Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Anticept

Pages1
#1
Tutorials and FAQs / Re: Use os-ndproxy to proxy ISP provided /64 Prefix from WAN to LAN
March 01, 2025, 10:40:42 AM
Quote from: Monviech (Cedrik) on February 28, 2025, 08:35:51 PMThe issue is that the rc.d script forces it when the service starts:

https://github.com/opnsense/ports/blob/b3aa544a28e4946383801d88ef926d853fcb2fd8/net/ndproxy/files/ndproxy.in#L50

This is hardcoded from upstream.

This should be noted on the plugin page. This is a pretty big deal and is doing things to networking that end users may not be aware of.
#2
Tutorials and FAQs / Re: Use os-ndproxy to proxy ISP provided /64 Prefix from WAN to LAN
February 19, 2025, 06:47:43 AM
The label for the downlink mac address is correct, the issue is that the description suggests using the LAN interface, but it should be WAN interface.

The ndproxy manpage refers to "uplink" and "downlink" when looking at it from the point of view of the PE and CPE link. Meaning if we think about the wires between the ISP (PE) and the customer router (CPE), the "uplink" is the ISP interface, the "downlink" is the WAN side of opnsense.

The only one that is a bit weird is the label "uplink_interface". Looking at that manpage's network example, there is a switch between the PE and CPE, and a BSD host on a third leg of that switched network. The "uplink interface" is from the bsd host's point of view in that network. What a wild example, and only when I think of this network layout like this does the manpage make sense.

Anyways, right under the network diagram it says "the BSD host and the CPE router can be the same node" as well. That means in this case, the "uplink interface" is now the WAN interface on the CPE........ further adding to the confusion! Unless you have read this manpage and analyzed it, "uplink interface" would seem like contravention to the naming conventions for "uplink" and "downlink" when referring to the PE and CPE interfaces, so it's no wonder the "downlink" interface description incorrectly suggests using the LAN interface!

I feel like the person who wrote the kernel module and the manpage is dealing with the frustration of a super crappy ISP and they had to get real creative. I showed this manpage to a friend and he informed me that there are absolutely crap ISPs out there that will force low grade equipment on you and won't let you bring your own, so creative types have done things like this network diagram to get traffic to re-route to other routers, but leaves the garbage equipment in place to answer authentication queries.
Pages1