Topics

I have 20.1 working great with 20.1.  When I upgrade to 20.7, I don't get DHCP from ATT.

Is there something(TM) changed between the HardenedBSD releases that possibly breaks NetGraph?

I made the grave mistake of NOT having a off machine backup of my config and had to rebuild it from scratch.

I don't want to go through this again trying to get current.

The description of the 20.1 forum says:

Feedback and questions for the 19.7 series

Just a minor nit :)

Given that I *DEPEND* on the pfatt module to authorize my ONT, will the netgraph change called out in the release notes cause me grief?

thanks (I don't dare try it as I don't want to be knocked offline).

I have the following setup:
                                              |---> <VIA ipsec 172.20.0.0/16, reachable from the LAN>
<LAN 192.168.200.11/22> ----+
                                              |---> <VIA ipsec 10.64.0.0/16, reachable from the LAN>


If I try to set the system to use 172.20.100.34 as a DNS server it doesn't get any response,
same with 10.64.0.4.

If I ping using -S 192.168.200.11  it all works.

What am I missing in the routing tables?

root@home-fw:~ # netstat -rn |more
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            76.250.252.1       UGS      ngeth0
10.64.0.0/16       10.128.0.2         UGS    ipsec100
10.128.0.1         link#18            UHS         lo0
10.128.0.2         ipsec1000          UHS    ipsec100
10.128.0.3         link#19            UHS         lo0
10.128.0.4         ipsec1000          UHS    ipsec200
76.250.252.0/22    link#11            U        ngeth0
76.250.255.117     link#11            UHS         lo0
127.0.0.1          link#7             UH          lo0
172.20.0.0/16      10.128.0.4         UGS    ipsec200
172.31.0.0/16      10.128.0.4         UGS    ipsec200
192.168.16.0/24    link#15            U      em0_vlan
192.168.16.1       link#15            UHS         lo0
192.168.17.0/24    link#16            U      em0_vlan
192.168.17.1       link#16            UHS         lo0
192.168.18.0/24    link#17            U      em0_vlan
192.168.18.1       link#17            UHS         lo0
192.168.40.0/24    link#12            U      em0_vlan
192.168.40.1       link#12            UHS         lo0
192.168.64.0/24    link#13            U      em0_vlan
192.168.64.1       link#13            UHS         lo0
192.168.192.0/24   link#14            U      em0_vlan
192.168.192.1      link#14            UHS         lo0
192.168.200.0/22   link#1             U           em0
192.168.200.11     link#1             UHS         lo0

did the upgrade, but the system wants to do it again.

Why?

I'd put the upgrade log in, but it's too big. :(

BTW: it would be nice if the limits on attachments, post size, etc were raised on the forums.

What am I missing here on the dev branch?

Can someone look at:
https://github.com/opnsense/core/issues/3406

I get a /60 from ATT, which should allow prefix id's 0-15 (4 bits).  The GUI for track interface says 15 & 14 are out of bounds.

This is in addition to the problem of adding a new interface that tracks WAN *NOT* rewriting the dhcp6c_<WAN>.conf file and restarting dhcp6c.

I've got a valid LE cert on my FW, but the certifcates in the GUI show validation failed, and I can't seem to find the cronjob.

ideas?

(I force renewed from the GUI, hence the new issue date).

I'm on 19.1, and have the pfatt stuff working, and my LAN gets an IPv6 prefix just fine.

I'm testing, and when I configure a VLAN on that interface and configure the subinterface the subinterface JUST gets a link-local address, and not a routable prefix out of the /60 block ATT passed me.

Does anyone have doc/faq/etc on what I might be missing?

I'm coming back to OPNSense after a LONG break and was wondering if the DHCPD in current production can support doing DNS updates to a foreign (to OPNSense) DNS server (my server on a different network, using BIND 9.13.x) via an NSUPDATE type message, but using T-SIG keys?

I'm currently back to pfSense as they correctly support ATT Fiber's 6rd IPv6.   I really(!) prefer Opnsense, but *NEED* 6RD to work.

What's the current 6rd status in Opnsense 17.7?

I've just moved into a nice new house with ATT Fiber.  ATT'S RG (Pace 5268AC) doesn't pass IPv6 through to the DMZ+ host (will be the firewall).  It *DOES* however allow IPV6 to other devices connected to it's own switch.

Should I be able to route IPv6 from another interface to my LAN and do Firewall stuff?  My suspicion is YES, but I'm not near it right now.

Basically the setup:
                                                    +--->WAN port on OPNSENSE (IPv4/DMZ+)----+
ATTONT->ONT PORT on 5268AC ---|                                                                     |----> LAN port on OPNSENSE
                                                    +--->OPT1 port on OPNSENSE (IPv6/DHCPv4) .+ 

Would this allow me to have dual stacked hosts on the LAN ?

I'm a convert from pfSense.  One of the nice things they have in their GUI is the traffic (pkts/bytes) PER RULE in
the rules list.

This is useful to see if the rules are working.

Any chance in a future release of getting something like that?