Messages

To check if Ports are not disabled they are actually on the PCIe lines, check the input from Beck

Thx for that. I checked it and to my knowledge the settings are as described. Doesn't make a difference though.

Jumpers inside the case to turn them on/off? Is there a BIOS that you can flash, even if the same version?

Also thank you for that. While you might be correct, I won't spend that much time, given that there's not even some technicals docs for the device. I'll return it, and will use an external modem for now.

Thank you all.

Thx both  :)

As new mentioned check the dmesg, if those NIC are recognized and visible during bootup

I would advice to not only reset the BIOS but to actually inspect what is set in BIOS. The NICs can be by default disabled in BIOS you have to check it out.

they aren't visible during bootup.

I've spent some time to understand the BIOS but didn't find anything that read like "disable NICs here". Tried a few options but no avail:

If NIC are turned on in BIOS but OPNsense does not recognize them, try to boot up a liveusb of any linux distro and see if they are there.

If the above is done and verified and they wont show, its possible those NICs are cooked.

In fact that's what I did. Apart from the fresh install of OpnSense 24.7 I also tried a FreeBSD 14 live image as well as a current Manjaro Linux. No traces of those NICs whatsoever.

I need to get in contact with the seller.

Regards

Christian

I'm trying to install OpnSense on a new mini PC.

https://www.aliexpress.com/item/1005007278560105.html

During startup, only the SFP+ ports are detected. The RJ45 ports aren't even activated. I already reset the BIOS to defaults and am certainly running a fresh install, but no avail.

EDIT Running "pciconf -lcbv" lists two 82599ES 10Gb devices but nothing else.

I'd like to use the SFP and RJ45 ports in parallel. Is that even possible? What am I missing?

Regards

Christian

Thank you both. The picopc is nice, but I don't need Wifi. The protectli hardware is nice but pricey. I'm currently running OpnSense on a barebone pc that has exactly the same specs as the Protectli F4W, at a third the price.

Checking eg aliexpress, I see this: https://de.aliexpress.com/item/1005007278560105.html

Two SFP 10g slots, two 2.5Gb ethernet ports. Under 280 EUR with enough RAM and storage to run OpnSense. I assume that's one way to go. Or, doers anybody see any other options to evaluate? Regards

Christian

Hi, I'd like to run OpnSense on a device providing at least one SFP+ port for a fiber connector.

The standard decisio hardware surely is great but too expensive for my home use.

Is there any budget recommendation for this? I'm using OpnSense on a $150 4c NUC currently, and that thing is vastly overpowered (although fun :-) for what it does. I'd simply need something similar, but with a SFP slot.

Any ideas? Kind regards

Christian

Hi all,

I'm writing to this old thread because it's exactly my question: Why is the health graph so complicated to read?

The label of the y-axis reads "seconds/%". What does that even mean? How does it relate to the selected granularity?

If you set the granularity to 60 minutes or 24 hours, the x-axis label becomes labeled by "days of the year" or "week of the year". While I would be able to calculate that into something understandable - why is it so hard in the first place?

I'd really appreciate a simplification there. Kind regards

Christian

Hi all,

I was using the DNS blocklist feature of Unbound to save my home lan from ads and other malicious stuff. In particular, I activated the "blocklist.site ads" element.

Seems this overdid it a little. Eg the Deezer client on my Linux PC stated that it was offline every few minutes. Playing songs worked, however. Also, my Smart TV reported it wasn't able to download software updates.

I switched to the AdAway list recently, and the issues went away. Here's my question:

How would I log/monitor blocklist activities in particular? I'd like to keep an eye on blocklisted replies, along with the IP from where the request originated. Simply increasing the Unbound log level quickly filly my HD with GB worth of log data. Too much.

Regards

Christian

So I had my OpnSense running smoothly on a NUC-like mini PC (like the Protectly Vault FW4B). I wanted to upgrade my home network to 2.5GBit and upgraded the router hardware as well.

On my old appliance, the Intel I210at interfaces were numbered as igb[0,1,2,3]

On the new one, it is Intel I225-V, and they are named igc[0,1,2,3]

I did not expect the network interface names to change. So when I swapped the m.2 drive from the old to the new hardware, a lot of settings were broken, because they referred to non-existing interfaces.

Is there a smarter way to do this, something that would have accounted for the change in interface names? Regards

Christian

# opnsense-code dhcp6c
# cd /usr/dhcp6c
# curl https://patch-diff.githubusercontent.com/raw/opnsense/dhcp6c/pull/32.patch | patch -p1
# ./configure
# make all install

Eingespielt, neu gestartet, Config wiederhergestellt - funktioniert. Danke.

Sicher bin ich mir beim Patch nicht ob das selbst wenn es hilft nicht gleich ne Sicherheitslücke ist ohne echte Implementation des Befehls.

Ich verstehe das so, dass durch den zuvor fehlenden case-Zweig der default angesprungen wurde, und in dem steht fail. Deshalb ging überhaupt nichts mehr.

Passt an sich genau, aber müsste ich im Log nicht irgendwo den Text "unsupported authentication protocol:" finden?

Ich würde das ja testen, aber wie? Code runterladen, "configure, make, make install"?

Thx a lot, cheers to the folks who provided the fix and PR. Will follow up in the german sub, as suggested.

Dear all,

(sorry for cross-posting, I already asked for help in the german sub-forum)

I'm trying to configure my opnsense 22.1.5 with proper dualstack IPv4/IPv6.

• WAN IPv6 is set to DHCP, request prefix only, delegation size /59
• LAN IPv6 is set to "track interface WAN"

This has been successful in the past, but it doesn't work now. WAN doesn't seem to receive an IPv6 prefix, and LAN isn't assigned a public (non fe80) address either.

But: The DHCP debug log file reads:

IA_PD prefix: 2a02:908:696:2b20::/59 pltime=43200 vltime=86400

That is my prefix, right there. Am I doing this wrong? Any help is appreciated. Regards

Christian

Was hast du für einen Router/Modem vor der OPNSense?

Ein Technicolor TC4400, also ein reines Modem. Im Logfile sehe ich in den debug-Zeilen des DHCP6 Dienstes ja sogar das fragliche IPv6 Prefix, aber in OpnSense taucht es nicht mehr auf: Weder finde ich es in der UI, noch führt es zu einer passenden Adresszuweisung am LAN Port, der auf "track Interface WAN" gestellt ist.

Dabei hat das früher genau so funktioniert.

Hallo zusammen,

ich verwende ein Technicolor TC4400 Modem mit einem Unitymedia/Vodafone Gigabit Kabelanschluss (NRW). Ich hatte erreicht, dass ich ein IPv6 Subnetz zusätzlich bekomme, die Delegation hat in der Vergangenheit auch funktioniert.

* Das WAN Interface nutzt DHCP6 um ein /59 Prefix zu erfragen
* Das LAN Interface ist bzgl IPv6 auf "Track Interface" gestellt

Damit funktionierte dann auch alles weitere: Zwei Gateways (eines IPv4, eines IPv6) DNS für beide Protokolle, radvd & Co.

Seit einiger Zeit scheint das nicht mehr zu klappen. Ich sehe kein Prefix mehr in der UI, dabei finden sich im dhcp6 Logfile Zeilen wie diese:

IA_PD prefix: 2a02:908:696:2b20::/59 pltime=43200 vltime=86400

Das ist das Prefix, das ich auch früher verwenden konnte, aber OpnSense 22.1.5 scheint damit nicht mehr zu arbeiten. Hat jemand einen Tipp, wie ich das wieder zum Laufen bringe? Gruß

Christian

Funny, I was thinking about posting something along those lines. Dear OPNsense team, your effort, knowledge and attitude is greatly appreciated.

I've been a m0n0wall user for ages, came to OPNsense when Manuel ended the project. As a software developer, I always considered "firewall" to be important - but nothing I would tinker with beyond playing with the user interface to get the job done. Stable operations and seamless upgrades are key IMO, and OPNsense delivers. Great job!

Christian