Messages

Every once in a while, our Opnsense firewalls will report an IPV6 address on one or both of our WAN interfaces. The IP addresses are definitely not link local addresses, they start with 2601 for instance. We absolutely do not have IPV6 enabled anywhere in our system. IPV4 is preferred in settings, all our firewall rules are explicitly only IPV4, and every interface has IPV6 set to None. The firewalls don't always receive an address, only occasionally on reboot. If it has one, it usually goes away after a reboot.

I have a second problem, and I can't tell if this is related or not - the secondary firewall's unbound doesn't really work if the outgoing network interfaces includes our wireguard tunnels (which we want to so that if the local domain controller fails, the firewall can route requests to another site's domain controller). The configuration of tunnels on the primary and secondary are identical aside from individual tunnel addresses. If I disable the wireguard addresses on the outgoing interfaces on the secondary, unbound works fine, but if not, it times out. First firewall seems fine. During the troubleshooting process for this, I discovered that the timeouts correlate to the firewall attempting to route to an IPV6 DNS server - which should be impossible, since we don't use IPV6, and I have no idea why it's trying to do this.

This forum thread (https://forum.opnsense.org/index.php?topic=29266.0) helped identify a similar issue and fixed it on the primary, but I'm still seeing it on the secondary.

Any insights? Thanks.

Possibly solved: https://forum.opnsense.org/index.php?topic=29266.0
This thread seems to indicate that Unbound being set to all interfaces instead of manually specifying them is the problem. After I posted this question, I began to see the exact same behavior with it attempting to use ipv6 on an ipv4 only network and this has resolved it. I've had similar unrelated issues to Unbound so I'm not going to call this solved until I see this solution hold for several days but this appears to be the cause.

We have two firewalls in an HA / CARP configuration. We have them running Unbound for DNS. Every couple days, with no warning, Unbound fails, seemingly on both at the same time, yielding "failed to get a delegation (e.g. prime failure)" on every single DNS request. Restarting Unbound doesn't help, but rebooting the firewall itself does. These are running OPNsense 24.7.9_1 at the moment. There's no obvious cause in dmesg as far as we're aware. Does anyone know what might be happening?

We have two firewalls in a CARP failover relationship. Each one has two WANs and three LANs. While troubleshooting something earlier today, we realized that CARP failover wasn't behaving how we thought it was supposed to. We want the behavior to be such that if one of the interfaces fails - any of them - the backup takes over. More specifically, whichever one has the most functional interfaces. I guess a better configuration in the future would be to aim for specifically weighing on the WANs, but for now we want to get preempting working in the first place. 
Right now, when we kill one of the interfaces on the master, the second firewall's corresponding interface takes over as CARP master. However, ONLY that interface takes over. Which is useless - if the WANs fail on firewall 1 but the LANs don't, then the downstream hosts are going to send messages to the firewall which has the CARP master - which in this case is the firewall without WAN reachibility. 
Is it something with these advskews?
Obvious stuff:

• Disable pre-empt is off
• CARP itself is working, just not in a group

Well, the "Disk Usage" widget is replacing what was a file system information widget, so I think the scope still applies.

Hey all, we're getting ready to roll out updates to our firewalls to get them up to the latest version. I'm running it at home at the moment. The new gui is kinda nice, but I miss the ability to see the disk usage breakdown. We use RAM disks for our logging. Why isn't that included in the Disk widget? Why can't I edit the settings of the Disk Widget, but I can edit other things? I shouldn't have to either use the shell or use an external monitor like Zabbix to easily get this information.