Messages

1

23.1 Production Series / Re: 23.1.8: dhcp6c script race condition causes hundreds of dpinger processes?

« on: June 05, 2023, 12:54:42 pm »

As an extra data point would you mind switching to the development version? Because I've rewritten the gateway watcher monitoring/alert and merged it into a single service that would be more deterministic at least from the side we can control. IPv4 and IPv6 could still race depending on the timing with the ISP but it would be good to have that data point as well.


Cheers,
Franco

2

German - Deutsch / Re: openVPN User Gruppen mit verschiedenen Rechten

« on: June 05, 2023, 10:22:48 am »

Erst seit 23.1.6 drin


Grüsse
Franco

3

German - Deutsch / Re: openVPN User Gruppen mit verschiedenen Rechten

« on: June 05, 2023, 09:41:20 am »

https://docs.opnsense.org/manual/aliases.html#openvpn-group

4

23.1 Production Series / Re: Occasional interface flapping on all interfaces

« on: June 05, 2023, 09:10:14 am »

Signal 11 is SIGSEGV which means the Zenarmor daemon crashed and as a consequence the adapter moves from netmap to normal and back to netmap when the daemon restarts.

This is solely a quality issue with the daemon which isn't supposed to crash.

> arpresolve: can't allocate llinfo for X.X.X.X on ix1

This usually means the gateway on ix1 can't be reached because it's not within the adapter's subnet. If it is only temporary and has no operational impact it might be a race between DHCP and address assignment/release during the driver link down/up transition phase.


Cheers,
Franco

5

23.1 Production Series / Re: 23.1.8: dhcp6c script race condition causes hundreds of dpinger processes?

« on: June 05, 2023, 09:00:37 am »

The two issues are likely related. Are you using a gateway group and/or default gateway switching?

The GUI shows the state according to what it thinks is correct at the moment. It doesn't care if that's not the case. If you e.g. edit a gateway and hit apply this should fix itself... Some of this might be caused by dpinger not correctly alerting in all relevant trigger cases or not being able to run (see below).

For different reasons the dpinger process might not be able to start/acquire an address to listen on (in case of IPv6 that might be a DAD timer -- duplicate address detection grace period in which the new address is not allowed to be used). This or a similar issue with address reading/use.

For both things the development version has relevant patches that can help (but wouldn't rule out there is another issue still).


Cheers,
Franco

6

23.1 Production Series / Re: 23.1: arpresolve: can't allocate llinfo

« on: June 04, 2023, 03:25:36 pm »

Can you try to keep this to one thread please? I've answered here:

https://forum.opnsense.org/index.php?topic=34340.0

7

23.1 Production Series / Re: Direct Upgrade from 22.7.11 to most recent 23.1 (e.g. 23.1.9?)

« on: June 04, 2023, 03:24:29 pm »

What's your WAN connectivity? It sounds like you have a far gateway but not set it to allow a far gateway.

The error comes from trying to reach a gateway outside of your WAN subnet.


Cheers,
Franco

8

23.1 Production Series / Re: Incomplete CARP IPv6 neighbour discovery from client side

« on: June 03, 2023, 09:36:54 pm »

No worries... if it works it works


Cheers,
Franco

9

23.1 Production Series / Re: Incomplete CARP IPv6 neighbour discovery from client side

« on: June 03, 2023, 01:45:31 pm »

Ping to link-local CARP from client works but not to ULA? Does the client have an ULA from the correct prefix?


Cheers,
Franco

10

23.1 Production Series / Re: 23.1.8: dhcp6c script race condition causes hundreds of dpinger processes?

« on: June 03, 2023, 01:43:16 pm »

Sorry for the late follow-up. Looks like more service-related snafu here:

https://github.com/opnsense/core/commit/fdf46f317c3
https://github.com/opnsense/core/commit/0200f79a19

# opnsense-patch fdf46f317c3 0200f79a19


Cheers,
Franco

11

General Discussion / Re: WAN ICMP does not work

« on: June 02, 2023, 02:33:34 pm »

I'm pretty sure this is about Firewall: Settings: Advanced: "Disable force gateway" option. Please turn it on and try again.


Cheers,
Franco

12

General Discussion / Re: Link fault detection

« on: June 02, 2023, 02:31:26 pm »

Hi Pedro,

I'm not sure. I wouldn't use a gateway on an interface that's not supposed to reach an external router, but perhaps this works. All I'm trying to say this seems like an uncommon approach.


Cheers,
Franco

13

23.1 Production Series / Re: IPv6 /56 wan without upstream static routing

« on: June 02, 2023, 02:27:00 pm »

You don't configure a /56 static on WAN. Either you chose a separate /64 or use a /128 single address.


Cheers,
Franco

14

23.1 Production Series / Re: Cannot route IPv6

« on: June 02, 2023, 02:25:33 pm »

Just pick a single /64 for LAN then? The hardest part about static IPv6 setup is getting the ISP gateway address right...


Cheers,
Franco

15

23.1 Production Series / Re: No alerts in latest Crowdsec

« on: June 02, 2023, 11:48:15 am »

Anyone who requires it can install the patch https://github.com/opnsense/plugins/commit/b465377760 via:

# opnsense-patch -c plugins b465377760

(restarting crowdsec binary to pick up the configuration may be required)


Cheers,
Franco