Messages

Thought I'd just follow-up: thanks for the kick in the posterior regarding CGNAT. I got back to Starlink over this, together with other questions about IP address assignment, and they have now told me the report may have been wrongly assigned, grrr. What a surprise for me that is, not. So the case is closed and they said "donaworry"  ;D. So I won't. I will still look into logging the CGNAT address just in case: the infringing IP was in their CGNAT block and not the external IP of the network, AFAICS. Thanks to all for the help. :)

If it's a CGNAT public address that the claim was being made against, it's nonsensical, as that address could be used by multiple customers simultaneously - that's kindof the point of CGNAT... (?). One might expect StarLink to understand that, but.......................

Yes, I was bit slow here. Thanks. But yes. Just to clarify, Starlink only passed on the notice. They are not taking any further action, but the slander is annoying! Bit of insurance could be good. I've heard of this happening to other people, I am not a rabid social media user and post nothing dubious, so not expecting to get a hit myself!

Since Starlink puts you behind CGNAT your public IP won't be logged by the OPNsense, since it only has the internal IP address of your Provider, who then NATS you from the CGNAT 100.64.0.0/10 Subnet to a public IP.

Duh. Thank you. I am being dim. Will experiment, I do have a DDGo but not used it in ages...

Hi. I'm in deep rural Spain and have Starlink now, which gives me better download speed than I had in London. But it's not perfect, sometimes it goes skewift and I have to reboot the transceiver a couple of times before it settles down.

Starlink recently contacted me with a copyright strike claim, which AFAICS alleges I downloaded a French version of Hawaii 5-0 and distributed it. I didn't. I am wondering if I was assigned a public IP of someone who had done that.

I wanted to check what my public IP address assignment history was, but Starlink don't keep that info. So I looked at my OPNSense (up-to-date, running on the old PC Engines dual AMD box). This is now default, it's not overpowered so I run it vanilla.

I don't see any public IP Log facility there.

Is there any easy built-in way for me to log my public IPs either on change, or interval-based?

I can use a much more powerful 4 core small Intel firewall box if more power is required, the PC Engines device still just about keeps up though!

Thanks in anticipation for any pointers (the OPNSense is the only thing currently always on, hence this is my target for the logging).

MeJ

[^|--[4G modem]--ethernet--[OPNSense running ZeroTier routing VoIP]--switch--clients including VoIP phone]

Hi

we have commercial support for our move to OPNSense but this concerns my own setup.

When in rural Spain I no longer have access to WiMAX which although slow gave a fixed IP and decent IPSec to London (as Telefonica have dumped WiMAX altogether).

I now only get connection via 4G with dynamic IP changing somewhat  frequently, so IPSec not feasible.

What I hope to do is to use ZeroTier to establish a VPN connection to London so that I can run VoIP over it to my office Asterisk exchange.

I will be using the provider-supplied 4G modem/router which has an ethernet port.

So a schematic would be:

^
|
--[4G modem]--ethernet--[OPNSense running ZeroTier routing VoIP]--switch--clients including VoIP phone (Siemens)

My questions are concerning how best to get this to work. I assume double-NAT would be a bad idea both for VoIP and ZeroTier -- the 4G modem/router by default does NAT, and I have not had much success in setting it to pass all traffic to a designated DMZ, port opening may work though.

-- will this idea work at all?

-- should I set the OPNSense to no-NAT?

-- or forward ports to it?

-- has anyone done anything similar and got it to work?

Any clues or suggestions welcome -- I am in the UK at present but will be on-site there later in the year.

Thanks in anticipation...

MeJ

* raises hand (but just for eval at the moment)

Hi

we are now evaluating moving over to Opnsense. We already bought some hardware from Deciso but currently running p*sense. We have p*sense boxes (mostly APU) at many of our clients - some 10 or 12 endpoints. Not a big roll-out by any means.

We looked at it a while ago, but it was not quite ready IMO for what we wanted, and who wants to reinstall a lot of small systems unless necessary?

Our hand has however now been forced.

Many here will know about the changes being implemented by N*tg*te in the current and future releases. We are not impressed with these changes which first, enforce ZFS on new installs, not a good idea on a low RAM system IMHO, and will soon enforce Intel hardware encryption, something else we don't trust (M.E.?) or need. I prefer AMD hardware for this dedicated task.

I wrote a VERY POLITE message to the Other forum mentioning these doubts and others, and that we were considering Opnsense IF the Other project continued forcing these choices, in the hope that they might reconsider.

I attempted to log in to check the response a day or two later, only to find my IP was banned :) When I logged in as Someone Else the post had been deleted :)

This -- after almost ten years paying for commercial support.

So, it looks like we will be moving to the true successor-in-spirit to m0n0wall.

Hello all!

If we do move to Opnsense (probable) we will make a contribution. We also were paying for support, just in case, so if you want to start that service...


(PS: One of my other hats is as a therapist, I have a psychology degree. I'd have to say the Other project would seem to not be behaving rationally, if it was a person...  for this reason I have used an * in place of some letters above, sigh).