OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of authelia »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - authelia

Pages: [1]
1
24.1 Legacy Series / Re: DHCP relay stops working in 24.1.6
« on: May 29, 2024, 10:42:15 am »
Thanks. I have put a SNAT workaround on my DHCP servers so DHCPOFFER messages appear to come from the DHCPrelay address. DHCPOFFER messages were being dropped because the source didn't match the DHCPrelay address config.

Quote from: franco on May 29, 2024, 08:42:27 am
The patch fixes an endless loop in the packet capture. It's not a "functional" fix or it could also mean your setup is incorrect.

2
24.1 Legacy Series / Re: DHCP relay stops working in 24.1.6
« on: May 29, 2024, 08:34:04 am »
Thank for the patch. Unfortunately, DHCP relay is still not working for me.
I can see the DHCP responses from the server but these are not appearing on the correct interfaces.

root@OPNsense:/var/log/system # tcpdump -i igc1_vlan20 udp port 67 or port 68
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on igc1_vlan20, link-type EN10MB (Ethernet), capture size 262144 bytes
16:23:01.335025 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from b6:b7:dc:11:41:9a (oui Unknown), length 300
16:23:09.951942 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from b6:b7:dc:11:41:9a (oui Unknown), length 300
16:23:18.588958 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from b6:b7:dc:11:41:9a (oui Unknown), length 300
16:23:26.376540 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from b6:b7:dc:11:41:9a (oui Unknown), length 300
16:23:34.825601 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from b6:b7:dc:11:41:9a (oui Unknown), length 300
16:23:44.910245 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from b6:b7:dc:11:41:9a (oui Unknown), length 300




Quote from: franco on May 27, 2024, 01:16:37 pm
https://github.com/opnsense/core/issues/7471#issuecomment-2133085251

feedback on the latest binary is welcome...

3
24.1 Legacy Series / Re: DHCP relay stops working in 24.1.6
« on: May 15, 2024, 01:49:26 am »
Are there further commands I can issue to troubleshoot? The ones below don't seem to show much.

In my case, igc0 = WAN, igc1 = LAN (trunk)

Thanks.


root@OPNsense:~ # opnsense-log | grep rc.linkup
root@OPNsense:~ # 
root@OPNsense:~ # dmesg | grep link.state
igc0: link state changed to UP
igc1: link state changed to UP
lo0: link state changed to UP
igc1: link state changed to DOWN
igc0: link state changed to DOWN
igc1: link state changed to UP
igc1_vlan50: link state changed to UP
igc1_vlan20: link state changed to UP
igc1_vlan40: link state changed to UP
igc0: link state changed to UP
igc0: link state changed to DOWN
igc0: link state changed to UP

4
24.1 Legacy Series / Re: DHCP relay stops working in 24.1.6
« on: May 02, 2024, 08:16:35 am »
As a follow up, I am also experiencing issues with DHCP relay since the upgrade to 24.1.6. Previously, DHCP relay was working.

This is the current status:

  • I am not using Hyper-V
  • Everything is on physical devices.
  • DHCP guard is not enabled.
  • As a workaround, I have enabled DHCPv4 on Opnsense

Thank you.

5
24.1 Legacy Series / Re: VLAN and DHCP Relay Issues
« on: May 01, 2024, 03:00:36 am »
Quote from: franco on April 30, 2024, 04:05:36 pm
As a data point it would help to know if this is is a version before 24.1.6 or if this started with 24.1.6. If we don't have these data points it's harder to narrow this down (even if it is just a configuration hiccup).

This problem occurs only after 24.1.6.

  • I am not using Hyper-V
  • Everything is on physical devices.
  • DHCP guard is not enabled.
  • As a workaround, I have enabled DHCPv4 on Opnsense

6
24.1 Legacy Series / Re: VLAN and DHCP Relay Issues
« on: April 30, 2024, 04:49:36 am »
Quote from: Patrick M. Hausen on April 29, 2024, 06:13:14 pm
Why would the DHCP relay contact the server with a source address of .20.254 (VLAN 20)?

This is the behaviour that I see when DHCP Relay is enabled. It uses the interface of VLAN20 as the source.

Similar to Op, DHCP relay is also no longer working for me since upgrading to 24.1.6.


7
22.7 Legacy Series / Re: HAProxy Virtual IP Bind Issue
« on: August 30, 2022, 06:57:12 am »
As advised, I have also cross posted on the original support thread.

8
Tutorials and FAQs / Re: Tutorial 2022/08: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating
« on: August 30, 2022, 06:55:39 am »
I am trying to follow the instructions to enable HAProxy for internal domains. However, I can't seem to get the frontend listener for the virtual ip to work. Service binding is disabled for the virtual ip.

When the frontend listener for the virtual ip is enabled:

1. haproxy cannot start (when webgui is running).
2. webgui cannot start (when haproxy is running).

I have tried various things such as assigning the virtual ip from a brand new subnet etc. However the frontend listener for virtual ip seems to conflict with lighttpd no matter what I do. The only way I can get both services to start is to remove the virtual ip from /var/etc/lighty-webConfigurator.conf.

Virtual IP in LAN Subnet (192.168.1.0/24)

Code: [Select]
root@OPNsense:~ # sockstat -4 -l | grep lighttpd
root     lighttpd   28364 6  tcp4   192.168.1.65:443      *:*
root     lighttpd   28364 8  tcp4   192.168.1.1:443       *:*
root     lighttpd   28364 10 tcp4   192.168.1.65:80       *:*
root     lighttpd   28364 12 tcp4   192.168.1.1:80        *:*
root     sshd       84263 5  tcp4   192.168.1.1:22        *:*

root@OPNsense:~ # /usr/local/etc/rc.d/haproxy start
Starting haproxy.
[ALERT]    (2036) : Starting frontend 1_HTTP_frontend: cannot bind socket (Can't assign requested address) [192.168.1.65:80]
[ALERT]    (2036) : Starting frontend 1_HTTPS_frontend: cannot bind socket (Can't assign requested address) [192.168.1.65:443]
[ALERT]    (2036) : [/usr/local/sbin/haproxy.main()] Some protocols failed to start their listeners! Exiting.
/usr/local/etc/rc.d/haproxy: WARNING: failed to start haproxy

Virtual IP in Brand New Subnet (192.168.10.0/32)

Code: [Select]
root@OPNsense:~ # /usr/local/etc/rc.restart_webgui
Starting web GUI...done.
Generating RRD graphs...done.

root@OPNsense:~ # sockstat -4 -l | grep lighttpd
root     lighttpd   64654 6  tcp4   192.168.10.65:443     *:*
root     lighttpd   64654 8  tcp4   192.168.1.1:443       *:*
root     lighttpd   64654 10 tcp4   192.168.10.65:80      *:*
root     lighttpd   64654 12 tcp4   192.168.1.1:80        *:*
root     sshd       84263 5  tcp4   192.168.1.1:22        *:*

root@OPNsense:~ # /usr/local/etc/rc.d/haproxy start
Starting haproxy.
[ALERT]    (18033) : Starting frontend 1_HTTP_frontend: cannot bind socket (Address already in use) [192.168.10.65:80]
[ALERT]    (18033) : Starting frontend 1_HTTPS_frontend: cannot bind socket (Address already in use) [192.168.10.65:443]
[ALERT]    (18033) : [/usr/local/sbin/haproxy.main()] Some protocols failed to start their listeners! Exiting.

9
22.7 Legacy Series / Re: HAProxy Virtual IP Bind Issue
« on: August 30, 2022, 06:23:28 am »
Thanks Bunch and Franco for your assistance thus far.

Quote
It is advised to, as we don't know the config of your HAProxy, so we are unable to guess how it failed.

I have added the frontend listener for 0.0.0.0 as per the tutorial. However, as soon as I enable the frontend listener for the virtual ip, haproxy refuses to start.

What I am noticing is that as soon as the webgui starts up, lighttpd binds port 80 and 443 to the virtual ip (even though "Allow Services Binding" option is unchecked).

I even tried using a completely brand new subnet as the new virtual ip (unrelated to any of the interfaces). However, the same symptoms appear.

For example, changing the virtual ip to 192.168.10.65 (from 192.168.1.65 - LAN subnet is 192.168.1.0/24), I see the following as soon as the webgui is restarted.

Virtual IP in LAN Subnet

Code: [Select]
root@OPNsense:~ # sockstat -4 -l | grep lighttpd
root     lighttpd   28364 6  tcp4   192.168.1.65:443      *:*
root     lighttpd   28364 8  tcp4   192.168.1.1:443       *:*
root     lighttpd   28364 10 tcp4   192.168.1.65:80       *:*
root     lighttpd   28364 12 tcp4   192.168.1.1:80        *:*
root     sshd       84263 5  tcp4   192.168.1.1:22        *:*

root@OPNsense:~ # /usr/local/etc/rc.d/haproxy start
Starting haproxy.
[ALERT]    (2036) : Starting frontend 1_HTTP_frontend: cannot bind socket (Can't assign requested address) [192.168.1.65:80]
[ALERT]    (2036) : Starting frontend 1_HTTPS_frontend: cannot bind socket (Can't assign requested address) [192.168.1.65:443]
[ALERT]    (2036) : [/usr/local/sbin/haproxy.main()] Some protocols failed to start their listeners! Exiting.
/usr/local/etc/rc.d/haproxy: WARNING: failed to start haproxy
Virtual IP in Brand New Subnet

Code: [Select]
root@OPNsense:~ # /usr/local/etc/rc.restart_webgui
Starting web GUI...done.
Generating RRD graphs...done.

root@OPNsense:~ # sockstat -4 -l | grep lighttpd
root     lighttpd   64654 6  tcp4   192.168.10.65:443     *:*
root     lighttpd   64654 8  tcp4   192.168.1.1:443       *:*
root     lighttpd   64654 10 tcp4   192.168.10.65:80      *:*
root     lighttpd   64654 12 tcp4   192.168.1.1:80        *:*
root     sshd       84263 5  tcp4   192.168.1.1:22        *:*

root@OPNsense:~ # /usr/local/etc/rc.d/haproxy start
Starting haproxy.
[ALERT]    (18033) : Starting frontend 1_HTTP_frontend: cannot bind socket (Address already in use) [192.168.10.65:80]
[ALERT]    (18033) : Starting frontend 1_HTTPS_frontend: cannot bind socket (Address already in use) [192.168.10.65:443]
[ALERT]    (18033) : [/usr/local/sbin/haproxy.main()] Some protocols failed to start their listeners! Exiting.
/usr/local/etc/rc.d/haproxy: WARNING: failed to start haproxy

10
22.7 Legacy Series / Re: HAProxy Virtual IP Bind Issue
« on: August 29, 2022, 10:35:00 pm »
How can I reverse the wrong patch? Reapplying the same command doesn't seem to work.

Quote
Please make sure that only one of below statements can be true (If both statement true, your thing won't work)
1. In HAProxy, one of your frontends is binding to 0.0.0.0:80, or 0.0.0.0:443 or (WAN_IP):80 or (WAN_IP):443
2. In webui, you haven't changed the port and haven't disabled auto redirect, i.e. it's still using port 443 or 80

In my case, only (2) is true. I haven't changed the standard port and HTTP Redirect is unchecked.

Do I still need (1) if I have defined virtual ip?

11
22.7 Legacy Series / HAProxy Virtual IP Bind Issue
« on: August 29, 2022, 10:12:41 am »
Whenever I add a virtual ip and configure haproxy to listen to it on ports 80/443, I can't start:

1. haproxy (when webui is running) or
2. webui (when haproxy is running)

This issue seems very similar to the one reported for v22.1.

Patch 9a618ba6 doesn't seem to work on OPNsense 22.7.2-amd64.
Error message:

Code: [Select]
root@OPNsense:/var/log/system # opnsense-patch 9a618ba6
Found local copy of 9a618ba6, skipping fetch.
2 out of 6 hunks failed while patching etc/inc/interfaces.inc
Virtual ip is attached to lo0 with service binding disabled. I was trying to follow the haproxy tutorial

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2