OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of badbroccoli »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - badbroccoli

Pages: [1]
1
24.7 Production Series / 24.7.7 - chronyd - excessive falseticker?
« on: October 25, 2024, 03:42:58 pm »
hi all - wondering if anyone else is seeing excessive falseticker notifications from chronyd since upgrading to 24.7.7 or if it's just me.

for several months my configuration has been: i have disabled ntpd, chrony is set up on port 123, with several upstream NTS peers.

since 24.7.7, most sources are frequently (talking at least 2-4 log lines per minute of the various upstream going falseticker - i have 5 configured) marked as falsetickers leading to lots of "can't synchronize: no majority" errors. looking back at the logs, it started yesterday, which is when i upgraded to 24.7.7.

seems to come and go - there will be a few minutes where everything is a falseticker, and then a few minutes where everything is syncing fine - using sources and tracking chronyd commands to keep on top of things.

seems to happen even with NTS disabled and using regular pool.ntp.org peers instead of NTS peers.

i also have zenarmor on the box, but not protecting the wan interface opnsense should be using to talk to the peers.

just wondering if anyone else is seeing this, if this is "normal" behavior, or maybe it's an indication my hardware might be dying...  or if i should just buy a gps ntp box?... no idea. perhaps it's just one of my peers being too out of sync with the others and not an opnsense issue at all. seems to be random which ones get marked as falsetickers though, and a lot of times they are all marked as falsetickers.

thanks!

2
22.7 Legacy Series / Comcast IPv6 broken after reboot. WAN release / renew resolves
« on: January 08, 2023, 05:04:03 pm »
I have been dealing with an annoyance for several months now. Every time my OPNsense box reboots, IPv6 routing to the internet is broken until I release/renew the WAN interface. Internal routing seems to work just fine. I have a /60 from Comcast. Can be working fine for weeks, do a reboot, IPv4 comes back fine, WAN interface has an IPv6 address, but clients can't route out. Was wondering if anyone has seen similar and knows what the hell is going on, or can point me in the right direction. I've seen others report this but not sure I've seen a solve. Thanks in advance :)

Details:

OPNsense 22.7.10_2-amd64
WAN interface configured for DHCPv6 in Basic mode, with prefix delegation hint sent at /60
Internal clients configured for Track Interface tracking the WAN interface
Router advertisements configured for Managed, router priority High. RA mode "Assisted" also has issue. Advertise default gateway is checked.

Similar thread from pfsense 6 years ago - https://www.reddit.com/r/PFSENSE/comments/6gk5np/issue_with_comcast_ipv6_requires_dhcp/

Code: [Select]
me@opnsense:/var/etc % cat dhcp6c.conf
interface ixl3 {
  send ia-na 0; # request stateful address
  send ia-pd 0; # request prefix delegation
  request domain-name-servers;
  request domain-name;
  script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc na 0 { };
id-assoc pd 0 {
  prefix ::/60 infinity;
  prefix-interface vlan0.1.2 {
    sla-id 2;
    sla-len 4;
  };
  prefix-interface igb0 {
    sla-id 0;
    sla-len 4;
  };
};

me@opnsense:/var/etc % cat dhcp6c_wan.conf
interface ixl3 {
  send ia-na 0; # request stateful address
  send ia-pd 0; # request prefix delegation
  request domain-name-servers;
  request domain-name;
  script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc na 0 { };
id-assoc pd 0 {
  prefix ::/60 infinity;
  prefix-interface vlan0.1.2 {
    sla-id 2;
    sla-len 4;
  };
  prefix-interface igb0 {
    sla-id 0;
    sla-len 4;
  };
};

me@opnsense:/var/etc % cat radvd.conf
# Automatically generated, do not edit
# Generated for DHCPv6 server opt4
interface vlan0.1.2 {
AdvSendAdvert on;
MinRtrAdvInterval 120;
MaxRtrAdvInterval 600;
AdvLinkMTU 1500;
AdvDefaultPreference high;
AdvManagedFlag on;
AdvOtherConfigFlag on;
prefix my:ipv6:prefix:382::/64 {
DeprecatePrefix on;
AdvOnLink on;
AdvAutonomous on;
};
RDNSS fd4e:9ee1:fc79:4db6:a4ab:44ff:feac:c11d {
};
DNSSL lan {
};
};
# Generated config for dhcp6 delegation from wan on lan
interface igb0 {
AdvSendAdvert on;
AdvLinkMTU 1500;
AdvManagedFlag on;
AdvOtherConfigFlag on;
prefix my:ipv6:addr:prefix::/64 {
DeprecatePrefix on;
AdvOnLink on;
AdvAutonomous on;
};
RDNSS my:external:ipv6:address:of:the:wan:interface { };
DNSSL lan { };
};

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2