Messages

Hey, i hope you are doing fine.

I have most of my services provided by VMs mapped with static IPs accordingly in a Non-DHCP range in OPNsense.
They are associated with their hostname, so as usual, i can access my Proxmox Backup Server by using it's DNS name "pbs" and similar for other services.
There is now this one machine, and i was suspecting the machine, so i set it up from scratch, my Zabbix machine, which is causing issues.
My DHCP/Hostname static mapping in OPNsense works fine for quite a time, i can access my Web-GUI through the zabbix DNS name, but after a certain time, OPNsense won't resolve zabbix as hostname anymore! The other ones like pbs still work like a charm and never caused issues. Only this one.
I tried deleting, re-adding the static entry already, no difference.

It looks like that.
What's wrong here? Even from the OPNsense machine itself, it doesn't seem to recognize any Zabbix host anymore, even though it's still online.
When this occurs, i usually have to reboot the OPNsense machine, and then this specific hostname works for a while again.

I hope someone can help me out on this! Thanks in advance, and best regards!

You cannot view this attachment.
You cannot view this attachment.

I don't see anything wrong in these screenshots. The link-local gateway for IPv6 is fine, so long as that is actually the LLA of your (ISP's) upstream gateway. The gateway is not monitored because you have disabled that ("Disable Gateway Monitoring" is checked).

Thanks a lot!
Yep that's the issue, when i monitor the gateway it goes down, because it's not the link-local address of the upstream gateway.

Thank you very much for your responses!
I've attached a few screenshots for reference.

As shown in the screenshots, the WAN interface is receiving an IPv6 address. However, it does not appear in the Gateways section, which prevents proper interface traffic monitoring for packet loss, latency, etc., and also impacts the functionality of DDNS for IPv6.

The LAN interfaces and clients are receiving their IPv6 prefixes and addresses correctly, so the issue seems to be limited to the WAN interface and its IPv6 address.

Is there any workaround for this? Currently, only the link-local IPv6 address is displayed in the Gateways section.

Thanks in advance for your help!

Ah, thanks for your advice.
I get an IPv6 prefix, and so the LAN interface.
Regarding the missing IPv6 connectivity, i think there is something wrong with my GW settings, am i missing something here?
I will attach a screenshot in my first post.
So according to the gateway settings, WAN6 is defunct.

Hi everyone, I hope you're doing well! 😊

I'm currently facing an issue with my setup on OPNsense when attempting a PPPoE login. While I successfully get an IPv4 address assigned, and it seems like an IPv6 address is also assigned, the WAN6 gateway only displays a link-local IPv6 address. IPv4 connectivity works flawlessly, but I can't seem to get proper IPv6 functionality.

Here's a bit more about my setup:

    Provider: NetCologne (regional ISP in Germany)
    Connection Type: PPPoE with VLAN ID 10
    Authentication: PAP/CHAP

The IPv6 setup requirements provided by my ISP are as follows:

•         SLAAC (Stateless Address Autoconfiguration) as per RFC 4862
•         IPv6 assignment via DHCPv6 as per RFC 3315
•         DHCPv6 Option: IAPD (Identity Association for Prefix Delegation) as per RFC 3633

Am I missing something in the OPNsense configuration to make IPv6 work correctly? For context, this setup works fine on OpenWrt, but I can't seem to replicate the success on OPNsense.

I'd really appreciate any insights or suggestions to help me get this resolved. Thanks in advance for your help! 😊

You cannot view this attachment.
You cannot view this attachment.
You cannot view this attachment.
You cannot view this attachment.

Hey, hat jemand hierzu schon was gehabt? Bei mir gleiches Problem.

Hello everyone,

I hope you're all doing well. I'm currently working on establishing a site-to-site tunnel using IPsec and IKEv2, and I've run into a bit of a snag that I'm hoping you could help me troubleshoot.

Here's the setup:
- **Local endpoint:** OPNsense 22.7 appliance
- **Remote endpoint:** FortiGate firewall
- **Routing:** Policy routing implemented

The tunnel is active, and connectivity seems partially established. The remote host can attempt to ping the local endpoint; however, the local endpoint does not respond. Furthermore, when I SSH into the OPNsense appliance, I'm unable to ping both the remote host and my local IPsec interface. Intriguingly, attempts to ping the local IPsec interface are being routed through the default gateway, leading to no responses:

Code Select Expand


root@sin01-edge-opnsense-fw01:~ # ping 198.18.192.15
PING 198.18.192.15 (198.18.192.15): 56 data bytes
^C
--- 198.18.192.15 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

root@sin01-edge-opnsense-fw01:~ # ping 198.18.192.16
PING 198.18.192.16 (198.18.192.16): 56 data bytes
^C
--- 198.18.192.16 ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss

root@sin01-edge-opnsense-fw01:~ # traceroute 198.18.192.16
traceroute to 198.18.192.16 (198.18.192.16), 64 hops max, 40 byte packets
1 192.168.178.1 (192.168.178.1)  0.988 ms  1.104 ms  1.498 ms


It seems like there might be a routing issue, especially for the local connected interface. Have any of you experienced something similar or have insights on what might be going wrong here? Any suggestions or guidance would be greatly appreciated.

Thank you in advance for your help!

Thank you so much!


Now i have a working build  ;D Thanks!

Code Select Expand

1+0 records out
4096 bytes transferred in 0.000126 secs (32562207 bytes/sec)
Creating `/usr/obj/usr/tools/config/22.7/OpenSSL:amd64/efiboot.img'
/usr/obj/usr/tools/config/22.7/OpenSSL:amd64/efiboot.img: 4039 sectors in 4039 FAT12 clusters (512 bytes/cluster)
BytesPerSec=512 SecPerClust=1 ResSectors=1 FATs=2 RootDirEnts=512 Sectors=4096 Media=0xf0 FATsecs=12 SecPerTrack=63 Heads=255 HiddenSecs=0
Populating `/usr/obj/usr/tools/config/22.7/OpenSSL:amd64/efiboot.img'
Image `/usr/obj/usr/tools/config/22.7/OpenSSL:amd64/efiboot.img' complete
>>> Building dvd image... -- 0:make -- time-stamp -- Sep/08/23 13:09:44 --
-- 0:make -- time-stamp -- Sep/08/23 13:09:47 --
done


Thanks a lot already!

One more question :) Are there any log files or anything else generated by the build process?
Unfortunately the build fails with error 1.

Code Select Expand

-rw-r--r--  1 root  wheel   805M Sep  8 03:07 packages-22.7.11-OpenSSL-amd64.tar
>>> WARNING: The build provided additional info.
>>> Package list inconsistency for emulators/qemu-guest-agent
>>> Package list inconsistency for net/librdkafka
>>> Package list inconsistency for www/squid
>>> ERROR: The build encountered fatal issues!
>>> Aborted version 1.12.4_4 for sysutils/consul
*** Error code 1

Stop.
make: stopped in /usr/tools


If your goal is to simply acquire a vanilla 22.7.11 iso, there's a faster way. From my cookbook:

Code Select Expand


cd /usr
git clone https://github.com/opnsense/tools
cd tools
make update OS=13.1 SRCBRANCH=stable/22.7 PLUGINSBRANCH=stable/22.7 COREBRANCH=stable/22.7 VERSION=22.7.11
make prefetch-base,kernel VERSION=22.7.9
rsync -vaz rsync://mirror.ams1.nl.leaseweb.net/opnsense/FreeBSD:13:amd64/22.7/MINT/22.7.11/OpenSSL /tmp/opnsense
tar -C /tmp/opnsense/OpenSSL -cf /usr/local/opnsense/build/22.7/amd64/sets/packages-22.7.11-OpenSSL-amd64.tar .
make dvd


Shouldn't take too long.

Cheers
Maurice

Thanks a lot!
Yes that's what i wanted to achive, i'd like to build a simple Vanilla image for VMs as well as ARM.
One more question, which system did you use to build? I've used FreeBSD 13.1 now, but unfortunately the proper 'pkg' version is not available anymore for 13.1, so the one for 13.2 is being installed instead which leads to the following error.
Asked in the FreeBSD IRC for help, but they simply said 'FreeBSD 13.1 is EOL, don't use it'
Thanks in advance!

Code Select Expand

>>> Running build step: ports
>>> Passing arguments: (none)
Installed pkg version '1.19' does not match required version '1.18'
*** Error code 1

Stop.
make: stopped in /usr/tools


Hello everyone! I hope you're all doing well. I've been using OPNsense for a while now and have several systems set up in my home environment. To conduct some further testing, I decided to build the 22.7.11 release from scratch on a FreeBSD 13.1 machine. I followed these steps to clone the git repository and initiate the build process:

Code Select Expand


    git clone --depth 1 --branch 22.7.11 https://github.com/opnsense/tools
    env ROOTDIR=/tmp/opnsense TOOLSBRANCH=22.7.11 OS=13.1 make update
    env ROOTDIR=/tmp/opnsense TOOLSBRANCH=22.7.11 OS=13.1 make dvd

However, I encountered an issue during the build process, which led to a failure after approximately 12 hours of building. The error message I received is as follows:

Code Select Expand

    Number of packages to be removed: 11
    The operation will free 109 MiB.
   
    [1/11] Deinstalling squid-5.9...
    [1/11] Deleting files for squid-5.9: 100%
    ==> You should manually remove the "squid" user.
    ==> You should manually remove the "squid" group
    [2/11] Deinstalling krb5-1.21.2...
    [2/11] Deleting files for krb5-1.21.2: 100%
    [3/11] Deinstalling openldap24-client-2.4.59_4...
    [3/11] Deleting files for openldap24-client-2.4.59_4: 100%
    [4/11] Deinstalling cyrus-sasl-2.1.28...
    [4/11] Deleting files for cyrus-sasl-2.1.28: 100%
    To delete Cyrus user permanently, use 'pw userdel cyrus'
    To delete Cyrus group permanently, use 'pw groupdel cyrus'
    [5/11] Deinstalling gmake-4.3_2...
    [5/11] Deleting files for gmake-4.3_2: 100%
    [6/11] Deinstalling readline-8.2.1...
    [6/11] Deleting files for readline-8.2.1: 100%
    [7/11] Deinstalling gettext-runtime-0.22_1...
    [7/11] Deleting files for gettext-runtime-0.22_1: 100%
    [8/11] Deinstalling pkg-1.19.2...
    [8/11] Deleting files for pkg-1.19.2: 100%
    [9/11] Deinstalling indexinfo-0.3.1...
    [9/11] Deleting files for indexinfo-0.3.1: 100%
    [10/11] Deinstalling openssl-1.1.1v,1...
    [10/11] Deleting files for openssl-1.1.1v,1: 100%
    [11/11] Deinstalling perl5-5.32.1_4...
    [11/11] Deleting files for perl5-5.32.1_4: 100%
    Creating repository in /usr/obj/tmp/opnsense/tools/config/22.7/OpenSSL:amd64/.pkg-new/: 100%
    Packing files for repository: 100%
    >>> Removing packages set
    >>> Creating package mirror set for 23.7.3_60-OpenSSL-amd64... done
    -rw-r--r--  1 root  wheel   858M Sep  6 12:32 packages-23.7.3_60-OpenSSL-amd64.tar
    >>> ERROR: The build encountered fatal issues!
    >>> Aborted version 1.12a for sysutils/cciss_vol_status
    >>> Aborted version 7.26.0 for sysutils/puppet7
    *** Error code 1
   
    Stop.
    make: stopped in /tmp/opnsense/tools

I'm wondering what might be causing this issue, and if there are any specific commands or additional parameters I need to provide in order to successfully build a DVD image for the 22.7.11 release. Thank you in advance for your assistance!
Somehow 23.7.x packages are in between, something seems to be mixed.

Were you able to solve this issue? I'm having the same problem.

Hey friends how are you doing.
I'm trying to use FRR in order to use OSPF. Unfortunately the frr plugin is throwing errors, also during install i already got this message on both machines.

These are the messages i see.

Code Select Expand


[EC 100663299] setsockopt_so_recvbuf: fd 13: SO_RCVBUF set to 2097152 (requested 8388608)
[EC 100663299] setsockopt_so_sendbuf: fd 13: SO_SNDBUF set to 2097152 (requested 8388608)

I've found this thread, but it's quite old and unfortunately didn't apply in my case.
https://forum.opnsense.org/index.php?topic=26857.0

Is there something broken with the FRR package? Thanks in advance!

Hey friends, how are you doing.

I have migrated my network from using OpenWrt to OPNsense and i am extremely satisfied.

Unfortunatly i am encountering some weird behaviour.

I have got a bunch of servers, accessible through my management VLAN 110 in 172.20.32.0/19.

My trusted LAN network is in VLAN 3 in 192.168.3.0/24.

Now the interesting part. A lot of times now, when i establish SSH connections from one of my PCs in 192.168.3.0/24, to one of my servers in 172.20.32.0/19 the connection is dropped after some random amount of time. It occurs very frequently, and after a bunch of seconds.

Some example, of SSH connection going down, while being logged into my TrueNAS machine.

Code Select Expand

ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
ipmi0: Watchdog set returned 0xd5
root@truenas[~]# debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1
debug1: channel 0: free: client-session, nchannels 1
Connection to 172.20.32.5 closed by remote host.
Connection to 172.20.32.5 closed.
Transferred: sent 2992, received 47976 bytes, in 94.1 seconds
Bytes per second: sent 31.8, received 510.1
debug1: Exit status -1

Whenever a connection dies to any of my servers its aborted with closed by remote host message.

Even SSH ZFS replications on TrueNAS, to a different subnet, loose their SSH connection the same way.

When SSHing inside of one subnet, so not going through the OPNsense appliance it works flawlessly.


Also another example. When trying to iperf3 to a different subnet, there is simply starvation. No traffic at all. Going through the directly connected subnet it works fine.

Code Select Expand

chairman@fedora:~$ iperf3 -c 192.168.200.5
Connecting to host 192.168.200.5, port 5201
[  5] local 192.168.3.22 port 50422 connected to 192.168.200.5 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec   386 KBytes  3.16 Mbits/sec    2   1.41 KBytes       
[  5]   1.00-2.00   sec  0.00 Bytes  0.00 bits/sec    1   1.41 KBytes       
[  5]   2.00-3.00   sec  0.00 Bytes  0.00 bits/sec    0   1.41 KBytes       
[  5]   3.00-4.00   sec  0.00 Bytes  0.00 bits/sec    1   1.41 KBytes       
[  5]   4.00-5.00   sec  0.00 Bytes  0.00 bits/sec    0   1.41 KBytes       
[  5]   5.00-6.00   sec  0.00 Bytes  0.00 bits/sec    0   1.41 KBytes       
[  5]   6.00-7.00   sec  0.00 Bytes  0.00 bits/sec    1   1.41 KBytes       
[  5]   7.00-8.00   sec  0.00 Bytes  0.00 bits/sec    0   1.41 KBytes       
[  5]   8.00-9.00   sec  0.00 Bytes  0.00 bits/sec    0   1.41 KBytes       
[  5]   9.00-10.00  sec  0.00 Bytes  0.00 bits/sec    0   1.41 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   386 KBytes   316 Kbits/sec    5             sender
[  5]   0.00-10.00  sec  65.0 KBytes  53.3 Kbits/sec                  receiver

iperf Done.

Code Select Expand

chairman@fedora:~$ iperf3 -c 192.168.3.5
Connecting to host 192.168.3.5, port 5201
[  5] local 192.168.3.22 port 41500 connected to 192.168.3.5 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec   113 MBytes   946 Mbits/sec   12    153 KBytes       
[  5]   1.00-2.00   sec   111 MBytes   933 Mbits/sec    9    158 KBytes       
[  5]   2.00-3.00   sec   112 MBytes   939 Mbits/sec    6    212 KBytes       
[  5]   3.00-4.00   sec   111 MBytes   933 Mbits/sec   11   96.2 KBytes       
[  5]   4.00-5.00   sec   111 MBytes   933 Mbits/sec   12    204 KBytes       
[  5]   5.00-6.00   sec   111 MBytes   932 Mbits/sec    9    136 KBytes       
[  5]   6.00-7.00   sec   112 MBytes   940 Mbits/sec   10    161 KBytes       
[  5]   7.00-8.00   sec   111 MBytes   932 Mbits/sec   11    168 KBytes       
[  5]   8.00-9.00   sec   111 MBytes   932 Mbits/sec   13    171 KBytes       
[  5]   9.00-10.00  sec   111 MBytes   933 Mbits/sec    9    184 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  1.09 GBytes   936 Mbits/sec  102             sender
[  5]   0.00-10.00  sec  1.09 GBytes   934 Mbits/sec                  receiver

iperf Done.



What is wrong here? Did anyone encounter some similar behaviour before?

Thanks in advance!