Messages

1

24.1 Legacy Series / Re: pf routing rules randomly start being ignored till service restart

« on: April 27, 2024, 04:03:43 am »

I have set up vxlan interfaces to link a VM host's guest (lab) VMs directly to my OPNsense firewall to create a DMZ. I'm finding traffic is blocked by the default rule despite rules on the interface which plainly match. Some of those packets make it through though, because software with robust retries kinda sorta still works.

Is there a way to trace rule evaluation?

2

General Discussion / Re: IPv6 Router Advertisements (RA) for SLAAC not working when gateway IPv6 static

« on: April 11, 2023, 05:40:52 pm »

FWIW, IPv6 supports CIDR, but in practice the routing tables can get huge if everyone uses a diversity of prefixes, especially nets smaller than 48 bit prefixes. The solution, by consensus and convention, is to only use 48 and smaller prefixes for router infrastructure, and delegation for nets smaller than 48 should all be 64 bit prefixes even for single hosts connecting to a VPN concentrator.

While using a 48 for your LAN may be POSSIBLE, expect problems because hosts expect to deal with 64s and routers don't want bloated routing tables.

3

23.1 Legacy Series / BROKEN OPNsense 23.1.5_4 sets delegated IPv6 net route interface to lo0

« on: April 10, 2023, 02:28:25 am »

I can resolve and ping anything from the firewall to the Internet, and it works for a while when I apply any configuration to the LAN interface. Eventually however something glitches and changes the IPv6 delegated 64 bit network route from my LAN interface to LOOPBACK (lo0), thus breaking IPv6 between everything on my LAN to the Internet.

 

What should I be logging to figure out where the gremlins are?

4

Hardware and Performance / Re: [Work In Progress] OPNsense Ported into ARM Devices

« on: January 25, 2023, 05:05:14 am »

It's not clear if you got a corrupted download, or whether you were able to decompress the image, or what the flash drive layout looks like after you wrote the raw blocks to it or what.

Do you have enough troubleshooting skills to understand what can go wrong with those steps and how to verify whether it did or not?

I followed what I understood on https://yrzr.tk/opnsense-22-for-aarch64/
but can't get RPI4B system to boot. I don't have a serial adapter so unfortunately can't troubleshoot a lot.

Here is what I did:

Downloaded:
OPNsense-22.1.10-OpenSSL-arm-aarch64-RPI.img.xz
and
OPNsense-22.7.5-OpenSSL-arm-aarch64-RPI.img.xz

Used Raspberry Pi Imager to write the img to file. Renamed config_rpi4.txt to config.txt and deleted config_rpi3.txt . Put the newly flashed card into RPI4 and powered it up. It gets to the rainbow/multicolour splash screen and then nothing. This was the case for both img files, written with either Raspberry Pi Imager or Balena Etcher, unarchived first or provided as .xz to the imager. I tried this on two RPI4.

I tried booting the same card on RPI3B+ with config_rpi3.txt renamed to config.txt and it booted, showing the boot process. I set a static IP and then used config_rpi4.txt renamed to config.txt to boot rpi4. Got the rainbow screen but could still access the system. So there is something wrong with the video.

Is there something wrong with the default config_rpi4.txt? What could I try to get the console to show on hdmi output?

Thanks

Same here (raspberry pi 4 8GB). Tried extracting the xz file before running dd, according to the instructions in https://yrzr.tk/opnsense-22-for-aarch64/#41-writing-the-image, but to no avail.

I can't either get the image to work under qemu, it boots and after I configure the ethernet adapters it hangs completely.