"
I'm neither a security expert, nor a paranoid dabbler. So for me Sensei protection is optimal.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#272
Hardware and Performance / Re: APU2D4 very low throughput 1Gbit
May 26, 2021, 07:57:22 PM
See https://teklager.se/en/knowledge-base/opnsense-performance-optimization/
You have to edit /boot/loader.conf.local and also set up as parameters through the GUI.
E.g. my file is:
You have to edit /boot/loader.conf.local and also set up as parameters through the GUI.
E.g. my file is:
Code Select
#cpu_microcode_load="YES"
#cpu_microcode_name="/boot/firmware/intel-ucode.bin"
# agree with Intel license terms
amdtemp_load="YES"
ahci_load="YES"
aesni_load="YES"
if_igb_load="YES"
flowd_enable="YES"
flowd_aggregate_enable="YES"
legal.intel_igb.license_ack="1"
legal.intel_ipw.license_ack=1
legal.intel_iwi.license_ack=1
# this is the magic. If you don't set this, queues won't be utilized properly
# allow multiple processes for receive/transmit processing
hw.igb.rx_process_limit="-1"
hw.igb.tx_process_limit="-1"
# more settings to play with below. Not strictly necessary.
# force NIC to use 1 queue (don't do it on APU)
# hw.igb.num_queues=1
# give enough RAM to network buffers (default is usually OK)
#kern.ipc.nmbclusters="1000000"
net.pf.states_hashsize=2097152
#hw.igb.rxd=4096
#hw.igb.txd=4096
#net.inet.tcp.syncache.hashsize="1024"
#net.inet.tcp.syncache.bucketlimit="100"
#kern.smp.disabled=1
#hw.igb.0.fc=3
#hw.igb.1.fc=3
#hw.igb.2.fc=3
hw.igb.num_queues=0
#net.link.ifqmaxlen="8192"
hw.igb.enable_aim=1
#hw.igb.max_interrupt_rate="64000"
hw.igb.enable_msix=1
hw.pci.enable_msix=1
hw.igb.rx_process_limit="-1"
hw.igb.tx_process_limit="-1"
#net.inet.ip.maxfragpackets="0"
#net.inet.ip.maxfragsperpacket="0"
#dev.igb.0.eee_disabled="1"
#dev.igb.1.eee_disabled="1"
#dev.igb.2.eee_disabled="1"
vm.pmap.pti = 0
hw.ibrs_disable = 0
hint.p4tcc.0.disabled=1
hint.acpi_throttle.0.disabled=1
hint.acpi_perf.0.disabled=1
hint.p4tcc.1.disabled=1
hint.acpi_throttle.1.disabled=1
hint.acpi_perf.1.disabled=1
hint.p4tcc.2.disabled=1
hint.acpi_throttle.2.disabled=1
hint.acpi_perf.2.disabled=1
hint.p4tcc.3.disabled=1
hint.acpi_throttle.3.disabled=1
hint.acpi_perf.3.disabled=1
#273
Zenarmor (Sensei) / Re: Would Sensei be any good on my 550/100 Mbps home internet?
April 20, 2021, 04:24:40 PM
Well, I don't do Snort/Suricata since all my ports are closed and stealth by default.
#274
21.1 Legacy Series / Re: NTP stops working after a few minutes
April 12, 2021, 12:11:12 AM
NTP is an IPv6 lover. So, if you don't have a working IPv6 connection and you didn't disable IPv6, then it fails to work.
#275
Development and Code Review / FreeBSD 12.2-RELEASE-p6
April 06, 2021, 11:49:40 PM
Have you noticed, there has just been issued a patch for FreeBSD kernel and pf.ko?
https://www.freebsd.org/security/advisories/
https://www.freebsd.org/security/advisories/
#276
21.1 Legacy Series / Re: [HELP] OPNsense is not detecting 10GbE NICs
April 04, 2021, 10:27:36 PM
Compile the driver yourself. It's not that difficult.
#277
Zenarmor (Sensei) / Re: Would Sensei be any good on my 550/100 Mbps home internet?
April 03, 2021, 01:24:31 PM
I think it easily handles that speed. I have an 1 GHz processor and it handles around 300 Mbps (maybe 320) with Sensei in normal mode. I found that isn't enough for my 500 Mbps, so I connected two network cables from my modem/router to WAN and OPT1 and I made Sensei bridge OPT1 to LAN.
#278
Zenarmor (Sensei) / Re: Sensei any good for home?
April 01, 2021, 02:21:32 AM
You may use any DNS server you wish (yes, even DoT and DoH). Sensei does not care about which DNS server you use.
#279
21.1 Legacy Series / Re: WAN IPv6 can't be delegated and 'track interface' doesn't seem to work. Options?
March 23, 2021, 04:17:25 PM
Asus routers have an IPv6 configuration called Passthrough. Maybe Opnsense should get something like that.
Those also have an option called FLET'S IPv6 Service.
If you know Asuswrt Merlin, you may ask Merlin how to do it, he develops third-party firmwares for Asus routers.
Those also have an option called FLET'S IPv6 Service.
If you know Asuswrt Merlin, you may ask Merlin how to do it, he develops third-party firmwares for Asus routers.
#280
Zenarmor (Sensei) / Re: Speed (APU2)
March 20, 2021, 05:16:07 AM
Making progress: dropped the USB WiFi, changed the protected bridge to (WAN:igb2,LAN:igb1), i.e. OPT1 is the bridged WAN gateway for LAN. igb0 (normal WAN) remains main WAN gateway.
I no longer have control over APU2 through Ethernet, but Sensei can be stopped remotely (cloud) for performing maintenance tasks upon APU2.
I no longer have control over APU2 through Ethernet, but Sensei can be stopped remotely (cloud) for performing maintenance tasks upon APU2.
#281
Zenarmor (Sensei) / Re: Speed (APU2)
March 20, 2021, 02:39:28 AM
Attached USB WiFi device rsu0_wlan1 , made it a gateway (I have now 3 single gateways on my APU2), edited /etc/wpa_supplicant.conf so that it directly connects to the WiFi of my modem/router, made a script to start wpa_supplicant in daemon mode and give rsu0_wlan1 a fixed IP from the range of my modem/router, started Sensei service, and it works.
The WiFi gateway shows as defunct (upstream), but it does not matter, it works!
Script is:
The WiFi gateway shows as defunct (upstream), but it does not matter, it works!
Script is:
Code Select
#!/bin/sh
wpa_supplicant -B -i rsu0_wlan1 -c /etc/wpa_supplicant.conf
sleep 15
ifconfig rsu0_wlan1 192.168.180.2 255.255.255.0 192.168.180.1
#282
Zenarmor (Sensei) / Re: Speed (APU2)
March 20, 2021, 12:05:02 AM
https://sunnyvalley.cloud/firewalls/ shows "Node not connected".
#283
Zenarmor (Sensei) / Re: Speed (APU2)
March 19, 2021, 10:48:04 PM
Made OPT1 a gateway, so I restored internet access. But after starting Sensei in bridged mode I can no longer access APU2.
#284
Zenarmor (Sensei) / Re: Speed (APU2)
March 19, 2021, 07:50:51 PM
So, my APU2 seems no longer working without Sensei in bridge mode.
I tried everything, including restoring older config files.
And the APU2 no longer connects to the internet, not even for updating Sensei.
I tried everything, including restoring older config files.
And the APU2 no longer connects to the internet, not even for updating Sensei.
#285
Zenarmor (Sensei) / Speed (APU2)
March 18, 2021, 08:25:39 AM
In the hosted mode, I got about 300 Mbps download speed with Sensei enabled, on an APU2C4.
I switched to bridged mode and I get 518 Mbps download speed (my connection is 500 Mbps nominally, so I cannot test higher speeds).
I switched to bridged mode and I get 518 Mbps download speed (my connection is 500 Mbps nominally, so I cannot test higher speeds).
