/usr/local/etc/bogonsv6 too big

[phoenix]

Hmm, and do you set "block bogons" anywhere in your interfaces?

Also in your system log do you see "Not saving IPv6 bogons table (IPv6 Allow is off and table-entries limit is potentially too low" ?

Franco

Just an update on this. I'd set-up a test server on a separate VM. It's a clean install of 18.1and "Block bogon networks" is enabled on the WAN link but the file hasn't been updated:

Code: [Select]

ll /usr/local/etc/bogonsv6
860 Feb  1 11:58 /usr/local/etc/bogonsv6There's nothing in the logs until I do the update and the file updates correctly.

[franco]

Hmmm, okay. Let's leave it as is then.


Cheers,
Franco

[cardins2u]

I'm getting this same errors .

anyone found a fix yet?

@franco

[franco]

It doesn't appear to be a real bug. The bogons size seems to fluctuate via http://www.team-cymru.org/Services/Bogons and that's causing this long known issue in the state table where IPv6 is said to be too large, but up until now we never observed it in OPNsense.

Here's a recent pfSense ticket observing / addressing the same:

https://redmine.pfsense.org/issues/8417

I'm not sure what the best approach is for us yet.


Cheers,
Franco

[marjohn56]

Is it not just a case of increasing the maximum table entries?

I have never seen this issue, but one of the first things I needed to do when setting up Opnsense was to increase the max table entries.

[Reiter der OPNsense]

I agree with marjohn56. In my opinion this is not a bug, but you shouldn't just ignore it. The bogonsv6 seems to be simply too big and will probably not be processed correctly. I got this error message during my IPv6 experiments on two boxes. The obvious thing would be to increase the corresponding standard value from 200,000 to a reasonable size. In my case, the value of 500,000 makes the error message disappear.

[NOYB]

Not setting the maximum table entries to an appropriate size when bogons v6 is enabled is a bug in my opinion.  Whether or not some other product does is irrelevant.

Been running maximum table entries at 1,000,000 "forever" precisely for this reason.  But it should be set to an appropriate size automatically when/if bogons v6 is enabled.

[marjohn56]

I go with NOYB, 200K for V4 only and bounce it to 500K if bogons v6 is enabled.

I also run 1,000,000 as it happens but then my proc can cope with it. I have a feeling I was running 500K when I used an APU2.

@Franco - would you be happy with that?

I'm happy to look at doing a PR for it if no-one else wants to.

[elektroinside]

It's not a bug, it's a feature It's just missing, so the actual bug would be that it is missing this feature

[franco]

Bug or feature, all contributions are welcome

...or try this then...

https://github.com/opnsense/core/commit/fc0c66e8
https://github.com/opnsense/core/commit/5dd172e


Cheers,
Franco

[marjohn56]

Nice one...

[elektroinside]

There you go, this is what i call support
Thank you Franco!