Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - rudiservo

#1
24.7, 24.10 Legacy Series / IPv6 Track on Loopback
September 25, 2024, 09:30:07 PM
hey guys, I tried to put a loopback with track interface to use with NPTv6.

At first it kind of worked but then dhcpv6 started throwing some errors

Unsupported device type 24 for "lo1"

here is the full line:

/usr/local/sbin/pluginctl: The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid vlan0.3.200 lo1' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.4.3-P1 Copyright 2004-2022 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Config file: /etc/dhcpdv6.conf Database file: /var/db/dhcpd6.leases PID file: /var/run/dhcpdv6.pid Wrote 3 NA, 0 TA, 0 PD leases to lease file. Bound to *:547 Unsupported device type 24 for "lo1" If you think you have received this message due to a bug rather than a configuration issue please read the section on submitting bugs on either our web page at www.isc.org or in the README file before submitting a bug. These pages explain the proper process and the information we find helpful for debugging. exiting.'


It works if I add a VLAN that I do not use, is there a better way of doing this instead of VLAN?

My reason for using track with NPTv6 is the IPv6 /56 is provided dynamically by ISP, this way I can have my local resources always with the same IPv6 and I do not have to change the firewall rules.
#2
I am getting this error on the latest update to 24.1.8

I did confirm, I have 3 different systems and all of them have this issue after the update.


2024-06-07T22:41:11   Error   unbound   [50402:0] error: remote control failed ssl crypto error:0A000415:SSL routines::sslv3 alert certificate expired


OPNsense 24.1.8-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.13

#3
Somehow the upgrade deleted the upstream Gateway.

The system has a fixed IP address on a WAN with vlan.
#4
I dont know why but I have one machine that is having issues with creating the socket.

I have checked the logs for it I cant find who or where creates the link to /var/run/php-webgui.socket and why it fails

The lighthttpd just complains about the socker is non existent

******************** lighttpd 95143 - [meta sequenceId="3"] (/usr/obj/usr/ports/www/lighttpd/work/lighttpd-1.4.71/src/gw_backend.c.281) establishing connection failed: socket: unix:/tmp/php-fastcgi.socket-0: No such file or directory


Does anyone have any idea why this happens?
#5
I trying to understand the automatically added routes in opnsense by FRR, FRR adds 4 rules for each network added to OSPF and it appears on all networks, even passive ones.

So are theses rules "general" or per interface?
#6
If you get this error after upgrading to 22.7 from 22.1


Error: Class "MongoDB\Driver\Manager" not found in /usr/local/opnsense/mvc/app/models/OPNsense/Sensei/SenseiMongoDB.php:172


The solution provided by SunnyValley is to execute in console has root.

pkg install -fy os-sensei
#7
Hi I cannot register DHCP leases to Unbound.
I have a pretty complicated setup with >10 vlans, suricata, zenarmor, vpn, haproxy.

Does anyone know if this is a common issue or how can I debug it better?
#8
General Discussion / Nginx SNI upstream to jitsi
April 02, 2020, 07:30:56 PM
Hi guys

I am having a bit of trouble SNI upstream to a jitsi server,
I somehow have an issue that I believe has to to with the websockets.
If more then two devices use the jitsi service all of them loose the image and sound.

It is not a problem NAT only with nginx.

What I did was added upstream then upstream servers then date steam SNI and then stream servers only to SNI.

ok something to do with RTC, I got errors in javascript,
bridge channel send: no open channel

any help would be appreciated.
#9
Does anyone have an input on this the AMD e-350 on NAT routing gigabit performance and maybe IPS and Squid cache with some workers.

just trying to see if I can get one second hand and if it is feasable
I already now it does not have AES-NI

My other choice would be to buy a brand new a4-5000 mini itx board, I trying to stay away from intel chips (j3455) because I am concerned about having a I/O beating after the latest bugs on meltdown and spectre.

Thansk for any comments you might have.