Messages

I guess everything is working as intended:

Code Select Expand

root@OPNsense:~ # ping -6 heise.de
ping: cannot resolve heise.de: Address family for hostname not supported
root@OPNsense:~ # ping -6 www.heise.de
PING(56=40+8+8 bytes) 2a0c:d242:1:90:1000::3dc7 --> 2a02:2e0:3fe:1001:7777:772e:2:85
16 bytes from 2a02:2e0:3fe:1001:7777:772e:2:85, icmp_seq=0 hlim=58 time=20.612 ms
Maybe the documentation should be fixed.

I'm on OPNsense 25.1 coneected to MDCC cable internet with the modem in bridged mode.
IPv4 works well but I struggle to properly setup IPv6 for the local network. My current settings:

WAN: DHCPv6
Prefix delegation size "56" ( "ifctl -6pi re1" gives xxx::/56)
Request prefix only "unchecked" (checked shows the WAN_DHCP6 gateway red and "ifctl -6pi re1" doesn't report anything back)
Send prefix hint: "checked" (doesn't seem to matter)

LAN: 
IPv6 Configuration Type - Track Interface (SLAAC - ping IPv6 addr. works but browser test fails, DHCPv6 seems also to basically work)
Parent interface - WAN
Assign prefix ID - 0
Manual configuration - DHCPv6/RADVD unchecked

root@OPNsense:~ # ping -6 heise.de
ping: cannot resolve heise.de: Address family for hostname not supported
root@OPNsense:~ # ping 2001:4860:4860:0:0:0:0:8888
PING(56=40+8+8 bytes) 2a0c:d242:1:90:1000::3dc7 --> 2001:4860:4860::8888
16 bytes from 2001:4860:4860::8888, icmp_seq=0 hlim=119 time=17.029 ms

So basically IPv6 seems to work but name resolution using unbound seems to fail.
This changes when I enable under System/Settings/General both options to
"Allow DNS server list to be overridden by DHCP/PPP on WAN" + "Do not use the local DNS service as a nameserver for this system".

Any idea what's wrong the unbound setup not resolving the IPv6 path? Anything else I need to check or change?

A cable modem reboot solved the issues here. No idea why the fallback device kept working. Sorry for noise.

The box connects to a cable modem. It's a Zotac Zbox CI329 running Realtek NICs using the vendor driver (do I need to reinstall this after the kernel update?). The configuration is the out of the box default setup. I've added my local clients to get static IPs from DHCP4 and use unbound with DNSSEC enabled with a few filter list.

My fallback device runs OPNsense 24.7.7 passing all test at https://test-ipv6.com/ and https://www.dein-ip-check.de/ipv6test where 24.7.10 fails. Command "traceroute -6 google.com" also works on the fallback device.

I've compared the backup xml files and cannot find any related difference. So I guess it's a bug in 24.7.10 failing IPv6 connections/DNS issue. The gateway monitoring in the current release shows the WAN_DHCP6 interface up with no issue.

There seem to some serious DNS issue traceroute -4 works well but traceroute -6 fails for all addresses.

After the 24.7.10 update a local rsync cron job fails with the time limit of 60sec. - removing the time limit allows it to work but the initial rsync directory synchronisation starts not before more than 2 minutes. Reverting to my fallback OPNsense device made it instantly sync again - moving again to 24.7.10 kept working it but after another 24.7.10 device reboot it's broken (or slow) again. Casual browsing seems to work well though for other devices.

Any idea where to look for specific logs or a bug?

Linux also showed a kernel panic when moving large amounts of files. Removing and inserting the ssd seems to have fixed the panic.

Testing the system with a linux 6.6.x LTS branch kernel also consumes high ~18W power. A current 6.11.x linux kernel seems to have this fixed running <6W. FreeBSD/OPNsense seem to be missing the power consumption fix so far. I'll keep using a current linux on this system for now.

My former Zotac ZBOX CI323 (Intel N3150) consumes idle 8W/load ~8,5W. The current Shuttle N100 box is idle 8,5W/load ~10,2W but suddenly jumps to ~19W and stays there all time not going back. Intel speed shift looks good and seems to be still in use.

Any idea how to find out whether this may be ssd / memory / cpu / NIC related?

I've setup a new box using a Shuttle DL30N (Intel N100 and Intel 226 NICs). I've instantly updated the BIOS to avoid the known stability issues caused by the Intel NICs. I've done a full successful memtest86+ run.

Now I'm faced with random kernel panics/reboots. Maybe someone can help me to locate the issue:

Code Select Expand


load_dn_aqm dn_aqm PIE loaded
cannot forward src fe80:1::6786:fd3d:6726:b5f7, dst 2001:db8::4, nxt 6, rcvif igc0, outif igc1
cannot forward src fe80:1::6786:fd3d:6726:b5f7, dst 2001:bc8:1210:8bb::, nxt 6, rcvif igc0, outif igc1
cannot forward src fe80:1::6786:fd3d:6726:b5f7, dst 2001:bc8:1210:8bb::, nxt 6, rcvif igc0, outif igc1


Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 06
fault virtual address   = 0x8000000000
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff830460ad
stack pointer           = 0x28:0xfffffe00c629edd0
frame pointer           = 0x28:0xfffffe00c629ee10
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 2 (clock (0))
rdi: fffffe00fd5be1d8 rsi: 0000000000000000 rdx: 0000008000000000
rcx: fffffe00fd5be1c0  r8: 0000000000003000  r9: 000000000000000f
rax: fffffe00fd5be1e8 rbx: fffffe00fcf95000 rbp: fffffe00c629ee10
r10: 0018000000000000 r11: 000000007ff75b03 r12: fffffe00fd5be1c0
r13: 00000000000062b4 r14: 000000000000002f r15: fffffe00fd5be1d8
trap number             = 12
panic: page fault
cpuid = 3
time = 1729812657
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00c629eac0
vpanic() at vpanic+0x131/frame 0xfffffe00c629ebf0
panic() at panic+0x43/frame 0xfffffe00c629ec50
trap_fatal() at trap_fatal+0x40b/frame 0xfffffe00c629ecb0
trap_pfault() at trap_pfault+0x46/frame 0xfffffe00c629ed00
calltrap() at calltrap+0x8/frame 0xfffffe00c629ed00
--- trap 0xc, rip = 0xffffffff830460ad, rsp = 0xfffffe00c629edd0, rbp = 0xfffffe00c629ee10 ---
ng_netflow_expire() at ng_netflow_expire+0x24d/frame 0xfffffe00c629ee10
softclock_call_cc() at softclock_call_cc+0x12c/frame 0xfffffe00c629eec0
softclock_thread() at softclock_thread+0xe5/frame 0xfffffe00c629eef0
fork_exit() at fork_exit+0x7f/frame 0xfffffe00c629ef30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00c629ef30
--- trap 0x2dc12dc1, rip = 0x16f216f212391239, rsp = 0xc140c14c911c911, rbp = 0x6f4d6f4d24952495 ---
KDB: enter: panic
---<<BOOT>>---
Copyright (c) 1992-2023 The FreeBSD Project.