Topics

1

16.1 Legacy Series / Intrusion detection with PPPoE over VLAN

« on: July 22, 2016, 01:36:04 pm »

My ISP uses PPPoE over a VLAN. AFAIK, IDS only works on the physical interface when using PPP. Indeed, when I set the IDS to monitor the WAN interface, no rules ever fire. So I tried, in the IDS setup, to remove the WAN interface and choose the physical interface (igb1) to be monitored. However, I can choose both other NIC's, but not the WAN NIC.

Could it be that because I have PPPoE on this NIC, it doesn't even show up?

I've tried enabling promiscuous mode, but that doesn't seem to change the behavior either.

What could I do to monitor the physical WAN NIC?

2

16.1 Legacy Series / [SOLVED] working /var/etc/dhcp6c_wan.conf for xs4all ipv6 setup?

« on: July 12, 2016, 09:29:12 pm »

The topic says it all. I'd like to check the contents of my dhcpv6 WAN interface setup with a working one... so if you're using the provider XS4all and you've got ipv6 working, please post the output of

Code: [Select]

cat /var/etc/dhcp6c_wan.conf

3

16.1 Legacy Series / [SOLVED] dhcp-pd: default ipv6 route setup fails

« on: July 05, 2016, 11:15:26 pm »

I've got a problem getting DHCP-PD to work for my ISP xs4all. There's a nice tutorial for xs4all & ipv6 (in Dutch, http://blog.firewallonline.nl/how-to-en-tutorials/xs4all-pfsense-opnsense-ipv6/) that I followed. Others report succes, I can't get it to work.

I run the latest OPNsense 16.1.18-amd64.

The setup boils down to this:

- setup WAN with PPPoE for ipv4 and DHCPv6 voor ipv6
- setup DHCPv6 to use the ipv4 connectivity and request only a /48 prefix delegation
- setup the LAN to ipv4 static and ipv6 to track the WAN interface with prefix id 0.

This results in a working ipv4 connection but a semi working ipv6 setup:

- I do get a ipv6 ip and gateway
- I can ping6 the ipv6 gateway, but nothing beyond that
- I don't get a ipv6 on the LAN nic

When I look in the log I noticed there seems to be a issue setting up the default route to the gateway:

opnsense: /usr/local/etc/rc.newwanipv6: rc.newwanipv6: on (IP address: fe80::20d:b9ff:fe41:e490) (interface: wan) (real interface: pppoe1).
opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv4 default route to 194.109.5.175
kernel: IPv6 address: "fe80:b::2a0:a50f:fc78:5530" is not on the network
opnsense: /usr/local/etc/rc.newwanipv6: The command '/sbin/route delete -inet6 'default' 'fe80::2a0:a50f:fc78:5530%pppoe1'' returned exit code '1', the output was 'route: writing to routing socket: No such process delete net default: gateway fe80::2a0:a50f:fc78:5530%pppoe1 fib 0: not in table'

When I look in the route table I notice:

    - an entry for my ipv4 gateway, but not for ipv6
    - an default route for my ipv4 gateway, but not for ipv6

I tried many things, but this is the best result I could get. What could be causing the default ipv6 route setup to fail? What can I try to remedy this?