Messages

I followed the instructions here: https://github.com/opnsense/docs/blob/master/source/manual/how-tos/tayga.rst, and configured Tayga, the normalizer, the inbound allow all for the tayga interface, and outbound NAT firewall rules. 


I have a /60 from my ISP, let's say it's 1111:2222:3333:2010::/60
My setup is as such:

IPV4 Address: 192.168.240.1
IPv4 NAT64 Interface Address: 192.168.239.255
IPv6 Address: ---
IPv6 NAT64 Interface Address: 1111:2222:3333:2010::6464
IPv6 Prefix: 1111:2222:3333:201f::/96
IPv4 Pool: 192.168.240.0/20
Custom Routing: False

If I traceroute to 1111:2222:3333:201f:1.1.1.1, I get the following:

Code Select Expand

traceroute6 to 1111:2222:3333:201f::1.1.1.1 (1111:2222:3333:201f::101:101) from 1111:2222:333:2010::6464, 64 hops max, 28 byte packets
 1  1111:2222:3333:201f::c0a8:f001  0.148 ms  0.083 ms  0.033 ms
 2  1111:2222:3333:201f::c0a8:efff  0.066 ms  0.209 ms  0.135 ms
 3  * * *
 4  * * *
 5  * * *

So it looks like it's doing all the right things to generate the right IPs, but it's not sending things out.  I have been racking my brain for 2 days on this.  I even followed this video: https://youtu.be/WZSdpY_VgyY?si=9A_WJJJp1J-IdZnW, and followed to a tee (minus the ipv6 address he uses), and I got the same result. 

Any help would be greatly appreciated.  TIA!

-Travis

Hey all,

  I spent the weekend to get my IPSec road warrior up and running successfully.  I was at first running dual stack, and IPv6 wasn't working, but IPv4 was.  It turns out I had the wrong subnet.  Rookie mistake.  Once I got the right subnet up and running though, I didn't have any network connectivity, except ICMP and UDP traffic.. or so I thought.  I had the DNS in my IPSec IPv4 pool to my adguard instance hosted on my opnsense box, so 192.168.1.1.  I could see traffic getting to the DNS server, but for some reason, my end user device was not getting the answers.  I stumbled across this: https://forum.opnsense.org/index.php?topic=30967.0.  That told me I need to set up a static route for the IPSec subnet so that the DNS servers could figure out where to send the packets.  I realize I could use a public DNS, and it would work, but then I wouldn't get any of my adguard features, which is part of the reason I wanted to do this in the first place. 

  I was also hoping that the documentation could get updated, since it has the user configure the DNS to the router, so the guide won't work as is.
 
  I hope someone finds this useful.

Thanks!

 

Well, I moved /usr/local/etc/unbound to /usr/local/etc/unbound.bak and /usr/local/etc/unbound.opnsense.d to /usr/local/etc/unbound.opnsense.d.bak, reinstalled unbound and now it's working. 

I upgraded to 24.7.10_2-amd64 last night, and now Unbound will not start.  I can start it by hand using the 'service' command from the shell, but if I use the GUI or pluginctl, it doesn't start.  The logs are pretty sparse and just show:

Code Select Expand

Unable to open pipe. This is likely because Unbound isn't running.


I do not have anything else listening on this port (53530) and have 200GB free on my disk.

Is there a way to get more detailed logs, or does anyone have any suggestions on how  I should try to resolve this?

Thanks!

I think I am in the same boat.  I have tailscale set up with subnet routing on both sides (I am paying for 2 subnets).  I have 2 subnets I want to connect: 192.168.10.0/24 and 192.168.77.0/24.  I can ping any 192.168.77.x IP from my router (192.168.10.1), but I cannot ping anything on 192.168.77.1 from my laptop (192.168.10.24).  I have set up a gateway and route according to the screenshots, but nothing.