Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Hoerli

Pages: [1]

21.1 Legacy Series / Re: I lose ipv6 after a few minutes

« on: July 09, 2021, 08:55:08 pm »

Okay.
After a complete reinstallation of OPNsense now the IPv6 remains present and does not fly out after 2 minutes.
No idea what went wrong there.

21.1 Legacy Series / Re: I lose ipv6 after a few minutes

« on: June 18, 2021, 02:44:19 pm »

I tried it once, but it didn't work.
I still lose IPv6 connectivity on the LAN after about 1-2 minutes.
I even installed the latest base kernel once (21.1.7) because before that I had installed 21.7_69 so that my Intel chipset on the motherboard would work.
While I did find that with 21.1.7 my LAN port finally worked as well, it didn't solve the IPv6 problem.

If only I knew where to look to see what the problem was.
Then I could also give better logs.
So it's a bit dumb at the moment.

21.1 Legacy Series / Re: I lose ipv6 after a few minutes

« on: June 15, 2021, 06:58:50 pm »

That's a good hint, I'll give that a try.
I have not done that yet.

21.1 Legacy Series / Re: I lose ipv6 after a few minutes

« on: June 11, 2021, 01:32:07 pm »

I set it to unmanaged, but the IPv6 is still lost after about 1 minute.
The LAN and WAN interface still has the same IPv6 address.

The other annoying thing I have is that most of the time when I first start and test OPNsense I only have 100Mbit/s upload and download.
The only way to fix this is to completely restart the fiber-RJ45 converter and OPNsense and then it is not guaranteed to work 100%.
I normally have a 400/160Mbits line.

21.1 Legacy Series / Re: I lose ipv6 after a few minutes

« on: June 09, 2021, 07:47:45 pm »

Didn't change anything, but here is a screenshot of it.
I set it to english

I have left everything possible on default to avoid such problems.
Apparently the wrong way.

21.1 Legacy Series / Re: I lose ipv6 after a few minutes

« on: June 08, 2021, 05:20:34 pm »

Here are the two configurations.

WAN:

LAN:

Request only an IPv6 prefix disabled => Yes.
When I enable it, I don't get IPv6.
The LAN interface and WAN interface actually have the same IPv6 address. For whatever reason...

21.1 Legacy Series / Re: I lose ipv6 after a few minutes

« on: June 07, 2021, 07:31:24 pm »

Okay, I have made a few screenshots here.
Being German, I have of course activated the German language, but the most necessary settings should be recognizable.
(German is not 100% available anyway).

I need the rule for port 547 -> 546.
OPNsense does not create this automatically.

Interface Overview:
You see 3 interfaces of which currently two are used. WAN and LAN.

I have 3 NAT rules for SIP telephony.

I have not configured anything special on the firewall from the LAN zone. Therefore everything is allowed.

On the firewall from the WAN zone, I have only created one rule for DHCPv6.

In the Advanced Firewall setting I have also enabled IPv6. Other than that, I haven't configured anything special there.

I have not enabled DHCP Relay.

Do you need anything else in terms of information?

21.1 Legacy Series / Re: I lose ipv6 after a few minutes

« on: June 05, 2021, 09:44:07 pm »

I think it is (at least for me) not a fault of the ISP.
It's a small one, but IPv6 works with a normal router without problems, only OPNsense seems to have a problem here.
I get An IPv6 and this I can also use throughout, only the clients get off.
I made an issue at GitHub, hoping to get a quick solution for the problem.
https://github.com/opnsense/core/issues/5021

21.1 Legacy Series / Re: I lose ipv6 after a few minutes

« on: May 28, 2021, 04:03:52 pm »

I have exactly the same problem.
My ISP provides a /56 prefix over IPv6.
I have a PPPoE connection (FTTH connection).
I also get an IPv6 assigned without any problems when I start OPNsense.
My computer also gets an IPv6 assigned.
Up to here everything is fine.
I only get an IP address assigned via interface logging if I create a WAN rule that allows port 547 -> 546.
I found this hint in the internet.

After about 2-3 minutes, the connection drops for all IPv6 packets.
If I restart the firewall or reboot my PC, I can connect to the internet again via IPv6 for 2-3 minutes.
Both devices still have an IPv6 address assigned.
OPNsense also has an address for the LAN and WAN interface.

Only now comes the strange thing, if I execute a ping command, the result looks like this:
PC -> OPNsense LAN interface = OK
PC -> OPNsense WAN interface = Not ok
PC -> WAN address = Not ok
OPNsense WAN -> WAN address = OK (Ping tool in the web interface)
OPNsense LAN -> WAN address = OK (Ping tool in the web interface)

As it looks, OPNsense suddenly starts dropping the packets.
For whatever reason.
I have a rule for IPv4 and IPv6 each, which is structured as follows:
LAN -> WAN | IPv4 / IPv6 | any -> any

I have no idea how to solve the problem.

German - Deutsch / IPTV + Kleinigkeiten

« on: March 26, 2021, 04:24:37 pm »

Hallo OPNsense-Community!
Mittlerweile bin ich mit meiner kleinen Box weiter gekommen, aber es sind noch eine Punkte offen.
Vielleicht könnt ihr mir hier etwas weiter helfen.

Kurzum zu meiner Hardware:
- Intel Core i5-10500T
- Gigabyte B460M DS3H V2
- 2x4GB DDR4 2800MHz
- Intel X550-T2
- Emtec X300 SSD

Ich habe folgenden Anbieter:
https://stiegeler.com/ mit FTTH 400 – 400/160Mbits (435/170 kommen an)

– IPTV funktioniert (noch) nicht –
Ich habe nebenbei erfahren, das mein Anbieter das IPTV-Signal über ein separates VLAN schickt.
Wie kann ich das VLAN heraus finden?
Aktuell ist eine FritzBox 7590 am Anschluss (noch) dran, auf der eine passende Config liegt.
Es ist aber nicht direkt ersichtlich.
Hier ein Auszug der Config:

Code: [Select]

        mcupstream = "iptv";
        voip_forwardrules = "udp 0.0.0.0:5060 0.0.0.0:5060",
                            "tcp 0.0.0.0:5060 0.0.0.0:5060",
                            "udp 0.0.0.0:7078+20 0.0.0.0:7078";
        voip_ip6_forwardrules = "udp 5060 # SIP", "tcp 5060 # SIP",
                                "udp 7078-7097 # RTP";
        tr069_forwardrules = "tcp 0.0.0.0:8089 0.0.0.0:8089";
        tr069_ip6_forwardrules = "tcp 8089";
        internet_in_nat_rules_enabled = yes;
        internet_out_nat_rules_enabled = yes;
		
		
...
		
		
{
                type = pppcfg_target_internet;
                name = "iptv";
                only_crypt_auth = no;
                local {
                        username = "";
                        passwd = "";
                }
                remoteauth = pppcfg_authtype_chap;
                remoteauth_only_on_incoming = yes;
                remote {
                }
                inactivity_timeout = 0w;
                bUseChargeInterval = no;
                nChargeInterval = 1m;
                lcpecho_disconnect_mode = lcpecho_auto;
                logicaldisconnect_with_physical = yes;
                disconnect_timeout = 0w;
                finaldisconnectcall = no;
                ipnetbiosspoofing = no;
                dnsfilter_for_active_directory = no;
                no_outgoing_calls = no;
                coso = pppcfg_coso_caller;
                callback_delay = 1s;
                icbmode = pppcfg_icbmode_none;
                ocbmode = pppcfg_ocbmode_none;
                mscbprefered = no;
                multilink {
                        extra_static_channels = 0;
                        max_channels = 1;
                        automatic = no;
                        automatic_param {
                                window = 20s;
                                add_percent = 85;
                                drop_percent = 70;
                                sportlich = no;
                        }
                }
                header_compression = yes;
                data_compression = pppcfg_datacomp_auto;
                stac_reset_with_history_number = no;
                encryption = pppcfg_crypt_none;
                inactivity_prevention_interval = 0w;
                new_ipaddr_on_connect = no;
                my_ipaddr = 0.0.0.0;
                his_ipaddr = 0.0.0.0;
                overwrite_dns1 = 0.0.0.0;
                overwrite_dns2 = 0.0.0.0;
                bVolumeRoundUp = no;
                VolumeRoundUpBytes = 0;
                bProviderDisconnectPrevention = yes;
                ProviderDisconnectPreventionInterval = 1d;
                ProviderDisconnectPreventionHour = 2;
                bProviderDisconnectPreventionHourSet = yes;
                passiv_on_outgoing = no;
                mode6 = mode6_off;
                mode4 = mode4_normal;
        }
		
...

{
                enabled = yes;
                name = "iptv";
                weight = 50;
                dsl_encap = dslencap_ether;
                dslinterfacename = "dsl";
                no_masquerading = no;
                use_fixed_masqaddr_if_no_masquerading = no;
                no_firewall = no;
                stackmode = stackmode_ipv4only;
                pppoevlanauto = no;
                pppoevlanauto_startwithvlan = no;
                vlancfg {
                        vlanencap = vlanencap_fixed_prio;
                        tagtype = vlantagtype_customer;
                        vlanid = 3001;
                        vlanprio = 0;
                        tos = 0;
                }
                ppptarget = "iptv";
                rfc4638_enabled = no;
                fixed_masqaddr = 0.0.0.0;
                mtu = 0;
                gre_server_cfg {
                        server_dnsprefer = protoprefer_ipv4;
                        dpd {
                                inactivity = 20s;
                                replywait = 1s;
                                npings = 4;
                                period = 30s;
                        }
                        allow_netbios = no;
                }
                etherencapcfg {
                        use_dhcp = yes;
                        use_dhcp_if_not_encap_ether = no;
                        ipaddr = 0.0.0.0;
                        netmask = 0.0.0.0;
                        gateway = 0.0.0.0;
                        dns1 = 0.0.0.0;
                        dns2 = 0.0.0.0;
                }
                is_mcupstream = yes;
                stay_always_online = yes;
                disable_ondemand = no;
                reconnect_delay_after_conn_abort = 30s;
                only_route_when_connected = no;
                redial_delay_after_auth_failure = 1m;
                redial_limit = 3;
                redial_after_limit_reached = 10m;
                redial_after_limit_reached_variance = 5m;
                redial_after_limit_randomize = no;
                redial_delay_after_low_error = 10s;
                redial_delay_after_ppp_timeout = 10s;
                redial_delay_after_ppp_error = 0w;
                routes_only_for_local = no;
                dproutes_only_for_local = no;
                hide_interface_address = no;
                disable_staticroutes_on_dhcproutes = no;
                ripv2receiver_enabled = no;
                ripv2_update_timer = 30s;
                ripv2authmode = ripv2_auth_none;
                ripv2md5_keyid = 0;
                ripv2passwd = "";
                set_replicate_dhcpoptions_in_parameter_request_list = no;
                unset_ignored_dhcpoptions_in_parameter_request_list = yes;
                dsldpconfig {
                        security = dpsec_firewall;
                        filter_teredo = yes;
                        filter_netbios = yes;
                        filter_sip = no;
                        filter_smtp = no;
                        sip_alg = no;
                        lowinput {
                                policy = "permit";
                        }
                        lowoutput {
                                policy = "permit";
                        }
                        highinput {
                                policy = "permit";
                        }
                        highoutput {
                                policy = "permit";
                        }
                }
                dhcp_auth_mode = auth_none;
                dhcp_requests_with_client_id = yes;
                dhcp_ignore_options_in_renewing = no;
                is_erouter = no;
                fakepacm = no;
                dhcp_tr069_add_device_vendor_options = no;
                use_random_macaddr = no;
                arp_reply_for_any_net_enabled = yes;
        }

Es müsste sich hier scheinbar um VLAN 3001 handeln.

Das Problem ist, das es absolut 0,0 Informationen über diverse Konfigurationen zu meinem Anbieter gibt. Man muss alles selbst herausfinden.

Wie kann ich das ganze so einrichten, damit das wieder läuft?
Gibt ja diverse Hilfe-Schreie für MagentaTV, aber das hab ich hier nicht.
Am Ende wirds wahrscheinlich die gleiche Konfiguration mit anderen VLANs sein.

– Internet-Telefonie –

Ich habe die Firewall aktuell noch nicht am Netz aktiv, da diverse Personen im Haushalt z.B. das Telefon aktuell benötigen.
Daher möchte ich in der Konfiguration so viel wie möglich vorab erledigen.

Muss ich für die Telefonie noch etwas besonderes Einstellen?
Aktuell erledigt das ebenfalls die FritzBox 7590. Dort sind diverse DECT-Telefone angemeldet.
Die Anmeldung pro SIP-Nummer wurde manuell angelegt und hat nichts direkt mit dem PPPoE-Login für den Internetanschluss zu tun.
Das soll auch weiterhin noch so funktionieren, da ich keine andere Telefon-Basis habe.

Ich hoffe ihr könnt mir hier weiter helfen.
Am besten mit Antworten für Anfänger, die gerade erst sich in OPNsense einarbeiten

- Hoerli

Pages: [1]