Topics

1

24.7 Production Series / IPv6 Track on Loopback

« on: September 25, 2024, 09:30:07 pm »

hey guys, I tried to put a loopback with track interface to use with NPTv6.

At first it kind of worked but then dhcpv6 started throwing some errors

Code: [Select]

Unsupported device type 24 for "lo1"
here is the full line:

Code: [Select]

/usr/local/sbin/pluginctl: The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid vlan0.3.200 lo1' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.4.3-P1 Copyright 2004-2022 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Config file: /etc/dhcpdv6.conf Database file: /var/db/dhcpd6.leases PID file: /var/run/dhcpdv6.pid Wrote 3 NA, 0 TA, 0 PD leases to lease file. Bound to *:547 Unsupported device type 24 for "lo1" If you think you have received this message due to a bug rather than a configuration issue please read the section on submitting bugs on either our web page at www.isc.org or in the README file before submitting a bug. These pages explain the proper process and the information we find helpful for debugging. exiting.'

It works if I add a VLAN that I do not use, is there a better way of doing this instead of VLAN?

My reason for using track with NPTv6 is the IPv6 /56 is provided dynamically by ISP, this way I can have my local resources always with the same IPv6 and I do not have to change the firewall rules.

2

24.1 Legacy Series / Unbound Issue with ISC DHCP4 leases

« on: June 08, 2024, 02:12:30 pm »

I am getting this error on the latest update to 24.1.8

I did confirm, I have 3 different systems and all of them have this issue after the update.


2024-06-07T22:41:11   Error   unbound   [50402:0] error: remote control failed ssl crypto error:0A000415:SSL routines::sslv3 alert certificate expired


OPNsense 24.1.8-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13

3

24.1 Legacy Series / Upgrade deleted Manualy added WAN gateway

« on: January 31, 2024, 12:58:18 am »

Somehow the upgrade deleted the upstream Gateway.

The system has a fixed IP address on a WAN with vlan.

4

23.7 Legacy Series / WebGui is not creating /tmp/php-fastcgi.socket-0

« on: August 20, 2023, 02:51:27 pm »

I dont know why but I have one machine that is having issues with creating the socket.

I have checked the logs for it I cant find who or where creates the link to /var/run/php-webgui.socket and why it fails

The lighthttpd just complains about the socker is non existent

******************** lighttpd 95143 - [meta sequenceId="3"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.71/src/gw_backend.c.281) establishing connection failed: socket: unix:/tmp/php-fastcgi.socket-0: No such file or directory


Does anyone have any idea why this happens?

5

23.1 Legacy Series / Possible FRR OSPF adds rules to each passive interface

« on: May 10, 2023, 07:15:51 pm »

I trying to understand the automatically added routes in opnsense by FRR, FRR adds 4 rules for each network added to OSPF and it appears on all networks, even passive ones.

So are theses rules "general" or per interface?

6

Zenarmor (Sensei) / Solve "MongoDB\Driver\Manager" not found in 22.7 with ZenArmor.

« on: August 06, 2022, 01:23:29 pm »

If you get this error after upgrading to 22.7 from 22.1

Code: [Select]

Error: Class "MongoDB\Driver\Manager" not found in /usr/local/opnsense/mvc/app/models/OPNsense/Sensei/SenseiMongoDB.php:172
The solution provided by SunnyValley is to execute in console has root.

Code: [Select]

pkg install -fy os-sensei

7

22.1 Legacy Series / DHCP Unable to add forward map from *** to ***: REFUSED

« on: June 02, 2022, 04:14:20 pm »

Hi I cannot register DHCP leases to Unbound.
I have a pretty complicated setup with >10 vlans, suricata, zenarmor, vpn, haproxy.

Does anyone know if this is a common issue or how can I debug it better?

8

General Discussion / Nginx SNI upstream to jitsi

« on: April 02, 2020, 07:30:56 pm »

Hi guys

I am having a bit of trouble SNI upstream to a jitsi server,
I somehow have an issue that I believe has to to with the websockets.
If more then two devices use the jitsi service all of them loose the image and sound.

It is not a problem NAT only with nginx.

What I did was added upstream then upstream servers then date steam SNI and then stream servers only to SNI.

ok something to do with RTC, I got errors in javascript,
bridge channel send: no open channel

any help would be appreciated.

9

Hardware and Performance / AMD zacate e-350 gigabit NAT routing performance?

« on: February 08, 2018, 10:58:42 pm »

Does anyone have an input on this the AMD e-350 on NAT routing gigabit performance and maybe IPS and Squid cache with some workers.

just trying to see if I can get one second hand and if it is feasable
I already now it does not have AES-NI

My other choice would be to buy a brand new a4-5000 mini itx board, I trying to stay away from intel chips (j3455) because I am concerned about having a I/O beating after the latest bugs on meltdown and spectre.

Thansk for any comments you might have.