Messages

Reporting - Netflow oder so ähnlich (aus dem Kopf).

Make sure to create the mandatory FreeBSD GPT partition structure and use partitions of type freebsd-zfs. Also you will need to copy the boot loader to the new drives. Simply replacing one part of the mirror with an entire raw disk, and then the second part, will lead to an unbootable system.

Easiest way but with more downtime:

- create a configuration export/backup
- shutdown system, change both SSDs
- boot from USB and perform a fresh installation
- if you pick both SSDs in the installer it will create a mirrored setup automatically
- perform config restore

Done.

Ich bin recht zufrieden mit Netflow und Elastiflow. Netflow ist ein Format von Cisco, mit dem ein Router (oder eine Firewall) Verbindungsdaten exportieren kann. In OPNsense ist das eingebaut. Man kann eingeschränkt die Visualisierung der Daten auch direkt auf der OPNsense und dann im Web UI laufen lassen, davon würde ich aber abraten. Netflow schreibt einfach verdammt viel. Man erzeugt mit dem Collector (das ist das Teil, wo die Daten zur Auswertung landen) extrem viel Last und schreibt sich unter Umständen seine SSD kaputt - je nach Hardware.

Besser ist m.E. nur den Exporter (das Teil, das die Daten generiert) auf der OPNsense zu aktivieren und die Daten an ein externes System wie Elastiflow zu schicken.

Elastiflow ist für kleine Installationen kostenlos. Man muss die Lizenz einmal im Jahr erneuern, aber es kostet halt nichts. Die möchten nur wissen, wer den Kram benutzt. "Klein" bedeutet bis zu 4000 Flows (Verbindungen) pro Sekunde. Das schafft nicht mal ein kleiner Hoster wie wir.

Du brauchst eine Linux-Maschine oder VM mit mindestens 16 GB RAM und idealerweise 4 Kernen für die Software.

https://www.elastiflow.com

Click on the tiny + first.

EDIT: One other suspicion I have is that my ISP may have changed something else. The WAN interface IP I have on opnsense is in the range 100.xx.xx.xx/18 but the response from `curl ifconfig.me` shows an IP in the range 178.xx.xx.xx. I'm not sure if this indicates that they've added some layer of CG-NAT to my connection?

It does. You do not have a publicly reachable IPv4 address, anymore.

Something with the fact that you have two additional repos configured. I would try to disable mimugmail and sunnyvalley, retry the update, then re-enable.

If you are using only AGH from Michael's community repo he's got a dedicated one with only that package.

FreeBSD pkg does not play well with multiple repositories and different package versions/dependencies. Then neither does apt, so 🤷�♂️

I am going to try them in AdGuard Home because blocklist management and logging in AGH is great, so why not.

RIPE recommends to give every residential line, even for consumers, a /48. 🙄

A /56 is fine for most, though.

I don't get it. It's not like IPv6 addresses were scarce ...

If you follow the official documentation for creating a LAN bridge, specifically step six, that will fix your problem.

https://docs.opnsense.org/manual/how-tos/lan_bridge.html

Did you set the two mandatory tunables as documented?

In other words if you reliably (because the contract says so) get a static prefix from your ISP, then configure your WAN with DHCPv6 but forget all "track" and similar crap on your internal interfaces and use static configuration throughout. Then Kea can - also by static configuration - perform PD to downstream clients.

Es ist 2026. Ich gehe schlicht davon aus, dass ein FreeBSD-System mit ZFS läuft. Auch OPNsense.

There isnt much time spent with dnsmasq anymore it has been stable and quiet since a while now. So all efforts can go back to KEA to somehow improve it more.

That's great! Thanks!

Also kind of expected you to be an UBPorts Ubuntu Touch or Jolla SailFish user considering your standpoints on privacy ?!

FreeBSD on servers, Mac OS on the desktop.

I feel like AdGuard is a total Pi-Hole ripoff and do not like pretty much everything about it.

I love the UI. I love that it's written in Golang. I love that there is an official FreeBSD port (because the FreeBSD ports framework has good tooling for Go applications). I love the paid (but cheap) mobile IOS app. Performance and reliability - no complaints whatsoever.

Me do me - you do you 🙂