"
Well, I had to reboot mine for an unrelated issue and it started handing out IPv6 addresses again and the conf files look normal. Not really sure what happened there as I already tried rebooting it twice before but... It's working for now. I'll try to grab the files if it stops working again, though.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#47
18.1 Legacy Series / Re: 18.1.12 Prefix Delegation Bug?
July 25, 2018, 05:18:58 PM
Yeah, it's super odd since from what I can tell, everything should be working according to the logs.
I'm on 18.1.13 now, and I suppose if your test unit is working fine something might have gone wacky during the update process to 18.1.12. I'm running it on a Dell PE R210 II with the built-in dual Broadcom gigabit NIC (forget the exact model... 5720 maybe?), an E3-1220v2, 8GB of DDR3, and a 128GB SATA SSD. If you need more detailed specs I can grab those tonight when I have access to the machine again.
I can also post the contents of the files you requested later on as well. Backing up the config and re-installing might be a good idea, though. If all else fails I'll give that a try.
I'm on 18.1.13 now, and I suppose if your test unit is working fine something might have gone wacky during the update process to 18.1.12. I'm running it on a Dell PE R210 II with the built-in dual Broadcom gigabit NIC (forget the exact model... 5720 maybe?), an E3-1220v2, 8GB of DDR3, and a 128GB SATA SSD. If you need more detailed specs I can grab those tonight when I have access to the machine again.
I can also post the contents of the files you requested later on as well. Backing up the config and re-installing might be a good idea, though. If all else fails I'll give that a try.
#48
18.1 Legacy Series / Re: 18.1.12 suricata crash
July 25, 2018, 05:11:41 PMQuote from: mimugmail on July 25, 2018, 05:53:11 AM
How much RAM do you have?
8GB. RAM usage doesn't grow to 100%, though. Last I saw it grew to about 2.5GB before Suricata crashed.
#49
18.1 Legacy Series / Re: 18.1.12 suricata crash
July 25, 2018, 02:36:10 AMQuote from: franco on July 24, 2018, 06:13:16 PM
This may be relevant. https://twitter.com/abuse_ch/status/1020172320378417154
Cheers,
Franco
Well, it wasn't fixed... Re-enabling the abuse.ch\urlhaus rules on 18.1.12 resulted in Suricata crashing again until I disabled the rule set.
After updating to 18.1.13 I am now experiencing the same issue with memory usage growing until Suricata crashes, then going back to normal. This only seems to occur if the abuse.ch\urlhaus rule set is enabled. Disabling it again seems to have stopped the issue for now.
#50
18.1 Legacy Series / Re: 18.1.12 Prefix Delegation Bug?
July 25, 2018, 02:22:02 AM
Here are the logs. Note IPv6 is now not working as soon as I changed it back to a track interface, and the dashboard no longer shows an IPv6 address on the LAN interface, either.
Code Select
Date Message
Jul 24 20:16:01 dhcp6c[44834]: got an expected reply, sleeping.
Jul 24 20:16:01 dhcp6c[44834]: removing server (ID: XX:XX:XX:XX)
Jul 24 20:16:01 dhcp6c[44834]: removing an event on bce0, state=REQUEST
Jul 24 20:16:01 dhcp6c[44834]: script "/var/etc/dhcp6c_wan_script.sh" terminated
Jul 24 20:16:00 dhcp6c: dhcp6c REQUEST on bce0 - running newipv6
Jul 24 20:16:00 dhcp6c: dhcp6c REQUEST on bce0
Jul 24 20:16:00 dhcp6c[44834]: executes /var/etc/dhcp6c_wan_script.sh
Jul 24 20:16:00 dhcp6c[44834]: add an address XX:XX:XX:XX/128 on bce0
Jul 24 20:16:00 dhcp6c[44834]: create an addressXX:XX:XX:XX pltime=1209600, vltime=7709166103877022976
Jul 24 20:16:00 dhcp6c[44834]: make an IA: NA-0
Jul 24 20:16:00 dhcp6c[44834]: create a prefix XX:XX:XX:XX::/64 pltime=1209600, vltime=1209600
Jul 24 20:16:00 dhcp6c[44834]: make an IA: PD-0
Jul 24 20:16:00 dhcp6c[44834]: Domain search list[0] attlocal.net.
Jul 24 20:16:00 dhcp6c[44834]: nameserver[0] XX:XX:XX:XX
Jul 24 20:16:00 dhcp6c[44834]: Received REPLY for REQUEST
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option domain search list, len 14
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option DNS, len 16
Jul 24 20:16:00 dhcp6c[44834]: preference: 255
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option preference, len 1
Jul 24 20:16:00 dhcp6c[44834]: DUID: XX:XX:XX:XX
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option server ID, len 14
Jul 24 20:16:00 dhcp6c[44834]: DUID: XX:XX:XX:XX
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option client ID, len 14
Jul 24 20:16:00 dhcp6c[44834]: IA_PD prefix: XX:XX:XX:XX/64 pltime=1209600 vltime=7709166103877022976
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option IA_PD prefix, len 25
Jul 24 20:16:00 dhcp6c[44834]: IA_PD: ID=0, T1=604800, T2=864000
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option IA_PD, len 41
Jul 24 20:16:00 dhcp6c[44834]: IA_NA address: XX:XX:XX:XX pltime=1209600 vltime=1209600
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option IA address, len 24
Jul 24 20:16:00 dhcp6c[44834]: IA_NA: ID=0, T1=604800, T2=864000
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option identity association, len 40
Jul 24 20:16:00 dhcp6c[44834]: receive reply from XX:XX:XX:XX%bce0 on bce0
Jul 24 20:16:00 dhcp6c[44834]: XID mismatch
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option domain search list, len 14
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option DNS, len 16
Jul 24 20:16:00 dhcp6c[44834]: preference: 255
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option preference, len 1
Jul 24 20:16:00 dhcp6c[44834]: DUID: XX:XX:XX:XX
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option server ID, len 14
Jul 24 20:16:00 dhcp6c[44834]: DUID: XX:XX:XX:XX
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option client ID, len 14
Jul 24 20:16:00 dhcp6c[44834]: IA_PD prefix: XX:XX:XX:XX/64 pltime=1209600 vltime=7709166103877022976
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option IA_PD prefix, len 25
Jul 24 20:16:00 dhcp6c[44834]: IA_PD: ID=0, T1=604800, T2=864000
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option IA_PD, len 41
Jul 24 20:16:00 dhcp6c[44834]: IA_NA address: XX:XX:XX:XX pltime=1209600 vltime=1209600
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option IA address, len 24
Jul 24 20:16:00 dhcp6c[44834]: IA_NA: ID=0, T1=604800, T2=864000
Jul 24 20:16:00 dhcp6c[44834]: get DHCP option identity association, len 40
Jul 24 20:16:00 dhcp6c[44834]: receive advertise from XX:XX:XX:XX%bce0 on bce0
#51
18.1 Legacy Series / Re: 18.1.12 Prefix Delegation Bug?
July 24, 2018, 06:24:56 PMQuote from: franco on July 24, 2018, 06:11:32 PM
Some people reported that their ISPs refused to give a new lease unless you changed your DUID. You can do so under Interfaces: Settings.
We are highly confident that IPv6 does not suddenly stop working due to a 18.1.x release.
Cheers,
Franco
My ISP is giving me a lease. The issue is that the OPNsense box stopped handing out IPv6 addresses to LAN clients.
Quote from: marjohn56 on July 24, 2018, 06:15:01 PM
I suspect Franco is correct, but just in case, if that does not solve it.
Set the system back to track interface on LAN. On WAN set IPv6 to dhcp6 and enable dhcp6c debug.
Goto Services->DHCPv4->Log File. Filter entries regarding dhcp6c and post them so we can see what's going on.
I will post the entries as soon as I'm able to collect them. Thanks.
#52
18.1 Legacy Series / 18.1.12 Prefix Delegation Bug?
July 24, 2018, 05:06:34 PM
After upgrading to 18.1.12 I noticed my LAN was no longer receiving IPv6 addresses. I did not change my setup.
WAN interface is set to DHCPv6, LAN interface is set to Tracking WAN interface with prefix ID 0. The LAN interface does receive an IPv6 address but does not hand out IPv6 to the LAN clients.
If I configure the LAN as Static IPv6 using the same /64 prefix it gets assigned as a track interface and then enable DHCPv6 and RAs, it works fine.
The former setup with LAN set to track WAN was working normally up until I upgraded, any ideas why it stopped? What information can I provide to help track down the issue?
WAN interface is set to DHCPv6, LAN interface is set to Tracking WAN interface with prefix ID 0. The LAN interface does receive an IPv6 address but does not hand out IPv6 to the LAN clients.
If I configure the LAN as Static IPv6 using the same /64 prefix it gets assigned as a track interface and then enable DHCPv6 and RAs, it works fine.
The former setup with LAN set to track WAN was working normally up until I upgraded, any ideas why it stopped? What information can I provide to help track down the issue?
#53
18.1 Legacy Series / Re: 18.1.12 suricata crash
July 24, 2018, 05:02:56 PM
For me this was definitely due to the abuse.ch\urlhaus rule set. Once I disabled that and re-downloaded/reloaded the rules, Suricata stopped crashing.
It seems they have an issue with this rule set currently.
It seems they have an issue with this rule set currently.
