"
after 13.1-R was up for a while, IPv4 works again, still no luck with IPv6 ssh to the FW.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#16
22.1 Legacy Series / Re: No access via IPv6 to the firewall it self, even though rules SHOULD permit it
May 26, 2022, 01:31:40 AM #17
22.1 Legacy Series / Re: No access via IPv6 to the firewall it self, even though rules SHOULD permit it
May 26, 2022, 01:28:25 AM
with the 13.1-RELEASE OS, I can't ssh from outside AT ALL to the FW.
#18
22.1 Legacy Series / No access via IPv6 to the firewall it self, even though rules SHOULD permit it
May 25, 2022, 11:37:32 PM
In the current 22.1.8 the firewall will NOT allow SSH or HTTPS connections to it's LAN IP Addresses
even though there is an EXPLICIT rule allowing ANY IPv6 from my home block to "THIS FIREWALL" any / any.
This USED TO WORK.
Ideas?
What all do you need from me to diagnose?
FTR: IPv6 beyond the FW works just fine. It's just access to the FW itself.
root@fw:~ # last -n 20
root pts/1 76.250.255.117 Wed May 25 16:46 still logged in
root pts/1 76.250.255.117 Wed May 25 16:46 - 16:46 (00:00)
root pts/1 2602:fcdb:0:10::53:2 Wed May 25 16:23 - 16:24 (00:00)
ler pts/1 76.250.255.117 Wed May 25 16:19 - 16:20 (00:00)
ler pts/1 76.250.255.117 Wed May 25 15:55 - 15:55 (00:00)
root pts/1 76.250.255.117 Wed May 25 15:24 - 15:25 (00:00)
root pts/1 76.250.255.117 Wed May 25 15:07 - 15:08 (00:00)
root pts/1 76.250.255.117 Wed May 25 15:05 - 15:05 (00:00)
root pts/1 76.250.255.117 Wed May 25 15:03 - 15:04 (00:00)
root pts/0 2602:fcdb:0:10::53:2 Wed May 25 15:00 - 16:47 (01:46)
root pts/0 76.250.255.117 Wed May 25 14:54 - 14:55 (00:00)
root pts/0 76.250.255.117 Wed May 25 12:43 - 12:43 (00:00)
root pts/0 76.250.255.117 Wed May 25 12:42 - 12:42 (00:00)
root pts/0 76.250.255.117 Wed May 25 12:41 - 12:41 (00:00)
root pts/0 76.250.255.117 Wed May 25 12:19 - 12:34 (00:15)
root pts/0 76.250.255.117 Wed May 25 12:18 - 12:18 (00:00)
shutdown time Wed May 25 12:14
root pts/0 2600:1700:210:b18f:b92 Wed May 25 10:39 - 10:39 (00:00)
root pts/0 2600:1700:210:b18f:b92 Wed May 25 10:39 - 10:39 (00:00)
root ttyv0 Wed May 25 09:05 - 09:07 (00:01)
Note prior to the shutdown, the 2600:1700 addresses, from the SAME mac at home after the reboot
it only works for the IPv4 address.
<SOMETHING> in 22.1.8 broke <SOMETHING>
even though there is an EXPLICIT rule allowing ANY IPv6 from my home block to "THIS FIREWALL" any / any.
This USED TO WORK.
Ideas?
What all do you need from me to diagnose?
FTR: IPv6 beyond the FW works just fine. It's just access to the FW itself.
root@fw:~ # last -n 20
root pts/1 76.250.255.117 Wed May 25 16:46 still logged in
root pts/1 76.250.255.117 Wed May 25 16:46 - 16:46 (00:00)
root pts/1 2602:fcdb:0:10::53:2 Wed May 25 16:23 - 16:24 (00:00)
ler pts/1 76.250.255.117 Wed May 25 16:19 - 16:20 (00:00)
ler pts/1 76.250.255.117 Wed May 25 15:55 - 15:55 (00:00)
root pts/1 76.250.255.117 Wed May 25 15:24 - 15:25 (00:00)
root pts/1 76.250.255.117 Wed May 25 15:07 - 15:08 (00:00)
root pts/1 76.250.255.117 Wed May 25 15:05 - 15:05 (00:00)
root pts/1 76.250.255.117 Wed May 25 15:03 - 15:04 (00:00)
root pts/0 2602:fcdb:0:10::53:2 Wed May 25 15:00 - 16:47 (01:46)
root pts/0 76.250.255.117 Wed May 25 14:54 - 14:55 (00:00)
root pts/0 76.250.255.117 Wed May 25 12:43 - 12:43 (00:00)
root pts/0 76.250.255.117 Wed May 25 12:42 - 12:42 (00:00)
root pts/0 76.250.255.117 Wed May 25 12:41 - 12:41 (00:00)
root pts/0 76.250.255.117 Wed May 25 12:19 - 12:34 (00:15)
root pts/0 76.250.255.117 Wed May 25 12:18 - 12:18 (00:00)
shutdown time Wed May 25 12:14
root pts/0 2600:1700:210:b18f:b92 Wed May 25 10:39 - 10:39 (00:00)
root pts/0 2600:1700:210:b18f:b92 Wed May 25 10:39 - 10:39 (00:00)
root ttyv0 Wed May 25 09:05 - 09:07 (00:01)
Note prior to the shutdown, the 2600:1700 addresses, from the SAME mac at home after the reboot
it only works for the IPv4 address.
<SOMETHING> in 22.1.8 broke <SOMETHING>
#19
Zenarmor (Sensei) / Re: Zenarmor 1.11.2 update -- python37 error(s)
May 10, 2022, 03:32:55 PM
Thanks, Franco!
#20
Zenarmor (Sensei) / Zenarmor 1.11.2 update -- python37 error(s)
May 10, 2022, 03:37:18 AM
Update to 1.11.2, and got the following ERRORS:
Resuming Zenarmor packet engine, restarting with the new engine...
eastpect is not running
Starting eastpect.
Registering plug-in to the OPNsense firmware system...done
Done & sync heartbeat ...
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 1 packages:
Installed packages to be REMOVED:
go: 1.18,1
Number of packages to be removed: 1
The operation will free 312 MiB.
[1/1] Deinstalling go-1.18,1...
[1/1] Deleting files for go-1.18,1: .......... done
Checking all packages: .......... done
py37-markupsafe has a missing dependency: python37
py37-markupsafe has a missing dependency: py37-setuptools
py37-markupsafe is missing a required shared library: libpython3.7m.so.1.0
>>> Missing package dependencies were detected.
>>> Found 2 issue(s) in the package database.
pkg-static: No packages available to install matching 'python37' have been found in the repositories
pkg-static: No packages available to install matching 'py37-setuptools' have been found in the repositories
>>> Summary of actions performed:
python37 dependency failed to be fixed
py37-setuptools dependency failed to be fixed
>>> There are still missing dependencies.
>>> Try fixing them manually.
>>> Also make sure to check 'pkg updating' for known issues.
The following package files will be deleted:
/var/cache/pkg/git-2.35.1~26a1b8de46.txz
/var/cache/pkg/git-2.35.1.txz
/var/cache/pkg/p5-Error-0.17029~c0effbc2dd.txz
/var/cache/pkg/os-sensei-agent-1.11.2.txz
/var/cache/pkg/p5-Error-0.17029.txz
/var/cache/pkg/os-sensei-agent-1.11.2~bcfbc97ee6.txz
/var/cache/pkg/os-sensei-1.11.2~7059f60084.txz
/var/cache/pkg/os-sensei-1.11.2.txz
The cleanup will free 65 MiB
Deleting files: ........ done
All done
Nothing to do.
Starting web GUI...done.
Generating RRD graphs...done.
***DONE***
What's busted here?
Resuming Zenarmor packet engine, restarting with the new engine...
eastpect is not running
Starting eastpect.
Registering plug-in to the OPNsense firmware system...done
Done & sync heartbeat ...
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 1 packages:
Installed packages to be REMOVED:
go: 1.18,1
Number of packages to be removed: 1
The operation will free 312 MiB.
[1/1] Deinstalling go-1.18,1...
[1/1] Deleting files for go-1.18,1: .......... done
Checking all packages: .......... done
py37-markupsafe has a missing dependency: python37
py37-markupsafe has a missing dependency: py37-setuptools
py37-markupsafe is missing a required shared library: libpython3.7m.so.1.0
>>> Missing package dependencies were detected.
>>> Found 2 issue(s) in the package database.
pkg-static: No packages available to install matching 'python37' have been found in the repositories
pkg-static: No packages available to install matching 'py37-setuptools' have been found in the repositories
>>> Summary of actions performed:
python37 dependency failed to be fixed
py37-setuptools dependency failed to be fixed
>>> There are still missing dependencies.
>>> Try fixing them manually.
>>> Also make sure to check 'pkg updating' for known issues.
The following package files will be deleted:
/var/cache/pkg/git-2.35.1~26a1b8de46.txz
/var/cache/pkg/git-2.35.1.txz
/var/cache/pkg/p5-Error-0.17029~c0effbc2dd.txz
/var/cache/pkg/os-sensei-agent-1.11.2.txz
/var/cache/pkg/p5-Error-0.17029.txz
/var/cache/pkg/os-sensei-agent-1.11.2~bcfbc97ee6.txz
/var/cache/pkg/os-sensei-1.11.2~7059f60084.txz
/var/cache/pkg/os-sensei-1.11.2.txz
The cleanup will free 65 MiB
Deleting files: ........ done
All done
Nothing to do.
Starting web GUI...done.
Generating RRD graphs...done.
***DONE***
What's busted here?
#21
22.1 Legacy Series / Re: turn on alias stats, get crash :(
May 01, 2022, 10:44:45 PM
Thanks, @KHE!
#22
22.1 Legacy Series / turn on alias stats, get crash :(
May 01, 2022, 04:24:52 AM
If I try to turn on alias stats, I get a page fault panic.
Textdumps:
https://www.lerctr.org/~ler/stats.crashes.tar.gz
Ideas?
Textdumps:
https://www.lerctr.org/~ler/stats.crashes.tar.gz
Ideas?
#23
Zenarmor (Sensei) / Re: SIGSEGV on EASTPECT: Known Issue?
April 09, 2022, 11:31:27 PM
Any news for me here on either core I uploaded?
#24
Zenarmor (Sensei) / Re: SIGSEGV on EASTPECT: Known Issue?
April 07, 2022, 06:37:32 AM
Core uploaded.
Let me know what else y'all need.
Let me know what else y'all need.
#26
Zenarmor (Sensei) / Re: SIGSEGV on EASTPECT: Known Issue?
April 06, 2022, 07:51:48 PM
all set for the next crash.
Wait Next Fail :)
Wait Next Fail :)
#27
Zenarmor (Sensei) / Re: SIGSEGV on EASTPECT: Known Issue?
April 06, 2022, 04:11:49 PM
Wrong @, but I've done so now :)
#28
Zenarmor (Sensei) / SIGSEGV on EASTPECT: Known Issue?
April 06, 2022, 03:59:25 PM
Is there a known issue where eastpect dies on a signal 11 (SIGSEGV)?
This is happening a LOT on my OPNSense.
https://www.lerctr.org/~ler/zenarmor_crash.png
This is happening a LOT on my OPNSense.
https://www.lerctr.org/~ler/zenarmor_crash.png
#29
Zenarmor (Sensei) / Re: SWAP
April 06, 2022, 01:27:03 AM
check and see if the plugin is still installed.
#30
Zenarmor (Sensei) / Re: sunnyvalley.cloud: NO DS Records
April 05, 2022, 11:07:54 PM
Anything I can do to help here @mb?
