OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of edz »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - edz

Pages: [1]
1
22.1 Legacy Series / Firmware Connectivy Check
« on: May 15, 2022, 06:45:25 am »
I'm trying to figure out why the Firmware Connectivity Check fails the IPV6 ping:

Code: [Select]
All repositories are up to date.
Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:4f00:a005:5::
PING6(1548=40+8+1500 bytes) [MY-IPV6_IP] --> 2001:1af8:4f00:a005:5::

--- 2001:1af8:4f00:a005:5:: ping6 statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:13:amd64/22.1
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 792 packages processed.
All repositories are up to date.
***DONE***
However from the OPNSense terminal:
Code: [Select]
root@opnsense:~ # ping6 2001:1af8:4f00:a005:5::
PING6(56=40+8+8 bytes) [MY_IPV6_IP] --> 2001:1af8:4f00:a005:5::
16 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=0 hlim=52 time=280.033 ms
16 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=1 hlim=52 time=278.851 ms
16 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=2 hlim=52 time=278.849 ms
16 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=3 hlim=52 time=279.302 ms
16 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=4 hlim=52 time=279.415 ms
16 bytes from 2001:1af8:4f00:a005:5::, icmp_seq=5 hlim=52 time=278.946 ms
^C
--- 2001:1af8:4f00:a005:5:: ping6 statistics ---
6 packets transmitted, 6 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 278.849/279.233/280.033/0.419 ms
root@opnsense:~ #

2
21.7 Legacy Series / Spotify with DNS over TLS
« on: November 17, 2021, 11:57:17 pm »
I have been using DNS over TLS with Cloudflare IPv4 and IPv6 servers successfully for sometime.

I recently noticed that the Spot Apple TV and iOS apps reported 'Connecting' or 'No internet connection'.  I validated that none of the Unbound blocklists were blocking the Spotify servers and the moment I switched to an external DNS, Spotify would work.

Narrowing it down, I then removed all the DNS over TLS servers and only enabled 8.8.8.8 port 853.  This allowed Spotify to connect with no issues but the moment I re-added the Cloudflare IPs (both IPv4 and IPv6) Spotify wasn't happy. 

Not sure if the server list is used in a round robin fashion.  Does anyone know why Spotify is only playing nicely with Google's DNS when using DNS over TLS?

3
21.1 Legacy Series / Gateway monitoring with IPV6 prefix only
« on: March 27, 2021, 05:36:45 am »
My IPv6 setup with my ISP is by prefix only.  I have all my VLANs correctly setup and clients are receiving a IPv6 address.  Gateway monitoring is enabled on the IPv6 Gateway and despite it showing as Offline, I have full IPv6 connectivity, confirmed with IPv6 test websites and ping6 to google.

As my ISP is not providing a IPv6 address, dpinger does not start:

Code: [Select]
/system_gateways.php: The WAN_DHCP6 IPv6 gateway address is invalid, skipping.
If I disable Gateway monitoring, my IPv6 connection stops working, until I re-enable Gateway monitoring.  Can anyone explain what is happening here?



4
21.1 Legacy Series / Multi WAN & Unbound
« on: March 25, 2021, 01:52:55 am »
I have followed the instructions of setting up Multi WAN, including the steps of adding DNS Servers to each Gateway group.

How does this work when using Unbound?  Does all traffic that is destined for a Gateway Group use the gateway DNS?  Is there anyway to use Unbound instead of external DNS Servers when using Multi WAN?

5
21.1 Legacy Series / MacOS sntp errors
« on: March 06, 2021, 07:45:50 am »
I'm trying to verify that my MacOS client is connecting to OPNSense for NTP requests but I'm receiving 'Exchange failed: Kiss of death and Exchange failed: Time out" errors.

Checking Apple's time servers, all seems OK:
Code: [Select]
❯ sudo sntp -sS time.apple.com
+0.236213 +/- 0.000137 time.apple.com 17.253.116.253
Now, checking the OPNSense firewall:
Code: [Select]
❯ sudo sntp -sS 192.168.1.1
sntp: Exchange failed: Kiss of death
sntp: Exchange failed: Timeout
sntp: Exchange failed: Timeout
sntp: Exchange failed: Timeout
+0.235124 +/- 0.131470 192.168.1.1 192.168.1.1
Running with the debug flag:
Code: [Select]
sudo sntp -d opnsense.home.lan
  leap:                     0
    t1:    E3EDA340.A5B18548  (bytes)
    t1:  3824001856.647240000 (fixed)
    t1:  3824001856.647240162 (float)
    t2:    E3EDA340.E2B9256F  (bytes)
    t2:  3824001856.885637607 (fixed)
    t2:  3824001856.885637760 (float)
    t3:    E3EDA340.E2C01759  (bytes)
    t3:  3824001856.885743579 (fixed)
    t3:  3824001856.885743618 (float)
    t4:    E3EDA340.A67EA5F8  (bytes)
    t4:  3824001856.650370000 (fixed)
    t4:  3824001856.650370121 (float)
offset:    00000000.3CA488C4  (bytes)
offset:           0.236885593 (fixed)
offset:           0.236885593 (float)
 delay:    00000000.00C62EC6  (bytes)
 delay:           0.003024028 (fixed)
 delay:           0.003024028 (float)
ipaddr:          192.168.20.1
sntp: Exchange failed: Kiss of death
sntp: Exchange failed: Timeout
sntp: Exchange failed: Timeout
sntp: Exchange failed: Timeout
selected:
  leap:                     0
    t1:    E3EDA340.A5B18548  (bytes)
    t1:  3824001856.647240000 (fixed)
    t1:  3824001856.647240162 (float)
    t2:    E3EDA340.E2B9256F  (bytes)
    t2:  3824001856.885637607 (fixed)
    t2:  3824001856.885637760 (float)
    t3:    E3EDA340.E2C01759  (bytes)
    t3:  3824001856.885743579 (fixed)
    t3:  3824001856.885743618 (float)
    t4:    E3EDA340.A67EA5F8  (bytes)
    t4:  3824001856.650370000 (fixed)
    t4:  3824001856.650370121 (float)
offset:    00000000.3CA488C4  (bytes)
offset:           0.236885593 (fixed)
offset:           0.236885593 (float)
 delay:    00000000.00C62EC6  (bytes)
 delay:           0.003024028 (fixed)
 delay:           0.003024028 (float)
ipaddr:          192.168.20.1
+0.236886 +/- 0.132248 opnsense.home.lan 192.168.20.1
  gtod:  1615013059.668058
adjust:           0.236885
   set:  1615013059.904943
 ~

6
21.1 Legacy Series / Custom Telegraf conf
« on: February 11, 2021, 08:18:55 am »
I'm moving across from pfSense and am poking around opnsense.

I've come across a scenario where I need to add a custom input into telegraf.conf to run a script and read CPU temp.  There is no ability to add custom inputs from the Telegraf inputs GUI and if I were to manually edit /usr/local/etc/telegraf.conf it is overwritten when telegraf or opnsense is restarted.

Is there a way to make custom configuration persistent?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2