Messages

I'd expect overheating to be more likely in the switch, unless it's a big Netgear with aggressive fans. The native twisted-pair cards should be fine, too, unless everything's cooking... which, given the power draw of all of those cards, is a slight possibility (the transceiver silicon can take some heat). Some of them may export thermal sensor data (via ACPI), but the system BIOS may not have support and/or it might be tough to read in FreeBSD.

I'd look at the OPNsense logs, as I'd tend to suspect a higher-level/layer issue.

The logs show kernel level 'interface down' messages, and then all the expected things due to that. Very little help there, but that leads me to suspect it's not a higher level issue.

I guess I might need to try some other hardware.

I've recently been upgrading to 10G at home in advance of getting my line upgraded to 3gbps symmetric, London Community Fibre.

This has been a pain.

I run Opnsense on a Lenovo ThinkCentre M93p, which has an Intel i5-4570 CPU @ 3.20GHz

To this I added an Intel X520-DA2.

One port is connected to my Netgear switch using a Twinax cable, the other to my ONT using a 10Gtek 10GBASE-T SFP+.

This was unreliable, the Twinax connection was rock solid, the 10GBASE-T module flapping every 30s or so.

So, I got a Broadcom 57810S dual Copper card.

This was unreliable, the Twinax connection was rock solid, the 10GBASE-T port flapping every 5s or so.

So, I got a Intel X540-T2 dual Copper card.

This was unreliable, the Twinax connection was rock solid, the 10GBASE-T port flapping every 5-10m or so. Better, but still not usable as DHCP/DHCPv6 would sometimes drop out.

Currently I have the ONT connected to the Netgear switch using the same 10Gtek SFP+ from above. This is 100% solid, not a single flap in three week which tells me the ONT, cabling and the SFP+ are fine.

I then  run the internet connection into into Opnsense on the twinax as a VLAN.

This works, but I really don't like having the internet on the switch, even as a VLAN, and of course it's less than ideal using up bandwidth on the Twinax link that would be used for inter vlan routing on the home side.

I am at a bit of a loss here, given the SFP+ and ONT clearly like each other, so it's not cabling, why can't I get a stable copper connection on opnsense?

All of the above have been tested with hardware offload on/off.

Any ideas gratefully received.

Thanks

Hi!

I haven't done that, but you could open config.xml with a text editor and add/change

Code Select Expand

<primaryconsole>video</primaryconsole>
...
<secondaryconsole>serial</secondaryconsole>

that's the original line from a config.xml with  primary video console...

Other option: try as long as you find the correct interface with your LAN settings and get an IP,  log into the box via ssh...

Changing to video worked !

Thank you.

I have recently had an upgrade to a gigabit network connection ( lucky me !) that is making my PC Engines APU2 creak at the seams.

Before I decide on new hardware I wanted to press an old quad-core server into service.

This should, I thought, be easy. Four hours later I've given up to have a lie down.

The APU2 has, only, as serial console. The PC doesn't have a serial console but does have VGA.

So when I restore the config at next boot everything goes wrong and I can't get it up to a menu again.
As I can't get to the menu I can't assign the interfaces.
As I can't assign the interfaces I can't get into the gui....

Does anyone know the correct procedure to restore a backup and change the console type at the same time?
Can I edit the backup file in some way?
Should I just start the config from scratch?

Thanks in advance

A quick note to confirm the point about aliases.

If I use an alias for static port mapping rules, it just doesn't work.

If I change them to use hard coded IP addresses suddenly it is working correctly.

I will open a bug report if I can make a simple repeatable test.

Thanks, it is all working again for me.

Hi,
I can't seem to connect to pkg.opnsense.org from anywhere, discovered trying to do a firmware check.

Code Select Expand


root@opnsense:~ # sh -x /usr/local/opnsense/scripts/firmware/changelog.sh fetch
+ set -e
+ DESTDIR=/usr/local/opnsense/changelog
+ WORKDIR=/tmp/changelog
+ FETCH='fetch -qT 5'
+ COMMAND=fetch
+ VERSION=''
+ [ fetch '=' fetch ]
+ changelog_fetch
+ opnsense-version -a
+ CORE_ABI=19.1
+ opnsense-verify -a
+ SYS_ABI=FreeBSD:11:amd64
+ URL=https://pkg.opnsense.org/FreeBSD:11:amd64/19.1/sets/changelog.txz
+ rm -rf /tmp/changelog
+ mkdir -p /tmp/changelog
+ fetch -qT 5 -o /tmp/changelog/changelog.txz.sig https://pkg.opnsense.org/FreeBSD:11:amd64/19.1/sets/changelog.txz.sig
fetch: https://pkg.opnsense.org/FreeBSD:11:amd64/19.1/sets/changelog.txz.sig: Network is unreachable


I thought this might have been a local issue but have checked from a VPS I have as well.

Code Select Expand


[root@vps:~] # nmap -sT pkg.opnsense.org

Starting Nmap 6.40 ( http://nmap.org ) at 2019-07-07 09:50 UTC
Nmap scan report for pkg.opnsense.org (212.32.245.132)
Host is up (0.028s latency).
Not shown: 996 filtered ports
PORT    STATE  SERVICE
22/tcp  open   ssh
80/tcp  closed http
443/tcp closed https
873/tcp open   rsync

Nmap done: 1 IP address (1 host up) scanned in 4.70 seconds


So host appears up but http and https are blocking.

Does anyone have any insight?

Thanks

Up front I think I've done something stupid, so am really wanting to clarify that.

Having recently decided to make the switch to opnsense due to the 'dramas' I wanted a quick way to achieve this.

I run a PCEngines APU2 4gb, although doubt that will make any difference.

For some reason I had got it into my head I could just import a pfsense config to opnsense, and as it mainly worked off I went.

I probably wouldn't have done this were is not for my OpenVPN setups as I didn't want to have to reconfigure all my (and others) client devices.

That and I have quite a few firewall aliases defined that would be a pain to setup again.

I am now suffering from random UI lockups, firewalls behaving strangely and other issues.

I am assuming, and some quick forum reading supports this,  I should never have imported a full config.

Can someone confirm that I've gone down the wrong track?

My plan to rectify is to save current opnsense config, start again and make a basic NAT config, then import OpenVPN/letsencrypt/firewall aliases only from the backup. Then I'll setup firewall/NAT rules from scratch.

Does that sound reasonable, or do I have to go scorched earth?

Thanks in advance

Thanks

I get a /48 from HE.net, and pass the first /64 through to the LAN, I do use some of the others for VPN, Lab network.

I then have a /64 from the fc00::/7 block for internal use.

To be honest if opnsense can't support this, I realise not a normal use case, I'm not going to loose too much sleep as I'm just advertising the fc00::/7 block from my raspberry pi at the moment and that is working fine.

I've recently made the switch from pfsense for 'reasons'.

This has in the main been a smooth process, running on a PCEngines APU2.

One small thing I'm missing is the ability to have multiple subnets advertised by radvd, but it is minor as I've just got my raspberry pi to advertise the second one.

Reason I do this is I have a HE.net for internet access, but as this could change, and hopefully will when Virgin media finally enable ipv6, I also use a block in fc00::/7 for local permanent addresses.

It would be nice if opnsense supported this as pfsense did.

Other than that I'm enjoying the interface a lot more and appreciate the ability to run libressl.

Apologies if this is the wrong area to post this.