"
I am not using OPNsense Quality graph because I see similar behavior on my connection for a long time now(dpinger). I test my connection with smokeping. Maybe you can use that also for testing IPv6?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
24.7, 24.10 Legacy Series / Re: clients loosing ipv6 internet now and then
August 21, 2024, 08:59:33 AM #2
23.7 Legacy Series / ACME Client gives error that deploy hooks are missing
August 31, 2023, 07:51:58 PM
When I run the automation commands in the shell I get some more output.
I tried to install certificates on proxmox and synology and on both occasions I get the error of missing deploy hooks. I replaced my domain with example.com and zero-ed the certificate numbers to protect my privacy
Could there be something missing in the acme client plugin installation or is it an error on the letsencrypt servers?
I tried to install certificates on proxmox and synology and on both occasions I get the error of missing deploy hooks. I replaced my domain with example.com and zero-ed the certificate numbers to protect my privacy
Code Select
root@opnsense:~ # /usr/local/sbin/acme.sh --deploy --syslog 7 --debug --server 'letsencrypt' --home '/var/etc/acme-client/home' --certpath '/var/etc/acme-client/certs/00000.00000/cert.pem' --keypath '/var/etc/acme-client/keys/00000.00000/private.key' --capath '/var/etc/acme-client/certs/00000.00000/chain.pem' --fullchainpath '/var/etc/acme-client/certs/00000.00000/fullchain.pem' --domain 'example.com' --deploy-hook synology_dsm
[Thu Aug 31 19:12:40 CEST 2023] Selected server: https://acme-v02.api.letsencrypt.org/directory
[Thu Aug 31 19:12:40 CEST 2023] Lets find script dir.
[Thu Aug 31 19:12:40 CEST 2023] _SCRIPT_='/usr/local/sbin/acme.sh'
[Thu Aug 31 19:12:41 CEST 2023] _script='/usr/local/sbin/acme.sh'
[Thu Aug 31 19:12:41 CEST 2023] _script_home='/usr/local/sbin'
[Thu Aug 31 19:12:41 CEST 2023] Using config home:/var/etc/acme-client/home
https://github.com/acmesh-official/acme.sh
v3.0.6
[Thu Aug 31 19:12:41 CEST 2023] Using server: https://acme-v02.api.letsencrypt.org/directory
[Thu Aug 31 19:12:41 CEST 2023] Running cmd: deploy
[Thu Aug 31 19:12:41 CEST 2023] Using config home:/var/etc/acme-client/home
[Thu Aug 31 19:12:41 CEST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Thu Aug 31 19:12:41 CEST 2023] DOMAIN_PATH='/var/etc/acme-client/home/example.com'
[Thu Aug 31 19:12:41 CEST 2023] The deploy hook synology_dsm is not found.Could there be something missing in the acme client plugin installation or is it an error on the letsencrypt servers?
#3
23.1 Legacy Series / Re: DNS issues since 23.1.6
April 24, 2023, 07:57:11 AMQuote from: pmhausen on April 22, 2023, 01:36:34 PMI updated last night and found my computers this morning without DNS servers. After manually adding DNS server in Windows I had working internet again. Then I found this thread!
All people having problems please just set the DNS server in the DHCP settings explicitly and report back. This should help at least for IPv4.
I can understand OPNsense POV, so for now this is a working solution and I added DNS server on all my different subnets in DHCP configuration.
#4
Virtual private networks / Re: Wireguard, ipv6, dynamic delegated prefix and possible solution
November 13, 2022, 09:39:20 AM
Thank you for your answers, it seems to me that the consensus is that I do no harm and there will be peace in my mind ;)
#5
Virtual private networks / Wireguard, ipv6, dynamic delegated prefix and possible solution
November 12, 2022, 09:52:12 PM
If the delegated prefix changes then you have to change the static Wireguard addresses when you want ipv6 through the tunnel.
The approach from the OPNsense guide is to give an ULA address to peer and client, but then test at https://test-ipv6.com/ say that my browsers prefer an ipv4 connection.
Then I thought about giving random GUA addresses outside my delegated prefix to peer and client and make use of the outbound NAT.
This works well and the above test says 10/10 for ipv6.
Are there any gurus that say that this is bad practice and that there will be problems that I overlooked?
The approach from the OPNsense guide is to give an ULA address to peer and client, but then test at https://test-ipv6.com/ say that my browsers prefer an ipv4 connection.
Then I thought about giving random GUA addresses outside my delegated prefix to peer and client and make use of the outbound NAT.
This works well and the above test says 10/10 for ipv6.
Are there any gurus that say that this is bad practice and that there will be problems that I overlooked?
#6
Documentation and Translation / Re: AdGuard Home setup guide
January 24, 2022, 01:38:27 AMQuote from: RamSense on January 22, 2022, 09:18:26 AMThat is not how it should be done! Adguardhome should be installed as a plugin.
When rebooting opnsense, adguard does not start automatically and I have to start it manually.
is this, see picture I found in a pfsense guide, something I/we should ad? or can this be added to the plugin?
And if added manually, how to do this in opnsense:
Step 6: Making AdGuard Home start on boot:
Go to Services>shellcmd and click Add
Command: /usr/local/bin/screen -S AdGuardHome_screen -d -m /opt/AdGuardHome/AdGuardHome
Shellcmd Type: shellcmd
Description: AdGuard
as found here: https://broadbandforum.co/threads/installing-adguard-home-on-pfsense.205884/page-2
Look at this: https://www.routerperformance.net/opnsense-repo/
#7
21.7 Legacy Series / Is routing with 2 stacked OPNsense routers broken?
December 29, 2021, 09:02:26 PM
I have router A connected to my dual stacked bridged cable modem.
Router B is connected to Hyper-V and is behind router A. Connected to router B is a virtual Ubuntu linux host.
Internet -- Router A -- Router B -- Linux host
I configured everything to my best knowledge and every machine is dual stacked with IPv4 and IPv6. I get a /56 prefix from my ISP and delegated a /62 to router B. This just a test setup.
Now here comes the problem, there is no IPv6 connection possible:
Ping6 to 2a00:1450:400e:80e::200e from Linux host behind router B give no reply. I see packets leaving on router B WAN interface and coming in on Router A LAN interface. But they don't leave Router A WAN!
Ping6 to 2a00:1450:400e:80e::200e from Router B leave WAN interface from router A and get a reply, but they don't leave LAN interface from Router A to WAN interface from Router B. End result is no reply.
It seems that packets get lost on Router A and I am breaking my head why.
The routing table on Router A seems ok, but I have read an old topic about some problems with downstream routers: https://forum.opnsense.org/index.php?topic=7719.0
Router B is connected to Hyper-V and is behind router A. Connected to router B is a virtual Ubuntu linux host.
Internet -- Router A -- Router B -- Linux host
I configured everything to my best knowledge and every machine is dual stacked with IPv4 and IPv6. I get a /56 prefix from my ISP and delegated a /62 to router B. This just a test setup.
Now here comes the problem, there is no IPv6 connection possible:
Ping6 to 2a00:1450:400e:80e::200e from Linux host behind router B give no reply. I see packets leaving on router B WAN interface and coming in on Router A LAN interface. But they don't leave Router A WAN!
Ping6 to 2a00:1450:400e:80e::200e from Router B leave WAN interface from router A and get a reply, but they don't leave LAN interface from Router A to WAN interface from Router B. End result is no reply.
It seems that packets get lost on Router A and I am breaking my head why.
The routing table on Router A seems ok, but I have read an old topic about some problems with downstream routers: https://forum.opnsense.org/index.php?topic=7719.0
#8
20.7 Legacy Series / Re: ipv6 wan stops working after a while
November 20, 2020, 11:30:02 AM
Restarting radvd didn't work for me. You can also try to restart DHCPv6 service, but this wasn't a very consistent solution for me. One time it did work and another time it didn't.
Going back to 20.1 made my system rock solid again.
As I understand it it is all still under investigation.
Going back to 20.1 made my system rock solid again.
As I understand it it is all still under investigation.
#9
20.7 Legacy Series / Re: Slow IPV6 redetection after reconnect
November 02, 2020, 10:07:30 AM
I had nothing but troubles keeping ipv6 alive with 20.7.
Then I switched back to 20.1 and everything is rock solid.
You have to wait for upstream fixes. I have no clue what is wrong.
Then I switched back to 20.1 and everything is rock solid.
You have to wait for upstream fixes. I have no clue what is wrong.
#10
20.7 Legacy Series / Re: Question about Upgrading to 20.7
September 12, 2020, 12:31:23 AM
I had problems after upgrading with my ipv6 setup. But did a clean reinstall with configuration importer and all went well after that.
Only thing was that for the NTP time server I had to change the hwclock to HPET (was TSC-low) in tunables. I don't think these are in the configuration file, but please correct me if I am wrong.
I didn't investigate further :-[
Only thing was that for the NTP time server I had to change the hwclock to HPET (was TSC-low) in tunables. I don't think these are in the configuration file, but please correct me if I am wrong.
I didn't investigate further :-[
#11
20.1 Legacy Series / Re: dnscrypt-proxy standalone "bind: permission denied" for port 53
February 05, 2020, 10:28:03 PM
Thanks, of course I don't look that far :-[
#12
20.1 Legacy Series / dnscrypt-proxy standalone "bind: permission denied" for port 53
February 05, 2020, 08:53:06 PM
I am trying to use dnscrypt-proxy as standalone with cloaking rules.
When I disable unbound and enter listen addresses of my interfaces and standard listen port 53 in dnscrypt-proxy I get this message: "[FATAL] listen udp :53: bind: permission denied"
Because it is a privileged port dnscrypt-proxy has a problem binding to it as it is not running with root privileges. How can I solve this without opening access for <1024 ports for non-root users?
When I disable unbound and enter listen addresses of my interfaces and standard listen port 53 in dnscrypt-proxy I get this message: "[FATAL] listen udp :53: bind: permission denied"
Because it is a privileged port dnscrypt-proxy has a problem binding to it as it is not running with root privileges. How can I solve this without opening access for <1024 ports for non-root users?
#13
19.7 Legacy Series / Re: 19.7 installation on Hyper-V hangs at the "Select Task" step.
January 07, 2020, 02:03:15 AM
This is my first post as a new member coming from the "other" firewall.
To test OPNsense I recreated my network in Hyper-V on Windows 10 Pro. I was unable to install a Gen 2 VM because of installer hangs, so I created a Gen 1 instead.
After searching through the forums I saw someone posting a success by running the installer login from a SSH session instead of the console login, so I tried that and immediately the installer went on installing OPNsense on the virtual hard disk.
Good luck with that if you want to try it also.
I now have OPNsense in production and bought the book"Practical OPNsense" on Google Play store for 11 euro's to test the described network setup in Hyper-V.
To test OPNsense I recreated my network in Hyper-V on Windows 10 Pro. I was unable to install a Gen 2 VM because of installer hangs, so I created a Gen 1 instead.
After searching through the forums I saw someone posting a success by running the installer login from a SSH session instead of the console login, so I tried that and immediately the installer went on installing OPNsense on the virtual hard disk.
Good luck with that if you want to try it also.
I now have OPNsense in production and bought the book"Practical OPNsense" on Google Play store for 11 euro's to test the described network setup in Hyper-V.
Pages1
