"
Yes, now it work without problem.
Thankyou.
@xmillies, for me you can set this thread as resolved.
Thankyou.
@xmillies, for me you can set this thread as resolved.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
23.7 Legacy Series / Re: After upgrade from 23.4.2_1 -> 23.4.2_4 Check for updates gives an API exception
April 16, 2024, 09:47:21 AM #2
23.7 Legacy Series / Re: After upgrade from 23.4.2_1 -> 23.4.2_4 Check for updates gives an API exception
April 15, 2024, 03:26:53 PM
More or less same problem:
A couple of DEC675 just arrived, put the business key, and when update we receive the error:
An API exception occurred
/usr/local/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php:135: Unsupported operand types: int + string
Where i can find the fix, just to see if it apply to my case.
Here some more info:
Edit, just to know
I did a pkg update, pkg upgrade from cli, now from gui it say the software is up to date, and problem persist.
A couple of DEC675 just arrived, put the business key, and when update we receive the error:
An API exception occurred
/usr/local/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php:135: Unsupported operand types: int + string
Where i can find the fix, just to see if it apply to my case.
Here some more info:
Code Select
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 23.10 at Mon Apr 15 13:09:55 UTC 2024
Fetching subscription information, please wait... done
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: . done
Processing entries: .......... done
OPNsense repository update completed. 873 packages processed.
All repositories are up to date.
Updating database digests format: .......... done
New version of pkg detected; it needs to be installed first.
The following 1 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
pkg: 1.19.2 -> 1.19.2_1
Number of packages to be upgraded: 1
4 MiB to be downloaded.
[1/1] Fetching pkg-1.19.2_1.pkg: .......... done
Checking integrity... done (0 conflicting)
[1/1] Upgrading pkg from 1.19.2 to 1.19.2_1...
[1/1] Extracting pkg-1.19.2_1: .......... done
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking for upgrades (145 candidates): .......... done
Processing candidates (145 candidates): ....... done
The following 95 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
libpfctl: 0.8
openssl111: 1.1.1w
py39-pyasn1: 0.5.0
py39-pyasn1-modules: 0.3.0
py39-service-identity: 23.1.0
py39-typing-extensions: 4.9.0
squid-langpack: 7.0.0.20230225
Installed packages to be UPGRADED:
beep: 1.0_1 -> 1.0_2
choparp: 20150613 -> 20150613_1
curl: 8.3.0 -> 8.6.0
cyrus-sasl: 2.1.28 -> 2.1.28_1
easy-rsa: 3.1.6 -> 3.1.7
gettext-runtime: 0.22_1 -> 0.22.3
glib: 2.78.0,2 -> 2.78.3,2
ivykis: 0.42.4 -> 0.42.4_1
libfido2: 1.13.0 -> 1.14.0
libnet: 1.2,1 -> 1.3,1
libnghttp2: 1.56.0 -> 1.58.0
libpsl: 0.21.2_3 -> 0.21.2_4
libxml2: 2.10.4_1 -> 2.10.4_2
lighttpd: 1.4.71 -> 1.4.73
mpd5: 5.9_16 -> 5.9_17
nss: 3.93 -> 3.95
oniguruma: 6.9.8_1 -> 6.9.9
openssh-portable: 9.3.p2_1,1 -> 9.6.p1_1,1
openvpn: 2.6.6 -> 2.6.8_1
opnsense-business: 23.10 -> 23.10.3
opnsense-installer: 23.1 -> 24.1
opnsense-lang: 23.7.4 -> 23.7.11
opnsense-update: 23.7.4 -> 23.7.10_1
os-OPNBEcore: 1.2 -> 1.3
perl5: 5.34.1_3 -> 5.36.3_1
pftop: 0.8_4 -> 0.10
php82: 8.2.11 -> 8.2.14
php82-ctype: 8.2.11 -> 8.2.14
php82-curl: 8.2.11 -> 8.2.14
php82-dom: 8.2.11 -> 8.2.14
php82-filter: 8.2.11 -> 8.2.14
php82-gettext: 8.2.11 -> 8.2.14
php82-ldap: 8.2.11 -> 8.2.14
php82-mbstring: 8.2.11 -> 8.2.14
php82-pcntl: 8.2.11 -> 8.2.14
php82-pdo: 8.2.11 -> 8.2.14
php82-phpseclib: 3.0.23 -> 3.0.34
php82-session: 8.2.11 -> 8.2.14
php82-simplexml: 8.2.11 -> 8.2.14
php82-sockets: 8.2.11 -> 8.2.14
php82-sqlite3: 8.2.11 -> 8.2.14
php82-xml: 8.2.11 -> 8.2.14
php82-zlib: 8.2.11 -> 8.2.14
pkcs11-helper: 1.29.0 -> 1.29.0_1
py39-Babel: 2.13.0 -> 2.14.0
py39-aioquic: 0.9.21 -> 0.9.24
py39-anyio: 4.0.0 -> 4.2.0
py39-certifi: 2023.7.22 -> 2023.11.17
py39-charset-normalizer: 3.3.0 -> 3.3.2
py39-cryptography: 41.0.4,1 -> 41.0.7_2,1
py39-cython: 0.29.36 -> 0.29.37
py39-exceptiongroup: 1.1.3 -> 1.2.0
py39-h2: 4.0.0 -> 4.1.0
py39-httpcore: 0.18.0 -> 1.0.2
py39-httpx: 0.25.0 -> 0.26.0
py39-idna: 3.4_1 -> 3.6
py39-netaddr: 0.9.0 -> 0.10.1
py39-numexpr: 2.8.7 -> 2.8.8
py39-numpy: 1.25.0,1 -> 1.25.0_4,1
py39-outcome: 1.2.0 -> 1.3.0_1
py39-pylsqpack: 0.3.17 -> 0.3.18
py39-trio: 0.22.2 -> 0.24.0
py39-tzdata: 2023.3_1 -> 2023.4
py39-ujson: 5.8.0 -> 5.9.0
py39-urllib3: 1.26.17,1 -> 1.26.18,1
py39-yaml: 6.0 -> 6.0.1
readline: 8.2.1 -> 8.2.7
rrdtool: 1.8.0_2 -> 1.8.0_3
sqlite3: 3.43.1,1 -> 3.44.0_1,1
squid: 5.9 -> 6.6
strongswan: 5.9.11_2 -> 5.9.13
sudo: 1.9.14p3 -> 1.9.15p5
suricata: 6.0.14 -> 6.0.17
unbound: 1.18.0 -> 1.19.3
wpa_supplicant: 2.10_9 -> 2.10_10
Installed packages to be REINSTALLED:
cpdup-1.22 (direct dependency changed: openssl111)
cyrus-sasl-gssapi-2.1.28 (direct dependency changed: openssl111)
gmp-6.3.0 (option added: INFO)
hostapd-2.10_8 (direct dependency changed: openssl111)
isc-dhcp44-server-4.4.3P1 (direct dependency changed: openssl111)
krb5-1.21.2 (direct dependency changed: openssl111)
ldns-1.8.3 (direct dependency changed: openssl111)
libevent-2.1.12 (direct dependency changed: openssl111)
monit-5.33.0 (direct dependency changed: openssl111)
ntp-4.2.8p17_1 (direct dependency changed: openssl111)
openldap26-client-2.6.6 (direct dependency changed: openssl111)
python39-3.9.18 (direct dependency changed: openssl111)
syslog-ng-4.4.0 (direct dependency changed: openssl111)
Number of packages to be installed: 7
Number of packages to be upgraded: 75
Number of packages to be reinstalled: 13
The process will require 19 MiB more space.
93 MiB to be downloaded.
***DONE***QuoteType opnsense-business
Version 23.10
Architecture amd64
Commit 763f01ff8
Mirror https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:13:amd64/23.10
Repositories OPNsense
Updated on Wed Oct 25 15:11:46 UTC 2023
Checked on N/A
Edit, just to know
I did a pkg update, pkg upgrade from cli, now from gui it say the software is up to date, and problem persist.
#3
High availability / DHCP not working on cluster, wrong listen port
August 22, 2023, 05:40:08 PM
Hi all
Finally we found the mistake.
We set the carp address as a /32. You can see the netmask as
We do it because there is no meaning in put the carp address as a /24.
The interfaces address already have the netmast, and that is sufficient for create the routing entry for "ethernet reachable" addresses.
But on the code there is this control:
this verify that the failover ip is in the carp network, but if the carp network is /32, it is false and both the dhcp goes to "slave mode".
So for now, use the same netmask on carp and on interfaces address. Imho this control doesn't have much sense.
Because imho there is no need for the carp address to be in the same network of the failover ip. Maybe is better to check the failover with the interface addresses... But this is another story.
Could you share your opinion about this ?
Best Regards
Finally we found the mistake.
We set the carp address as a /32. You can see the netmask as
Code Select
0xffffffff.We do it because there is no meaning in put the carp address as a /24.
The interfaces address already have the netmast, and that is sufficient for create the routing entry for "ethernet reachable" addresses.
But on the code there is this control:
Code Select
if (ip_in_subnet($dhcpifconf['failover_peerip'], "{$carp_nw}/{$vipent['subnet_bits']}")) { this verify that the failover ip is in the carp network, but if the carp network is /32, it is false and both the dhcp goes to "slave mode".
So for now, use the same netmask on carp and on interfaces address. Imho this control doesn't have much sense.
Because imho there is no need for the carp address to be in the same network of the failover ip. Maybe is better to check the failover with the interface addresses... But this is another story.
Could you share your opinion about this ?
Best Regards
#4
High availability / DHCP not working on cluster, wrong listen port
August 23, 2022, 12:40:42 PM
Hi all
I think this is a bug/issue, but maybe you can see a misconfiguration.
2 firewall in cluster, each with 6 interface:
- igb0 between the firewalls, for pfsync;
- igb1 used as emergency, I can connect a pc here and manage the firewall in worst case scenario.
- igb2->5 aggregated as lagg0 to the switch
on lagg0 there are all the vlan we need.
At the end the ifconfig output.
The dhcp server is on 2 vlan, vlan1 and vlan3.
The clients don't take the IP from dhcp, litterally they don''t receive any response from dhcp servers (wireshark).
The log file was full of
Looking aroud (can't remember really how) I found that the dhcp servers could not comunicate eachother.
The firewall rule auto-generated is in place, and also there is another manual rule who permit the traffic between firewalls on port 520 and 519 TCP.
But looking at listening port there is the mistake, both dhcp daemon was listening on port 520.
A packet capture let me see that the secondary was trying to open a tcp connection on port 519 of the primary, but primary was listening on port 520.
Looking at file /var/dhcpd/etc/dhcpd.conf, both config was to listen on 520. At the end the file of slave for reference.
So as workaround i modified the /usr/local/etc/inc/plugins.inc.d/dhcpd.inc on master for let it know it is master:
I have not take the time to read and understand the if statement.
So the question is:
Why it decide the master is not master ?
ifconfig on primary
ifconfig on secondary
DHCP config file of secondary.
I think this is a bug/issue, but maybe you can see a misconfiguration.
2 firewall in cluster, each with 6 interface:
- igb0 between the firewalls, for pfsync;
- igb1 used as emergency, I can connect a pc here and manage the firewall in worst case scenario.
- igb2->5 aggregated as lagg0 to the switch
on lagg0 there are all the vlan we need.
At the end the ifconfig output.
The dhcp server is on 2 vlan, vlan1 and vlan3.
The clients don't take the IP from dhcp, litterally they don''t receive any response from dhcp servers (wireshark).
The log file was full of
Code Select
2022-08-19T17:17:27 Error dhcpd DHCPDISCOVER from 0a:c4:ad:4b:47:fd via vlan03: peer holds all free leases
2022-08-19T17:17:26 Error dhcpd DHCPDISCOVER from 68:f7:28:fc:c9:f3 via vlan01: peer holds all free leases
2022-08-19T17:17:16 Error dhcpd DHCPDISCOVER from 68:f7:28:fc:c9:f3 via vlan01: peer holds all free leasesLooking aroud (can't remember really how) I found that the dhcp servers could not comunicate eachother.
The firewall rule auto-generated is in place, and also there is another manual rule who permit the traffic between firewalls on port 520 and 519 TCP.
But looking at listening port there is the mistake, both dhcp daemon was listening on port 520.
Code Select
root@fw-slave:~ # netstat -na
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
[...]
tcp4 0 0 10.203.1.252.520 *.* LISTEN
tcp4 0 0 10.203.5.252.520 *.* LISTEN
[...]A packet capture let me see that the secondary was trying to open a tcp connection on port 519 of the primary, but primary was listening on port 520.
Looking at file /var/dhcpd/etc/dhcpd.conf, both config was to listen on 520. At the end the file of slave for reference.
So as workaround i modified the /usr/local/etc/inc/plugins.inc.d/dhcpd.inc on master for let it know it is master:
Code Select
root@fw-master:~ # grep -B3 -A35 ZETSU /usr/local/etc/inc/plugins.inc.d/dhcpd.inc
if (!empty($dhcpifconf['failover_peerip'])) {
$intip = get_interface_ip($dhcpif, $ifconfig_details);
/* ZETSU $failover_primary = false; */
$failover_primary = true;
if (!empty($config['virtualip']['vip'])) {
foreach ($config['virtualip']['vip'] as $vipent) {
if ($vipent['interface'] == $dhcpif) {
$carp_nw = gen_subnet($vipent['subnet'], $vipent['subnet_bits']);
if (ip_in_subnet($dhcpifconf['failover_peerip'], "{$carp_nw}/{$vipent['subnet_bits']}")) {
/* this is the interface! */
if (is_numeric($vipent['advskew']) && (intval($vipent['advskew']) < 20)) {
$failover_primary = true;
}
break;
}
}
}
} else {
log_error('Warning! DHCP Failover setup and no CARP virtual IPs defined!');
}
$dhcpdconf_pri = "";
if ($failover_primary) {
$my_port = "519";
$peer_port = "520";
$type = "primary";
$dhcpdconf_pri = "split 128;\n";
if (isset($dhcpifconf['failover_split'])) {
$dhcpdconf_pri = "split {$dhcpifconf['failover_split']};\n";
}
$dhcpdconf_pri .= " mclt 600;\n";
} else {
$type = "secondary";
$my_port = "520";
$peer_port = "519";
}
I have not take the time to read and understand the if statement.
So the question is:
Why it decide the master is not master ?
ifconfig on primary
Code Select
root@fw-master:~ # ifconfig
igb0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Cluster
options=4800028<VLAN_MTU,JUMBO_MTU,NOMAP>
ether 00:30:18:01:6c:28
inet 10.203.0.1 netmask 0xfffffff8 broadcast 10.203.0.7
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igb1: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Emergency
options=4800028<VLAN_MTU,JUMBO_MTU,NOMAP>
ether 00:30:18:01:6c:29
inet 192.168.23.253 netmask 0xffffff00 broadcast 192.168.23.255
media: Ethernet autoselect
status: no carrier
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igb2: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4800028<VLAN_MTU,JUMBO_MTU,NOMAP>
ether 00:30:18:01:6c:2a
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igb3: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4800028<VLAN_MTU,JUMBO_MTU,NOMAP>
ether 00:30:18:01:6c:2a
hwaddr 00:30:18:01:6c:2b
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igb4: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4800028<VLAN_MTU,JUMBO_MTU,NOMAP>
ether 00:30:18:01:6c:2a
hwaddr 00:30:18:01:6c:2c
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igb5: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4800028<VLAN_MTU,JUMBO_MTU,NOMAP>
ether 00:30:18:01:6c:2a
hwaddr 00:30:18:01:6c:2d
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
enc0: flags=0<> metric 0 mtu 1536
groups: enc
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=20100<PROMISC,PPROMISC> metric 0 mtu 33160
groups: pflog
pfsync0: flags=41<UP,RUNNING> metric 0 mtu 1500
pfsync: syncdev: igb0 syncpeer: 10.203.0.2 maxupd: 128 defer: off
syncok: 1
groups: pfsync
lagg0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4800028<VLAN_MTU,JUMBO_MTU,NOMAP>
ether 00:30:18:01:6c:2a
laggproto lacp lagghash l2,l3,l4
laggport: igb2 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
laggport: igb3 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
laggport: igb4 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
laggport: igb5 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
groups: lagg
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vlan01: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Management
options=4000000<NOMAP>
ether 00:30:18:01:6c:2a
inet 10.203.5.253 netmask 0xffffff00 broadcast 10.203.5.255
inet 10.203.5.254 netmask 0xffffffff broadcast 10.203.5.254 vhid 3
groups: vlan
carp: MASTER vhid 3 advbase 1 advskew 0
vlan: 5 vlanproto: 802.1q vlanpcp: 0 parent interface: lagg0
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vlan02: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: LAN
options=4000000<NOMAP>
ether 00:30:18:01:6c:2a
inet 192.168.0.213 netmask 0xffffff00 broadcast 192.168.0.255
inet 192.168.0.254 netmask 0xffffffff broadcast 192.168.0.254 vhid 4
groups: vlan
carp: MASTER vhid 4 advbase 1 advskew 0
vlan: 2 vlanproto: 802.1q vlanpcp: 0 parent interface: lagg0
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vlan03: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Ospiti
options=4000000<NOMAP>
ether 00:30:18:01:6c:2a
inet 10.203.1.253 netmask 0xffffff00 broadcast 10.203.1.255
inet 10.203.1.254 netmask 0xffffffff broadcast 10.203.1.254 vhid 1
groups: vlan
carp: MASTER vhid 1 advbase 1 advskew 0
vlan: 4 vlanproto: 802.1q vlanpcp: 0 parent interface: lagg0
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vlan04: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: WAN
options=4000000<NOMAP>
ether 00:30:18:01:6c:2a
inet [snip...] netmask 0xfffffff8 broadcast 185.100.109.151
inet [snip...] netmask 0xfffffffc broadcast 185.100.109.151 vhid 2
groups: vlan
carp: MASTER vhid 2 advbase 1 advskew 0
vlan: 99 vlanproto: 802.1q vlanpcp: 0 parent interface: lagg0
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ovpns1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet 192.168.203.1 --> 192.168.203.2 netmask 0xfffffff8
groups: tun openvpn
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Opened by PID 54350
ovpns2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet 192.168.203.33 --> 192.168.203.34 netmask 0xffffffe0
groups: tun openvpn
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Opened by PID 93215
root@fw-master:~ # ifconfig on secondary
Code Select
root@fw-slave:~ # ifconfig
igb0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Cluster
options=4800028<VLAN_MTU,JUMBO_MTU,NOMAP>
ether 00:30:18:01:66:b2
inet 10.203.0.2 netmask 0xfffffff8 broadcast 10.203.0.7
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igb1: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Emergency
options=4800028<VLAN_MTU,JUMBO_MTU,NOMAP>
ether 00:30:18:01:66:b3
inet 192.168.23.252 netmask 0xffffff00 broadcast 192.168.23.255
media: Ethernet autoselect
status: no carrier
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igb2: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4800028<VLAN_MTU,JUMBO_MTU,NOMAP>
ether 00:30:18:01:66:b4
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igb3: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4800028<VLAN_MTU,JUMBO_MTU,NOMAP>
ether 00:30:18:01:66:b4
hwaddr 00:30:18:01:66:b5
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igb4: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4800028<VLAN_MTU,JUMBO_MTU,NOMAP>
ether 00:30:18:01:66:b4
hwaddr 00:30:18:01:66:b6
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igb5: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4800028<VLAN_MTU,JUMBO_MTU,NOMAP>
ether 00:30:18:01:66:b4
hwaddr 00:30:18:01:66:b7
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
enc0: flags=0<> metric 0 mtu 1536
groups: enc
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
pfsync0: flags=0<> metric 0 mtu 1500
groups: pfsync
pflog0: flags=20100<PROMISC,PPROMISC> metric 0 mtu 33160
groups: pflog
lagg0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4800028<VLAN_MTU,JUMBO_MTU,NOMAP>
ether 00:30:18:01:66:b4
laggproto lacp lagghash l2,l3,l4
laggport: igb2 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
laggport: igb3 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
laggport: igb4 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
laggport: igb5 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
groups: lagg
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vlan01: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Management
options=4000000<NOMAP>
ether 00:30:18:01:66:b4
inet 10.203.5.252 netmask 0xffffff00 broadcast 10.203.5.255
inet 10.203.5.254 netmask 0xffffffff broadcast 10.203.5.254 vhid 3
groups: vlan
carp: BACKUP vhid 3 advbase 1 advskew 100
vlan: 5 vlanproto: 802.1q vlanpcp: 0 parent interface: lagg0
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vlan02: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: LAN
options=4000000<NOMAP>
ether 00:30:18:01:66:b4
inet 192.168.0.212 netmask 0xffffff00 broadcast 192.168.0.255
inet 192.168.0.254 netmask 0xffffffff broadcast 192.168.0.254 vhid 4
groups: vlan
carp: BACKUP vhid 4 advbase 1 advskew 100
vlan: 2 vlanproto: 802.1q vlanpcp: 0 parent interface: lagg0
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vlan03: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Ospiti
options=4000000<NOMAP>
ether 00:30:18:01:66:b4
inet 10.203.1.252 netmask 0xffffff00 broadcast 10.203.1.255
inet 10.203.1.254 netmask 0xffffffff broadcast 10.203.1.254 vhid 1
groups: vlan
carp: BACKUP vhid 1 advbase 1 advskew 100
vlan: 4 vlanproto: 802.1q vlanpcp: 0 parent interface: lagg0
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vlan04: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: WAN
options=4000000<NOMAP>
ether 00:30:18:01:66:b4
inet [snip...] netmask 0xfffffff8 broadcast 185.100.109.151
inet [snip...] netmask 0xfffffffc broadcast 185.100.109.151 vhid 2
groups: vlan
carp: BACKUP vhid 2 advbase 1 advskew 100
vlan: 99 vlanproto: 802.1q vlanpcp: 0 parent interface: lagg0
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ovpns1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet 192.168.203.1 --> 192.168.203.2 netmask 0xfffffff8
groups: tun openvpn
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Opened by PID 30516
ovpns2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet 192.168.203.33 --> 192.168.203.34 netmask 0xffffffe0
groups: tun openvpn
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Opened by PID 30997
DHCP config file of secondary.
Code Select
root@fw-slave:~ # cat /var/dhcpd/etc/dhcpd.conf
option domain-name "dave.lan";
option ldap-server code 95 = text;
option arch code 93 = unsigned integer 16; # RFC4578
option pac-webui code 252 = text;
default-lease-time 7200;
max-lease-time 86400;
log-facility local7;
one-lease-per-client true;
deny duplicates;
ping-check true;
update-conflict-detection false;
authoritative;
failover peer "dhcp_opt4" {
secondary;
address 10.203.1.252;
port 520;
peer address 10.203.1.253;
peer port 519;
max-response-delay 10;
max-unacked-updates 10;
load balance max seconds 3;
}
failover peer "dhcp_opt2" {
secondary;
address 10.203.5.252;
port 520;
peer address 10.203.5.253;
peer port 519;
max-response-delay 10;
max-unacked-updates 10;
load balance max seconds 3;
}
subnet 10.203.1.0 netmask 255.255.255.0 {
pool {
option domain-name-servers 10.203.1.254;
deny dynamic bootp clients;
failover peer "dhcp_opt4";
range 10.203.1.100 10.203.1.199;
}
option routers 10.203.1.254;
option domain-name-servers 10.203.1.254;
}
subnet 10.203.5.0 netmask 255.255.255.0 {
pool {
option domain-name-servers 10.203.5.254;
deny dynamic bootp clients;
ignore-client-uids true;
failover peer "dhcp_opt2";
range 10.203.5.100 10.203.5.109;
}
option routers 10.203.5.254;
option domain-name-servers 10.203.5.254;
}
Pages1
