Topics

1

23.7 Legacy Series / [Solved] ACME 3.20 plugin multi domain (SAN) dns alias mode

« on: January 26, 2024, 01:25:56 pm »

Hi,

When i try to issue an certificate for *.example1.com and *.example2.com with DNS alias mode enabled the CN name could not be verified.

It looks like the ACME client is generating twice a txt to the DNS alias provider.
This should be one so the cname record on example1 and 2 is the same and could be verified.

Temp solution
When issuing a certificate without an alternate name set it works.
Right after that adding the alternate name again is works! (Because the first domain is already verified.)


After all it was DuckDNS which doesnt support multiple txt records!
Now using "desec.io" and everything is working fine!

2

23.7 Legacy Series / PPPoE over vlan MTU not honored

« on: August 07, 2023, 08:46:17 pm »

With 23.1 and before i had an MTU of 1500 over my PPPoE connection.
With an dummy interface on the physical interface MTU set to 1512 [Vlan 4bits PPPoE 8bits].

ISP is KPN Netherlands, PPPoE over vlan6.

After the upgrade to 23.7 everything seemed to work fine, but when looking into interfaces - Overview PPPoE I saw that my MTU was 1492!

Fixed the problem to assign an interface to igb0_vlan6 and set the MTU there to 1508.

Is there anything changed why the MTU is not honored in 23.7?

3

23.1 Legacy Series / 23.1.2 system log full of errors Netdata

« on: March 09, 2023, 01:51:10 pm »

After updating to 23.1.2 my system log is full of messages from apps.plugin.

Code: [Select]

2023-03-09T13:32:12
apps.plugin Cannot fetch process 71508 command line (command 'pgrep')
2023-03-09T13:30:20
apps.plugin Cannot fetch process 18869 command line (command 'pgrep')
2023-03-09T13:29:22
apps.plugin Cannot fetch process 23812 command line (command 'pgrep')
2023-03-09T13:29:13
apps.plugin Cannot fetch process 12741 command line (command 'pgrep')
When i tried to restart Netdata the folowing message appeared in the logs.

Code: [Select]

apps.plugin should either run as root (now running with uid 302, euid 302) or have special capabilities. Without these, apps.plugin cannot report disk I/O utilization of other processes. Your system does not support capabilities. To enable setuid to root run: sudo chown root:netdata /usr/local/libexec/netdata/plugins.d/apps.plugin; sudo chmod 4750 /usr/local/libexec/netdata/plugins.d/apps.plugin;
Is something changed in the permissions of Netdata?

4

22.1 Legacy Series / OPNsense 22.1.10 extra IPv6 hop

« on: July 13, 2022, 12:25:15 pm »

I am running OPNsense 22.1.10, requesting prefix through PPPoE “/48”.

Everything is working fine clients can get an IPv6 address through SLAAC.
When I was trying to run Wireguard over IPv6 and it didn’t connect.

In Wireguard client i was trying to connect to the IPv6 address that was on the LAN site of my OPNsense install.
 
After some digging around I found out that the Wireguard interface IPv6 address was showing up in an traceroute from the internet to my LAN IPv6 address.
Also when I run a traceroute “from the internet” to any of my clients in my LAN is see the extra hop with the IP address of the Wireguard interface.

When restarting Wireguard the extra hop from the traceroute was gone, and I am able to connect to Wireguard over IPv6.

How is it possible that this extra hop is added after reboot?

5

22.1 Legacy Series / Upgrade to 22.1.4_1 no IPv6 connectivity

« on: March 25, 2022, 08:41:46 pm »

After upgrading to OPNsense 22.1.4_1 i have no IPv6 connectivity.

Through DHCPv6 over PPPoE i  am able to get an /48 prefix, which is served to the clients through radvd "Track interface".
Clients in my lan network are getting an IPv6 address but pining an IPv6 host is not possible. (Ping within the /64 network works)
When running a ping from the gui, "ping6: sendmsg: No route to host" is the message.

In OPNsense 22.1.3 I had the same setup without any issues!

6

21.7 Legacy Series / Link local address PPPoE WAN interface and Link local LAN adddress

« on: January 13, 2022, 09:07:30 am »

Hi,

It looks like the link local address of the WAN PPPoE is the same as the link local address of the LAN interface.

Code: [Select]

igb2: flags=8a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC>
ether 40:62:31:02:cb:19
inet6 fe80::4262:31ff:fe02:cb19%igb2 prefixlen 64 scopeid 0x3
inet6 2a02:a450:839:XXXX:XXXX:XXXX:fe02:cb19 prefixlen 64
inet 172.19.0.1 netmask 0xffffff00 broadcast 172.19.0.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
inet6 fe80::4262:31ff:fe02:cb17%pppoe0 prefixlen 64 scopeid 0xf
inet6 fe80::4262:31ff:fe02:cb19%pppoe0 prefixlen 64 scopeid 0xf
inet 77.XXX.XXX.91 --> 195.190.228.50 netmask 0xffffffff
There are no troubles using IPv6 connectivity on the IGB2 LAN network.
From the LAN side i am unable to ping the link local address of the router!
Running a traceroute from a client to google reports the GUA address as the first hop.

Anyone capable of explaining this behaviour?

7

20.7 Legacy Series / Acquiring ipv6 address can take 5 to 10 minutes.

« on: August 11, 2020, 08:16:10 pm »

Hi,

After installer 20.7 i see some issues regarding IPV6.
After a complete restart of a Windows 10 clients it takes up to 5 a 10 minutes to acquire an IPV6 address.
I am not using DHCPv6 only stateless address configuration.
When restarting the Radvd service in the opnsense interface the windows 10 client immediately picks up an address.



Anyone an idea?

8

20.7 Legacy Series / IGMPproxy not leaving multicast streams

« on: July 31, 2020, 10:10:29 pm »

Hi,

Just updated to 20.7 everything looked perfect at first.
When looking in netdata i see huge bandwith usage on IPTV vlan.
It looks like the interface is not leaving the multicast iptv streams.

Reinstalled 20.1 load backup file and everything is fine!

9

19.1 Legacy Series / PPPoE over vlan RFC4638 MTU issue

« on: February 20, 2019, 10:38:18 pm »

Hi,

I am running opnsense 19.1.1 on a Qotom Q555g6 Intel Core I5-7200u 8GB RAM 120 GB SSD.
My  ISP is KPN Fiber "Netherlands". It does support RFC4638 tested with the Experiabox supplied by ISP.

Setup

NTU - Opnsense - Vlan6 - PPPoE over vlan6.

When MTU on interface WAN is set to 1500 the actual MTU is 1492 as expected as the PPPoE tunnes uses 8 bytes.

Code: [Select]

igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6503bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 40:62:31:02:cb:17
        hwaddr 40:62:31:02:cb:17
        inet6 fe80::4262:31ff:fe02:cb17%igb0 prefixlen 64 scopeid 0x1
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active

igb0_vlan6: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=600303<RXCSUM,TXCSUM,TSO4,TSO6,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 40:62:31:02:cb:17
        inet6 fe80::4262:31ff:fe02:cb17%igb0_vlan6 prefixlen 64 scopeid 0xc
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        vlan: 6 vlanpcp: 0 parent interface: igb0
        groups: vlan


pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1492
        inet6 fe80::4262:31ff:fe02:cb17%pppoe0 prefixlen 64 scopeid 0xd
        inet6 fe80::4262:31ff:fe02:cb18%pppoe0 prefixlen 64 scopeid 0xd
        inet xxx.xxx.xxx.xxx --> xxx.xxx.xxx.xxx netmask 0xffffffff
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>


When setting the MTU on the WAN interface to 1508 I get an mtu of 1500 as expected!
But the internet connection is far from stable only Google looks reachable.
When looking in the console to the ifconfig output I expected an MTU from 1508 on the Vlan interface and the parent interface igb0 but they are still 1500.

Code: [Select]

igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6503bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 40:62:31:02:cb:17
        hwaddr 40:62:31:02:cb:17
        inet6 fe80::4262:31ff:fe02:cb17%igb0 prefixlen 64 scopeid 0x1
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)

igb0_vlan6: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=600303<RXCSUM,TXCSUM,TSO4,TSO6,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 40:62:31:02:cb:17
        inet6 fe80::4262:31ff:fe02:cb17%igb0_vlan6 prefixlen 64 scopeid 0xc
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        vlan: 6 vlanpcp: 0 parent interface: igb0
        groups: vlan

pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
        inet6 fe80::4262:31ff:fe02:cb17%pppoe0 prefixlen 64 scopeid 0xd
        inet6 fe80::4262:31ff:fe02:cb18%pppoe0 prefixlen 64 scopeid 0xd
        inet xxx.xxx.xxx.xxx --> xxx.xxx.xxx.xxx netmask 0xffffffff
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>