OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Mr.Goodcat »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - Mr.Goodcat

Pages: [1]
1
23.7 Legacy Series / [SOLVED] Dpinger broken
« on: October 22, 2023, 01:32:01 pm »
Hi,

since around 23.7.4 dpinger is broken for an IPv4 Gateway on two of my machines. Hardware is entirely different (Intel CPU + NIC vs. AMD CPU + Mellanox NIC).
I can't see anything in the logs that would help identify the root cause. This is particularly annoying as one system is setup with a gateway group to allow failover to another WAN interface.
Oddly enough, the other WAN interface (also IPv4) doesn't exhibit this issue. Could this be related to the interface settings? At least those are a factor that's identical in both systems experiencing this issue (ISP Vodafone Germany, supersede dhcp-server-identifier 255.255.255.255, reject leases 192.168.100.1, custom MAC address).
Patches fb336e3 and 89ee410 didn't solve this either.

Any support to get to the bottom of this is highly appreciated!

2
21.7 Legacy Series / [SOLVED] Missing ARP entry for WAN Gateway (bridged 4G/5G CPE via Ethernet)
« on: November 21, 2021, 05:26:36 pm »
Hi,

my setup has two WANs:
one via Cable (DOCSIS), one via a 4G/5G CPE which is in bridge mode and attached via Ethernet.

For some reason, the latter's WAN gateway in OPNSense does not come up on its own. OPNSense receives an IP via DHCP, but there is no corresponding ARP entry for the 4G/5G CPE. If I add this manually, everything works.

However, as the 4G/5G WAN IP can change setting a static entry is no real solution - i.e. there is no fixed MAC-IP combination.

As of now, my best guess for this behaviour is that both WAN and Gateway IP are in the 100.64.0.0/10 range, i.e. carrier-grade NAT IPs. However, the corresponing WAN interface at OPNSense is set to allow both bogons and private IPs.

Thus I'm looking for any other issues which could cause the observed behaviour. Any ideas would be greatly appreciated! :)

3
21.7 Legacy Series / [Solved] Chrony NTS broken?
« on: September 20, 2021, 05:51:19 pm »
Hi,

I just noticed that chrony doesn't seem to work with NTS anymore. Once I enable this setting, no synchronization takes places which results in the "tracking" tab showing the date as 1970...
Even when only one NTS server (e.g. cloudfare) is used nothing happens.
As it worked flawlessly before, this might have crept in during the last update?
Does anyone else experience such behaviour?

Thanks!

4
21.7 Legacy Series / Broken traffic reporting (netmap)
« on: August 21, 2021, 08:05:33 pm »
Using Mellenox ConnectX-3 NICs (driver: mlx4en) traffic reporting is still broken. Oddly enough, this only affects setups in which VLANs are defined on virtual functions (i.e. VFs, see https://docs.google.com/spreadsheets/d/1RVj8K3XOzWi-Bkjq6hUxWudu7Cxd8FFTqjLiBMzZWEM/edit#gid=0). Thus netmap generally works, just not in this instance. When VLANs are assigned in OPNSense (which has it's drawbacks compared to VFs), it works as intended. It would be great if anyone could have a look at this :)

https://github.com/opnsense/src/issues/103

5
21.1 Legacy Series / [Feature request] Chrony authselectmode
« on: July 19, 2021, 09:04:03 pm »
Hi,

I recently decided to switch to chrony which is working great so far :D
Unfortunately though, the pluging doesn't allow to specify the authselectmode, i.e. how to handle NTS. Currently it seems to be set to "require", meaning all non-NTS servers are ignored. However, I'd like to run a mix of remote NTS servers plus local non-NTS servers. Thus it would be great if the options "prefer" and "mix" were available. Would it be possible to add this with an upcoming update? Thanks!

6
20.1 Legacy Series / Multi WAN Traffic Shaping
« on: March 18, 2020, 11:09:31 am »
Hi,

my setup has two WAN links, each with different up-/download speeds. After setting both to the same tier, I would like to apply individual traffic shaping to enable some QoS. However I can't quite figure out how this should be done, as rules direct all traffic of a certain type (e.g. IP range) towards one of the two interfaces. Hence douplicating rules (which also seems too cumbersome) doesn't appear to be the correct way forward. ???

Also, traffic shaping could be greatly simplified if aliases were usable. As the 20.7 roadmap is awfully empty, maybe it's a good idea to add? :)

Any hint / help is welcome!  :D

7
19.7 Legacy Series / Alias in traffic shaper
« on: December 25, 2019, 07:47:40 pm »
Merry Christmas!   :D

While cleaning up my config, I noticed that the traffic shaper was rather cluttered. Hence I tried to use aliases. Unfortunately it seems this isn't possible? However, I've found closed feature requests from 2018, so I might be doing something wrong. Any ideas?

8
19.1 Legacy Series / [Solved] IPv6 renewal crashes openvpn and dpinger
« on: February 02, 2019, 12:56:51 pm »
Hi,

after the update to 19.1 openvpn and dpinger crash upon IPv6 WAN renewal:

DHCP log:
Code: [Select]
Feb 2 12:39:59 dhcp6c[39617]: XID mismatch
Feb 2 12:39:53 dhcpd: Sending Reply to fe80::::: port 546
Feb 2 12:39:53 dhcpd: Information-request message from fe80::::: port 546, transaction ID 0x6CD09F00
Feb 2 12:39:52 dhcpd: Server starting service.
Feb 2 12:39:52 dhcpd: Sending on Socket/12/igb1/2a02:::::/64
Feb 2 12:39:52 dhcpd: Listening on Socket/12/igb1/2a02:::::/64
Feb 2 12:39:52 dhcpd: Bound to *:547
Feb 2 12:39:52 dhcpd: Wrote 1 NA, 0 TA, 0 PD leases to lease file.
Feb 2 12:39:52 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Feb 2 12:39:52 dhcpd: All rights reserved.
Feb 2 12:39:52 dhcpd: Copyright 2004-2018 Internet Systems Consortium.
Feb 2 12:39:52 dhcpd: Internet Systems Consortium DHCP Server 4.4.1
Feb 2 12:39:52 dhcpd: PID file: /var/run/dhcpdv6.pid
Feb 2 12:39:52 dhcpd: Database file: /var/db/dhcpd6.leases
Feb 2 12:39:52 dhcpd: Config file: /etc/dhcpdv6.conf
Feb 2 12:39:52 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Feb 2 12:39:52 dhcpd: All rights reserved.
Feb 2 12:39:52 dhcpd: Copyright 2004-2018 Internet Systems Consortium.
Feb 2 12:39:52 dhcpd: Internet Systems Consortium DHCP Server 4.4.1
Feb 2 12:39:51 dhcp6c: dhcp6c REQUEST on igb0 - running newipv6
Feb 2 12:39:51 dhcp6c[39617]: add an address 2a02:::::::/128 on igb0
Feb 2 12:39:51 dhcp6c[39617]: add an address 2a02:::::::/64 on igb1
Feb 2 12:39:51 dhcp6c[39617]: Received REPLY for REQUEST
Feb 2 12:39:51 dhcp6c[39617]: Sending Request
Feb 2 12:39:51 dhcp6c[39617]: Sending Solicit
Feb 2 12:39:51 dhcp6c: dhcp6c RELEASE on igb0 - running newipv6
Feb 2 12:39:51 dhcp6c[39617]: status code: success
Feb 2 12:39:51 dhcp6c[39617]: Received REPLY for RELEASE
Feb 2 12:39:51 dhcp6c: dhcp6c RELEASE on igb0 - running newipv6
Feb 2 12:39:51 dhcp6c[39617]: status code: success
Feb 2 12:39:51 dhcp6c[39617]: Received REPLY for RELEASE
Feb 2 12:39:51 dhcp6c[39617]: remove an address 2a02:::::::/64 on igb1
Feb 2 12:39:51 dhcp6c[39617]: Sending Release
Feb 2 12:39:51 dhcp6c[39617]: Start address release
Feb 2 12:39:51 dhcp6c[39617]: remove an address 2a02:::::::/128 on igb0
Feb 2 12:39:51 dhcp6c[39617]: Sending Release
Feb 2 12:39:51 dhcp6c[39617]: Start address release
Feb 2 12:39:51 dhcp6c[39617]: restarting
Feb 2 12:39:51 dhcpd: RTSOLD script - Sending SIGHUP to dhcp6c for interface wan(igb0)
Feb 2 12:39:48 dhclient: Creating resolv.conf
Feb 2 12:36:22 dhcpd: Sending Reply to fe80::::: port 546
Feb 2 12:36:22 dhcpd: Reply NA: address 2a02::::: to client with duid 00::::::::::::: iaid = -918630208 valid for 7200 seconds
Feb 2 12:36:22 dhcpd: Renew message from fe80::::: port 546, transaction ID 0x9479A500
Feb 2 12:29:40 dhcpd: DHCPACK to 192.168.0.7 (60:::::) via igb1
Feb 2 12:29:40 dhcpd: DHCPINFORM from 192.168.0.7 via igb1
Feb 2 12:28:08 dhcpd: DHCPACK on 192.168.0.205 to 00::::: via igb1
Feb 2 12:28:08 dhcpd: DHCPREQUEST for 192.168.0.205 from 00::::: via igb1
Feb 2 12:10:47 dhcpd: DHCPACK to 192.168.0.7 (60:::::) via igb1
Feb 2 12:10:47 dhcpd: DHCPINFORM from 192.168.0.7 via igb1
Feb 2 12:09:51 dhcpd: Sending Reply to fe80::::: port 546
Feb 2 12:09:51 dhcpd: Information-request message from fe80::::: port 546, transaction ID 0xAFF74100
Feb 2 12:09:50 dhcpd: Server starting service.
Feb 2 12:09:50 dhcpd: Sending on Socket/11/igb1/2a02:::::/64
Feb 2 12:09:50 dhcpd: Listening on Socket/11/igb1/2a02:::::/64
Feb 2 12:09:50 dhcpd: Bound to *:547
Feb 2 12:09:50 dhcpd: Wrote 1 NA, 0 TA, 0 PD leases to lease file.
Feb 2 12:09:50 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Feb 2 12:09:50 dhcpd: All rights reserved.
Feb 2 12:09:50 dhcpd: Copyright 2004-2018 Internet Systems Consortium.
Feb 2 12:09:50 dhcpd: Internet Systems Consortium DHCP Server 4.4.1
Feb 2 12:09:50 dhcpd: PID file: /var/run/dhcpdv6.pid
Feb 2 12:09:50 dhcpd: Database file: /var/db/dhcpd6.leases
Feb 2 12:09:50 dhcpd: Config file: /etc/dhcpdv6.conf
Feb 2 12:09:50 dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Feb 2 12:09:50 dhcpd: All rights reserved.
Feb 2 12:09:50 dhcpd: Copyright 2004-2018 Internet Systems Consortium.
Feb 2 12:09:50 dhcpd: Internet Systems Consortium DHCP Server 4.4.1
Feb 2 12:09:50 dhcp6c: dhcp6c REQUEST on igb0 - running newipv6
Feb 2 12:09:50 dhcp6c[39617]: add an address 2a02:::::::/128 on igb0
Feb 2 12:09:50 dhcp6c[39617]: add an address 2a02:::::::/64 on igb1
Feb 2 12:09:50 dhcp6c[39617]: Received REPLY for REQUEST
Feb 2 12:09:49 dhcp6c[39617]: XID mismatch
Feb 2 12:09:49 dhcp6c[39617]: Sending Request
Feb 2 12:09:49 dhcp6c: dhcp6c RELEASE on igb0 - running newipv6
Feb 2 12:09:49 dhcp6c[39617]: status code: success
Feb 2 12:09:49 dhcp6c[39617]: Received REPLY for RELEASE
Feb 2 12:09:49 dhcp6c[39617]: Sending Solicit
Feb 2 12:09:49 dhcp6c: dhcp6c RELEASE on igb0 - running newipv6
Feb 2 12:09:49 dhcp6c[39617]: status code: success
Feb 2 12:09:49 dhcp6c[39617]: Received REPLY for RELEASE
Feb 2 12:09:49 dhcp6c[39617]: remove an address 2a02:::::::/64 on igb1
Feb 2 12:09:49 dhcp6c[39617]: Sending Release
Feb 2 12:09:49 dhcp6c[39617]: Start address release
Feb 2 12:09:49 dhcp6c[39617]: remove an address 2a02:::::::/128 on igb0
Feb 2 12:09:49 dhcp6c[39617]: Sending Release
Feb 2 12:09:49 dhcp6c[39617]: Start address release
Feb 2 12:09:49 dhcp6c[39617]: restarting
Feb 2 12:09:49 dhcpd: RTSOLD script - Sending SIGHUP to dhcp6c for interface wan(igb0)
Feb 2 12:09:48 dhclient: Creating resolv.conf

General log:
Code: [Select]
Feb 2 12:40:02 opnsense: /usr/local/etc/rc.newwanip: The command '/usr/local/sbin/unbound -c '/var/unbound/unbound.conf'' returned exit code '1', the output was '[1549107602] unbound[24967:0] error: bind: address already in use [1549107602] unbound[24967:0] fatal error: could not open ports'
Feb 2 12:39:59 opnsense: /usr/local/etc/rc.newwanipv6: The command '/usr/local/opnsense/scripts/dns/unbound_dhcpd.py /domain 'lan'' returned exit code '1', the output was 'Unable to lock on the pidfile.'
Feb 2 12:39:58 opnsense: /usr/local/etc/rc.newwanipv6: Dynamic DNS: (Success) IP Address Updated Successfully!
Feb 2 12:39:58 opnsense: /usr/local/etc/rc.newwanipv6: Dynamic DNS: updating cache file /var/cache/dyndns_wan_my-domain.com_1.cache: 62...
Feb 2 12:39:57 opnsense: /usr/local/etc/rc.newwanip: Dynamic DNS: (Success) IP Address Updated Successfully!
Feb 2 12:39:57 opnsense: /usr/local/etc/rc.newwanip: Dynamic DNS: updating cache file /var/cache/dyndns_wan_my-domain.com_1.cache: 62...
Feb 2 12:39:55 opnsense: /usr/local/etc/rc.newwanipv6: Dynamic DNS (famaku.hopto.org): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
Feb 2 12:39:53 opnsense: /usr/local/etc/rc.newwanipv6: Resyncing OpenVPN instances for interface WAN.
Feb 2 12:39:52 opnsense: /usr/local/etc/rc.newwanipv6: Adding static route for monitor 2001::::::: via fe80:::::%igb0
Feb 2 12:39:52 opnsense: /usr/local/etc/rc.newwanipv6: Removing static route for monitor 2001::::::: via fe80:::::%igb0
Feb 2 12:39:52 opnsense: /usr/local/etc/rc.newwanip: Dynamic DNS (famaku.hopto.org): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
Feb 2 12:39:52 opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway 'fe80:::::%igb0'
Feb 2 12:39:52 opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv6 default route to fe80:::::
Feb 2 12:39:52 opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway '62...'
Feb 2 12:39:52 opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv4 default route to 62...
Feb 2 12:39:52 opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: IPv6 default gateway set to wan
Feb 2 12:39:52 opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: IPv4 default gateway set to wan
Feb 2 12:39:52 opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: entering configure using 'wan'
Feb 2 12:39:51 opnsense: /usr/local/etc/rc.newwanipv6: On (IP address: 2a02:::::::) (interface: WAN[wan]) (real interface: igb0).
Feb 2 12:39:51 opnsense: /usr/local/etc/rc.newwanipv6: IP renewal is starting on 'igb0'
Feb 2 12:39:51 opnsense: /usr/local/etc/rc.newwanipv6: Failed to detect IP for WAN[wan]
Feb 2 12:39:51 opnsense: /usr/local/etc/rc.newwanipv6: On (IP address: ) (interface: WAN[wan]) (real interface: igb0).
Feb 2 12:39:51 opnsense: /usr/local/etc/rc.newwanipv6: IP renewal is starting on 'igb0'
Feb 2 12:39:51 opnsense: /usr/local/etc/rc.newwanipv6: Failed to detect IP for WAN[wan]
Feb 2 12:39:51 opnsense: /usr/local/etc/rc.newwanipv6: On (IP address: ) (interface: WAN[wan]) (real interface: igb0).
Feb 2 12:39:51 opnsense: /usr/local/etc/rc.newwanipv6: IP renewal is starting on 'igb0'
Feb 2 12:39:50 opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN.
Feb 2 12:39:49 opnsense: /usr/local/etc/rc.newwanip: Adding static route for monitor 2001::::::: via fe80:::::%igb0
Feb 2 12:39:49 opnsense: /usr/local/etc/rc.newwanip: Removing static route for monitor 2001::::::: via fe80:::::%igb0
Feb 2 12:39:49 opnsense: /usr/local/etc/rc.newwanip: ROUTING: keeping current default gateway 'fe80:::::%igb0'
Feb 2 12:39:49 opnsense: /usr/local/etc/rc.newwanip: ROUTING: setting IPv6 default route to fe80:::::
Feb 2 12:39:49 opnsense: /usr/local/etc/rc.newwanip: ROUTING: keeping current default gateway '62...'
Feb 2 12:39:49 opnsense: /usr/local/etc/rc.newwanip: ROUTING: setting IPv4 default route to 62...
Feb 2 12:39:49 opnsense: /usr/local/etc/rc.newwanip: ROUTING: IPv6 default gateway set to wan
Feb 2 12:39:49 opnsense: /usr/local/etc/rc.newwanip: ROUTING: IPv4 default gateway set to wan
Feb 2 12:39:49 opnsense: /usr/local/etc/rc.newwanip: ROUTING: entering configure using 'wan'
Feb 2 12:39:48 opnsense: /usr/local/etc/rc.newwanip: Accept router advertisements on interface igb0
Feb 2 12:39:48 opnsense: /usr/local/etc/rc.newwanip: On (IP address: 62...) (interface: WAN[wan]) (real interface: igb0).
Feb 2 12:39:48 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'igb0'
Feb 2 12:12:49 opnsense: /status_services.php: Adding static route for monitor 2001::::::: via fe80:::::%igb0
Feb 2 12:12:49 opnsense: /status_services.php: Removing static route for monitor 2001::::::: via fe80:::::%igb0
Feb 2 12:10:02 opnsense: /usr/local/etc/rc.newwanipv6: Dynamic DNS: (Success) IP Address Updated Successfully!
Feb 2 12:10:02 opnsense: /usr/local/etc/rc.newwanipv6: Dynamic DNS: updating cache file /var/cache/dyndns_wan_my-domain.com_1.cache: 62...
Feb 2 12:09:55 opnsense: /usr/local/etc/rc.newwanipv6: Dynamic DNS (famaku.hopto.org): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
Feb 2 12:09:54 opnsense: /usr/local/etc/rc.newwanip: Dynamic DNS: (Success) IP Address Updated Successfully!
Feb 2 12:09:54 opnsense: /usr/local/etc/rc.newwanip: Dynamic DNS: updating cache file /var/cache/dyndns_wan_my-domain.com_1.cache: 62...
Feb 2 12:09:53 opnsense: /usr/local/etc/rc.newwanipv6: Resyncing OpenVPN instances for interface WAN.
Feb 2 12:09:52 opnsense: /usr/local/etc/rc.newwanip: Dynamic DNS (famaku.hopto.org): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
Feb 2 12:09:50 opnsense: /usr/local/etc/rc.newwanipv6: Adding static route for monitor 2001::::::: via fe80:::::%igb0
Feb 2 12:09:50 opnsense: /usr/local/etc/rc.newwanipv6: Removing static route for monitor 2001::::::: via fe80:::::%igb0
Feb 2 12:09:50 opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway 'fe80:::::%igb0'
Feb 2 12:09:50 opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv6 default route to fe80:::::
Feb 2 12:09:50 opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: keeping current default gateway '62...'
Feb 2 12:09:50 opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv4 default route to 62...
Feb 2 12:09:50 opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: IPv6 default gateway set to wan
Feb 2 12:09:50 opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: IPv4 default gateway set to wan
Feb 2 12:09:50 opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: entering configure using 'wan'
Feb 2 12:09:50 opnsense: /usr/local/etc/rc.newwanipv6: On (IP address: 2a02:::::::) (interface: WAN[wan]) (real interface: igb0).
Feb 2 12:09:50 opnsense: /usr/local/etc/rc.newwanipv6: IP renewal is starting on 'igb0'
Feb 2 12:09:50 opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface WAN.
Feb 2 12:09:49 opnsense: /usr/local/etc/rc.newwanipv6: Failed to detect IP for WAN[wan]
Feb 2 12:09:49 opnsense: /usr/local/etc/rc.newwanipv6: On (IP address: ) (interface: WAN[wan]) (real interface: igb0).
Feb 2 12:09:49 opnsense: /usr/local/etc/rc.newwanipv6: IP renewal is starting on 'igb0'
Feb 2 12:09:49 opnsense: /usr/local/etc/rc.newwanipv6: Failed to detect IP for WAN[wan]
Feb 2 12:09:49 opnsense: /usr/local/etc/rc.newwanipv6: On (IP address: ) (interface: WAN[wan]) (real interface: igb0).
Feb 2 12:09:49 opnsense: /usr/local/etc/rc.newwanipv6: IP renewal is starting on 'igb0'
Feb 2 12:09:48 opnsense: /usr/local/etc/rc.newwanip: Adding static route for monitor 2001::::::: via fe80:::::%igb0
Feb 2 12:09:48 opnsense: /usr/local/etc/rc.newwanip: Removing static route for monitor 2001::::::: via fe80:::::%igb0
Feb 2 12:09:48 opnsense: /usr/local/etc/rc.newwanip: ROUTING: keeping current default gateway 'fe80:::::%igb0'
Feb 2 12:09:48 opnsense: /usr/local/etc/rc.newwanip: ROUTING: setting IPv6 default route to fe80:::::
Feb 2 12:09:48 opnsense: /usr/local/etc/rc.newwanip: ROUTING: keeping current default gateway '62...'
Feb 2 12:09:48 opnsense: /usr/local/etc/rc.newwanip: ROUTING: setting IPv4 default route to 62...
Feb 2 12:09:48 opnsense: /usr/local/etc/rc.newwanip: ROUTING: IPv6 default gateway set to wan
Feb 2 12:09:48 opnsense: /usr/local/etc/rc.newwanip: ROUTING: IPv4 default gateway set to wan
Feb 2 12:09:48 opnsense: /usr/local/etc/rc.newwanip: ROUTING: entering configure using 'wan'
Feb 2 12:09:48 opnsense: /usr/local/etc/rc.newwanip: Accept router advertisements on interface igb0
Feb 2 12:09:48 opnsense: /usr/local/etc/rc.newwanip: On (IP address: 62...) (interface: WAN[wan]) (real interface: igb0).
Feb 2 12:09:48 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'igb0'

Any ideas on how to fix this?  :-\

9
18.7 Legacy Series / Insight: Data of old interfaces
« on: December 31, 2018, 03:25:40 pm »
Hi!

Recently I removed a NIC from my OPNSense Box, resulting in new interface names for the WAN/LAN ports. This causes the traffic data gathered under "Insight" in the "Reporting" category, to be inaccessible. While the data is still being shown in the plot (like in [1] - in my case as "15" and "igb5"), the old interfaces can't be selected as the "top usage ports" and also can't be exported. Would it possible to update OPNSense to enable the selection/export of old, currently non-existant interfaces which are still contained in the database? Joing the data with new interfaces would be even better.

Thank you and have a great new year's eve!  :D

[1] https://forum.opnsense.org/index.php?topic=7841.0

10
19.1 Legacy Series / Feature Request: Traffic shaping with PRIQ
« on: December 25, 2018, 04:16:37 pm »
As far as I can see this feature is currently only available on PFSense, but having it available on OPNSense as well would of course be prefered  ;D

Many internet connections do not provide stable data rates (DOCSIS I'm looking at you). Hence, it would be preferable if one could clasiffy traffic into different queues and have them served depending on their priority. For example:
Q0: SSH
Q1: VOIP
Q2: Gaming
Q3: Video Streaming
Q4: Anything else

The scheduler should then always give whatever bandwidth is required to Q0 if there is traffic. Any remaining data rate can be used by Q1. Whatever is still unused would be available to Q2 and so on. Thereby, the lowest priority services might be cut off entirely if there is just enough capacity for higher priority services.

https://de.slideshare.net/NetgateUSA/traffic-shaping-basics-with-priq-pfsense-hangout-february-2016

Keep up the great work and merry Christmas!  :D

11
18.1 Legacy Series / Feature requests
« on: February 10, 2018, 05:14:47 pm »
    Hi,

    based on my experience with OPNSense I'd like to suggest the following features:

    • Predictable Network Interface Names
    • Improved config file detection and restoration
    • Access to all interface options from the GUI
    • Option to remove configd.py from log file
    • Excluding static DHCP leases from Services:DHCPv4:Leases when lease has expired / device is not active
    • (Optional) IP resolving in the GUI and logfiles where appropriate
    • Option to execute commands from the GUI
    • Correct keymap on console
    • Traffic Shaping: Priq Scheduler
    • Traffic Shaping: Rules for entire Domains/AS (e.g. Netflix)
    • Netflow: Merging Interface Statistics
    • Netflow: Improved database repair
    • Netflow: Overview of traffic stats by day/month/year
    • Improved power efficientcy on AMD plattforms
    • UEFI Boot

    1. Predictable Network Interface Names, has the following benefits:
    • Stable interface names when kernels or drivers are updated/changed.
    • Stable interface names even if you have to replace broken ethernet cards by new ones.
    • Stable interface names even when hardware is added or removed, i.e. no re-enumeration takes place. This is what broke my configuration and required quite a bit of manual reconfiguration on my part. Upon adding an additional NIC, interface names changed (i.e. the WAN interface igb0 was renamed to igb2), breaking LAN/WAN assignments, hence locking me out (as the interface going out to LAN was now assigned to WAN).

    2. Improved config file detection and restoration:
    • This may be hardware dependent, but on my system serveral usb flash drives with different file systems (FAT, ext4, NTFS) weren't recognized when installing OPNSense. Thus it was not possible to restore the existing config file directly during installation.

3. Access to all interface options from the GUI:
  • As detailled in https://forum.opnsense.org/index.php?topic=7201.0 interface options available from the GUI can't be used simultaniously. In my case the "reject ip-address" statement is necessary as well as a "supersede" statement. Both are accessible from the GUI, but on different sub-pages. To use both options a modified dhclient.conf had to be created. This causes multiple problems. When restoring settings on a newly installed device the modified dhclient.conf has to be added by hand, instead of being part of the overall OPNSense config file. Also, the dhclient.conf explicitly references the non-unique interface name of the interface (e.g. igb0) and thus causes trouble in case interface names change (see item #1).

4. Option to exclude configd.py events from log:
  • configd.py spams the log with events such as this, when viewing the dashboard: "configd.py: [2056dbe7-5bff-459b-adcc-4b49977b4077] request pfctl byte/packet counters". This makes it more difficult to search the log for important events and should thus be optional.

5. Excluding static DHCP leases from Services:DHCPv4:Leases when lease has expired / device is not active:
  • Currently, the status of devices for which a static DHCP lease has been assigned are always shown as active in Services:DHCPv4:Leases. It would be helpful, if devices which haven't actually requested a lease or whose lease has expired are shown as offline. Thus one would be able to see how many devices are actually online.

6. (Optional) IP resolving in the GUI and logfiles where appropriate:
  • Replacing IP addresses by cached/looked up host+domain names in the GUI and logs. This would be helpful to determin to/from which devices traffic is flowing, as one wouldn't have to check which device is using which IP.

7. Option to execute commands from the GUI
  • Executing commands from the GUI would be helpful for tasks such as applying experimental patches.

11. Netflow: Merging Interface Statistics
  • Recently I removed a NIC from my OPNSense Box, resulting in new interface names for the WAN/LAN ports. This causes the traffic data gathered under "Insight" in the "Reporting" category, to be inaccessible. While the data is still being shown in the plot (like in https://forum.opnsense.org/index.php?topic=7841.0 - in my case as "15" and "igb5"), the old interfaces can't be selected as the "top usage ports" and also can't be exported. Would it possible to update OPNSense to enable the selection/export of old, currently non-existant interfaces which are still contained in the database? Joing the data with new interfaces would be even better.

It would be great if these (small?) features could be implemented for a smoother OPNSense experience. As always, thanks to all OPNSense team members and contributors for their great work![/list]

12
18.1 Legacy Series / Reject IP lease from specific device
« on: February 07, 2018, 05:19:12 pm »
Hi,

I'm using a cable modem (LAN IP 192.168.100.1) which hands out the IP 192.168.100.10 to OPN's WAN interface everytime it looses its connection to the ISP (as ISP's DHCP is unavailable). This somehow causes OPNSense to ignore all requests from LAN, forcing me to powercycle it manually. Therefore I'm looking for an option to reject leases on the WAN interface (i.e. from the cable modem). It seems pfsense provides this functionality, however I simply can't find the option on OPN. Any help to get this working would be greatly appreciated!

Here's a sample of the log file after the cable modem lost sync, maked by OPN's WAN interface (igb3) going down:

Code: [Select]
Feb 5 01:17:08 opnsense: /usr/local/etc/rc.newwanip: Aborted IP detection: Resolving timed out after 5622 milliseconds
Feb 5 01:17:02 opnsense: /usr/local/etc/rc.newwanip: Aborted IP detection: Resolving timed out after 5668 milliseconds
Feb 5 01:16:56 configd.py: [cd23c407-c465-4fd8-9b78-d6827340aad1] refresh url table aliases
Feb 5 01:16:56 configd.py: generate template container OPNsense/Filter
Feb 5 01:16:56 configd.py: [fb65fbed-ea52-4c87-96e8-5d2dc14683f2] generate template OPNsense/Filter
Feb 5 01:16:55 opnsense: /usr/local/etc/rc.newwanip: ROUTING: setting IPv4 default route to 192.168.100.1
Feb 5 01:16:55 opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.100.10) (interface: WAN[wan]) (real interface: igb3).
Feb 5 01:16:55 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'igb3'
Feb 5 01:16:51 opnsense: /usr/local/etc/rc.linkup: ROUTING: setting IPv4 default route to 192.168.100.1
Feb 5 01:16:07 configd_ctl.py: error in configd communication Traceback (most recent call last): File "/usr/local/opnsense/service/configd_ctl.py", line 65, in exec_config_cmd line = sock.recv(65536) timeout: timed out
Feb 5 01:15:53 opnsense: /usr/local/etc/rc.newwanip: Curl error occurred: Could not resolve host: dynupdate.no-ip.com
Feb 5 01:14:24 opnsense: /usr/local/etc/rc.newwanip: Aborted IP detection: Resolving timed out after 5638 milliseconds
Feb 5 01:14:18 opnsense: /usr/local/etc/rc.newwanip: Aborted IP detection: Resolving timed out after 5599 milliseconds
Feb 5 01:14:13 configd.py: [1c61f7db-4d68-4013-af84-b3d872e9c5c4] refresh url table aliases
Feb 5 01:14:12 configd.py: generate template container OPNsense/Filter
Feb 5 01:14:12 configd.py: [218b621f-ab9f-4147-a084-ed45160e66d6] generate template OPNsense/Filter
Feb 5 01:14:12 opnsense: /usr/local/etc/rc.newwanip: ROUTING: setting IPv4 default route to 192.168.100.1
Feb 5 01:14:11 opnsense: /usr/local/etc/rc.newwanip: On (IP address: 192.168.100.10) (interface: WAN[wan]) (real interface: igb3).
Feb 5 01:14:11 opnsense: /usr/local/etc/rc.newwanip: IP renewal is starting on 'igb3'
Feb 5 01:14:07 opnsense: /usr/local/etc/rc.linkup: HOTPLUG: Configuring interface wan
Feb 5 01:14:07 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet attached event for wan
Feb 5 01:14:07 configd.py: [a4d45c01-f5af-4529-9472-3353417bcc27] Linkup starting igb3
Feb 5 01:14:07 kernel: igb3: link state changed to UP
Feb 5 01:14:03 opnsense: /usr/local/etc/rc.linkup: Clearing states to old gateway 37.201.100.1.
Feb 5 01:14:03 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet detached event for wan
Feb 5 01:14:03 configd.py: [6d803314-7ff0-4901-87f9-e2a432681405] Linkup stopping igb3
Feb 5 01:14:03 kernel: igb3: link state changed to DOWN

13
17.7 Legacy Series / [17.7.1] Restoring previous config fails partially
« on: September 12, 2017, 04:40:35 pm »
Hi,

in my configuration there is a LAN bridge with multiple interfaces from different NICs. Now if a previous config is restored, the interface assignment is lost, thus making the box unavailable as LAN, WAN etc. are mixed up and need to be configures from scratch.
This might also be connected to one of my RealTek NICs vanishing occasionally (either a driver issue or it's broken). Nevertheless, interfaces should be kept as they have been configured, with only unavailable NICs being dropped. Having to manually restore every configuration item that is tied to the interfaces essentially makes restoring past configs useless to me. Also IP-MAC assignments of the DHCP aren't restored, which makes recovery all the more painful.
Is this a known issue or can I provide any additional data to hunt this bug(?) down?

Thank you and kind regards,
Fabian

14
17.1 Legacy Series / Loss of internet access and OPNSense reachability
« on: February 13, 2017, 07:45:12 pm »
Hi,

a strange, new problem has reared its ugly head  :-\
Every few hours the connection to the internet through the OPNSense Box is severed and the Box becomes unreachable from the LAN, i.e. doesn't load the GUI and doesn't answer pings. Devices on the LAN-bridge however can still ping each other. From the VGA Console on the Box itself it is possible to ping out to internet but not any LAN client. Oddly enough DHCP seams to work correctly and sets DNS and Gateway appropriately if any new LAN clients are startet.

Two options to get the setup woking again have been identified: restarting OPNSense, or switching one of the previously inactive LAN ports on (e.g. via starting an attached switch).

From the logs these lock-ups always occur after the following WAN-side event (note: re0 is the NIC towards the WAN):

Feb. 12 18:14:32   opnsense: /usr/local/etc/rc.newwanip: ROUTING: setting IPv4 default route to X.Y.116.1
Feb. 12 18:14:31   opnsense: /usr/local/etc/rc.newwanip: rc.newwanip: on (IP address: X.Y.119.64) (interface: WAN[wan]) (real interface: re0).
Feb. 12 18:14:31   opnsense: /usr/local/etc/rc.newwanip: rc.newwanip: Informational is starting re0.

I tried changing the default setting for gateway monitoring but that didn't help. Actually I'm not quite sure if the observed behaviour also existed under 17.1RC from which an update was performed. Do you have any idea what could be the problem/solution? I suspect the WAN's DHCP lease but that shouldn't affect the ability to ping the OPNSense box from LAN. In such a case the problem should also occur in fixed intervals, but sometimes it takes ~24h and in other instances just a few hours. A case of PEBKAC is always a possibility as well but I'm at a loss regardless.


Details regarding my setup:
  • WAN NIC: Realtek 8111G
  • LAN BRIDGE (non-filtering): Chelsio T420-CR + Intel i350-T4 + Realtek 8111G
  • Updated from 17.1 RC to 17.1 to 17.1.1
  • Running default config for the most part, except for static ARP with DHCP on LAN and a non-filtering LAN-bridge
  • Installed on SSD


Thanks and kind regards,
Fabian

15
17.1 Legacy Series / [SOLVED] [17.1-RC1] Problems with Chelsio NIC and installation from USB
« on: January 21, 2017, 10:38:26 pm »
Hi,

first of all thank you for your efforts in providing OPNSense!

Today I decided to give OPNSense (v17.1-RC1) a shot but stumbled upon two issues which have already been observed by other users in previous versions.

At first installation from USB failed due to some issue with mounting. It seems to be the same problem which has been encountered by User Julien in this thread: https://forum.opnsense.org/index.php?topic=3370.0 Burning a DVD with the iso allowed me to get around this but it's a slow and arduous workaround.

Also the driver for my Chelsio T420-CR isn't loaded, therefore the interfaces of the card are not available.
I added if_cxgb_load="YES"' in /boot/loader.conf, /boot/defaults/loader.conf and /boot/loader.conf.local (.local didn't exist till it was created by me), but nothing helped. This is the same behavior as discussed in https://forum.opnsense.org/index.php?topic=75.0.

Unfortunately neither thread has a solution for these problems. Any chance these issues might be fixed in the final version? Otherwise a workaround for the Chelsio problem would be the greatly appreciated.

Thanks!

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2