Messages

151

17.7 Legacy Series / Re: [SOLVED] Adding IPv6 static route for rc.newwanipv6 fail

« on: September 28, 2017, 10:35:24 am »

Thanks Franco,

as from my perspective this change is a very basic enabler to all users who are working with ipv6 in conjunction with dual stack providers and a standard router/modem like fritzbox et al towards the ISPs the sooner the better ....
if not that some new findings leave some doubt that this code has the required stability ...

BR C

152

17.7 Legacy Series / Upgrade to 17.7.4 - unbound 1.6.6 not starting automatically

« on: September 27, 2017, 11:16:22 pm »

Hi there,

17.7.4 updates also unbound to new version 1.6.6. However, unbound is not restarted after the update so that still 1.6.5 is running - is this by intention?

Br br

153

17.7 Legacy Series / Re: [SOLVED] Adding IPv6 static route for rc.newwanipv6 fail

« on: September 27, 2017, 10:52:12 pm »

... one question - the code is not contained in 17.7.4?

Br br

154

17.7 Legacy Series / Re: Adding IPv6 static route for rc.newwanipv6 fail

« on: September 26, 2017, 08:47:59 am »

Hi Franco,

As easy as that - so far no further error!

And even more - so far the first Sense ever which does now supporting fill ipv6 across four networks at least for my current (pretty straight) config at a dual stack ISP

Br br

155

17.7 Legacy Series / Re: Adding IPv6 static route for rc.newwanipv6 fail

« on: September 25, 2017, 08:13:32 pm »

Hi Franco,

Hm .... DNS still does not work

could it be that line 905 which is

Code: [Select]

if (is_linklocal($gw['gateway']) && !strstr($gw['gateway'], '%') === false) {


should look like either

Code: [Select]

if (is_linklocal($gw['gateway']) && !strstr($gw['gateway'], '%')) {

OR

Code: [Select]

if (is_linklocal($gw['gateway']) && strpos($gw['gateway'], '%') === false) {
?

BR br

156

17.7 Legacy Series / Re: Adding IPv6 static route for rc.newwanipv6 fail

« on: September 25, 2017, 03:13:51 pm »

Thanks Franco,

have now installed both patches, will report whether they solve the issue ....

Br br

157

17.7 Legacy Series / Re: Adding IPv6 static route for rc.newwanipv6 fail

« on: September 25, 2017, 02:04:05 pm »

Thanks Franco,

This is exactely what I tried to say:

Monitor and DNS both are calling /sbin/route out of system_host_route() and if your ipv6 gateway is link local and does not contain a %$interface after the LL address, then the command ends in an error message; but indeed monitor and DNS both serving different purposes

Beyond of that I don't use explicit static routes. My understanding is that configured DNS servers are added to the routing table statically when the system is started !?

I also suggested - instead of my really somewhat odd hack  -  to code it on the callers side - appreciated; Never the less my dirty hack show that adding the %$interface thing solves the problem ....

Apologies if I have expressed myself too complicated ....

Br br

158

17.7 Legacy Series / Re: Adding IPv6 static route for rc.newwanipv6 fail

« on: September 25, 2017, 12:26:53 pm »

Hi Franco,

apologies I was not sure whether it is really related as the same error message is also appearing for the route to the ipv6 DNS service

Code: [Select]

Sep 24 12:17:49 OPNsense opnsense: /usr/local/etc/rc.newwanipv6: IP renewal is starting on 'igb1'
Sep 24 12:17:49 OPNsense opnsense: /usr/local/etc/rc.newwanipv6: On (IP address: fe80::217:3fff:XXXX:XXXX) (interface: WAN[wan]) (real interface: igb1).
Sep 24 12:17:53 OPNsense opnsense: /usr/local/etc/rc.newwanipv6: The command '/sbin/route add -host -'inet6' '2001:470:20::2' 'fe80::3631:c4ff:XXXX:XXXX'' returned exit code '1', the output was 'route: writing to routing socket: Network is unreachable add host 2001:470:20::2: gateway fe80::3631:c4ff:XXXX:XXXX fib 0: Network is unreachable'
Sep 24 12:17:53 OPNsense opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv4 default route to 192.168.X.X
Sep 24 11:42:57 OPNsense opnsense: /usr/local/etc/rc.newwanipv6: The command '/sbin/route add -host -'inet6' '2001:470:20::2' 'fe80::3631:c4ff:XXXX:XXXX'' returned exit code '1', the output was 'route: writing to routing socket: Network is unreachable add host 2001:470:20::2: gateway fe80::3631:c4ff:XXXX:XXXX fib 0: Network is unreachable'sr/local/etc/rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::3631:c4ff:XXXX:XXXX
The problem is obviously somewhat broader: function system_host_route() is also called to make the static routes for the DNS service in system.inc, 224ff; it this was the reason

• That I opened up a new topic 
• that I extended the function directly

When I understand your patch correctly, then you address the problem with the monitor, the DNS problem will not benefit from it. Still therefore the suggestion to patch it like handing over a $interface parameter to system_host_route(); then you can also use the 'right one' and not as dirty as I did ....

Just my 10 cents ....

Br br

159

17.7 Legacy Series / Re: Adding IPv6 static route for rc.newwanipv6 fail

« on: September 24, 2017, 07:06:43 pm »

After some more analysis work, it seems to be related to https://forum.opnsense.org/index.php?topic=6028.0)

It affects the function system_host_route in /usr/local/etc/inc/system.inc which is called for the routes to DNS servers and monitors.

Code: [Select]

function system_host_route($host, $gateway, $delete = true, $add = true)
{
    if (is_ipaddrv4($gateway)) {
        $family = 'inet';
    } elseif (is_ipaddrv6($gateway)) {
        $family = 'inet6';
    } else {
        return;
    }

    if ($delete) {
        mwexecf('/sbin/route delete -host -%s %s', array($family, $host), true);
    }

    if ($add) {
-->        /* Added by bringha for ipv6   */
-->        if ($family == "inet6" && (is_linklocal($gateway))) {
-->            $interface = get_real_interface("wan");
-->            $gateway .= "%{$interface}";
-->        }
        mwexecf('/sbin/route add -host -%s %s %s', array($family, $host, $gateway));
    }
}


I added the lines ---> for my workaround to get access to the ipv6 dns servers  I have configured (otherwise the route is not added) and the monitor (for the latter the error message is related to).

This might not be the best code. I would think that it is better to add the parameter $interface to the function when called. Then it is consistent to e.g. all the other routing functions again (e.g. system_default_route($gateway, $interface = null, $delete = true, $add = true)). The callers need to be adapted then in system.inc and in gwlb.inc accordingly.

Anyway, with this patch, the log file looks much better

Code: [Select]

Sep 24 20:23:37 OPNsense opnsense: /usr/local/etc/rc.newwanipv6: IP renewal is starting on 'igb1'
Sep 24 20:23:37 OPNsense opnsense: /usr/local/etc/rc.newwanipv6: On (IP address: fe80::217:3fff:XXXX:XXXX) (interface: WAN[wan]) (real interface: igb1).
Sep 24 20:23:42 OPNsense opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv4 default route to 192.168.X.X
Sep 24 20:23:42 OPNsense opnsense: /usr/local/etc/rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::3631:c4ff:XXXX:XXXX
Sep 24 20:23:42 OPNsense opnsense: /usr/local/etc/rc.newwanipv6: Removing static route for monitor fe80::3631:c4ff:XXXX:XXXX%igb1 via fe80::3631:c4ff:XXXX:XXXX
Sep 24 20:23:42 OPNsense opnsense: /usr/local/etc/rc.newwanipv6: Adding static route for monitor fe80::3631:c4ff:XXXX:XXXX%igb1 via fe80::3631:c4ff:XXXX:XXXX

Br br

160

17.7 Legacy Series / [SOLVED] Adding IPv6 static route for rc.newwanipv6 fail

« on: September 24, 2017, 04:41:42 pm »

Hello,

after having fixed so fast (thanks again Franco !!) the matter around apinger (see https://forum.opnsense.org/index.php?topic=6028.0), there is another new error message in my system.log, which seems to have on a first look a similar root cause:

Code: [Select]

OPNsense opnsense: /usr/local/etc/rc.newwanipv6: Removing static route for monitor fe80::3631:c4ff:XXXX:XXXX%igb1 via fe80::3631:c4ff:XXXX:XXXX
OPNsense opnsense: /usr/local/etc/rc.newwanipv6: Adding static route for monitor fe80::3631:c4ff:XXXX:XXXX%igb1 via fe80::3631:c4ff:XXXX:XXXX
OPNsense opnsense: /usr/local/etc/rc.newwanipv6: The command '/sbin/route add -host -'inet6' 'fe80::3631:c4ff:XXXX:XXXX%igb1' 'fe80::3631:c4ff:XXXX:XXXX'' returned exit code '1', the output was 'route: writing to routing socket: Network is unreachable add host fe80::3631:c4ff:XXXX:XXXX%igb1: gateway fe80::3631:c4ff:XXXX:XXXX fib 0: Network is unreachable'

Could it be that the link local address of the default ipv6 gateway is not assigned to my WAN interface too for the adding the static route which would require some adoption of the rc.newwanipv6?

Looking forward to your reply

Br br

161

17.7 Legacy Series / Re: apinger and ipv6 gateway: cannot bind socket on address

« on: September 24, 2017, 04:24:30 pm »

Apologies Franco, my fault!!

It was a matter of time stamp. After applying the first patch and before the second, a restart sequence of apinger happened. Therefore only the first correction of the target line has been found in apinger.conf. With both patches it is at least for my config correctly working,  looks like

Code: [Select]

target "fe80::3631:c4ff:XXXX:XXXX%igb1" {
  description "WAN_DHCP6"
  srcip "fe80::217:3fff:XXXX:XXXX%igb1"
        alarms override "loss","delay","down";
  rrd file "/var/db/rrd/WAN_DHCP6-quality.rrd"
}

Thanks for your fast help!!!!

Br br

162

17.7 Legacy Series / Re: apinger and ipv6 gateway: cannot bind socket on address

« on: September 24, 2017, 03:19:54 pm »

Hi Franco,

wow - thats has been fast!!

Applied both patches:

Your patches put the right line target into the apinger.conf

Code: [Select]

target "fe80::3631:c4ff:XXXX:XXXX%igb1" {
  description "WAN_DHCP6"
  srcip "fe80::217:3fff:XXXX:XXXX"
        alarms override "loss","delay","down";
  rrd file "/var/db/rrd/WAN_DHCP6-quality.rrd"
}

but the scrip line ist still incomplete, also here the %igb1 should be there. imho, line 254 in gwlb.inc should be replaced
(sorry I am not php expert, might be this is not correct in syntax)

Code: [Select]

- $apingercfg .= "  srcip \"{$gwifip}\"\n";

+ if (is_linklocal($gwifip) {
+    $apingercfg .= "  srcip \"{$gwifip}%{$gateway['interface']}\"\n";
+ }
+ else {
+      $apingercfg .= "  srcip \"{$gwifip}\"\n";
+ }

whereby I have to admit that I don't know whether the interface name is not also required for NON Link Local IP addresses too; in this case, the if .... can be saved.

Could this be an idea?

Br br

163

17.7 Legacy Series / [SOLVED] apinger and ipv6 gateway: cannot bind socket on address

« on: September 24, 2017, 12:44:51 am »

Hello together

after having updated to 17.7.3 from 17.1.11, I get the following error messages in the gateways.log file for the ipv6 gateway monitoring:

Code: [Select]

Could not bind socket on address(fe80::217:3fff:XXXX:XXXX) for monitoring address fe80::3631:c4ff:XXXX:XXXX(WAN_DHCP6) with error Can't assign requested address
OPNsense apinger: bind(): Can't assign requested address
Considering the /var/etc/apinger.conf, apinger sets the srcip to be the interface link-local address but it does not set the scope on the source IP or target, so apinger cannot reach the gateway.

Code: [Select]

target "fe80::3631:c4ff:XXXX:XXXX" {
  description "WAN_DHCP6"
  srcip "fe80::217:3fff:XXXX:XXXX"
        alarms override "loss","delay","down";
  rrd file "/var/db/rrd/WAN_DHCP6-quality.rrd"
}
The correct config should look (if e.g. igb1 is your WAN interface)

Code: [Select]

target "fe80::3631:c4ff:XXXX:XXXX%igb1" {
  description "WAN_DHCP6"
  srcip "fe80::217:3fff:XXXX:XXXX%igb1"
        alarms override "loss","delay","down";
  rrd file "/var/db/rrd/WAN_DHCP6-quality.rrd"
}
Have tried this out manually, with this config setting, the error message disappears.

As apinger restarts every 30 min. with a freshly written apinger.conf this needs to be included in the script generating the apinger.conf.

See also here: https://redmine.pfsense.org/issues/3969

Br br

164

17.1 Legacy Series / Re: Upgrade successful: Supermicro X11SBA-LN4F

« on: July 20, 2017, 12:03:16 pm »

Hi abel408

Saw that issue is already solved as described in your thread answer in 16.7?!

Br br

165

Hardware and Performance / Re: 1u Home Build

« on: June 30, 2017, 07:13:56 pm »

Well,

this board is not the optimum wrt power consumption and some of the components are somewhat oversized

Perhaps consider
+Supermicros X11SBA-LN4F-O (Attention: Must be hardware revision 1.02)
+ with 8 G RAM (4 is also sufficient)
+ Supermicro SuperDOM with 16 GB
+ 1 U chassis is SC505-203B

I build already the 5th system with that config and I am very happy with that (since using 1.02  )

Br br