Messages

As I said in my ticket reply, even after the connectivity is fixed, IPv6 packets don't make it past OPNSense with the packet engine running.

What else can I provide?

NOTHING.

Good luck getting further help with that yelling attitude.

softened the wording.

nothing in the logs.

I have global IPv6 addresses from ATT, and with Zenarmor on, I can't get past the OPNSense router.  A ping gets nothing.  Turn off Zenarmor and it works fine.

EM nics
using NETMAP, AFAIK (Protectli FW6b HW).

Code Select Expand


em0@pci0:1:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '82583V Gigabit Network Connection'
    class      = network
    subclass   = ethernet
em1@pci0:2:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '82583V Gigabit Network Connection'
    class      = network
    subclass   = ethernet
em2@pci0:3:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '82583V Gigabit Network Connection'
    class      = network
    subclass   = ethernet
em3@pci0:4:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '82583V Gigabit Network Connection'
    class      = network
    subclass   = ethernet
em4@pci0:5:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '82583V Gigabit Network Connection'
    class      = network
    subclass   = ethernet
em5@pci0:6:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '82583V Gigabit Network Connection'
    class      = network
    subclass   = ethernet


Code Select Expand


root@home-fw:~ # dmesg|grep -i netmap
000.000054 [4344] netmap_init               netmap: loaded module
em0: netmap queues/slots: TX 1/1024, RX 1/1024
em1: netmap queues/slots: TX 1/1024, RX 1/1024
em2: netmap queues/slots: TX 1/1024, RX 1/1024
em3: netmap queues/slots: TX 1/1024, RX 1/1024
em4: netmap queues/slots: TX 1/1024, RX 1/1024
em5: netmap queues/slots: TX 1/1024, RX 1/1024
root@home-fw:~ #


I finally got to the bottom of my IPv6 all of a sudden NOT working from my LAN.  If I turn OFF the Zenarmor Packet Engine it works as it's supposed to. if I turn ON the Packet Engine, my IPv6 doesn't work any more.

I filed a bug report from the UI, but wanted to post here as well.

Sorry, I didn't quite understand again )

Or am I fine?  the cert seems fine as does the cron

if the certs are renewed and no more errors appear, then I think you're fine)

The cert doesn't renew until 01/29/2022.  We'll have to see.

I got this when I did the upgrade from 21.7.6 ->21.7.7 and the migrations ran.  Is there a migration or command I need to run?  Or am I fine?  the cert seems fine as does the cron.

Anything at all on rules/waf side?

I don't have any automations, and all seems fine with the config and the cert.  I applied that patch on general principles.  I'm not sure where the interface issue is....

yep.  Working great (that's how I'm typing to you).

I was more thinking about blocking attempts to exploit the vulnerability. But thanks for the info on ElasticSearch.  I'm using a remote ES.  And I updated OPNsense.

With the latest fun & frolic from Log4Shell, is/are there any rules/help from Sensei/Zenarmor?

2021-12-17T16:56:10   config[94229]   [2021-12-17T16:56:10-06:00][error] Model OPNsense\AcmeClient\AcmeClient can't be saved, skip ( Phalcon\Validation\Exception: [OPNsense\AcmeClient\AcmeClient:validations.validation.40427357-883c-4c8c-8df2-b023ff9fd31f.tlsalpn_acme_interface] option not in list
2021-12-17T16:56:10   config[94229]   [2021-12-17T16:56:10-06:00][error] [OPNsense\AcmeClient\AcmeClient:validations.validation.40427357-883c-4c8c-8df2-b023ff9fd31f.tlsalpn_acme_interface] option not in list
2021-12-17T16:56:06   config[13249]   [2021-12-17T16:56:06-06:00][error] Model OPNsense\AcmeClient\AcmeClient can't be saved, skip ( Phalcon\Validation\Exception: [OPNsense\AcmeClient\AcmeClient:validations.validation.40427357-883c-4c8c-8df2-b023ff9fd31f.tlsalpn_acme_interface] option not in list
2021-12-17T16:56:06   config[13249]   [2021-12-17T16:56:06-06:00][error] [OPNsense\AcmeClient\AcmeClient:validations.validation.40427357-883c-4c8c-8df2-b023ff9fd31f.tlsalpn_acme_interface] option not in list

What do I need to do here?

ATT appears to have broken <something>.   I've turned off IPv6 for now.  I'll check it again in a few weeks.

I have allow IPv6 any to any set, and I can get a session established from outside to inside, but outbound seems to be blocked <SOMEWHERE>

How can I diagnose this?

this is on ATT Fiber, and it used to work.

21.7.6