Topics

1

18.7 Legacy Series / Unbound Fails to Start After Upgrade from 18.1 to 18.7

« on: August 03, 2018, 05:46:41 pm »

I'm hoping maybe someone else has experienced this problem and can help me fix it.  I had a working unbound configuration while running 18.1.12.  Last night, I upgraded to 18.1.13 and then immediately upgraded to 18.7.  I did not change my configuration for unbound at all during the upgrade process.  Now, unbound fails to start.

Specifically, what unbound does is appear be stuck in an endless loop where it attempts to start, fails to start, stops, attempts to start again, fails to start, and so on ad infinitum[/].  Looking at the log files, I see the following error message repeatedly appearing:

Code: [Select]

Aug 3 11:38:54 unbound: [84359:0] fatal error: Could not read config file: /unbound.conf
Aug 3 11:38:54 unbound: [84359:0] notice: Restart of unbound 1.7.3.

I did not have this problem while running 18.1.12 with the same configuration.  I changed my log level to "Level 5" to see if I could get some more useful information about why Unbound could no longer read my unbound.conf configuration file.  However, the log file is all gibberish (to me at least) with no additional useful information.

Anyone have any pointers on how to investigate further?  Short or nuking and reinstalling from scratch, I'm not sure what to do.

Thanks.

2

17.7 Legacy Series / Port Forwarding From External Sites Does Not Work

« on: January 26, 2018, 05:55:26 pm »

This one is aggrevating as it works on PFSense using the exact same configuration as I have on OPNSense.  Literally, I switch the boxes and one works and the other doesn't with the same config.

My situation is that I have a small webserver on my LAN that I want accessible from the WAN.  I created two port forwards for my WAN interface that forward any TCP traffic destined for my WAN address on port 80 or 443 and forward the traffic to the internal address 192.168.1.XX for the same ports.  I can access my server internally inside the network, so I know that the server is working and accessible.  When I try to access it externally, the requests time out.  Moreover, nothing shows up in the PFSense logs that I can find that show the request being forwarded, denied, or even being received.  However, I know that my external DNS records are fine because other services (e.g., OpenVPN) work perfectly.

I'm about to tear my hair out.  Any thoughts or help?

3

17.7 Legacy Series / IPv6 Addresses Not Being Handed Out on LAN

« on: January 26, 2018, 05:33:25 pm »

This is one of those, "it worked on PFSense, but not OPNSense" issues.  I am not able to hand out IPv6 addresses on my LAN.

My ISP assigns me a /64 block for IPv6.  Both OPNSense and PFSense are able to detect the IPv6 assignment and assign a valid IPv6 address to the WAN interface.  I can ping IPv6 hosts from my WAN interface, so it works.

For PFSense, I was able to assign IPv6 addresses to clients on my LAN by doing the following:
(1) Set the LAN to "Track Interface" for IPv6 and specify my WAN interface.
(2) Enable the DHCPv6 server on my LAN interface to assign IPv6 addresses from my /64 block.

With OPNSense, I can't do step 2.  I get the following error message:

Code: [Select]

The DHCPv6 Server can only be enabled on interfaces configured with static IP addresses. Only interfaces configured with a static IP will be shown.
As a result, I am unable to assign IPv6 addresses to clients on my LAN.

Any help/thoughts/suggestions on what I can do to assign IPv6 addresses to my LAN clients.  I understand that while OPNSense and PFSense are related, they are not the same.  I may well be missing something about the "OPNSense way" of doing this.

Thanks for any help in advance.

4

17.7 Legacy Series / GeoIP Blocks All Traffic Instead of Per-Country Traffic

« on: January 26, 2018, 03:08:15 pm »

This is one of those "I followed the documentation, why doesn't it work" questions.

My problem is that when I enable per-country rules for GeoIP blocking, OPNSense blocks all internet traffic instead of just traffic to the prohibited country.  As a test, I created a rule that blocked all outbound traffic to Russia.  I enabled the rule, I enabled Intrusion Detection, and I enabled IPS mode (all per documentation).  I also double-checked to make sure the rule is on the WAN interface only.  With this rule enabled, the expected behavior is that traffic to Russia is blocked, but traffic anywhere else is permitted.  For example, I should be blocked from accessing www.yandex.ru, but allowed to view www.cnn.com or news.bbc.co.uk.  Instead, all outbound traffic is blocked with this single GeoIP rule enabled.

What am I doing wrong?

Thanks.

5

17.7 Legacy Series / 17.7 Refuses to Update Through Web Interface (But Slowly Updates from Console)

« on: January 06, 2018, 09:56:36 pm »

So I am evaluating OPNSense as a replacement for PFSense (not to start a flameware, but OPNSense has features that PFSense doesn't which are useful to me).  However, when I try to update the firmware through the WebGUI, it fails with the following error:

Code: [Select]

Firmware status check was aborted internally. Please try again.

The logs say:

Code: [Select]

Jan 6 15:49:03
configd.py: [4297ea6f-e1c5-46ca-a2d3-2d36f80d3f4f] view remote packages
Jan 6 15:49:03
configd.py: [8071332c-d198-42e6-a5e8-1108b8870172] retrieve firmware update status
Jan 6 15:49:03
configd.py: [21d096d3-f98e-4765-81ea-7b2afa5b15b4] returned exit status 1
Jan 6 15:48:57
configd.py: [21d096d3-f98e-4765-81ea-7b2afa5b15b4] Fetching changelog from remote
Jan 6 15:48:53
configd.py: generate template container OPNsense/Auth
Jan 6 15:48:53
configd.py: [cc2a0904-55f7-4ead-8709-c11720859c4c] generate template OPNsense/Auth
Jan 6 15:48:53
configd.py: [f12072fd-42bb-4d8a-8133-0fc01c4462a2] update firmware configuration

I did perform an update from the console, but it took forever.  I did some searching of the forums and it seems others have had this problem before, but did not say what it was.  There was some hint that it could be related to the use of a proxy, use of IPv6 by default, or other issues unspecified.  In my case, there is no proxy and I have native IPv6 enabled and working (I've tested it on other sites).

Any help?