Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - dcrdev

Pages1

25.1, 25.4 Production Series / Re: Unbound Overrides with Dual Stack

May 06, 2025, 04:04:09 PM

Had my first proper go with IPv6, and I've got to say I'm not a fan. As you suggested, I skipped DNS entries - aside from my DNS server, for which I assigned a ULA to give it a static address for advertisement.

What I've discovered is that if you're relying on dynamic prefix delegation, you're essentially stuck when it comes to static addressing. Even ULAs seem to be deprioritised in favour of IPv4 by most operating systems.

It does make you wonder—why do ISPs issue dynamic prefixes when one of the main selling points of IPv6 is having enough address space to eliminate the need for NAT?

25.1, 25.4 Production Series / Unbound Overrides with Dual Stack

May 05, 2025, 06:01:51 PM

After much pain I have finally managed to get ipv6 working in OPNSense and I am now looking to get DNS working properly.

Currently I am creating overrides and aliases to take care of my internal services and this is very much geared towards ipv4 at the moment. My question is what is best practice here for dual stack?

It seems that a constraint of the GUI is that a single host override can either be of type A or AAAA and that a single alias can only point to a single host override.

Should I be duplicating my host override and then duplicating every alias to point to it? Something about that doesn't seem right to me as there will be a tonne of duplication.

24.7, 24.10 Legacy Series / WAN Dropping Out Daily

December 21, 2024, 10:10:28 PM

I updated OPNSense to 24.7.11_2 last week and ever since WAN is dropping out about the same time every day, it will reconnect but it will end up on a cycle of drop and reconnect until I reboot the firewall.

Looking at the logs I think that OPNsense is trying to force a renewal of the WAN address:

Code Select

2024-12-21T20:56:55	Notice	opnsense	/usr/local/etc/rc.newwanip: IP renewal starting (new: X.X.X.109, old: X.X.X.109, interface: wan, device: pppoe0, force: yes)	
2024-12-21T20:56:55	Notice	dhcp6c	RTSOLD script - Sending SIGHUP to dhcp6c	
2024-12-21T20:56:55	Notice	dhcp6c	RTSOLD script - Sending SIGHUP to dhcp6c	
2024-12-21T20:55:57	Notice	opnsense	/usr/local/etc/rc.newwanip: Failed to detect IP for interface wan

I'm connected to my ISP over PPoE so should not be trying to do a forced renew.

Any ideas?

24.7, 24.10 Legacy Series / Re: UPNP Stops Responding After a Couple of Minutes

December 02, 2024, 11:34:08 AM

Turned out to be a Phillips Hue bridge which runs an UPNP server (for reasons?) - it would seem if the firewall comes up after the bridge is powered on these issues occur, but if the firewall comes up before it seems to be stable.

24.7, 24.10 Legacy Series / UPNP Stops Responding After a Couple of Minutes

December 02, 2024, 12:32:00 AM

Did a fresh install of OPNSense on a new box yesterday and have been grappling with UPNP. I have it working, but it only works for a couple of minutes before not responding. I can restart the miniupnpd service and it will start responding again, but will ultimately stop responding.

Here's my config:

Code Select

ext_ifname=pppoe0
port=2189
listening_ip=bridge0
ext_perform_stun=yes
ext_stun_host=stun.l.google.com
ext_stun_port=19302
secure_mode=yes
packet_log=yes
system_uptime=yes
presentation_url=https://10.210.1.1/
uuid=528c8e6c-4a3c-6598-999a-0e9df15ad32
serial=528C8E6C
model_number=24.7.9_1
allow 88-65535 10.210.1.230/32 88-65535
allow 88-65535 10.210.1.231/32 88-65535
allow 88-65535 10.210.1.48/32 88-65535
allow 88-65535 10.210.1.66/32 88-65535
deny 0-65535 0.0.0.0/0 0-65535
enable_upnp=yes
enable_pcp_pmp=yes
clean_ruleset_interval=600
min_lifetime=120
max_lifetime=86400

After a couple of minutes of miniupnpd being active:

Code Select

dominic@Dominics-MacBook-Pro ~ % upnpc -s              
upnpc: miniupnpc library test client, version 2.2.8.
 (c) 2005-2024 Thomas Bernard.
More information at https://miniupnp.tuxfamily.org/ or http://miniupnp.free.fr/

List of UPNP devices found on the network :
 desc: http://10.210.1.20:80/description.xml
 st: urn:schemas-upnp-org:device:basic:1

 desc: http://10.210.1.20:80/description.xml
 st: uuid:2f402f80-da50-11e1-9b23-ecb5fa24d6cf

 desc: http://10.210.1.20:80/description.xml
 st: upnp:rootdevice

UPnP device found. Is it an IGD ? : http://10.210.1.20:80/
No valid UPNP Internet Gateway Device found.

After a restart of the service:

Code Select

dominic@Dominics-MacBook-Pro ~ % upnpc -s
upnpc: miniupnpc library test client, version 2.2.8.
 (c) 2005-2024 Thomas Bernard.
More information at https://miniupnp.tuxfamily.org/ or http://miniupnp.free.fr/

List of UPNP devices found on the network :
 desc: http://10.210.1.20:80/description.xml
 st: urn:schemas-upnp-org:device:basic:1

 desc: http://10.210.1.20:80/description.xml
 st: uuid:2f402f80-da50-11e1-9b23-ecb5fa24d6cf

 desc: http://10.210.1.20:80/description.xml
 st: upnp:rootdevice

 desc: http://10.210.1.1:2189/rootDesc.xml
 st: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Found valid IGD : http://10.210.1.1:2189/ctl/IPConn
Local LAN ip address : 10.210.1.231
Connection Type : IP_Routed
Status : Connected, uptime=3211s, LastConnectionError : ERROR_NONE
  Time started : Sun Dec  1 22:35:43 2024
MaxBitRateDown : 64000 bps (64 Kbps)   MaxBitRateUp 64000 bps (64 Kbps)
ExternalIPAddress = REDACTED
Bytes:   Sent:  8211684	Recv: 167733177
Packets: Sent:    45845	Recv:   139374

I'm not seeing any blocks in the logs, in fact I only see upnp requests prior to the service not responding. I am not sure what could be happening here. Looks like other people may be experiencing the same (not many): https://redmine.pfsense.org/issues/15732

Help please :)

Pages1