Messages

1

German - Deutsch / Re: Netzwerkdurchsatz Frage

« on: August 05, 2021, 11:41:50 pm »

iperf test mit zusätzlichem parameter -u   (udp) getestet? gleiche CPU auslastung? oder niedriger?

wo stehen denn server und client im verhältnis zur firewall. ist da noch "cloud" dazwischen? bzw. geht es via VPN?
oder spielt sich das nur innerhalb eines heterogenen heimnetzwerks ab?

welches dateitransferprotokoll wird verwendet? cifs/smb? nfs? scp?

bei so einem - sagen wir mal fairerweise - "relativ" schwachen prozessor können encapsulation und/oder breitbandiger tcp traffic schwer ins gewicht fallen.
falls das über vpn geht, sicherstellen dass openvpn auf udp läuft. wireguard dürfte m.w. nur udp unterstützen.

2

20.7 Legacy Series / Re: Lock with transmission

« on: July 31, 2020, 08:01:32 am »

...
I'm saying that if cheap ADSL routers with manufacturers firmware can handle BitTorrents, than much better hardware with OPNsense installed should have no problems at all.
...

Are you not familiar with the compute & memory implications of a stateful packet filter and potential packet inspection ?
You know that ADSL routers basically do nothing else with your signal/packets except demodulation (layer 1) and layer 2/3 addressing?

Get to the bottom of the fact that your ADSL router doesn't really "handle" any BitTorrent... it just sees closed packages and throws them into a tube (untouched packets from the demodulated data stream from a "WAN" wire get sent out on a "LAN*" wire - NOTHING else except maybe on rare occasion a more complex NAT'ing!)

I suggest, and I don't want to offend you, that you read about the fundamentals of the operating principles of a stateful firewall and packet inspection.

3

20.7 Legacy Series / Simple way to do a suspend to disk/RAM

« on: July 30, 2020, 10:01:09 pm »

Hi,

after mindfully doing a forum search query, I found this

https://forum.opnsense.org/index.php?topic=10281.msg47044

but I am unsure if this still works and also would not want to add a plugin that hasn't been pulled/verified...

So my question is if there is a way to do suspend to RAM and/or disk with the current 20.1.9 / 20.7 version of OPNsense via GUI or if there's a predefined script/routine/plugin available that does it in accordance with OPNsense operational integrity?

Thx!

4

20.7 Legacy Series / Re: DHCP/DHCPv6 automatically configured firewall rules

« on: July 24, 2020, 09:39:44 am »

DHCP relay agents (DHCPv4 over IPv6 , vice versa) would use these ports afaik.

5

19.7 Legacy Series / SSH / Webportal issue

« on: November 21, 2019, 12:13:55 am »

hello!

preface: i don't know if this problem popped up because of the update i did (believe it was to 19.7.3 or .4) or if it is something else that "triggered" this issue.
i am running the firewall on an amd 4850e (dual core) for 2 years now, just as a convenient method of being able to centralize ip traffic control (filtering & traffic shaping) in my home.

the problem is that i cannot access the webportal - anymore - NOR use a ssh client (puTTy in my case just gets a timeout) to connect to the machine.
!!! to make it clear the firewalls main functionality, i.e. filtering and traffic shaping works perfectly !!!

connecting with chromium based browsers gives me a "ERR_SSL_PROTOCOL_ERROR"
firefox gives me a "SSL_ERROR_BAD_SERVER"
both can be reproduced and the error message stays the same with every request, so there seems to be a very precise issue. i am mentioning this because i had problems with my ddwrt router/modem in the past that would show different http errors every time i access it, or even sometimes work, or timeout depending on the mood of the httpd.


so this certainly points towards some webserver/sshd issue, be it misconfiguration on my end (which i couldn't remember specifically...) or some behaviour change after 19.7.3/4 or just some other thing like we all know happens from time to time when "life hates you"  and maybe some file gets corrupted - what i don't believe tbh but i won't fully deny the possiblity)

what i did so far: rebooting , complete power down / power up cycle did nothing.
now physical access is of course available, but tbh i never used it except for the initial installation.
and to my surprise after i attached a monitor & keyboard i see the last output on the screen is

Code: [Select]

load_dn_sched dn_sched FIFO
load_dn_sched dn_sched QFQ
load_dn...
...
load_dn_aqm dn_aqm PIE

but i cannot (or wouldn't know how to) get to the login prompt that i am used to through puTTy.
tried switching tty with ALT+F1..F2... combinations , no reaction , pressed basically all keys on my keyboard but no login prompt will show up.

so if there is any hint or possiblity i could try before proceeding with a full reinstall, i'd be thankful for anyone sharing it.

cheers,
R

6

General Discussion / Re: Disadvantages of 10.0.0.0/8 in home environment?

« on: November 20, 2019, 11:28:12 pm »

you can use VLANs within the same subnet of course, if your individual infrastructural situation allows it.

as far as i understand, from your post summary, this is about your private home network.

i am not encouraging this. but i personally use different subnets at home that are in the public address space.
which doesn't matter at all (generally speaking) in your "bubble" at home. certainly not advisable in a business/company environment where it could cause ip leaks and other fun stuff for several reasons.
so if the moment comes when you need a further separate network and VLAN shouldn't work (for whatever reason) then you just go open up 9.0.0.0 or 11.0.0.0 etc...

lastly... maybe the most obvious thing...you can just change the subnet mask the moment you REALLY need it?
i mean we're not talking about migrating thousands of devices and servers with tons of established static routes etc... right? this is about your private home?

all in all i can say that there's way too much brain-power being put into all of this... with many arguments thrown around merely for "philosophical" reasons. in the end you either have provisioned correctly or you simply need to make more changes than you may have planned for. it's not witchcraft.