sequenceId="11"] plugins_configure hosts (execute task : unbound_hosts_generate())
<13>1 2022-08-04T23:30:56+02:00 Ocelot.localdomain dhclient 83332 - [meta sequenceId="1"] New IP Address (vtnet1): xxx.yyy.182.81
<13>1 2022-08-04T23:30:56+02:00 Ocelot.localdomain dhclient 84019 - [meta sequenceId="2"] New Subnet Mask (vtnet1): 255.255.254.0
<13>1 2022-08-04T23:30:56+02:00 Ocelot.localdomain dhclient 84871 - [meta sequenceId="3"] New Broadcast Address (vtnet1): xxx.yyy.183.255
<13>1 2022-08-04T23:30:56+02:00 Ocelot.localdomain dhclient 85210 - [meta sequenceId="4"] New Routers (vtnet1): xxx.yyy.182.1
<13>1 2022-08-04T23:30:56+02:00 Ocelot.localdomain dhclient 87164 - [meta sequenceId="5"] route add default xxx.yyy.182.1
<13>1 2022-08-04T23:30:56+02:00 Ocelot.localdomain dhclient 88029 - [meta sequenceId="6"] Creating resolv.conf
<11>1 2022-08-04T23:30:56+02:00 Ocelot.localdomain opnsense 89254 - [meta sequenceId="7"] /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'vtnet1'
<11>1 2022-08-04T23:30:56+02:00 Ocelot.localdomain opnsense 89254 - [meta sequenceId="8"] /usr/local/etc/rc.newwanip: On (IP address: xxx.yyy.182.81) (interface: WAN[wan]) (real interface: vtnet1).
<13>1 2022-08-04T23:30:56+02:00 Ocelot.localdomain opnsense 89254 - [meta sequenceId="9"] plugins_configure hosts ()
<13>1 2022-08-04T23:30:56+02:00 Ocelot.localdomain opnsense 89254 - [meta sequenceId="10"] plugins_configure hosts (execute task : dnsmasq_hosts_generate())
<13>1 2022-08-04T23:30:56+02:00 Ocelot.localdomain opnsense 89254 - [meta sequenceId="11"] plugins_configure hosts (execute task : unbound_hosts_generate())

I have tried connecting a VM directly to upstream, and it pings for hours with no packet losses. Either the VM does not renew DHCP leases as frequently or DHCP lease renewal doesn't drop connections.
Pages1