Messages

16

22.1 Legacy Series / Intrusion Detection service stops

« on: March 03, 2022, 12:36:15 pm »

Since Jan 28th the Intrusion Detection service of my opnsense install has been 'crashing'.
I can find the error below being repeated since. No idea what I did on Jan 28th or if I did anything to cause this.

Code: [Select]

2022-03-03T12:22:19 Error suricata [101865] <Error> -- [ERRCODE: SC_ERR_NETMAP_CREATE(263)] - opening devname netmap:vtnet4/R failed: Invalid argument
2022-03-03T12:21:09 Notice suricata [100250] <Notice> -- This is Suricata version 6.0.4 RELEASE running in SYSTEM mode
vtnet4 is one of my interfaces, but how do I go about figuring out what is going wrong here?
I can start the service, but a minute later it stops again.

17

21.7 Legacy Series / Re: RA interfaces using wrong names?

« on: November 11, 2021, 02:16:59 pm »

Probably an oversight as you guessed, because

I'd consider that a bug. Why don't you file a bug report with screenshots to make the point clear?
Here: https://github.com/opnsense/core/issues

I did just do that. Thank you for the confirmation
https://github.com/opnsense/core/issues/5354

18

21.7 Legacy Series / Re: RA interfaces using wrong names?

« on: November 10, 2021, 01:55:33 pm »

You've missed my point I think.
Everything works.

But per default the system names its interfaces WAN, LAN, OPT1, OPT2 etc. They get mapped to whatever your host has for names. Nothing wrong here.
But, you can also change the names of your interfaces so ie.OPT1 get replaced with whatever you named it. This new name (for what opnsense thought of as OPT1) is now reflected throughout the system, except when configuring RA interfaces. There the old WAN, LAN, OPT, OPT2 is mentioned again instead of whatever I named the interfaces.

So when you try to configure RA for This-is-my-LAN (my name), the RA interface setting within mentions (e.g.) OPT1 instead.

It seems that somebody simply forgot this setting mentions an interface name and hence no config to replace the default name with the users custom name is done.

19

21.7 Legacy Series / RA interfaces using wrong names?

« on: November 10, 2021, 12:38:55 pm »

I have renamed all my interfaces and this shows up pretty much everywhere now.
In fact, what the system thinks is LAN is now my WAN.

Works great until I tried setting RA for my interfaces. There the RA interface suddenly used the default WAN, LAN, OPT1 OPT2 etc. naming.
Now the RA interface for my DMW shows as LAN. My actual LAN shows OPT1 as RA interface.

Is there any reason for using the original i'face names her instead of whatever I named them?

20

21.7 Legacy Series / Re: IPv6

« on: November 04, 2021, 01:18:33 pm »

uch, I did not realize I needed to go CLI for this.
Thank you for your example and the hint towards man dhcp6c.conf. I did not know of that.

21

21.7 Legacy Series / IPv6

« on: November 03, 2021, 09:11:56 pm »

The following DHCPv6 solicit from my old fritzbox router gives me what I want when connecting with the fritzbox: my ISP returning my fixed IPv6 prefix which I can then use.

Code: [Select]

DHCPv6
    Message type: Solicit (1)
    Transaction ID: 0x1566a5
    Elapsed time
    Client Identifier
    Identity Association for Prefix Delegation
        Option: Identity Association for Prefix Delegation (25)
        Length: 41
        IAID: 117794bc
        T1: 0
        T2: 0
        IA Prefix
            Option: IA Prefix (26)
            Length: 25
            Preferred lifetime: 0
            Valid lifetime: 0
            Prefix length: 0
            Prefix address: ::
    Reconfigure Accept
        Option: Reconfigure Accept (20)
        Length: 0
    Option Request
        Option: Option Request (6)
        Length: 18
        Requested Option code: DNS recursive name server (23)
        Requested Option code: NTP Server (56)
        Requested Option code: Simple Network Time Protocol Server (31)
        Requested Option code: Identity Association for Prefix Delegation (25)
        Requested Option code: Prefix Exclude (67)
        Requested Option code: Vendor-specific Information (17)
        Requested Option code: SOL_MAX_RT (82)
        Requested Option code: INF_MAX_RT (83)
        Requested Option code: PCP Server (86)
    Vendor Class

Now I am trying to do the same with OPNsense but failing horribly.
Anyone can point me to the correct syntaxt to request those options?

22

21.7 Legacy Series / WAN iface ignores DHCP OFFERs?!

« on: November 03, 2021, 07:20:34 pm »

Euhm..

Was trying to get IPv6 working on my new OPNsense install.
Moved the server running OPNsense to my lab, reconnected it and now OPNsense seems to ignore any and all DHCP (IPv4) OFFERs coming in from the ISP. OFFERS seem to get lost somewhere between host and client.
Switch port-mirror sees the OFFERs but a packet capture from OPNsense WAN interface doesn't. Mmm.

Running this on Proxmox host. I don't need any special config for the interfaces right?
Any ideas on how to troubleshoot this further?

sigh.. why does the solution always appears shortly after I've made an idiot of myself on a public forum?
I just wasted several hours because
solution: I had  a 802.1Q tagged public vlan on the Proxmox host but an untagged/native vlan on the switch.