Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - gunnarf

Pages: [1] 2 3 4

22.7 Legacy Series / Re: Clients get ipv6 addresses but don't reach Internet

« on: September 16, 2022, 04:07:49 pm »

Yes, I understand that, but why doesn't the client get a proper route?

The weird thing is that the client can ping the google NS AAAA address, but not any other ipv6 addresses.

ping 2001:4860:4860::8888
PING 2001:4860:4860::8888(2001:4860:4860::8888) 56 data bytes
64 bytes from 2001:4860:4860::8888: icmp_seq=1 ttl=117 time=3.61 ms
64 bytes from 2001:4860:4860::8888: icmp_seq=2 ttl=117 time=3.33 ms
^C
--- 2001:4860:4860::8888 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 3.326/3.467/3.608/0.141 ms

But
ping 2001:67c:d8:ed80::87
PING 2001:67c:d8:ed80::87(2001:67c:d8:ed80::87) 56 data bytes
^C
--- 2001:67c:d8:ed80::87 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 129ms

And on the client:

route -6 -n
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
::1/128 :: U 256 2 0 lo
2001:9b0:21d:7300::/64 :: U 202 1 0 eth0
fe80::/64 :: U 256 1 0 eth0
::/0 fe80::20d:b9ff:fe51:6da9 UG 202 5 0 eth0
::1/128 :: Un 0 7 0 lo
2001:9b0:21d:7300:5984:38fa:fa49:81d6/128 :: Un 0 5 0 eth0
fe80::144c:494d:4836:2c33/128 :: Un 0 4 0 eth0
ff00::/8 :: U 256 5 0 eth0
::/0 :: !n -1 1 0 lo

22.7 Legacy Series / Re: Clients get ipv6 addresses but don't reach Internet

« on: September 14, 2022, 09:56:40 am »

Update adding some log entries:

cat /var/log/system/system_20220905.log | grep -i ipv6
<11>1 2022-09-05T08:36:55+02:00 OPNsense.gflygt.se php 452 - [meta sequenceId="24"] /usr/local/etc/rc.bootup: ROUTING: IPv6 default gateway set to opt3
<11>1 2022-09-05T08:36:55+02:00 OPNsense.gflygt.se php 452 - [meta sequenceId="25"] /usr/local/etc/rc.bootup: ROUTING: skipping IPv6 default route
<11>1 2022-09-05T08:36:55+02:00 OPNsense.gflygt.se php 452 - [meta sequenceId="28"] /usr/local/etc/rc.bootup: Warning! dhcpd_dhcp6_configure() found no suitable IPv6 address on lan
<11>1 2022-09-05T08:36:55+02:00 OPNsense.gflygt.se php 452 - [meta sequenceId="29"] /usr/local/etc/rc.bootup: Warning! dhcpd_radvd_configure(manual) found no suitable IPv6 address on igb1
<11>1 2022-09-05T08:36:55+02:00 OPNsense.gflygt.se php 452 - [meta sequenceId="30"] /usr/local/etc/rc.bootup: Warning! dhcpd_radvd_configure(auto) found no suitable IPv6 address on igb2
<11>1 2022-09-05T08:36:57+02:00 OPNsense.gflygt.se php 452 - [meta sequenceId="42"] /usr/local/etc/rc.bootup: The WAN_ipv6 monitor address is empty, skipping.
<13>1 2022-09-05T08:36:58+02:00 OPNsense.gflygt.se dhcp6c 903 - [meta sequenceId="44"] dhcp6c REQUEST on igb0 - running newipv6
<11>1 2022-09-05T08:36:59+02:00 OPNsense.gflygt.se opnsense 10149 - [meta sequenceId="49"] /usr/local/etc/rc.newwanipv6: IP renewal deferred during boot on 'igb0'
<13>1 2022-09-05T08:37:00+02:00 OPNsense.gflygt.se dhcp6c 29111 - [meta sequenceId="53"] dhcp6c REQUEST on igb0 - running newipv6
<11>1 2022-09-05T08:37:01+02:00 OPNsense.gflygt.se opnsense 36647 - [meta sequenceId="59"] /usr/local/etc/rc.newwanipv6: IP renewal deferred during boot on 'igb0'
<11>1 2022-09-05T08:37:04+02:00 OPNsense.gflygt.se opnsense 78719 - [meta sequenceId="68"] /usr/local/etc/rc.newwanip: ROUTING: IPv6 default gateway set to opt3
<11>1 2022-09-05T08:37:04+02:00 OPNsense.gflygt.se opnsense 78719 - [meta sequenceId="69"] /usr/local/etc/rc.newwanip: ROUTING: skipping IPv6 default route
<13>1 2022-09-05T08:37:04+02:00 OPNsense.gflygt.se opnsense 78719 - [meta sequenceId="75"] plugins_configure monitor (,WAN_ipv6)
<13>1 2022-09-05T08:37:04+02:00 OPNsense.gflygt.se opnsense 78719 - [meta sequenceId="76"] plugins_configure monitor (execute task : dpinger_configure_do(,WAN_ipv6))
<11>1 2022-09-05T08:37:05+02:00 OPNsense.gflygt.se opnsense 78719 - [meta sequenceId="77"] /usr/local/etc/rc.newwanip: The WAN_ipv6 monitor address is empty, skipping.
<11>1 2022-09-05T08:37:05+02:00 OPNsense.gflygt.se opnsense 95018 - [meta sequenceId="78"] /usr/local/etc/rc.newwanipv6: IPv6 renewal is starting on 'igb0'
<11>1 2022-09-05T08:37:05+02:00 OPNsense.gflygt.se opnsense 95018 - [meta sequenceId="79"] /usr/local/etc/rc.newwanipv6: Failed to detect IP for WAN[wan]
<11>1 2022-09-05T08:37:05+02:00 OPNsense.gflygt.se opnsense 83945 - [meta sequenceId="83"] /usr/local/etc/rc.newwanip: ROUTING: IPv6 default gateway set to opt3
<11>1 2022-09-05T08:37:05+02:00 OPNsense.gflygt.se opnsense 83945 - [meta sequenceId="84"] /usr/local/etc/rc.newwanip: ROUTING: setting IPv6 default route to ::
<11>1 2022-09-05T08:37:06+02:00 OPNsense.gflygt.se opnsense 5011 - [meta sequenceId="98"] /usr/local/etc/rc.routing_configure: ROUTING: IPv6 default gateway set to opt3
<11>1 2022-09-05T08:37:06+02:00 OPNsense.gflygt.se opnsense 5011 - [meta sequenceId="99"] /usr/local/etc/rc.routing_configure: ROUTING: setting IPv6 default route to ::
<11>1 2022-09-05T08:37:06+02:00 OPNsense.gflygt.se opnsense 5011 - [meta sequenceId="108"] /usr/local/etc/rc.routing_configure: The WAN_ipv6 monitor address is empty, skipping.
<11>1 2022-09-05T08:37:08+02:00 OPNsense.gflygt.se opnsense 23364 - [meta sequenceId="120"] /usr/local/etc/rc.newwanip: ROUTING: IPv6 default gateway set to opt3
<11>1 2022-09-05T08:37:08+02:00 OPNsense.gflygt.se opnsense 23364 - [meta sequenceId="121"] /usr/local/etc/rc.newwanip: ROUTING: setting IPv6 default route to ::

Why does it try to set OPT3 as default gateway for ipv6?

22.7 Legacy Series / strange results with ipv6 not routed properly

« on: August 29, 2022, 04:17:25 pm »

I have a firewall with native ipv6 from my ISP. using dhcpv6 I get a /56

The clients gets addresses properly, but there is something weird with the routing If I ping googleI get
ping 2001:4860:4860::8888
PING 2001:4860:4860::8888(2001:4860:4860::8888) 56 data bytes
64 bytes from 2001:4860:4860::8888: icmp_seq=1 ttl=60 time=2.80 ms
64 bytes from 2001:4860:4860::8888: icmp_seq=2 ttl=60 time=2.87 ms
64 bytes from 2001:4860:4860::8888: icmp_seq=3 ttl=60 time=3.01 ms
64 bytes from 2001:4860:4860::8888: icmp_seq=4 ttl=60 time=3.13 ms

if I ping another ipv6 destination I get:

ping 2001:67c:d8:ed80::87
PING 2001:67c:d8:ed80::87(2001:67c:d8:ed80::87) 56 data bytes
^C
--- 2001:67c:d8:ed80::87 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 298ms

This is a legitimate ipv6 address

If I traceroute google I get:

traceroute6 2001:4860:4860::8888
traceroute to 2001:4860:4860::8888 (2001:4860:4860::8888), 30 hops max, 80 byte packets
1 OPNsense.gflygt.se (2001:9b0:21d:XXXX:XXX:XXXX:fe51:6da9) 0.741 ms 0.494 ms 0.341 ms
2 2a01:2b0:2000:152::2 (2a01:2b0:2000:152::2) 2.135 ms 2.157 ms 2.192 ms
3 2a01:2b0:2000:152::5 (2a01:2b0:2000:152::5) 2.734 ms 2.591 ms 2.620 ms
4 2001:4860:1:1::efc (2001:4860:1:1::efc) 2.963 ms 2.825 ms 2.791 ms
5 2a00:1450:810a::1 (2a00:1450:810a::1) 3.888 ms 2a00:1450:80b2::1 (2a00:1450:80b2::1) 3.745 ms 2a00:1450:8112::1 (2a00:1450:8112::1) 2.604 ms
6 dns.google (2001:4860:4860::8888) 2.680 ms 2001:4860:0:1::b7c (2001:4860:0:1::b7c) 3.972 ms 3.714 ms

If I traceroute the other address (mail-1.sr.se) I get:
traceroute6 2001:67c:d8:ed80::87
traceroute to 2001:67c:d8:ed80::87 (2001:67c:d8:ed80::87), 30 hops max, 80 byte packets
1 OPNsense.gflygt.se (2001:9b0:21d:XXXX:XXX:XXXX:fe51:6da9) 0.695 ms 0.440 ms 0.542 ms
2 OPNsense.gflygt.se (2001:9b0:21d:XXXX:XXX:XXXX:fe51:6da9) 0.401 ms !N 0.478 ms !N 0.349 ms !N

(I obfuscated my ipv6 address a little)
ie it stops at the LAN address on my firewall.

So traceroute to google works fine, but not the other ordinary host. I can reach both hosts on my other firewall where I have tunneled ipv6!

It was fully working a while ago. I don't remember from which version of OPNsense it stopped working

Gunnar

22.7 Legacy Series / Clients get ipv6 addresses but don't reach Internet

« on: August 10, 2022, 06:26:38 pm »

I just upgraded to 22.7.1 on my firewall with native ipv6 enabled. And the clients on the Lan doesn't get ipv6 addresses.

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.61 netmask 255.255.255.0 broadcast 192.168.2.255
inet6 fe80::144c:494d:4836:2c33 prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:37:6f:4c txqueuelen 1000 (Ethernet)
RX packets 3466 bytes 729753 (712.6 KiB)
RX errors 1 dropped 1 overruns 0 frame 0
TX packets 3075 bytes 1900898 (1.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Nothing changed in the config.

It looks fine in the Dashboard. LAN gets the address it should.

UPDATE: I get address (it took some time but it appeared) for my tested client, but I can't ping hosts on the Internet.

I can ping the LAN interface on the router, but not further. And a traceroute6 to an external host gives only the LAN interface.

22.1 Legacy Series / latest update not working properly

« on: June 12, 2022, 08:51:10 am »

***GOT REQUEST TO UPDATE***
Currently running OPNsense 22.1.8 (amd64/OpenSSL) at Sun Jun 12 08:49:19 CEST 2022
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (1 candidates): . done
Processing candidates (1 candidates): . done
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
   opnsense: 22.1.8 -> 22.1.8_1

Number of packages to be upgraded: 1

4 MiB to be downloaded.
[1/1] Fetching opnsense-22.1.8_1.pkg: .......... done
Checking integrity... done (0 conflicting)
[1/1] Upgrading opnsense from 22.1.8 to 22.1.8_1...
[1/1] Extracting opnsense-22.1.8_1: .......... done
Stopping configd...done
Resetting root shell
Updating /etc/shells
Unhooking from /etc/rc
Unhooking from /etc/rc.shutdown
Updating /etc/shells
Registering root shell
Hooking into /etc/rc
Hooking into /etc/rc.shutdown
Starting configd.
>>> Invoking update script 'refresh'
Writing firmware setting...done.
Writing trust files...done.
Configuring login behaviour...done.
Configuring system logging...done.
=====
Message from opnsense-22.1.8_1:

--
Owl be watching you
Checking integrity... done (0 conflicting)
Nothing to do.
Checking all packages: .......... done
py37-markupsafe has a missing dependency: python37
py37-markupsafe has a missing dependency: py37-setuptools
py37-markupsafe is missing a required shared library: libpython3.7m.so.1.0

>>> Missing package dependencies were detected.
>>> Found 2 issue(s) in the package database.

pkg-static: No packages available to install matching 'python37' have been found in the repositories
pkg-static: No packages available to install matching 'py37-setuptools' have been found in the repositories
>>> Summary of actions performed:

python37 dependency failed to be fixed
py37-setuptools dependency failed to be fixed

>>> There are still missing dependencies.
>>> Try fixing them manually.

>>> Also make sure to check 'pkg updating' for known issues.
The following package files will be deleted:
   /var/cache/pkg/opnsense-22.1.8_1~cb594b0a31.pkg
   /var/cache/pkg/opnsense-22.1.8_1.pkg
The cleanup will free 4 MiB
Deleting files: .. done
All done
Nothing to do.
Starting web GUI...done.
Generating RRD graphs...done.
***DONE***

22.1 Legacy Series / Running native ipv6 but I get no ipv6 default route

« on: April 13, 2022, 04:52:20 pm »

My ISP provides me with a /56 range of ipv6. My clients gets ipv6 addresses, but dhcpv6 doesn't provide a default route. It did work a while ago. I haven´t changed my config, so what can be wrong.

22.1 Legacy Series / Re: Is there any way I could script an ip adress change for a (SOLVED)

« on: April 10, 2022, 05:27:50 pm »

I solved it by modifying the /conf/config.xml to the dns value. Would have been helpful to been given the location of the config file. But now I know where it is.

22.1 Legacy Series / Re: Is there any way I could script an ip adress change for a remote system?

« on: April 10, 2022, 09:17:09 am »

Quote from: bartjsmit on April 09, 2022, 09:03:05 am

What is the issue with using a line like this in your client OpenVPN config?

remote <my.dynamic.dns.name> <port> <protocol>

In other words, why would you use the IP address when your server can be resolved in DNS?

If you add these directives, the client will retry the connection when it drops:

persist-tun
persist-key

If you have some spare time, have a look at the man page: https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage

Bart...

Brilliant. Of course I should. Sometimes you make things more complicated than they should be!

That's why we keep our ip addresses in DNS

Is there a way to direct edit the config on the remote OPNsense box? I can reach the firewall from a host on that network.

Thanks for giving me the push!

22.1 Legacy Series / Is there any way I could script an ip adress change for a remote system?(SOLVED)

« on: April 09, 2022, 08:01:01 am »

I have a problem with my ISP. I can't get a permanent ipv4 address for my main firewall access point. This means that if I reboot after an upgrade, I may sit there with a new public ip address, which means that my both sites won't be able to set up the VPN I have between the sites.

My thought then would be a cron script (on the remote firewall) checking (once a day) the public ip address on the main site (yes it's reachable via DNS), retrieve the new address and then change the ip-address in the client VPN setup, and reload the VPN system (OpenVPN used)

Is this possible (yes of course

but how?)

22.1 Legacy Series / Re: No IPv6 to the internet, works locally

« on: March 07, 2022, 12:12:26 pm »

When I reboot, OPNsense doesn't add my default route. That is on the box with tunneled ipv6. On the one with native ipv6 I didn't have any issues with routing loss, before the upgrade to 22.x Now I have no routing on the box with native ipv6!

22.1 Legacy Series / Re: native ipv6 stopped working since upgrade to 22.x

« on: February 21, 2022, 04:30:55 pm »

Sorry for the noice. IPv6 disappeared approximately at the same time I made my latest upgrades, hence me connecting the trouble with the upgrade.

However today I spoke with my Internet provider, and it seems that the net owner (IP-Only) has made some changes somewhere. My ISP could see that hey don't get ipv6delegations from the net owner, so they started a case with IP-Only.

Case closed!

22.1 Legacy Series / native ipv6 stopped working since upgrade to 22.x

« on: February 21, 2022, 07:10:42 am »

The Subject says it all. I've had native ipv6 running for 2 years now. From upgrade to ver 22 DHCPv6 Server does not start. My configuration is untouched.

21.7 Legacy Series / Re: OpenVPN stopped working after latest upgrade (SOLVED)

« on: September 14, 2021, 06:41:16 pm »

Very strange. I did as you told me, saved the config file again. First nothing special happened, but after having saved a second time I got the error with remote networks including spaces. Removed the space, saved and restarted and it works again.

Thanks for the help!

21.7 Legacy Series / Re: OpenVPN stopped working after latest upgrade (log files added)

« on: September 14, 2021, 06:28:07 pm »

So here comes my server log file. There are lots of authentication errors.

21.7 Legacy Series / Re: OpenVPN stopped working after latest upgrade

« on: September 13, 2021, 03:25:37 pm »

Quote from: mimugmail on September 13, 2021, 01:52:56 pm

Logs on client and server?

I attach the log since reboot today, on the Client. The server part will have to wait until I get home to the server again, tomorrow.

Pages: [1] 2 3 4