Messages

Qotom I5 or I7 might be possible ...  I'm sure in the silent realm they are excellent, but I might explore some non-silent options as well.    I might even explore DIY this time around.    But, hey ... it's all good.     When I make up my mind I'll post a follow-up here.    But first, another piece of business .....

I recently read that OPNsense has issues achieving much beyond 600 mbps on gigabit connections (???) ... is this really a thing?     If it is, then no matter how much hardware I throw at the connection, with OPNsense, I'll not achieve greater throughput than the 600.    I further read that some Linux based solutions are able to take pretty much full advantage of the gigabit connection (IPfire and some UTMs).     I really like OPNsense .... but, if this limit really is a thing then I might have to be sailing away on another ship.

If anyone can shed light and clear this up I'd be most appreciative ... thanks ....

I have a QOTOM J1900 box and it worked perfectly well with my 100/100 fiber connection.    I was able to peg DL/UL nicely.     I upgraded my 100/100 to 1000/1000 and am able to get 500/500'ish with the little box.      With this ISP I know 900+/UL-DL is achievable.

What I'm looking for is a recommendation for my next box here.     It doesn't really have to be silent and not really super small, just efficient and very fast ...... suggestions?

Don't know what you are using for DNS forwarding on OPNsense but in both Unbound DNS and Dnsmasq there are check boxes for:

• Register DHCP leases in the DNS Resolver
  If this option is set, then machines that specify their hostname when requesting a DHCP lease will be registered in the DNS Resolver, so that their name can be resolved.
• Register DHCP static mappings in the DNS Resolver
  If this option is set, then DHCP static mappings will be registered in the DNS Resolver, so that their name can be resolved. You should also set the domain in System: General setup to the proper value.

The latter sounds like what you are looking for.

I enabled:
Register DHCP leases in the DNS Resolver
Register DHCP static mappings in the DNS Resolver
in Unbound in OPNsense

I changed nothing in pi-hole.

I rebooted both OPNsense and pi-hole -------------- NOW PI-HOLE RESOLVES MY HOSTS PERFECTLY!!!!!

Thanks everyone.       :)

In my original configuration I also did not use OPNsense DNS at all.      My over-kill on the current configuration was to provide devices an alternate path, that being OPNsense, should pi-hole stop responding, and to take advantage of dynamic DNS server addresses assigned to OPNsense.      It does work marvelously.    If I shut down pi-hole for any reason devices still get DNS resolution.       Perhaps, after I have pi-hole in service for a few months, I'll simplify the configuration and take OPNsense out of the loop and not use its DNS at all.

Now, for the internal DNS resolution of my devices ...  is there any software solution that can be used on OPNsense to answer the pihole request for local DNS resolution of host names?       If not, then using /etc/pihole/lan.list is something I can look into.    I'm just not thrilled about using that file as its information is in duplication of all my statically defined devices in OPNsense DHCP.

But ---- in the end, if I totally trusted pi-hole and its stability, etc., I'd super simplify my DNS resolution path, yes.      It would be nice if local DNS could resolve host names .... using duplicate information in a pi-hole list isn't a deal breaker but a let down, nonetheless.

All, in all, OPNsense rocks, pi-hole rocks ... It's all good.    <smile>

What I have:
-------------------------------------

pi-hole 4.0 and OPNsense 18.7.6


pi-hole (192.168.1.15/admin/settings.php) ...

Settings-->DNS

Upstream DNS Servers
Custom 1 (IPv4)
192.168.1.1

Advanced DNS settings
un-checked Never forward non-FQDNs
un-checked Never forward reverse lookups for private IP ranges
checked Use Conditional Forwarding
IP of your router 192.168.1.1
local domain name poonet

OPNsense (192.168.1.1) ...

System-->Settings-->General

Domain name poonet
DNS Servers are left blank, on purpose
checked Allow DNS server list to be overridden by DHCP/PPP on WAN
un-checked Do not use the local DNS service as a nameserver for this system
** my ISP provides excellent DNS servers and I'm happy to dynamically receive their IP addresses

Services-->DHCPv4-->[LAN]

DNS servers
192.168.1.15
192.168.1.1

All devices on my network are statically mapped in OPNsense DHCP.

------------------------------------------------------------------
Resolving public DNS:

Device contacts 192.168.1.15 for resolution.
192.168.1.15 then contacts 192.168.1.1 for resolution.
192.168.1.1 then contacts the dynamically supplied ISP servers for resolution.
pi-hole at 192.168.1.15 blocks querries for bad things or passes the resolved information to the requesting device.

This all works beautifully.
------------------------------------------------------------------

Resolving local host names:

Now, then, my problem ---  192.168.1.15 is trying to query 192.168.1.1 to resolve device host names and I can't figure out what I need to enable/configure in OPNsense to get pi-hole the resolved host names?

No rush ---- if anyone can "resolve" this I'd be eternally grateful <smile>


*** Fiber connected to my local ISP .. 100/100.    I could get 1000/1000, but what would I do with THAT?    Extra $25 a month -- might try it sometime just for kicks. ***

Sorry I wasn't more informative in my original post.     There just wasn't much time between crashes to collect anything meaningful.     And, I had to go look into another problem that was happening at the same time, elsewhere.
I was just looking for the possibility that someone else had a similar circumstance and a quick fix.
While fixing the other pressing issue, I thought about my game plan to fix OPNsense.     -- reset to factory settings -- restore my configuration.      And that saved my bacon, this time.      I tried that once, in past, and it failed miserably and I ended up doing all my configuration, from scratch, over again --- long ago and with pfSense, not with OPNsense.

Everything is up, and is performing EXTREMELY well today, no issues at all.

HEY!    Thanks for commenting, I truly do appreciate your taking the time to show interest.

I have no idea why my OPNsense went nuts.      My approach to fixing this, this time, because of circumstance --- rip off the bandaid, pour alcohol all over it, and see it I stay conscientious.      It worked out ok, this time.

Again, thanks for your response.

3953 MB RAM capacity.

18.7.4 RAM use was around 908 MB.

18.7.5 was applied and my RAM use jumped up to 3772.

18.7.5_1 was applied and high use of RAM continues ,  97% used.
Swap file 99% used.   tmpfs at 99%

After a short time the box locks up.    After a hard reset OPNsense takes about five minutes to come up then locks up again after a short time.

I get little time to troubleshoot ... any pointers would be appreciated, thanks?


UPDATE:    Here is what worked for me ....
I reset OPNsense to factory settings -- then I restored the configuration saved previously.
After the restoration I had to attend to another issue and about 30 minutes later returned.   Success!
It all works and my memory use is at 696 MB (17%), 0% swap use., 1% tmpfs

Wish I knew what was eating all the memory?   But reset/restore worked like a champ!   Me So Happy!

[conanTheRouter]

conanTheRouter:    Can you please edit the modifications, presented by ou812, into your configuration?

I will be implementing this configuration, with ou812's modifications on an 18.7rc2 box this Thursday, or Friday, and give it a real run for its money.     YAY! 

I let some time pass, doing a little wait-and-see to see if this method works and works reliably over the course of several days.

How is this method doing?    Does it all work now?

Perhaps look at https://forum.opnsense.org/index.php?topic=8998.0 as a possibility .... I don't know if the method there gets the job done, but it's maybe worth a look.

And, I agree ... there should be a reliable, official method documented for opnsense.   I, too, had a bullet-proof, leak-proof vpn set up in pfsense and have not been able to do that in opnsense.    I really like opnsense and the developers are spot-on with where the product is going.    Perhaps, at some point, they'll look into this and come up with a similar bullet-proof method ... x'ing fingers.

I've been watching this topic and the topic, in the link above, hoping someone definitively solves this.

P.S.:   If there IS a HDD imaging tool anyone comes up with that works I'd be interested in that method as well.

The best tool I know to create a disk image is "dd".

Venerable tool ... now why didn't I think of that !!!     Thanks a lot.

@dcol      Could I have a copy of your notes on reconstruction?

I have backed up my configuration and then installed OPNsense on a new piece of hardware and then restored my configuration.    I have had this work perfectly a time or two.    Then I get a restoration that just leaves stuff out.    Pretty strange.

If you have a "reconstruction" recommendation/formulae/suggestion I'd love to partake of that ..... 'cause I'd like to have some assurance that what I backed up can be reliably restored.

Thanks tons.

P.S.:   If there IS a HDD imaging tool anyone comes up with that works I'd be interested in that method as well.

franco:      My outbound graph was not showing activity way before I enabled ID/IPS.     The outbound graph stopped showing activity more than six months ago.      I started using ID/IPS probably around a month ago.

UPDATE:      I stopped my ID/IPS and the graph now shows traffic.      Once ID/IPS were restarted the graph resumes not showing traffic.       (only on the outbound graph, inbound graph is ok)

marjohn56:      My outbound graph shows no activity at all.

Just updated to 18.1.1 and the oddity still persists.    I'm sure it will get fixed over time ..