Recent posts

#1

26.1 Series / Re: CALL FOR TESTING: Multi-dh...

Last post by Maurice - Today at 04:40:43 AM

I applied the patch to 26.1.3. Unfortunately, it doesn't work for me. dhcp6c fails to acquire an address (IA_NA) on the secondary WAN, and sometimes fails completely (no address on both WANs and no prefix delegation on WAN 1).

One thing I noticed in packet captures is that the IAID is now set to 0 for both WAN interfaces. That's not supposed to happen, each interface must have a distinct IAID. Not sure whether this is the root cause, but it's plausible because in my case, both WAN interfaces are served by the same upstream DHCPv6 server.

Without the patch, dhcp6c uses a distinct IAID for each interface. Had to roll back the patch. Happy to test again when unique IAIDs are back.

Config WAN 1:

Code Select Expand

<if>vtnet0</if>
<descr>WAN_GPON</descr>
<enable>1</enable>
<lock>1</lock>
<blockpriv>1</blockpriv>
<blockbogons>1</blockbogons>
<mtu>1492</mtu>
<ipaddrv6>dhcp6</ipaddrv6>
<dhcp6-ia-pd-len>8</dhcp6-ia-pd-len>

Config WAN 2:

Code Select Expand

<if>vtnet1</if>
<descr>WAN_LTE</descr>
<enable>1</enable>
<lock>1</lock>
<blockpriv>1</blockpriv>
<blockbogons>1</blockbogons>
<ipaddrv6>dhcp6</ipaddrv6>
<dhcp6-ia-pd-len>none</dhcp6-ia-pd-len>

Cheers
Maurice

#2

26.1 Series / When will "how to" topics be u...

Last post by RickNY - Today at 04:00:14 AM

For example -- https://docs.opnsense.org/manual/how-tos/multiwan.html

When will topics like these be updated to reflect the changes in firewall rules in v26?
Can these be netered as rules under the old system and them migrated to new?

Thanks

#3

26.1 Series / Re: link local address being a...

Last post by OzziGoblin - Today at 03:12:56 AM

I think I resolved this.  It appears to be because "Allow manual adjustment of DHCPv6 and Router Advertisements" wasn't selected on the interface and for some reason "Enable DHCPv6 server on LAN interface" was enabled on the DHCPv6 ISC setting for each interface.  

Name resolution is now working, but ping for ipv6 addresses is still erratic.

maybe this will help someone else.

#4

26.1 Series / Re: fixed rule window size

Last post by nero355 - Today at 02:53:07 AM

TBH, I was intrigued when I saw a comment from franco the other day that OPNsense supports mobile.  I never even imagined trying..

I have used it once to tell a couple of guys to "bugger off" in a friendly way when they started asking a very stupid question : "Now that you no longer have any UniFi Router how do you update it from your phone ?"

#FacePalm...

For some people it's like their webbrowser died the same day that they discovered stupid apps for every damn simple basic thing! LOL!



_{And the actual joke is that I have never used any kind of UniFi related app! ^_^}

#5

General Discussion / Re: Managing OPNsense upgrades...

Last post by nero355 - Today at 02:42:41 AM

A stateful Python upgrade script

As someone who hopes that the world will be 'Python Free' at some point _{(...and I don't mean the snake...)} I will kindly pass and even more so because a 'Machine Learning Chatbot' influenced the whole thing!

#6

General Discussion / Re: VLAN with Synology RT600AX...

Last post by nero355 - Today at 02:35:32 AM

Sorry, I'm too stupid to figure out how to quote you properly here.

No worries! :)

However, on opnsense, I allowed it to"advertise subnet routes"

I do believe this was the issue

I understand what you did now and indeed : That was the issue, because the Firewall Rules had no effect on it at all...

For instance, I read somewhere that with an Omada switch, you are sometimes required to completely reboot it for some changes to take effect.

I know that VERY OLD Revisions of the TP-Link 105E and 108E Switches had that issue, but that should be a thing of the past by now!

And also, I had the IoT VLAN configured with a "DHCP Server Device" active which I have now removed to make sure opnsense is in charge for anything DHCP related.

Yeah... that's something to keep in mind when playing around with a lot of stuff at the same time...

The VLAN now operates as "a pure Layer 2 switching network", according to Omada.

If you are using that Switch with the Omada Controller then you could have bought one of their Accesspoints too :)

Seriously though, there are many different settings at play, it's easy to mess something up for a beginner I suppose.

I am way over my head here, but I have learnt so much during my failed attempts.

I can honestly say you did well considering everything involved during this whole experience!

Good job! ;)

#7

26.1 Series / Re: fixed rule window size

Last post by OPNenthu - Today at 02:33:14 AM

It would be weird if the whole webGUI did not fit on your 2560x1440 and I am guessing 27 inch screen ?!

There is a bug with the grid's ability to resize regardless.

However my 24 inch 1920x1200 monitor struggles from time to time

As does my secondary monitor and my laptop even more so :P

TBH, I was intrigued when I saw a comment from franco the other day that OPNsense supports mobile.  I never even imagined trying...

#8

26.1 Series / link local address being assig...

Last post by OzziGoblin - Today at 02:31:22 AM

Hi everyone
 
I'm hoping someone else has encountered this and is able to tell me a solution.
 
I have recently upgraded to 26.1.3 and I'm not sure if this issue occurred before or not, but I am getting a Link local address assigned as a IPv6 gw entry on my internal network interfaces and the firewalls eui-64 address for DNS.
 
My config is as follows:

• I use Adguardhome for primary DNS on port 53
• Unbound for reverse lookups on port 53530
• fw rules & NAT force all DNS traffic to us internal DNS servers for name resolution as much as possible.
• I use ISC DHCP & v6 with router advertisements.
• No DNS entry is configured in router advertisements.
• WAN interface is set to DHCP
• internal interfaces are set to track the WAN interface with a prefix added for each unique interface.

 
The  DNS entry is a problem because Windows, if IPv6 is available, defaults to using it so reverse and forward lookups are failing and it eventually reverts to IPv4.  Nslookups fail as do pings to dns names.
 
AI suggests removing IPv6 completely as the solution, thing is, this used to work.
 
Is anyone aware of a fix for this or where I could be going wrong in my config?
 
thanks

#9

26.1 Series / Re: fixed rule window size

Last post by nero355 - Today at 02:22:27 AM

It looks like this topic applies to other parts of the webGUI too and at least one person found a nice workaround for it : https://forum.opnsense.org/index.php?msg=262103

Basically edit the CSS so the height is at least 2000 pixels :)

Awesome, thank you for this. I converted that Tampermonkey script into a Stylus User Style and it works nicely.

You are welcome!

But all kudos go to the guy who posted it in that topic IMHO ;)

I'm curious to know what browser engines and screen resolutions are common.

My main setup is Firefox and the primary display is 2560x1440.  I don't run any Chrome based browsers, so am not sure if you all are seeing the same as me.

Let's be honest :

It would be weird if the whole webGUI did not fit on your 2560x1440 and I am guessing 27 inch screen ?!


However my 24 inch 1920x1200 monitor struggles from time to time as can be seen in these screenshots that I took a while ago : https://forum.opnsense.org/index.php?topic=9245.msg259581#msg259581
I seriously had to ZOOM OUT (and A LOT too!) for some of them !! :'(



_{The reason I am mentioning the monitor size is the fact that these combinations probably don't need any kind of scaling for most people so everything is using 1:1 pixelmapping.}

#10

26.1 Series / Re: fixed rule window size

Last post by OPNenthu - Today at 12:31:32 AM

I'm curious to know what browser engines and screen resolutions are common.

My main setup is Firefox and the primary display is 2560x1440.  I don't run any Chrome based browsers, so am not sure if you all are seeing the same as me.

The issue I have is mostly with grid resizing and horizontal space.  I can get into a state where the grid columns overlap and obscure each other, requiring a horizontal scroll in addition to vertical.  All I need to do to get into this state is collapse the left-hand OPNsense menu, resize the grid, and then expand the menu again.  When the grid columns are obscured I cannot get them to correct themselves.

Pressing the grid reset button has no effect.  That's another issue- it only works sometimes.

The kicker is that (at least in Firefox) the horizontal scroll bar is barely visible and you don't really realize you have the option to scroll.  I only realized it by accident because my mouse has a horizontal scroll wheel that I activated.