Messages

I could solve the problem, so for all of you who are in the same situation:

Realtek basically offers the following drivers:
- Auto Installation Program (NDIS) Not Support Power Saving
- Auto Installation Program (NDIS)
- Auto Installation Program (NetAdapterCx) Not Support Power Saving
- Auto Installation Program (NetAdapterCx)

I had the issue with the one from ASROCK driver (Realtek Lan driver ver:10.071.0425.2024). Based on the version, I think this is an NDIS driver. Then also with the "Auto Installation Program (NetAdapterCx)". Same result.

Now I also tried the "Auto Installation Program (NetAdapterCx) Not Support Power Saving". And finally all works fine.

So seems, that the power saving has caused this problem.

Connected by a switch. However same cable for the USB and for the Realtek.

IPv6 enabled for the NIC with DHCP enabled. Same for the Realtek and for the USB model.

I first used the Realtek driver from the ASROCK homepage for my mainboard. Then later also changed it to the latest from the Realtek homepage. Without any change.
As this is now happening with 2 computers and with a completely new Win11 installation, I was wondering if I am the only one.

Quite strange as it works for all my other devices (Linux), my work Laptop (win11) and also for my new Win11 computer if I just plug in the USB NIC...

On OPNSense ISC DHCPv6 I could see a lease given, but seems not to be received/accepted on my client.

btw: Service - Router Advertisements was "disabled", I changed it now to "Assisted". However does not make a difference.

Hi,

I had a Win11 Desktop with an ASROCK B550 Mainboard with a Realtek 2.5G NIC. And since some time I realized I did not get an IPv6 adress anymore.
All other devices work fine.

Now I got a new PC with a fresh Win11 installation. ASROCK X870 Pro RS board, again with a Realtek 2.5G NIC. Same problem. When I plug in a USB NIC, I get the IPv6 address.

Does anybody know problems like this?

Is anyone going to fix the version typo on the title of this thread?

Sorry ;)
Done

One question regarding DHCPv6 and RA.

In my LAN interface I track my WAN interface for IPv6 and just define a prefix for my 56-subnet I get from my provider.
If I then do not select the manual configuration (Allow manual adjustment of DHCPv6 and Router Advertisements).

What are then the defaults for DHCPv6 and RA?
My challenge is that, when the "manual configuration" is not ticked, I do not even see the Service->RA or the Service->ISC-DHCPv6 settings showing up.

OK thanks.
And just one (I think now rather stupid question).
I was always thinking, I am running a DHCPv6 server on my Opnsense.
But after a short ChatGPT consultation, I think I understood now that without the manual IPv6 configuration of the interface, I am only using router advertisement and the clients are using SLAAC to generate their IP. Is this correct?
This would explain why I cannot deactivate it and the only menu option below ISC DHCPv6 are the "Leases".

If I understood this right, I can ignore DHCPv6 in my current setup....?

OK, so this would mean before changing my setup waiting for 25.7. correct?

So if I understand right, then DNS would be still Unbound on port 53 and DNSMASQ on another port to answer queries for local hostnames?

And regarding ISC: I can dissable ISC for IPv4. But how does this work for IPv6? Can only view the leases there but find no further options.

Hi everybody,

honestly I am now a bit confused and need some advice.

In the past I was using unbound for DNS and ISC DHPC for DHCP.
I defined private IPV4 subnets in ISC-DHCP for my vlans.

For IPV6 i set DHCPv6 in my WAN interface (PPPOE - Deutsche Telekom) and in my LAN interfaces just tracked the WAN and set a prefix id.

Some time then, I switched to KEA for DHCPv4 (as it was supposed to be the new standard). Created my subnets there, set fixed IPs etc.

Now with Kea IPv6 and also everything in DNSMASQ: Which is the preferred setup?

Is it only DNSMASQ instead of ISC + KEA + UNBOUND?

I just installed the DNSCrypt plugin and I have the same problem with the logs

Reading the questions:
I just realized that I completely forgot about the DynDNS. I mean the time it needs to update.
I was super quick with testing. What a shame, if this would be the reason..... :-[

So I just rolled back to 24.1.1, updated again to 24.1.2 (without the patch).
I will now test again and having a look at the DynDNS topic....

So...
After a clean update to 24.1.2, a few minutes of just waiting and doing nothing, everyhting works nicely...  :)

So DynDNS could be an explanation....
However, there might have also been something else. Especialle because I was not able to start OPNsense yesterday at all.... no idea....

Thanks for the great support!
Just made a litte PayPal donation the the OPNsense project.

(1) Do you use DNS entries as endpoint addresses?

Yes, I have a dynamic IP, so I have a dyndns domain pointing to my OPNsense router.

(2) Do you use tunnel addresses on your instances?

Yes, this is the entry for the respective instance:    10.21.4.1/24,fd21:04::01/64
And allowed IPs for the peers. For example: 10.21.4.4/32,fd21:04::04/128
This addresses are then in the interface section of the client.

(3) Do you have allowed IPs on your peers?

Yes, different for split and full tunnel:
Full tunnel allowed IPs: 0.0.0.0/0,::/0
Split tunnel allowed IPS: 10.21.0.0/16

(4) Do you have the instances assigned as interfaces?

Yes

(5) If yes for (4) do you have an IPv4/IPv6 mode set in the interface?

IPv4 and IPv6 Configuration Type set to "none"

(6) If yes for (4) do you have VIPs assigned to these interfaces?

No


Reading the questions:
I just realized that I completely forgot about the DynDNS. I mean the time it needs to update.
I was super quick with testing. What a shame, if this would be the reason..... :-[

So I just rolled back to 24.1.1, updated again to 24.1.2 (without the patch).
I will now test again and having a look at the DynDNS topic....

OK. Following behaviour:

1. Updated again to 24.1.2 -> Wireguard did not work.
2. Applied the patch and rebooted. -> Wireguard did not work
3. Restarted Wireguard -> Wireguard worked
4. Reboot again -> Wireguard works

Until now. Everything was checked with my Android phone.

5. Reboot again -> Wireguard does not work on Android. However, iPad works.
A few connects and disconnects with both, Android and iPad. Suddenly both of them are working.


I tested Wireguard with the mobile LTE network but also out of my WLAN. Both showed the same behaviour.
Either both work, or both do not work.

Also both of my tunnes, split and full, showed the same behaviour.

This is difficult to nail down...

Anything that I could test now with the patched 24.1.2 installation?
Otherwise I would revert back to 24.1.1, reinstall 24.1.2 and continue testing to see if it is the same unstable behaviour....

# opnsense-patch 340a32473
or
# opnsense-patch 3340a32473

I guess it is the second to fit to the Github link correct? Just to be double-safe....

You could try reverting this one:

https://github.com/opnsense/core/commit/3340a32473

But it's basically a can of worms because it fixes a non-operational issue on the surface, which points to lack of proper setup if it causes breakage... perhaps meddling with VIPs or a left-over interface IPv4 configuration (this has been discontinued but some old configs may still have it) which is not optimal at the moment.

# opnsense-patch 3340a32473


Cheers,
Franco

I just created the 24.1.1 installation.
I was running OPNsense on bare metal and now switched to Proxmox.
I described the way I did it in this post https://forum.opnsense.org/index.php?topic=38942.msg190682#msg190682.

Anything I can check in my config that could be a potential problem?

i've had vpn stuck at boot only if dns race condition was a problem (e.g. adguard as a main dns; unbound can't resolve if not routed to wan).

I think this could also be the problem for my hang during boot.
However also only with 24.1.2.
I just have unbound, howver with "DNS over TLS" resolving to Cloudflare enabled.

Any way to dive into this? Do I just have to wait for a certain timeout? It seemd to completely stuck at "Configuring Wireguard VPN..." and I was not able to start OPNsense at all...