Messages

1

23.7 Legacy Series / Re: Behind the FRITZ!box Settings

« on: September 14, 2023, 05:05:37 pm »

Whatever the mask it is, you are right.
I oughtta get my eyes checked since I totally read those third octets as being different. They are indeed the same. Ouch. 

2

23.7 Legacy Series / Re: Port Forward setup to only allow selective external IP's

« on: September 14, 2023, 04:58:45 pm »

Firewall -> Aliases -> + (add new) -> Type: Hosts
Then add the external IP addresses that should be allowed and choose a useful name for the alias.

Next, edit the firewall rule that allows incoming traffic from WAN to your local PBX. There you select the alias you just created as allowed source.

3

23.7 Legacy Series / Re: Behind the FRITZ!box Settings

« on: September 14, 2023, 04:55:07 pm »

We do not know the subnet sizes, do we?

4

German - Deutsch / Re: PPPoE reconnect "verliert" IPv6 Adressen

« on: January 11, 2023, 08:19:08 am »

Ich habe mit OPNsense 22.7.10_2 das selbe Problem und wir sind auch nicht allein: https://github.com/opnsense/core/issues/6223#issue-comment-box

5

22.7 Legacy Series / Re: Need Help - Debugging slow webgui

« on: November 08, 2022, 02:00:36 pm »

Could you do a DNS lookup of the hostname you are using to access the GUI and see if it returns a single address or multiple values, some of which might not be reachable beacuse of firewall rules?

6

22.7 Legacy Series / Re: "Lookup hostnames" no longer works in Firewall: Log Files: Live View

« on: October 30, 2022, 09:39:56 pm »

For what it's worth: It's working here again. Not sure if clearing the browser cache helped or if it was some heisenbug.

Edit: Clearing the browser cache fixed this issue with Chrome/Windows 10 as well as Safari/macOS 13.0.

7

22.7 Legacy Series / Re: "Lookup hostnames" no longer works in Firewall: Log Files: Live View

« on: October 30, 2022, 06:58:00 pm »

I can reproduce this on OPNsense 22.7.6-amd64 using Unbound as DNS resolver.

8

General Discussion / Re: 3CX Phone System and OPNSense

« on: October 04, 2022, 03:27:09 pm »

I can confirm that the solution described by comet does indeed fix this problem.

Posting to add that you should flush your state table after adding the custom outbound NAT rule - just in case some other host is using any of the required ports.

Firewall > Diagnostics > States > "Actions" tab > "Reset state table" button.

9

22.7 Legacy Series / Re: Why aren't interfaces assigned IPv6 link-local addresses?

« on: September 19, 2022, 11:01:06 pm »

That interface still shows IFDISABLED

Indeed, but why? Does it stay in disabled state until it receives a prefix?

73

10

22.7 Legacy Series / Re: Why aren't interfaces assigned IPv6 link-local addresses?

« on: September 19, 2022, 09:55:06 pm »

It says the interface is disabled.  Also no carrier, doesn't that mean isn't plugged in?

Yes, sorry I unplugged it a few times while testing and didn't notice when taking the screenshots.

Here's the same thing when connected:

Code: [Select]

ifconfig igc1
igc1: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: USERS
        options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,NOMAP>
        ether 60:be:b4:02:38:61
        inet 10.1.2.1 netmask 0xffffff00 broadcast 10.1.2.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

11

22.7 Legacy Series / Re: Why aren't interfaces assigned IPv6 link-local addresses?

« on: September 19, 2022, 09:20:52 pm »

This is unique to your setup.

That's encouraging! 

Going to Interfaces: Overview will show that an ipv6 link local is applied to each interface.

It does not and neither does ifconfig.

Here is an example of an interface that has Track Interface configured, while the the uplink is down (hasn't acquired a prefix yet):

Code: [Select]

% ifconfig igc1
igc1: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: USERS
        options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,NOMAP>
        ether 60:be:b4:02:38:61
        inet 10.1.2.1 netmask 0xffffff00 broadcast 10.1.2.255
        media: Ethernet autoselect
        status: no carrier
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
See the attached screenshot for the Web GUI view of that interface.

12

22.7 Legacy Series / Re: Why aren't interfaces assigned IPv6 link-local addresses?

« on: September 19, 2022, 08:33:42 pm »

Test case 3:

• Manually assign an fe80::/64 IP Alias under Interfaces / Virtual IPs
• IPv6 Configuration Type: Static IPv6
• Set IPv6 address to valid non-link-local IPv6 address.

Result: neighbor solicitations for both, the link-local and the statically configured interface address are sent from an all-zeroes address.

13

22.7 Legacy Series / Re: Why aren't interfaces assigned IPv6 link-local addresses?

« on: September 19, 2022, 08:25:16 pm »

On further investigation I noticed that OPNsense not only fails to assign a link-local address but sends its ICMPv6 messages from an all-zeroes address. See attached nighbor discovery message for example. The destination address is generated correctly in this case.

14

22.7 Legacy Series / Why aren't interfaces assigned IPv6 link-local addresses?

« on: September 19, 2022, 08:14:01 pm »

It appears that 22.7 does not automatically assign link-local addresses to an interface once IPv6 is enabled.

Test case 1:

• IPv6 Configuration Type: Track Interface
• Set Track IPv6 Interface to valid Interface and Prefix ID.

Test case 2:

• IPv6 Configuration Type: Static IPv6
• Set IPv6 address to valid non-link-local IPv6 address.

Result in both cases: the interface picks up the configured address but no link-local address is assigned.

What's going on?

15

German - Deutsch / Warum bekommen die Interfaces keine IPv6 link-local Adressen?

« on: September 19, 2022, 07:34:22 pm »

IPv6 Configuration Type: Track Interface
Track IPv6 Interface:
 IPv6 Interface: WAN
 IPv6 Prefix ID: 0x2

Solange kein GUA-Prefix per DHCPv6 von upstream auf das WAN-Interface kam, gibt es auf dem lokalen Interface in OPNsense auch keine LLA.

Muss das so, soll das so, oder übersehe ich was?

edit: Ist eskaliert, siehe hier.