Messages

Hi Everyone, a bit of a weird question.

My modem does dynamic Local and public DHCP allocation for the WAN address and opnsense gets a bit in a twist with it.

What it does is when the modem is powered on the device connected to it (opnsense here) is given a local address (192.168.100.x in this case) and then when the modem itself is allocated a public address it will do a bit of a handshake then do a quick swap so the opnsense box has the public IP and can communicate directly.

Where it gets a bit funky is that Opnsense regularly thinks there's a conflict with arp, will start ignoring DHCP addresses and then will lose all WAN connectivity.

here's a line from the log:

Code Select Expand

<3>[67488] arp: 4x:8x:cx:8x:3x:7x is using my IP address 18x.2x.1x.5x on igb0!that MAC is the modems MAC address, so it's successfully telling opnsense the public ip, but opnsense thinks there's something wrong and will refuse to use it.
Is there a way to turn off the arp ip collision stuff, it's seriously causing a headache with this handover.

the way i've worked around it for now is to set the WAN address staically to a 192.168.100.x address, which isn't ideal as it now means i'm double NAT'ed.

Is there any way i can help with diagnosing the issue? I can do a packet capture of a download. It's just very strange, there's nothing else i use that is affected in this way.

That's what doesn't make sense, changing the location doesn't remedy the issue but when i connect through the vpn to a different location that SAME url works as expected. also, it's strange how the server will report a size for the file, but then fail to serve it completely.
I've tried the Default Repo, the LeaseWeb San Fransisco (US) server, The University of Kent Server (UK) server and The Opnsense server within the Netherlands. All will fail.
There's obviously something funky going on.

My hardware for reference is:
- D-Link DWP-1010 Rev B 5G&LTE Modem on the Three Network
- Chinese mini computer with 6 nics that's running Proxmox with the Opnsense software as a vm. That's also configured to use the 5 intel nics directly with PCI passthrough.

however i doubt this is a hardware issue.

Hello,

I'm having an uphill battle getting my opnsense installation updated. I've scoured the forum and discovered the curl/fetch method to update and even trying that doesn't work. I'm getting some strange errors.

Code Select Expand

curl https://pkg.opnsense.org/FreeBSD:14:amd64/26.1/sets/base-26.1.3-amd64.txz --output  base=26.1.3-amd64.txz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
 94 135.5M  94 127.8M   0     0  5282k     0   0:00:26  0:00:24  0:00:02  4323k
curl: (56) OpenSSL SSL_read: OpenSSL/3.0.19: error:0A000126:SSL routines::unexpected eof while reading, errno 0

and

Code Select Expand

fetch https://pkg.opnsense.org/FreeBSD:14:amd64/26.1/sets/base-26.1.3-amd64.txz
base-26.1.3-amd64.txz                          97% of  135 MB 3529 kBps    01s
fetch: base-26.1.3-amd64.txz appears to be truncated: 138295975/142168104 bytes
Running curl and fetch twice seems to give different file sizes, even when trying multiple times, which suggests to me a problem on the download server side of things.
This also applies when downloading the file with firefox. that also will fail too.

No other download fails over my connection. sometimes i do get hitching but that shouldn't cause an EOF to be sent when I try to download something.

This is about the fifth time i've had failed updates with the same packages (base and kernel) on different versions. Sometimes they resolve themselves, sometimes they don't and need me to fight it. I believe i'm having the same issue on multiple servers/repos because even changing repos doesn't seem to resolve the problem.

I did see something a little while ago that people do have issues with 5G NSA/LTE connections, which is what i'm using; however, i doubt that'd cause the issue i'm having here. Nothing else i download fails in the same way.

I have tested this a few different ways and it seems to me that when the download exceeds an amount of time, it will close the connection and stop the download. over my vpn, which allows a much faster download (because it's not traffic shaped as much), it completes sucessfully.
Is there anything you'd suggest i can try? or is there something else going on here?

Thanks
D.