Topics

Hi! I'm having the following issue with IPv6.

My OPNsense box is acting as firewall and router between WAN/LAN with the following setup:

Code Select Expand


TOPOLOGY
Internet -- WAN|opnsense|LAN -- LAN network

WAN igb0 IPv4 DHCP
WAN igb0 IPv6 DHCPv6

LAN em0 IPv4 static KEA DHCP serving the IPv4 LAN network (192.168.xx.yy/24)
LAN em0 IPv6 Track interface ISC DHCPv6 running on the interface

OPNsense addresses:
WAN ipv6 address is zzz/128
LAN ipv6 address is yyy/56

Router advertisement daemon enabled
pf enabled for both IPv4 and IPv6


Problems and steps to reproduce:
1. When I reboot the OPNsense box, WAN and LAN interfaces get the IPv4 and IPv6 addresses. Also, client in the LAN network get their IPv4 and IPv6 addresses correctly.
2. OPNsense box has both IPv4 and IPv6 connectivity to the internet. However, LAN clients can connect only using IPv4 trough the OPNsense box. IPv6 to the internet does not work.
3. When I disable IPv6 for LAN and immediately enable it back to "Track interface", LAN clients can connect to the internet using both IPv4 and IPv6 through the OPNsense box.
4. Both IPv4 and IPv6 connections remain stable until next time I reboot the system.

Restarting DHCP servers or router advertisement daemon doesn't help. So far the only way to get the IPv6 connectivity seems to be temporarily disabling IPv6 and then enabling it again.

Would anybody have any idea what might be wrong with my setup? What additional information you would need to help narrowing down the issue?

I started testing IPv6 with OPNsense 25.7.9 which was also the first time I observed the issue.

Now I am running OPNsense 25.7.10-amd64 and the issue is the same.

I am testing KEA dhcpd on OPNsense 24.1.2_1-amd64.

I have configured five subnets (LAN + four VLANs) for which KEA is the dhcp server:
192.168.22.0/24 (LAN)
192.168.202.0/24 (VLAN 2)
192.168.205.0/24 (VLAN 5)
192.168.210.0/24 (VLAN 10)
192.168.220.0/24 (VLAN 20)

Everything is fine until I reboot the system. After reboot I see the following warning in the KEA log file:

WARN [kea-dhcp4.dhcpsrv.0x835bc5000] DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: the interface em0 is not running

It seems like KEA is starting before the em0 interface (which is the interface for the LAN and VLANs).

However, KEA seems to start and servers fine on the VLAN-intefaces but does not provide DHCP leases for the LAN interface. Once I restart the KEA service, it starts serving on both LAN interface and VLANs.

Again, when I reboot the system, the same issue occurs until I manually restart KEA.

Is this a known issue and is there any workaround for the issue? Is there any information I can provide for inspecting this further?

Just upgraded my OPNsense installation from 23.7.11 to 24.1.2.

I also upgraded Zenarmor from 1.16.1 to 1.16.3.

Now I see red os-sensei-db (missing) line at System -> Firmware -> Plugins.

I have tried both Resolve Plugin Conflicts -> Run the automatic resolver and Reset all local conflicts but the problem remains.

Some old threads suggest to reinstall Zenarmor to solve this issue but I was wondering if there is a way to fix whit problem without reinstalling Zenarmor.

OPNsense 24.1.2_1-amd64
FreeBSD 13.2-RELEASE-p10
OpenSSL 3.0.13

Hello all and thanks for the great Zenarmor software!

I am having the following issue with cloude nodes:
Europe & Europe2 are DOWN. When I click "check now" (on Zenarmor status page) they become UP for a while but then eventually down again. Rebooting the system does not help. I have this issue on two separate firewalls. Both are running:
Engine version 1.12.1
DB version 1.12.22112919
OPNsense 22.7.10_2-amd64
FreeBSD 13.1-RELEASE-p5
OpenSSL 1.1.1s 1 Nov 2022

ping 35.198.172.108 and ping 34.65.117.157 seem to be alright.

Any ideas how to analyze this further?

I think Zenarmor Sensei is absolutely fantastic product! Any ideas when the 1.11 version will be released?

I know this topic has been discussed earlier but I haven't yet found a solution for this.

So, I am on OPNsense 20.7.7. I am using Unbound and DNSBL to filter DNS queries. I have enabled Advanced Settings / Log Queries and I have also set loglevel to 5. I am not still seeing from the log what queries are being blocked.

Does anybody have any idea how to check what queries are being blocked by the DNSBL blacklists?

Hello,

OPNsense is a wonderfull product, thank you for all the development!

I am using OpenVPN server on OPNsense router and I also permit client-to-client traffic. For this reason, I need to enable client-to-client OpenVPN option using the Advanced configuration options in the OpenVPN server config page.

As the page states, the Advanced configuration option will be removed in the future. Thus, I suggest that client-to-client setting would have its own checkbox on the config page so that there would be no need to use the advanced config dialog.

Any thoughts on this?

Hello,

Just upgraded Sensei 1.5 to 1.6. I did not change any configs. Now Sensei is blocking all Spotify connections. I have verified this by:
1) disable Sensei -> Spotify works
2) enable Sensei -> Spotify does not even open (iPhone, iPad, Apple TV)

Is anyone else experiencing similar issues?

I'm running on:
OPNsense 20.7.2-amd64
FreeBSD 12.1-RELEASE-p8-HBSD
OpenSSL 1.1.1g 21 Apr 2020

Sensei:
Engine Version:   1.6   Last Update: 09/17/2020 05:45
App & Rules DB Version:   1.6.20200910121420   Last Update: 09/17/2020 05:45

Hello,

I have two OPNsense installations with identical HW. Both are running:
OPNsense 20.7.2-amd64
FreeBSD 12.1-RELEASE-p8-HBSD
OpenSSL 1.1.1g 21 Apr 2020

Both are running Sensei version:
Engine Version:   1.5.2_1   Last Update: 08/01/2020 07:34

The problem is that Site A has App & rules DB version:
App & Rules DB Version:   1.5.20200612133834   Last Update: 06/12/2020 23:38

And the Site B:
App & Rules DB Version:   1.5.20200724174736   Last Update: 08/01/2020 07:34

For me it seems that Site A has outdated App & rules DB version. However, when I click "check updates" link on Sensei Status page on Site A, it reports that the DB is up-to-date (it isn't since I can see that the identical Site B has a newer DB).

Any ideas how to force the DB update on Site A?

Hello,

I just updated my system to OPNsense 20.1.8-amd64. For some reason, I am not able to create new Dynamic DNS settings (I am using free NO-IP service) or modify existing settings.

I get the following error when I try to 1) create a new rule or 2) modify existing rule:
The TTL value needs to be a valid integer number.

Is it just me or are others experiencing similar issues? The existing no-ip settings are working fine but I cannot modify the or create new rules.