Topics - hedberg

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - hedberg

Pages1

17.1 Legacy Series / 17.1 images will not boot

January 31, 2017, 10:21:44 PM

I would like to test 17.1 at a fairly new J1900 based machine with 4 intel nics.

This is the machine type:
https://www.amazon.co.uk/Celeron-Firewall-Fanless-Desktop-Computer-x/dp/B01IG5O95W

Tried both VGA versions from a USB stick and both CD-ROM versions with no success. Same machine booted one of the 16.7 versions just fine and I just installed a FreeBSD 11 on it to verify it wasnt the FreeBSD 11 that was at fault.

The CD-ROM load some small files and then dies. The USB version doesnt even boot.

Any ideas?

General Discussion / Default NTP server settings

January 21, 2017, 09:37:57 PM

Hi,

I just installed a secondary OpnSense the other day and noticed that the default NTP server in the installation was nl.pool.ntp.org.

The Pool NTP project requests vendors (also open source vendors) to create a vendor zone, so the default should be e.g. [0-3].opnsense.pool.ntp.org

http://www.pool.ntp.org/en/vendors.html#vendor-zone

There is no cost for Open Source projects.

Br,
Thomas

16.7 Legacy Series / 100.000+ NTP queries a second

January 04, 2017, 02:44:00 PM

I have purchased a new NTP server that is able to handle 100.000 NTP queries a second. It is going to be a part of the pool.ntp.org project and I expect quite a bit of load on it.

I was warned by the manufacturer that a lot of network equipment and firewalls might have problems handling 100.000+ requests a second or about 100Mbit traffic of very small packets. I assume it is because most modern firewalls have statefull inspection and it probably require a lot of memory to server that many small packets.

Currently I have OpnSense installed on VMware on an Atom 2750 based motherboard. It has 32GB of memory with 2GB allocated to OpnSense at the moment together with 2 of 8 cores. It has 4Gbit Intel interfaces and the internet connection is 500/500Mbit. For the ones who might be interested in the NTP server it is a LeoNTP.

Has anybody tried this on OpnSense with a similar hardware platform? I would be grateful for any suggestions or concerns you might have.

(This is installed in a private home, so there is nobody else being affected if the firewall can't cope with it).

General Discussion / Extending the whitelisting in proxy

August 07, 2016, 07:50:30 PM

Have you considered making the proxy's blacklist function more flexible, so one could "turn it on it's head" and forbid everything except categories that was checked/allowed - a whitelist.

EDIT: A shame that the whitetrash project (http://whitetrash.sourceforge.net) is abandoned. Looks interesting.

Pages1