Messages

Should I take my performance issue to another topic?

should this help on em(4) devices with normal speed test type stuff? 

I'm on a protectli (https://www.protectli.com) FW1
on ATT Fiber (using https://github.com/aus/pfatt bypass for the RG).

My speeds are ~600meg/sec, but with the Ubiquiti USG I was getting 900+.

Ideas welcome...

I didn't make any changes to the config other than adding the new netmap kernel.

If it's looking for dns01, but the validation method is actually DNS-01, that's a problem.....

The DNS-01 challenge creates, then auths, then deletes the TXT record, so it will *NOT* exist, except during the renewal process.

I'll have to go look at the script later.

dns-01 / nsupdate to my nameserver.  NOTE: acme issues the cert, but the GUI doesn't seem to know that.

yep.

https://www.lerctr.org/~ler/cert.png

(since the attachment limit is too small).

I'm *VERY* knowledgeable, and a FreeBSD ports committer FWIW.

when I added a new interface with track WAN, OPNSense didn't even re-write the dhcp6c_opt3.conf file....

Ugh.

I've got a valid LE cert on my FW, but the certifcates in the GUI show validation failed, and I can't seem to find the cronjob.

ideas?

(I force renewed from the GUI, hence the new issue date).

I'm getting:

Code Select Expand


root@home-fw:~ # opnsense-update -bkr 19.1-netmap
Fetching base-19.1-netmap-amd64.txz: .. failed, no signature found
root@home-fw:~ # uname -a
FreeBSD home-fw.lerctr.org 11.2-RELEASE-p9-HBSD FreeBSD 11.2-RELEASE-p9-HBSD  f083bc4f8a0(stable/19.1)  amd64
root@home-fw:~ #
[code]

Is this now broken?

See: https://forum.opnsense.org/index.php?topic=12305.0

I think I figured out WHAT is being configured wrong by OPNSense. 

Just need you lovely devs to fix it  :)

I did some playing, and I think(!) there's a bug in how we build dhcp6c.conf....

I replaced the one that OPNSense generated with:

Code Select Expand


interface ngeth0 {
  send ia-pd 0; # request prefix delegation
  request domain-name-servers;
  request domain-name;
  script "/var/etc/dhcp6c_opt3_script.sh"; # we'd like some nameservers please
};
id-assoc pd 0 {
  prefix ::/60 infinity;
  prefix-interface em0 {
    sla-id 0;
    sla-len 4;
  };
  prefix-interface em1 {
   sla-id 1;
   sla-len 4;
  };
  prefix-interface em0.100 {
   sla-id 2;
   sla-len 4;
  };
};


and I get IPv6 addresses on all 3 interfaces, up, down, etc.

Basically, for a track interface, we should add the prefix-interface stanzas for each interface in the tracking group, and then *RESTART* dhcp6c on the interface that's being tracked.

this article: https://major.io/2015/09/11/time-warner-road-runner-linux-and-large-ipv6-subnets/ gives a real good overview (based on linux, but the dhcp6c stuff is the same)

I'm also having issues with just a straight interface :(

Is there any doc/tests/etc on MULTIPLE interface(s) getting DHCPv6-PD prefixes?

I'm *OBVIOUSLY* either missing something or this is busted.

see also: https://forum.opnsense.org/index.php?topic=12307.0

I'm on 19.1, and have the pfatt stuff working, and my LAN gets an IPv6 prefix just fine.

I'm testing, and when I configure a VLAN on that interface and configure the subinterface the subinterface JUST gets a link-local address, and not a routable prefix out of the /60 block ATT passed me.

Does anyone have doc/faq/etc on what I might be missing?

BTW, any chance of y'all making a plugin for the aus/pfatt stuff?