Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - gogolathome

#1
I am not using OPNsense Quality graph because I see similar behavior on my connection for a long time now(dpinger). I test my connection with smokeping. Maybe you can use that also for testing IPv6?
#2
When I run the automation commands in the shell I get some more output.
I tried to install certificates on proxmox and synology and on both occasions I get the error of missing deploy hooks. I replaced my domain with example.com and zero-ed the certificate numbers to protect my privacy

root@opnsense:~ # /usr/local/sbin/acme.sh --deploy --syslog 7 --debug --server 'letsencrypt' --home '/var/etc/acme-client/home' --certpath '/var/etc/acme-client/certs/00000.00000/cert.pem' --keypath '/var/etc/acme-client/keys/00000.00000/private.key' --capath '/var/etc/acme-client/certs/00000.00000/chain.pem' --fullchainpath '/var/etc/acme-client/certs/00000.00000/fullchain.pem' --domain 'example.com' --deploy-hook synology_dsm
[Thu Aug 31 19:12:40 CEST 2023] Selected server: https://acme-v02.api.letsencrypt.org/directory
[Thu Aug 31 19:12:40 CEST 2023] Lets find script dir.
[Thu Aug 31 19:12:40 CEST 2023] _SCRIPT_='/usr/local/sbin/acme.sh'
[Thu Aug 31 19:12:41 CEST 2023] _script='/usr/local/sbin/acme.sh'
[Thu Aug 31 19:12:41 CEST 2023] _script_home='/usr/local/sbin'
[Thu Aug 31 19:12:41 CEST 2023] Using config home:/var/etc/acme-client/home
https://github.com/acmesh-official/acme.sh
v3.0.6
[Thu Aug 31 19:12:41 CEST 2023] Using server: https://acme-v02.api.letsencrypt.org/directory
[Thu Aug 31 19:12:41 CEST 2023] Running cmd: deploy
[Thu Aug 31 19:12:41 CEST 2023] Using config home:/var/etc/acme-client/home
[Thu Aug 31 19:12:41 CEST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Aug 31 19:12:41 CEST 2023] DOMAIN_PATH='/var/etc/acme-client/home/example.com'
[Thu Aug 31 19:12:41 CEST 2023] The deploy hook synology_dsm is not found.


Could there be something missing in the acme client plugin installation or is it an error on the letsencrypt servers?
#3
23.1 Legacy Series / Re: DNS issues since 23.1.6
April 24, 2023, 07:57:11 AM
Quote from: pmhausen on April 22, 2023, 01:36:34 PM
All people having problems please just set the DNS server in the DHCP settings explicitly and report back. This should help at least for IPv4.
I updated last night and found my computers this morning without DNS servers. After manually adding DNS server in Windows I had working internet again. Then I found this thread!
I can understand OPNsense POV, so for now this is a working solution and I added DNS server on all my different subnets in DHCP configuration.
#4
Thank you for your answers, it seems to me that the consensus is that I do no harm and there will be peace in my mind ;)
#5
If the delegated prefix changes then you have to change the static Wireguard addresses when you want ipv6 through the tunnel.
The approach from the OPNsense guide is to give an ULA address to peer and client, but then test at https://test-ipv6.com/ say that my browsers prefer an ipv4 connection.
Then I thought about giving random GUA addresses outside my delegated prefix to peer and client and make use of the outbound NAT.
This works well and the above test says 10/10 for ipv6.
Are there any gurus that say that this is bad practice and that there will be problems that I overlooked?
#6
Quote from: RamSense on January 22, 2022, 09:18:26 AM
When rebooting opnsense, adguard does not start automatically and I have to start it manually.

is this, see picture I found in a pfsense guide, something I/we should ad? or can this be added to the plugin?
And if added manually, how to do this in opnsense:

Step 6: Making AdGuard Home start on boot:​

Go to Services>shellcmd and click Add

Command: /usr/local/bin/screen -S AdGuardHome_screen -d -m /opt/AdGuardHome/AdGuardHome
Shellcmd Type: shellcmd
Description: AdGuard

as found here: https://broadbandforum.co/threads/installing-adguard-home-on-pfsense.205884/page-2
That is not how it should be done! Adguardhome should be installed as a plugin.
Look at this: https://www.routerperformance.net/opnsense-repo/
#7
I have router A connected to my dual stacked bridged cable modem.
Router B is connected to Hyper-V and is behind router A. Connected to router B is a virtual Ubuntu linux host.

Internet -- Router A -- Router B -- Linux host

I configured everything to my best knowledge and every machine is dual stacked with IPv4 and IPv6. I get a /56 prefix from my ISP and delegated a /62 to router B. This just a test setup.

Now here comes the problem, there is no IPv6 connection possible:

Ping6 to 2a00:1450:400e:80e::200e from Linux host behind router B give no reply. I see packets leaving on router B WAN interface and coming in on Router A LAN interface. But they don't leave Router A WAN!

Ping6 to 2a00:1450:400e:80e::200e from Router B leave WAN interface from router A and get a reply, but they don't leave LAN interface from Router A to WAN interface from Router B. End result is no reply.

It seems that packets get lost on Router A and I am breaking my head why.
The routing table on Router A seems ok, but I have read an old topic about some problems with downstream routers: https://forum.opnsense.org/index.php?topic=7719.0
#8
Restarting radvd didn't work for me. You can also try to restart DHCPv6 service, but this wasn't a very consistent solution for me. One time it did work and another time it didn't.
Going back to 20.1 made my system rock solid again.
As I understand it it is all still under investigation.
#9
I had nothing but troubles keeping ipv6 alive with 20.7.
Then I switched back to 20.1 and everything is rock solid.
You have to wait for upstream fixes. I have no clue what is wrong.
#10
20.7 Legacy Series / Re: Question about Upgrading to 20.7
September 12, 2020, 12:31:23 AM
I had problems after upgrading with my ipv6 setup. But did a clean reinstall with configuration importer and all went well after that.
Only thing was that for the NTP time server I had to change the hwclock to HPET (was TSC-low) in tunables. I don't think these are in the configuration file, but please correct me if I am wrong.
I didn't investigate further  :-[
#11
Thanks, of course I don't look that far  :-[
#12
I am trying to use dnscrypt-proxy as standalone with cloaking rules.
When I disable unbound and enter listen addresses of my interfaces and standard listen port 53 in dnscrypt-proxy I get this message: "[FATAL] listen udp :53: bind: permission denied"

Because it is a privileged port dnscrypt-proxy has a problem binding to it as it is not running with root privileges. How can I solve this without opening access for <1024 ports for non-root users?
#13
This is my first post as a new member coming from the "other" firewall.

To test OPNsense I recreated my network in Hyper-V on Windows 10 Pro. I was unable to install a Gen 2 VM because of installer hangs, so I created a Gen 1 instead.

After searching through the forums I saw someone posting a success by running the installer login from a SSH session instead of the console login, so I tried that and immediately the installer went on installing OPNsense on the virtual hard disk.

Good luck with that if you want to try it also.

I now have OPNsense in production and bought the book"Practical OPNsense" on Google Play store for 11 euro's to test the described network setup in Hyper-V.