"Recent posts
#21
25.7, 25.10 Series / Re: Erratic behaviour of bundl...
Last post by poplin - January 12, 2026, 04:23:59 PMQuote from: Slashing on January 12, 2026, 05:56:38 AMFor drill, the order of arguments is important...
Thanks for the remark!. That changes a bit the outcome. First, unbound is giving NOERROR all time now.
Code Select
# drill -p 53053 fr.app.lgwebostv.com @127.0.0.1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 3608
But still dnsmasq is giving NXDOMAIN
Code Select
# drill -p 53 fr.app.lgwebostv.com @127.0.0.1
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 3319
until it is restarted...
Code Select
# drill -p 53 fr.app.lgwebostv.com @127.0.0.1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 48568
but after 15 min again NXDOMAIN
Code Select
# drill -p 53 fr.app.lgwebostv.com @127.0.0.1
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 18322
All in all it makes more sense now, and clarifies a bit better the underlying problem: after 15 min dnsmasq stops forwarding the address to unbound.
#22
German - Deutsch / Hardware Suche N150 mit Intel ...
Last post by carepack - January 12, 2026, 04:15:24 PMHi,
ich bin auf der Suche nach neuer Hardware. Ich möchte mir einen dieser kleinen Mini-China-PCs holen mit dem N150 und Dual-Lan. Soweit passt auch alles, nur leider bekommt man so gut wie nicht raus, welcher Chipsatz für die Netzwerkkarten verwendet wird. Habe jetzt schon zwei Stück bei Amazon testweise bestellt und beide hatten einen Realtek Chip.
Daher die Frage, ob jemand einen dieser N150 Mini-PCs in Verwendung hat und mir empfehlen kann, allerdings mit Intel Netzwerkchip?
Die Dinger findet man zu Hauf bei Amazon, oft auch mit Dual-Lan, nur den Chipsatz gibt keiner an...
Vielen Dank vorab und beste Grüße
ich bin auf der Suche nach neuer Hardware. Ich möchte mir einen dieser kleinen Mini-China-PCs holen mit dem N150 und Dual-Lan. Soweit passt auch alles, nur leider bekommt man so gut wie nicht raus, welcher Chipsatz für die Netzwerkkarten verwendet wird. Habe jetzt schon zwei Stück bei Amazon testweise bestellt und beide hatten einen Realtek Chip.
Daher die Frage, ob jemand einen dieser N150 Mini-PCs in Verwendung hat und mir empfehlen kann, allerdings mit Intel Netzwerkchip?
Die Dinger findet man zu Hauf bei Amazon, oft auch mit Dual-Lan, nur den Chipsatz gibt keiner an...
Vielen Dank vorab und beste Grüße
#23
25.7, 25.10 Series / Re: FRR loads with wrong metri...
Last post by Monviech (Cedrik) - January 12, 2026, 03:53:25 PM #24
25.7, 25.10 Series / Re: FRR loads with wrong metri...
Last post by alfrisch - January 12, 2026, 03:37:47 PMOK great, I just added it to the restart event and mentioned so in the PR
#25
High availability / Re: CARP OS-FRR timeout after ...
Last post by rkam - January 12, 2026, 02:49:16 PMOkay, I understand.
I need to find a time slot where I can downgrade to 24.7.12. and after this step by step to the higher ver.
Unfortunately, some changes have already been made to the configuration, as changes were also made to the remote site.
I'll get back to you with more information;
I need to find a time slot where I can downgrade to 24.7.12. and after this step by step to the higher ver.
Unfortunately, some changes have already been made to the configuration, as changes were also made to the remote site.
I'll get back to you with more information;
#26
High availability / Re: CARP OS-FRR timeout after ...
Last post by Monviech (Cedrik) - January 12, 2026, 02:00:42 PMCan you be precise with this:
24.7.12 to 25.7.10, there are two major upgrades here (24.7 -> 25.1 -> 25.7).
If that is really true, its very hard to find the exact version where it stopped to work.
To bisect this, you can do incremental updates by going to:
- "System - Firmware - Settings"
- enable "advanced mode"
- Flavour "(custom)"
Here slowly increment the versions.
25.1/MINT/25.1.1/latest
25.1/MINT/25.1.2/latest
...
You don't need every minor upgrade, just try to bisect where it happens, that would help a lot.
24.7.12 to 25.7.10, there are two major upgrades here (24.7 -> 25.1 -> 25.7).
If that is really true, its very hard to find the exact version where it stopped to work.
To bisect this, you can do incremental updates by going to:
- "System - Firmware - Settings"
- enable "advanced mode"
- Flavour "(custom)"
Code Select
25.7/MINT/25.7.x/latestHere slowly increment the versions.
25.1/MINT/25.1.1/latest
25.1/MINT/25.1.2/latest
...
You don't need every minor upgrade, just try to bisect where it happens, that would help a lot.
#27
German - Deutsch / Re: VoIP mit enviaTel ohne Fri...
Last post by Hunter - January 12, 2026, 01:33:52 PMDas Problem bei enviaTel ist für mich, dass der SIP-Server nur im SIP-VLAN133 sichtbar und erreichbar ist. Nicht im "normalen" WAN-Internet. Nun habe ich mir schon eine Regel gebastelt, die den VLAN20( interne Snoms )-Verkehr den Gateway des vlan133 nutzt. Aber irgendwie will es nicht. Ich muss mein internes VLAN20 also mit dem externen VLAN133 verbinden. Oder eben ohne internen DHCP auf VLAN20 dieses einfach mit dem VLAN133 verbinden. Da bekommt das SNOM zwar eine 172.x.x.x-Adresse aus dem Provider-VLAN, registriert sich aber trotzdem nicht. Und mir fehlt die Sachkenntnis, wieso das so ist.
#28
High availability / Re: CARP OS-FRR timeout after ...
Last post by rkam - January 12, 2026, 01:31:10 PMWireguard and OPNVPN Legacy Depend on CARP activated also OS-FRR
more Facts :
( pairs : Master:Slave )
Tested on various devices with CARP same behavior
1 pair : without activate frr Failover okay .
ipsec side to side tunnel
OPNVPN Legacy Side to Side Client
Wireguard Site to Side tunnel
1 pair : activate only frr Failover time out .
ipsec side to side tunnel : no time out
OPNVPN Legacy Side to Side Client : timeout
Wireguard Site to Side tunnel : timeout
In OPNVPN Legacy, it's very clear that when there's a connection status, all information about the tunnels is missing.
after the time out ( File "/usr/local/sbin/configctl", line 65, in exec_config_cmd line = sock.recv(65536).decode() ^^^^^^^^^^^^^^^^ TimeoutError: timed out)
Then you can see the information and you can also ping the remote
Wireguard Status after 2 min you can ping the remote
** 2 pair **
2 pair : without activate frr Failover okay .
ipsec side to side tunnel
OPNVPN Instance Server Side to Side TAP Brige L2 (move for test the tunnel from leagcy to Instance / see comment below ****** )
Wireguard Site to Side tunnel
2 pair : activate only frr Failover time out .
ipsec side to side tunnel: no time out
OPNVPN Instance Server Side to Side TAP Brige L2 time out (move for test the tunnel from leagcy to Instance )
Wireguard Site to Side tunnel time out
same error in the logs : ( File "/usr/local/sbin/configctl", line 65, in exec_config_cmd line = sock.recv(65536).decode() ^^^^^^^^^^^^^^^^ TimeoutError: timed out)
I have the problem with 16 Pairs ( Master:Slave ) ; I have performed a rollback to 24.7.12 for all, but 2 pairs for further investigation runs 25.7.10.
*******
OPNVPN Instance TAP L2 brige (without FRR)
After switching the OPVN tunnel (server) from legacy to instance TAP L2 with interface and bridge, the failover only works partially. After switching to slave, no connection is established, even after a longer waiting time. It's not possible to connect to the deactivated master, but if you kill it on the master, you can see that the client reconnects to the slave. Even when the master is activated, this doesn't always work immediately.
In Legacy runs without any trouble
*********
more Facts :
( pairs : Master:Slave )
Tested on various devices with CARP same behavior
1 pair : without activate frr Failover okay .
ipsec side to side tunnel
OPNVPN Legacy Side to Side Client
Wireguard Site to Side tunnel
1 pair : activate only frr Failover time out .
ipsec side to side tunnel : no time out
OPNVPN Legacy Side to Side Client : timeout
Wireguard Site to Side tunnel : timeout
In OPNVPN Legacy, it's very clear that when there's a connection status, all information about the tunnels is missing.
after the time out ( File "/usr/local/sbin/configctl", line 65, in exec_config_cmd line = sock.recv(65536).decode() ^^^^^^^^^^^^^^^^ TimeoutError: timed out)
Then you can see the information and you can also ping the remote
Wireguard Status after 2 min you can ping the remote
** 2 pair **
2 pair : without activate frr Failover okay .
ipsec side to side tunnel
OPNVPN Instance Server Side to Side TAP Brige L2 (move for test the tunnel from leagcy to Instance / see comment below ****** )
Wireguard Site to Side tunnel
2 pair : activate only frr Failover time out .
ipsec side to side tunnel: no time out
OPNVPN Instance Server Side to Side TAP Brige L2 time out (move for test the tunnel from leagcy to Instance )
Wireguard Site to Side tunnel time out
same error in the logs : ( File "/usr/local/sbin/configctl", line 65, in exec_config_cmd line = sock.recv(65536).decode() ^^^^^^^^^^^^^^^^ TimeoutError: timed out)
I have the problem with 16 Pairs ( Master:Slave ) ; I have performed a rollback to 24.7.12 for all, but 2 pairs for further investigation runs 25.7.10.
*******
OPNVPN Instance TAP L2 brige (without FRR)
After switching the OPVN tunnel (server) from legacy to instance TAP L2 with interface and bridge, the failover only works partially. After switching to slave, no connection is established, even after a longer waiting time. It's not possible to connect to the deactivated master, but if you kill it on the master, you can see that the client reconnects to the slave. Even when the master is activated, this doesn't always work immediately.
In Legacy runs without any trouble
*********
#29
German - Deutsch / Re: VoIP mit enviaTel ohne Fri...
Last post by Tuxtom007 - January 12, 2026, 12:28:44 PMQuote from: Hunter on January 11, 2026, 08:50:07 PMIch habe ein Snom Tischtelefon ( D865 ) und eine Snom M900 DECT-Basis mit zwei Snom M85.Kann man zwei VoIP-Telefone direkt beim Provider anmelden, ich weis es nicht und habs nie probiert.
Bei ist es nun seit kurzen ( Vodafone-Kabel mit SIP ), ich hab ein SNOM-Telefon in ein extra VLAN gepackt, das bekommt DHCP usw. von der OPNSense, allerdings hab ich den DNS für das VLAN auf den von Vodafone gesetzt.
- Aliase angelegt für die SIP-Ports und IP-Adresse des Telefon bzw. jetzt eine Fritzbox
- Ports 5060, 7070-7109, 6078-6079 ( können bei anderen SIP-Providern anders sein )
- Firewall-Rule im VLAN erlaubt die Ports zum Internet
- outbound NAT-Regel IP der Telefone mit UDP zum Internet mit "Static Port"
vielleicht geht es noch einfacher ( Tips gerne willkommen ), aber das funktioniert bei mir und hab ich mir auch im Netz zusammen gesucht.
#30
High availability / Re: CARP OS-FRR timeout after ...
Last post by Monviech (Cedrik) - January 12, 2026, 11:46:03 AMWhat would be a minimum configuration to reproduce?
os-frr enabled? with or without the Carp Failover activated?
At least one wireguard tunnel? Also with Depend on CARP activated?
Then the symptom is that the wireguard tunnel takes 2 minutes to failover?
os-frr enabled? with or without the Carp Failover activated?
At least one wireguard tunnel? Also with Depend on CARP activated?
Then the symptom is that the wireguard tunnel takes 2 minutes to failover?
