Topics

Hi everyone,

23.7 seems quite unstable for me. The other day I had to restart unbound and today I see a lot of python3.9 core dumps, after that a kernel panic

Code Select Expand

kernel - - [meta sequenceId="2"] panic: ffs_blkfree_cg: freeing free block
and then a reboot.

I haven't noticed unstable behaviour when being on 23.1.

Any ideas?

Cheers

Hi everyone!

Out of a sudden, my OPNsense won't accept my password+TOTP for my user or the root password any longer. I have done nothing to cause this (except for updating OPNsense itself) and so I'm wondering how this could have happened.

I have checked the RTC, which still was correct, so at least this should be no issue regarding TOTP. However, as root without TOTP doesn't work either, I assume something underlying broke...?

Cheers

Hi everyone!

I'm stuck with 20.7.5. Whenever I search for updates, most of the time I get "Timeout while connecting to the selected mirror.". When I click "Check for updates" again, I might get "There are no updates available on the selected mirror." or "The package manager is not responding.".

I have explicitly configured/tried several mirrors, all with the same result.  :(

Internet connection itself doesn't seem to be the issue, as I have no issues connecting to the mirrors (via the diagnostics tools in interfaces).

Cheers

Hi everyone!

I have set "Disable VLAN Hardware Filtering" in the GUI and checked that it's also set in the config.xml. However, all my interfaces have VLAN_HWCSUM set.

I'm investigating my IPv6 checksum issues (https://forum.opnsense.org/index.php?topic=14138) and are digging a bit deeper. That's where I noticed that the VLAN_HWCSUM isn't disabled after all. I don't know if this might be the root cause of the issue, but I just want to disable it to rule out errors.

Any ideas/comments?

Cheers

Hi everyone!

I run my OPNsense behind another router that provides IPv6 and a bunch of /64 prefixes to my local networks. The IPv6 setup as such seems to work just fine (at least I can use things like IPv6 websites from my local networks).

I want to use OpenVPN via IPv6, so I set up everything in the other router and OPNsense to make it work. It somehow works routing-wise as I can see SYN packets from the client and OPNsense replying with SYN-ACK which also arrive on the client. However, the TCP checksum of the packets is not OK and therefore not recognized by the client. I already did a diff of the packets on the OPNsense and the client. Both are the same, so I think I can rule out the other router manipulating packets.

What is interesting is that everything works "internally". I get several prefixes that I use in different networks. Connections from a prefix to the OPNsense OpenVPN port work just fine, so at least it can't be a general checksum calculation issue. I also played around with the offloading flags, but nothing really did help.

Also, everything works just fine in IPv6, it's just the replies to external connections to my OPNsense WAN port that get messed up. Also, connections initiated from OPNsense on WAN to the client work just fine. It's just the SYN-ACK replies from WAN which get the wrong checksums.

Any hints and ideas are highly appreciated

Cheers
  Bebef

Hi everyone!

I have a /56 on my WAN which gets changed by the provider on each connection or at latest every 24h. I have a setup where my internal interfaces track the WAN for IPv6 assignments, which works well enough.

However, the IPv6 of each internal interface obviously changes with each change on the WAN. That will cause dnsmasq not to respond to DNS queries any more (on the new IPv6). Also, I'm not 100% sure that DHCP would advertise the correct IPv6 for dnsmasq after the change.

Restarting fixes things, so the question is: how can I restart services like dnsmasq (and potentially other services like DHCP) on IPv6 address changes on interfaces?

Cheers

Hi everyone!

I have configured dnsmasq as DNS forwarder. When resolving the main name of the OPNsense box, dnsmasq seems to return the IP of the interface that is the lowest in the alphabet (and thus the first interface in the list of firewall rules).

I need to configure OPNsense's dnsmasq to respond with the IP address of a different interface instead. How can I achieve this? Entering a record in the dnsmasq configuration will cause it to reply with two A records, the correct and the wrong one.

Thanks