Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - bringha

#1
That's really interesting!
However, I have some difficulties to map your Server Update URL to the Update URL format given in [1].

The format as being defined in [1] look like
https://ipv4.api.hosting.ionos.com/dns/v1/dyndns?q=ZsWxJSLcX8Dpy40nu0fhycBXdnnTb0gM2yqKS3Xcmx4c3yA6EhZp3Sg0467MRvdn6dU4P0kQntSeskxpYsFMxXnrKmW8teSHSHc3eefgYu4tjb2veJH4tESXaTmW4tvNW6nrtSm6Vb6E7e2SpuqqjvFaqbBS4XGCS.
You may complement this with &ipv4=...&ipv6=... parameters which I could get working only so far from a FritzBox accordingly to have the desired result of an A AND an AAAA record in IONOS DNS for my domain. With all other routers, I could achieve only either or (either A or AAAA record). Even separate entries for ipv4 and ipv6 in dyndns config did not work.

Considering the format you mention though reads like there are some more parameters in your URL which leads to some questions:

1.) What means SECRET, API, from, PORTAL and from where are the required values here shown as xxxxx..... coming from?
2.) I assume that __MYIP__ is filled automatically by the check ip method ?!
3.) Is there a complement also for ipv6, eg __MYIPv6__ ?

Looking forward to a short reply

Br br
#2
Und der Alternate Name/DNS Name des Client certificate stimmt auch mit dem Zielsystem/Aussteller überein?
#3
@zickzack111

Mit welcher CA hast du denn die User Zertifikate erzeugt? Mit der CA von Opnsense?

Br br
#4
Wenn ich das richtig verstehe, lebst du in einem Mehrfamilienhaus. Falls ja, dann spricht der Vermieter kräftig mit wie das gemacht wird. Folgendes Dokument fasst es ganz gut zusammen wie das aussieht und welche Möglichkeiten es gibt.

https://www.telekom.de/hilfe/downloads/glasfaser-technik.pdf

Es gibt ein sfp bei der Telekom von Zyxel, das recht gut auch in anderen Routern zum laufen gebracht werden kann (Zyxel PMG3000-D20B), auf https://telekomhilft.telekom.de/t5/Festnetz-Internet/FTTH-ohne-Modem-SFP-GPON-Modul/td-p/5998739 gibts da mehr Details. Aber wie gesagt, das hängt von der Inhouse Verteilung ab ...

Und ansonsten gibts hier diesen Thread dazu https://forum.opnsense.org/index.php?topic=36491.msg213593#msg213593

Br br
#5
Hmmm, I can confirm that Sequoia 15.0  openssh runs fine with opnsense 24.7.4_1 /.5. No issues at all. both from my internal LAN and WLAN.

There is usually only one reason for such an error message - bad encryption or decryption. Aside of ssh implementation bugs (which is usually very unlikely) there is also the possibility of line or HW issue or brute force attacks... here, a detailed log would help ...

br br
#6
OK, thanks this works also perfectly fine for me ...

Next time I will ask directly about a potential intention  ;D ;D ;D    its a shame to be second ....

br br
#7
G'day,

I just noticed an exec rights issue with the 'locate' command in 24.7.1.

Executing as root eg 'locate newwanrc', it shows


locate: the locate database '/var/db/locate.database' is smaller than 256 bytes large.

To create a new database, please run the following command as root:

  /etc/periodic/weekly/310.locate


Executing then as root

  /etc/periodic/weekly/310.locate

It only outputs

Rebuilding locate database:
Must be root.

No database is created... Also the weekly update of this database is obviously not working

Before throwing something in Git: freebsd 14.1 issue or opnsense?

br br

#8
Hi there,

I can also confirm that the -icmp2 kernel works fine here, both ipv4 and ipv6

br br
#9
G'day,

Updated just to 24.7.1 which ran smooth as usual. Time to say a big thank you to all who made this happen - Great job again!!!

A (small) heads up I would like to bring to your attention which is the dyndns service resp. GUI behavior once the system reboots after update.

I am running ddclient with native backend and my dyndns update runs in two steps, one for ipv4 and one for ipv6. In between, my provider (dedyn.io) demands for a ~5 min pause and it is throttling the update requests to this interval. Already after the 24.7 (and now also 24.7.1) upgrade reboot, I am running then in a kind of (race) condition showing a very inconsistent picture about the state of the dyndns service. Reproducible, after the update reboot

  • the Dashboard widget shows dyndns as 'not running', ps says it runs. Dashboard value is not changing without manual interaction
  • the dyndns services page shows the correct new ipv6 address and the old ipv4 address
  • the interface overview widget shows for WAN the correct new ipv4 address and ipv6 address
So, the state of internet connection reads somewhat confusing after the update ....

When manually restarting dyndns service on the dashboard service widget, nothing changes
When manually stopping dyndns and starting on the configuration page, the widget on the dashboard gets then the correct new ipv4 and ipv6 addresses; on the service configuration page, still the old ipv4 address is shown.
When manually restarting dyndns for a second time, everything is OK again.

So it takes in my case up to 10 min and two manual interactions until GUI values for WAN addresses are shown consistent to the reality.

I am aware that a fix of this is somewhat shaky as the service restart behavior is different from system to system
but perhaps over time, some optimization could be considered for this.

Br br
#10
not to bother anyone with minor details and typos. But

# opnsense-patch -c plugins dd68ab68d


runs a bit better  ;)

br br
#11
The DMZ and LAN Addresses are shown 2003:XXXX in your post. So: can you show the field to see whether prefix ID 0 and 1 are properly assigned to the ipv6 address on the DMZ and LAN interface?

What do you mean with IPv6 has not configured yet?

ipv6 on servers:  Assuming servers with Linux with ipv6 activated, you should then have at least a configuration on /etc/network/interfaces like

iface eth0 inet6 auto

Otherwise you won't get any ipv6 address on the servers

#12
Hi,

Assuming you have an up and running PPPoE connection with VLAN7 properly configured?!

Normally, manual configuration for router advertising  is not required, should be unchecked in a first step

'request ipv6 prefix only' I have also unchecked

Can you share whether the ipv6 prefixes on your LAN and DMZ interface look as expected, i.e. have the assigned Prefix ID? (0 resp. 1)

Your servers on LAN and DMZ: How are they supposed to get an IPv6 address on their interfaces?

Br br
#13
Neben der Grundkonfiguration (siehe Mail von Maurice) wäre dann im zweiten Schritt noch die Frage
- welche Form der Anbindung es sein soll (Modem (welches?) oder ein weiterer Router davor (Fritz!Box, dann mit double NAT (wäre eher weniger zu empfehlen)
- Welche Services sollen darüber laufen (IP Telefonie und/oder Magenta TV)
- (...)

Br br
#14
Ist der netcologne Anschluss denn auf Routerfreiheit konfiguriert? mW geht ansonsten der Bridge Modus gar nicht. Hab letztes Jahr mal einem Kollegen geholfen und dabei hat sich diese Anleitung als hilfreich erwiesen

https://www.tutonaut.de/routerfreiheit-eigene-fritzbox-6690-bei-netcologne-einrichten/
#15
Can confirm @meyergru 's experience: No third party package, no upgrade hiccups

br br