"Recent posts
#1
German - Deutsch / Re: 'Migration Assistant ' der...
Last post by iani - Today at 01:42:54 PMIch hoffe, es ist kein Problem, wenn ich mich hier mal anhänge.
Ich habe ebenfalls die Migration durchgeführt und es sieht soweit auch alles gut aus. Allerdings frage ich mich, was mit den automatisch generierten Regeln passiert. Die waren in der .csv Datei nicht enthalten und sie tauchen auch nicht in Rules[new] auf. Wenn ich den Assistenten jetzt die alten Regeln löschen lasse, sind die automatisch generierten doch wahrscheinlich auch weg oder?
Ich habe ebenfalls die Migration durchgeführt und es sieht soweit auch alles gut aus. Allerdings frage ich mich, was mit den automatisch generierten Regeln passiert. Die waren in der .csv Datei nicht enthalten und sie tauchen auch nicht in Rules[new] auf. Wenn ich den Assistenten jetzt die alten Regeln löschen lasse, sind die automatisch generierten doch wahrscheinlich auch weg oder?
#2
26.1 Series / Re: FW live view not working r...
Last post by tuto2 - Today at 01:40:27 PMHi,
I seem to have missed that regex was allowed in the old page. https://github.com/opnsense/core/commit/41664263de3f4fe211d0e7af9d0a471c300ceb21 Should address this.
# opnsense-patch 4166426
Cheers,
Stephan
I seem to have missed that regex was allowed in the old page. https://github.com/opnsense/core/commit/41664263de3f4fe211d0e7af9d0a471c300ceb21 Should address this.
# opnsense-patch 4166426
Cheers,
Stephan
#3
General Discussion / Re: Need help understand NPTv6
Last post by wallaby501 - Today at 01:03:15 PMHonestly, thank you for the "rubber ducking" because the more I think about it I just need a NAT port forward more than likely. I guess I just had a blind spot thinking "NAT=IPv4" and glanced over it thinking NPTv6 was where I needed to go.
I'll have to see when I stand up this new cluster and test and update this thread. Thanks for the help!
I'll have to see when I stand up this new cluster and test and update this thread. Thanks for the help!
#4
26.1 Series / Re: MiniUPNPD
Last post by franco - Today at 12:57:01 PMThe errors in the log are one thing and I encourage everyone to research them and report them upstream.
The key question for us is if the service is working or not.
Cheers,
Franco
The key question for us is if the service is working or not.
Cheers,
Franco
#5
26.1 Series / Re: FW live view not working r...
Last post by franco - Today at 12:55:40 PMHi,
Thanks for the report! I think this is only an intermediate fix:
https://github.com/opnsense/core/commit/92e0d5a96fbe
I asked my colleague to comment on the "443|80|22|23|25" regex use. Haven't seen this before.
Cheers,
Franco
Thanks for the report! I think this is only an intermediate fix:
https://github.com/opnsense/core/commit/92e0d5a96fbe
I asked my colleague to comment on the "443|80|22|23|25" regex use. Haven't seen this before.
Cheers,
Franco
#6
26.1 Series / Re: lots of empty space in new...
Last post by bimbar - Today at 11:09:15 AMThis is not really only a problem in the firewall ui, many of the views, for example ipsec logs, leave too little space for what you actually want to see while having quite a bit of free space around them.
#7
26.1 Series / Re: CALL FOR TESTING: Multi-dh...
Last post by franco - Today at 10:54:59 AM@jrichey98
> The default was DNSMasq, I couldn't get router advertisements to work or see leases (though ipv4 was working, ipv6 was not), so I switched over to KEA / RA. DHCPv4/6 are working well and assigning leases and RA daemon is configured as Managed (A+O) and working great. I get a warning that I should be using a /64 it doesn't seem to effect anything.
I haven't heard this before but good to know. Don't know what is wrong though. Need to keep this under observation.
I'm also unsure why your WAN DHCPv6 seems to misbehave in the standard case. This patch is only designed to allow to manage associations per interface in a fine-grained fashion.
@Maurice
Thanks! Exactly why we're here testing.
I have to say this is somewhat expected against the same DHCPv6 server at the price of yielding full control of the associations to the user. It's difficult to support both at the same time. The indexing code is a bit whacky in general:
https://github.com/opnsense/core/blob/10c4d20dbc009ca73e201c80e4bb2f043b9416f4/src/etc/inc/interfaces.inc#L2920-L2940
IMO this isn't rooted in any type of reality -- it just tries to unbreak what you describe in a crude way and there is no (elegant) way to prevent overlap in manual settings if we keep doing this.
NA has that same issue now I guess. Also fixable with an additional setting.
Would it help if we split the DUID like VyOS does? :>
https://github.com/vyos/vyos-build/blob/current/scripts/package-build/wide-dhcpv6/patches/wide-dhcpv6/0023-dhcpc6-support-per-interface-client-DUIDs.patch
Because that was on my wishlist...
Cheers,
Franco
> The default was DNSMasq, I couldn't get router advertisements to work or see leases (though ipv4 was working, ipv6 was not), so I switched over to KEA / RA. DHCPv4/6 are working well and assigning leases and RA daemon is configured as Managed (A+O) and working great. I get a warning that I should be using a /64 it doesn't seem to effect anything.
I haven't heard this before but good to know. Don't know what is wrong though. Need to keep this under observation.
I'm also unsure why your WAN DHCPv6 seems to misbehave in the standard case. This patch is only designed to allow to manage associations per interface in a fine-grained fashion.
@Maurice
Thanks! Exactly why we're here testing.
I have to say this is somewhat expected against the same DHCPv6 server at the price of yielding full control of the associations to the user. It's difficult to support both at the same time. The indexing code is a bit whacky in general:
https://github.com/opnsense/core/blob/10c4d20dbc009ca73e201c80e4bb2f043b9416f4/src/etc/inc/interfaces.inc#L2920-L2940
IMO this isn't rooted in any type of reality -- it just tries to unbreak what you describe in a crude way and there is no (elegant) way to prevent overlap in manual settings if we keep doing this.
NA has that same issue now I guess. Also fixable with an additional setting.
Would it help if we split the DUID like VyOS does? :>
https://github.com/vyos/vyos-build/blob/current/scripts/package-build/wide-dhcpv6/patches/wide-dhcpv6/0023-dhcpc6-support-per-interface-client-DUIDs.patch
Because that was on my wishlist...
Cheers,
Franco
#8
German - Deutsch / Re: Einstellung gesucht
Last post by Patrick M. Hausen - Today at 10:43:46 AMDas würde aber schon fortgeschrittenes Glaskugeln erfordern, sorry. Wenn alles funktioniert, hast du wohl nichts vergessen.
#9
26.1 Series / FW live view not working regex
Last post by bman - Today at 09:58:39 AMHi team,
some time ago (probably on 25.x) I've noticed that my saved live view filters do not work. Just waited some time that maybe get fixed.
Found out that interfaces changed, ex. DMZ now vlan02 etc. So fixed this, but regular expression filters does not work anymore.
The syntax looks same in config, but not working.
I see the error in backend log:
Script action stderr returned "b"/usr/local/opnsense/scripts/filter/read_log.py:101: SyntaxWarning: invalid escape sequence '\\['\n if re.search('filterlog\\[\\d*\\]:', record['line']):""
Example I used:
- filter interface, action and more ports with contain operator:
dstport~443|80|22|23|25
This now does not work. Is that an issue or was there some plan to remove regex from live view?
thx
some time ago (probably on 25.x) I've noticed that my saved live view filters do not work. Just waited some time that maybe get fixed.
Found out that interfaces changed, ex. DMZ now vlan02 etc. So fixed this, but regular expression filters does not work anymore.
The syntax looks same in config, but not working.
I see the error in backend log:
Script action stderr returned "b"/usr/local/opnsense/scripts/filter/read_log.py:101: SyntaxWarning: invalid escape sequence '\\['\n if re.search('filterlog\\[\\d*\\]:', record['line']):""
Example I used:
- filter interface, action and more ports with contain operator:
dstport~443|80|22|23|25
This now does not work. Is that an issue or was there some plan to remove regex from live view?
thx
#10
German - Deutsch / Re: Einstellung gesucht
Last post by Egon4 - Today at 09:50:43 AMIch habe in den letzten Tagen einige Änderungen gemacht und das Gefühl, was vergessen zu haben.
Ich wollte die Einstellungen noch einmal kontrollieren.
Ich wollte die Einstellungen noch einmal kontrollieren.
