1
24.1 Legacy Series / Re: Kea Control Agent Needed?
« on: May 16, 2024, 09:07:25 pm »
Perfect. Thank you. That is along the lines of what I was able to determine.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
24.1 Legacy Series / Kea Control Agent Needed?
« on: May 16, 2024, 03:29:49 pm »
I've switched my dhcp over to Kea. I've currently got the control agent disabled. Should I enable it? What purpose does it serve?
Thank you.
Thank you.
3
24.1 Legacy Series / Setting up HA with already existing configured opnsense
« on: February 12, 2024, 08:49:00 pm »
I've got an instance of opnsense that has been running without issue for over a year now. I'm wanting to add a second one in an ha configuration (carp). I'm wondering how I should start with the second one? Should I set it up with a restore from the existing primary or should it be blank with minimal configuration and let the sync process set it up?
Thank you.
Thank you.
4
24.1 Legacy Series / Re: On upgrade duckdb unsupported version.
« on: January 30, 2024, 08:45:18 pm »
Thank you Franco. I did the Reset DNS data option and was able to upgrade two remote sites without issue.
5
24.1 Legacy Series / Re: On upgrade duckdb unsupported version.
« on: January 30, 2024, 05:56:49 pm »
I did a clean install importing the existing config and it all went well. The only downside is this will have me visit all the other sites that I maintain so I'm on site when trying the upgrade.
Thanks.
Thanks.
6
24.1 Legacy Series / On upgrade duckdb unsupported version.
« on: January 30, 2024, 03:53:24 pm »
The upgrade went fine on my test environment instance so I figured I'd try it on my main instance and got the following when upgrading:
Is there a manual way to force the db to upgrade to a supported version?
Thank you
Code: [Select]
***GOT REQUEST TO UPGRADE***
Currently running OPNsense 23.7.12_5 at Tue Jan 30 09:41:44 EST 2024
Fetching packages-24.1-amd64.tar: ......................................... done
Fetching base-24.1-amd64.txz: .......... done
Fetching kernel-24.1-amd64.txz: ..... done
Extracting packages-24.1-amd64.tar... done
Extracting base-24.1-amd64.txz... done
Extracting kernel-24.1-amd64.txz... done
Please reboot.
>>> Invoking upgrade script 'squid-plugin.php'
Squid web proxy is not active. Not installing replacement plugin.
>>> Invoking upgrade script 'unbound-duckdb.py'
Traceback (most recent call last):
File "/usr/local/opnsense/site-python/duckdb_helper.py", line 65, in __enter__
self.connection = duckdb.connect(database=self._path, read_only=self._read_only)
duckdb.IOException: IO Error: Trying to read a database file with version number 39, but we can only read version 51.
The database file was created with DuckDB version v0.6.0 or v0.6.1.
The storage of DuckDB is not yet stable; newer versions of DuckDB cannot read old database files and vice versa.
The storage will be stabilized when version 1.0 releases.
For now, we recommend that you load the database file in a supported version of DuckDB, and use the EXPORT DATABASE command followed by IMPORT DATABASE on the current version of DuckDB.
See the storage page for more information: https://duckdb.org/internals/storage
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/etc/rc.syshook.d/upgrade/20-unbound-duckdb.py", line 41, in <module>
if export_database('/var/unbound/data/unbound.duckdb', '/var/cache/unbound.duckdb', 'unbound', 'unbound'):
File "/usr/local/opnsense/site-python/duckdb_helper.py", line 147, in export_database
with DbConnection(source, read_only=True) as db:
File "/usr/local/opnsense/site-python/duckdb_helper.py", line 75, in __enter__
raise StorageVersionException(str(e))
duckdb_helper.StorageVersionException: IO Error: Trying to read a database file with version number 39, but we can only read version 51.
The database file was created with DuckDB version v0.6.0 or v0.6.1.
The storage of DuckDB is not yet stable; newer versions of DuckDB cannot read old database files and vice versa.
The storage will be stabilized when version 1.0 releases.
For now, we recommend that you load the database file in a supported version of DuckDB, and use the EXPORT DATABASE command followed by IMPORT DATABASE on the current version of DuckDB.
See the storage page for more information: https://duckdb.org/internals/storage
>>> Error in upgrade script '20-unbound-duckdb.py'
***DONE***Is there a manual way to force the db to upgrade to a supported version?
Thank you
7
General Discussion / Re: Single /64 IPv6 range with multiple vlans?
« on: May 15, 2023, 01:38:04 pm »
Thank you for the reply. I figured as much but thought I'd ask incase there was a way I wasn't aware of. I've tried all the different prefix sizes from 64 to 56 and the only one that works is 64. (Here is one of the threads where I was trying different things: https://www.dslreports.com/forum/r33652078-IPv6-Prefix-Size)
I'll just now have to hope that my ISP eventually implements IPv6 better in the future.
Thank you.
I'll just now have to hope that my ISP eventually implements IPv6 better in the future.
Thank you.
8
General Discussion / Single /64 IPv6 range with multiple vlans?
« on: May 12, 2023, 09:24:11 pm »
My ISP only provides a /64 address and I've got it working just fine on my main network. Does anyone know of a way to make IPv6 available to my other vlans too?
I have reached out to my ISP (Robbers in Canada) and they say they won't give anything larger than /64 so the obvious (and easy) method isn't an option.
I have reached out to my ISP (Robbers in Canada) and they say they won't give anything larger than /64 so the obvious (and easy) method isn't an option.
9
General Discussion / Re: IPv6 Router Advertisements
« on: April 28, 2023, 02:19:52 pm »
Additional fun information. So it seems that if the windows computer is on a domain and you have both ipv4 and ipv6 enabled it will just get the ipv4 dns information but if you disable ipv4 and only have ipv6 enabled it will properly pull down the ipv6 dns entries. I guess another strange Microsoft thing.
10
General Discussion / IPv6 Router Advertisements
« on: April 28, 2023, 01:44:33 pm »
Which router advertisements mode should I be using to have it hand out the dns server information? All the settings I've tried so haven't worked.
I've got another setup where I don't have the "Allow manual adjustment of DHCPv6 and Router Advertisements" checked and it is handing out itself as the dns server no problem. I just can't seem to get this other instance to hand out the dns servers I want.
IPv6 browsing is working on the network it just isn't handing out the dns servers I want.
Setup: my isp is handing out a /64 prefix via dhcp and I've got track interface enabled on my lan interface.
I've got another setup where I don't have the "Allow manual adjustment of DHCPv6 and Router Advertisements" checked and it is handing out itself as the dns server no problem. I just can't seem to get this other instance to hand out the dns servers I want.
IPv6 browsing is working on the network it just isn't handing out the dns servers I want.
Setup: my isp is handing out a /64 prefix via dhcp and I've got track interface enabled on my lan interface.
11
General Discussion / Firewall TCP Version Seperate IPv4 and IPv6 rules or combined IPv4+IPv6 rules?
« on: February 12, 2023, 02:16:52 pm »
So I've currently got a bunch of rules that are setup between vlans and I've got two rules one for IPv4 and one for IPv6 and other than the TCP version they are the same. Is there any drawbacks to setting them up as a single IPv4+IPv6 rule?
Also if I've got an alias for networks that contains both IPv4 and IPv6 networks will the rule properly know how to apply that with the version combined?
My guess is yes but just wanted to confirm as the default configuration on the LAN connection is two separate rules.
Thank you,
Also if I've got an alias for networks that contains both IPv4 and IPv6 networks will the rule properly know how to apply that with the version combined?
My guess is yes but just wanted to confirm as the default configuration on the LAN connection is two separate rules.
Thank you,
12
General Discussion / Re: Unbound Domain Override for just one Interface
« on: February 06, 2023, 08:32:36 pm »
Thank you all for the suggestions. I've come up with one more and that is to just use dnsmasq for the vlan that has access to the tunnel and then use unbound for all other vlan's.
Thank you,
Thank you,
13
General Discussion / Unbound Domain Override for just one Interface
« on: February 06, 2023, 03:48:26 pm »
Does anyone know if there is a way to setup a domain override in Unbound for just a single interface? What I'm trying to do is setup a vpn tunnel for a single VLAN and have only clients on that vlan have dns entries forwarded to the dns on the other side where clients on all other vlan's will have their dns requests go to the standard public resolvers.
I'm just hoping there is a way without having to setup another dns server.
Thank you,
I'm just hoping there is a way without having to setup another dns server.
Thank you,
14
General Discussion / haproxy in opnsense vs manually installed on another dedicated machine.
« on: December 16, 2022, 01:33:09 am »
I've currently got haproxy running on a dedicated vm but was wondering what the differences are between that and running it in opnsense? Is it the same version/features or is there anything different? Would I gain / loose any functionality if I were to retire the VM and use haproxy inside opnsense?
Thank you,
Thank you,
Pages: [1]