Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Slashing

Pages1 2
#1
25.7, 25.10 Series / Re: CALL FOR TESTING: IPv6 improvements!
January 22, 2026, 06:44:38 AM
I have also completed the first part, and so far everything seems to be fine.
Code Select
vtnet0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: LAN (lan)
        options=880008<VLAN_MTU,LINKSTATE,HWSTATS>
        ether bc:24:11:e4:42:08
        inet 192.168.8.1 netmask 0xffffff00 broadcast 192.168.8.255
        inet6 fe80::be24:11ff:fee4:4208%vtnet0 prefixlen 64 scopeid 0x1
        inet6 2601:2c1:c600:5671:be24:11ff:fee4:4208 prefixlen 64 pltime 3700 vltime 3700
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
vtnet1: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: WAN (wan)
        options=880008<VLAN_MTU,LINKSTATE,HWSTATS>
        ether bc:24:11:e3:3c:83
        inet 76.30.75.80 netmask 0xfffffc00 broadcast 255.255.255.255
        inet 192.168.100.2 netmask 0xffffff00 broadcast 192.168.100.255
        inet6 fe80::be24:11ff:fee3:3c83%vtnet1 prefixlen 64 scopeid 0x2
        inet6 2001:558:6022:c6:b103:3def:f639:2dfb prefixlen 128 pltime 5505 vltime 5505
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>


vlan0.10: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: iot (opt1)
        options=80000<LINKSTATE>
        ether bc:24:11:e4:42:08
        inet 172.16.127.1 netmask 0xffffff00 broadcast 172.16.127.255
        inet6 fe80::be24:11ff:fee4:4208%vlan0.10 prefixlen 64 scopeid 0x7
        inet6 2601:2c1:c600:5672:be24:11ff:fee4:4208 prefixlen 64 pltime 3700 vltime 3700
        groups: vlan
        vlan: 10 vlanproto: 802.1q vlanpcp: 0 parent interface: vtnet0
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
#2
25.7, 25.10 Series / Re: Erratic behaviour of bundle dnsmasq -> unbound on specific addresses
January 12, 2026, 05:56:38 AM
For drill, the order of arguments is important. Try
Code Select
drill -p 53 fr.app.lgwebostv.com @127.0.0.1From man -
Code Select
drill [ OPTIONS ] name [ @server ] [ type ] [ class ]
#3
25.7, 25.10 Series / Re: SOLVED - 25.7.2 shadowsocks broken
August 28, 2025, 06:28:05 AM
Maybe you are specifying a "Server Address"? And not a "Local Address"?
#4
25.7, 25.10 Series / Re: SOLVED - 25.7.2 shadowsocks broken
August 26, 2025, 08:21:27 PM
Quote from: akolman on August 26, 2025, 08:14:07 PM
Quote from: franco on August 26, 2025, 01:03:10 PMHotfix is now live.

I take it that means I'm OK to run opnsense-patch?  Will be happy to test if so.  Would the command just be:

    # opnsense-patch -c plugins 0354e18?
No need to install the patch, just check for updates.
#5
25.7, 25.10 Series / Re: SOLVED - 25.7.2 shadowsocks broken
August 26, 2025, 08:17:26 PM
Quote from: franco on August 26, 2025, 01:03:10 PMHotfix is now live.
bish bash bosh :)
Thank you all so much. You'r the best!!!
#6
25.7, 25.10 Series / Re: 25.7.2 shadowsocks broken
August 24, 2025, 09:11:37 PM
If someone needs it and doesn't want to mess around, here's a quick-dirty solution.
Delete the files:
Code Select
/etc/rc.conf.d/shadowsocks_libev
/etc/rc.conf.d/ss_local
/usr/local/etc/rc.d/opnsense-ss-local
/usr/local/opnsense/service/templates/OPNsense/Shadowsocks/shadowsocks_libev
/usr/local/opnsense/service/templates/OPNsense/Shadowsocks/ss_local
/usr/local/opnsense/service/templates/OPNsense/Shadowsocks/ss_local.conf
And copy the files from the attachment. A reboot may be necessary.
#7
25.7, 25.10 Series / SOLVED - 25.7.2 shadowsocks broken
August 22, 2025, 06:52:10 AM
Hi! I can't start shadowbox.
There is an error when installing the plugin
Code Select
Starting configd.
*** OPNsense\Shadowsocks\General migration failed from 0.0.0 to 1.0.1, check log for details
*** OPNsense\Shadowsocks\Local migration failed from 0.0.0 to 1.0.1, check log for details
When the service is forced to start, the status in the backend log is 127.
If you know, please tell me what I should pay attention to?
#8
25.7, 25.10 Series / Re: upgrade to 25.7 -> bootloader too old
July 28, 2025, 10:18:39 PM
Quote from: tessus on July 28, 2025, 08:54:23 PM@Patrick Sure, here you go:

Code Select
root@cator00r:~ # gpart show -l
=>       40  234441568  ada0  GPT  (112G)
         40     409600     1  (null)  (200M)
     409640       1024     2  bootfs  (512K)
     410664  215567272     3  rootfs  (103G)
  215977936   16777216     4  swapfs  (8.0G)
  232755152    1686456        - free -  (823M)

Maybe first correct the file system type from null to efi? For example - "gpart modify -i 1 -t efi ada0"
#9
25.7, 25.10 Series / Re: upgrade to 25.7 -> bootloader too old
July 28, 2025, 06:51:52 PM
Quote from: beneix on July 28, 2025, 06:00:16 PM
Quote from: Slashing on July 28, 2025, 01:39:12 AMHello! There is a small utility for checking the bootloader.
I have never compiled anything from scratch on my OPNsense system. How would I go about installing this utility?
No compilation required, it's just a script. Download it, chmod +x it and run it as root.
#10
25.7, 25.10 Series / Re: upgrade to 25.7 -> bootloader too old
July 28, 2025, 01:39:12 AM
Hello! There is a small utility for checking the bootloader.
#11
25.1, 25.4 Legacy Series / Re: OPNsense breaks when updating to 25.1.6
May 16, 2025, 12:58:02 AM
Hi!Try this
At boot loader prompt, choose to configure boot options (or similar wording) and try:
unset hint.uart.1.at
boot

If this works, you can permanently comment the
Code:

hint.uart.1.at="isa"

entry in /boot/device.hints
#12
25.1, 25.4 Legacy Series / Re: 25.1.5 ikev2 with radius authentication is broken
April 10, 2025, 08:58:03 PM
Thanks Franco. You're awesome. Everything is working fine with the patch.
#13
25.1, 25.4 Legacy Series / Re: 25.1.5 ikev2 with radius authentication is broken
April 10, 2025, 07:59:37 PM
Thanks for the answer.
# /usr/local/opnsense/mvc/script/run_migrations.php - nothing in response, strongswan.conf also does not change
#14
25.1, 25.4 Legacy Series / 25.1.5 ikev2 with radius authentication is broken - Solved
April 10, 2025, 05:09:36 PM
Hi there. After updating from 25.1.4 to 25.1.5 ikev2 broke.
empty section with radius parameters in /usr/local/etc/strongswan.conf

Code Select
2025-04-10T09:53:13-05:00 Informational charon 16[NET] <77fea0b5-6d41-4707-a27a-fe283cc74685|4> sending packet: from 208.124.xx.xxx[4500] to 45.21.xx.xxx[4500] (65 bytes)
2025-04-10T09:53:13-05:00 Informational charon 16[ENC] <77fea0b5-6d41-4707-a27a-fe283cc74685|4> generating IKE_AUTH response 2 [ EAP/FAIL ]
2025-04-10T09:53:13-05:00 Informational charon 16[IKE] <77fea0b5-6d41-4707-a27a-fe283cc74685|4> loading EAP_RADIUS method failed
2025-04-10T09:53:13-05:00 Informational charon 16[IKE] <77fea0b5-6d41-4707-a27a-fe283cc74685|4> received EAP identity 'user'
2025-04-10T09:53:13-05:00 Informational charon 16[ENC] <77fea0b5-6d41-4707-a27a-fe283cc74685|4> parsed IKE_AUTH request 2 [ EAP/RES/ID ]
2025-04-10T09:53:13-05:00 Informational charon 16[NET] <77fea0b5-6d41-4707-a27a-fe283cc74685|4> received packet: from 45.21.xx.xxx[4500] to 208.124.xx.xxx[4500] (72 bytes)
2025-04-10T09:53:13-05:00 Informational charon 16[NET] <77fea0b5-6d41-4707-a27a-fe283cc74685|4> sending packet: from 208.124.xx.xxx[4500] to 45.21.xx.xxx[4500] (163 bytes)
2025-04-10T09:53:13-05:00 Informational charon 16[ENC] <77fea0b5-6d41-4707-a27a-fe283cc74685|4> generating IKE_AUTH response 1 [ IDr AUTH EAP/REQ/ID ]
2025-04-10T09:53:13-05:00 Informational charon 16[IKE] <77fea0b5-6d41-4707-a27a-fe283cc74685|4> authentication of 'vpn.on_opnsense.com' (myself) with ECDSA-256 signature successful
2025-04-10T09:53:13-05:00 Informational charon 16[IKE] <77fea0b5-6d41-4707-a27a-fe283cc74685|4> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
2025-04-10T09:53:13-05:00 Informational charon 16[IKE] <77fea0b5-6d41-4707-a27a-fe283cc74685|4> peer supports MOBIKE
2025-04-10T09:53:13-05:00 Informational charon 16[IKE] <77fea0b5-6d41-4707-a27a-fe283cc74685|4> initiating EAP_IDENTITY method (id 0x00)
2025-04-10T09:53:13-05:00 Informational charon 16[CFG] <77fea0b5-6d41-4707-a27a-fe283cc74685|4> selected peer config '77fea0b5-6d41-4707-a27a-fe283cc74685'
2025-04-10T09:53:13-05:00 Informational charon 16[CFG] <4> looking for peer configs matching 208.124.xx.xxx[vpn.on_opnsense.com]...45.21.xx.xxx[user]
2025-04-10T09:53:13-05:00 Informational charon 16[ENC] <4> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CPRQ(ADDR MASK DHCP DNS ADDR6 DHCP6 DNS6 DOMAIN) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr N(MOBIKE_SUP) N(EAP_ONLY) ]
2025-04-10T09:53:13-05:00 Informational charon 16[ENC] <4> unknown attribute type INTERNAL_DNS_DOMAIN
2025-04-10T09:53:13-05:00 Informational charon 16[NET] <4> received packet: from 45.21.xx.xxx[4500] to 208.124.xx.xxx[4500] (340 bytes)
2025-04-10T09:53:13-05:00 Informational charon 16[NET] <4> sending packet: from 208.124.xx.xxx[500] to 45.21.xx.xxx[500] (288 bytes)
2025-04-10T09:53:13-05:00 Informational charon 16[ENC] <4> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(CHDLESS_SUP) N(MULT_AUTH) ]
2025-04-10T09:53:13-05:00 Informational charon 16[IKE] <4> remote host is behind NAT
2025-04-10T09:53:13-05:00 Informational charon 16[CFG] <4> selected proposal: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_384/ECP_384
2025-04-10T09:53:13-05:00 Informational charon 16[IKE] <4> 45.21.xx.xxx is initiating an IKE_SA
2025-04-10T09:53:13-05:00 Informational charon 16[ENC] <4> parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
2025-04-10T09:53:13-05:00 Informational charon 16[NET] <4> received packet: from 45.21.xx.xxx[500] to 208.124.xx.xxx[500] (272 bytes)
#15
24.7, 24.10 Legacy Series / Re: 24.7.11_2. PHP error in IPsec/Mobile Clients
December 19, 2024, 09:56:50 AM
Thanks! It worked. You awesome!
Pages1 2