Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Problems w/23.1_6 Upgrade including IPv6 - Maybe a Zenarmor Issue?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Problems w/23.1_6 Upgrade including IPv6 - Maybe a Zenarmor Issue? (Read 1903 times)
Bluewind
Newbie
Posts: 8
Karma: 5
Problems w/23.1_6 Upgrade including IPv6 - Maybe a Zenarmor Issue?
«
on:
February 04, 2023, 04:44:41 am »
A few days ago I upgraded to 23.1 from 22.7.11. The upgrade worked fine. Nothing to report.
Tonight I upgraded to 23.1_6 and my system is a mess. Opening a Internet page takes 20-30 seconds.
Here are some observations:
1) Like others running IPv6, I am having WAN issues. In the dashboard, looking at the WAN interface. Like others I see a cycling of horizontal green arrows on the WAN interface, turning red. After a few seconds, they turn green again. I have never seen this this previously.
2) I have a powerful PC running in my house. With previous releases memory usage rarely was over 40-50%. Now memory usage is constantly at 87-88%. It never goes below that.
3) With no connections running, the CPU cycles from 1% to 20% and back to 1% and so on.
4) Going from one page in the GUI used to take a second, maybe two. Now it takes 15 seconds.
5) Saving a configuration changes used to take less than 5 seconds, now over one minute.
6) The thermal sensors were always in the red. Previously they sometimes were in the red.
My system is standard. Only packages are UPNP and Zenarmor.
I checked that Zenarmor was updated and it was.
When troubleshooting, it seems to work best when the system is as close to OEM as possible (no extra packages). I removed Zenarmor, rebooted, and everything listed in 1-6 above is now working fine.
When I have a chance I will reinstall Zenarmor to see if the issues return.
Logged
berguzi
Newbie
Posts: 5
Karma: 0
Re: Problems w/23.1_6 Upgrade including IPv6 - Maybe a Zenarmor Issue?
«
Reply #1 on:
February 04, 2023, 03:10:44 pm »
I have the same issue. As long as Zenarmor is not running in Passive Mode, I do not get IPv6 connectivity for clients behind OPNsense. Only firewall itself is able to use IPv6. As soon as Zenarmor is running in Passive Mode, IPv6 works as expected. I'll try to get some more details later and add it to this thread.
Logged
berguzi
Newbie
Posts: 5
Karma: 0
Re: Problems w/23.1_6 Upgrade including IPv6 - Maybe a Zenarmor Issue?
«
Reply #2 on:
February 04, 2023, 05:25:46 pm »
Update:
I did some tests by pinging around and capturing it using tcpdump:
- Ping from firewall to VPS: OK, I can see ICMPv6 echo-request/-reply on VPS and firewall.
- Ping from client behind firewall to VPS: I can see ICMPv6 echo-request arriving on VPS and I can see an ICMPv6 echo-reply going out from VPS. Nothing arrives on firewall on WAN from VPS.
As soon as Zenarmor is disabled or running in passive mode, pinging from behind firewall works fine.
Logged
sy
Hero Member
Posts: 595
Karma: 44
Re: Problems w/23.1_6 Upgrade including IPv6 - Maybe a Zenarmor Issue?
«
Reply #3 on:
February 14, 2023, 12:50:31 pm »
Hi,
It could be a netmap issue. What if you try in bypass mode (Status - Services - Zenarmor Packet Engine - Enter Bypass Mode)?
Logged
berguzi
Newbie
Posts: 5
Karma: 0
Re: Problems w/23.1_6 Upgrade including IPv6 - Maybe a Zenarmor Issue?
«
Reply #4 on:
February 14, 2023, 01:45:29 pm »
Hi Sy
Same behaviour like before. OPNsense is able to ping devices on the internet, clients behind OPNsense are not. Unfortunately IPv6 isn't working again after switching back to previous settings, I think I have to reboot OPNsense (which will be done at 23:59
)
Logged
berguzi
Newbie
Posts: 5
Karma: 0
Re: Problems w/23.1_6 Upgrade including IPv6 - Maybe a Zenarmor Issue?
«
Reply #5 on:
February 14, 2023, 03:49:05 pm »
I was able to already do a reboot. No matter what I do, since i switched to bypass mode and back, IPv6 wont work anymore.
Logged
milkywaygoodfellas
Newbie
Posts: 49
Karma: 4
Re: Problems w/23.1_6 Upgrade including IPv6 - Maybe a Zenarmor Issue?
«
Reply #6 on:
February 15, 2023, 05:01:28 am »
Similar issue here. As long as Zenarmor is not in bypass mode, I fail any IPv6 tests I try to do. As soon as I enable bypass mode, the issue goes away. Tested multiple times.
Logged
abraxxa
Jr. Member
Posts: 67
Karma: 7
Re: Problems w/23.1_6 Upgrade including IPv6 - Maybe a Zenarmor Issue?
«
Reply #7 on:
February 15, 2023, 11:50:27 am »
I have the same problem on 22.7.11_1.
Logged
abraxxa
Jr. Member
Posts: 67
Karma: 7
Re: Problems w/23.1_6 Upgrade including IPv6 - Maybe a Zenarmor Issue?
«
Reply #8 on:
February 15, 2023, 11:51:58 am »
I've switched from the native netmap driver to the emulated one which fixed the problem.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
Problems w/23.1_6 Upgrade including IPv6 - Maybe a Zenarmor Issue?