"
Does anyone know if the upstream fix is included in Opnsense yet?
As I am still seeing 1970 dates in my leases.
As I am still seeing 1970 dates in my leases.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
Hardware and Performance / Re: Ten Gig Interface problems
March 10, 2025, 05:14:52 PMQuote from: pfry on March 10, 2025, 03:21:39 PMI'd expect overheating to be more likely in the switch, unless it's a big Netgear with aggressive fans. The native twisted-pair cards should be fine, too, unless everything's cooking... which, given the power draw of all of those cards, is a slight possibility (the transceiver silicon can take some heat). Some of them may export thermal sensor data (via ACPI), but the system BIOS may not have support and/or it might be tough to read in FreeBSD.
I'd look at the OPNsense logs, as I'd tend to suspect a higher-level/layer issue.
The logs show kernel level 'interface down' messages, and then all the expected things due to that. Very little help there, but that leads me to suspect it's not a higher level issue.
I guess I might need to try some other hardware.
#3
Hardware and Performance / Ten Gig Interface problems
March 09, 2025, 09:12:07 PM
I've recently been upgrading to 10G at home in advance of getting my line upgraded to 3gbps symmetric, London Community Fibre.
This has been a pain.
I run Opnsense on a Lenovo ThinkCentre M93p, which has an Intel i5-4570 CPU @ 3.20GHz
To this I added an Intel X520-DA2.
One port is connected to my Netgear switch using a Twinax cable, the other to my ONT using a 10Gtek 10GBASE-T SFP+.
This was unreliable, the Twinax connection was rock solid, the 10GBASE-T module flapping every 30s or so.
So, I got a Broadcom 57810S dual Copper card.
This was unreliable, the Twinax connection was rock solid, the 10GBASE-T port flapping every 5s or so.
So, I got a Intel X540-T2 dual Copper card.
This was unreliable, the Twinax connection was rock solid, the 10GBASE-T port flapping every 5-10m or so. Better, but still not usable as DHCP/DHCPv6 would sometimes drop out.
Currently I have the ONT connected to the Netgear switch using the same 10Gtek SFP+ from above. This is 100% solid, not a single flap in three week which tells me the ONT, cabling and the SFP+ are fine.
I then run the internet connection into into Opnsense on the twinax as a VLAN.
This works, but I really don't like having the internet on the switch, even as a VLAN, and of course it's less than ideal using up bandwidth on the Twinax link that would be used for inter vlan routing on the home side.
I am at a bit of a loss here, given the SFP+ and ONT clearly like each other, so it's not cabling, why can't I get a stable copper connection on opnsense?
All of the above have been tested with hardware offload on/off.
Any ideas gratefully received.
Thanks
This has been a pain.
I run Opnsense on a Lenovo ThinkCentre M93p, which has an Intel i5-4570 CPU @ 3.20GHz
To this I added an Intel X520-DA2.
One port is connected to my Netgear switch using a Twinax cable, the other to my ONT using a 10Gtek 10GBASE-T SFP+.
This was unreliable, the Twinax connection was rock solid, the 10GBASE-T module flapping every 30s or so.
So, I got a Broadcom 57810S dual Copper card.
This was unreliable, the Twinax connection was rock solid, the 10GBASE-T port flapping every 5s or so.
So, I got a Intel X540-T2 dual Copper card.
This was unreliable, the Twinax connection was rock solid, the 10GBASE-T port flapping every 5-10m or so. Better, but still not usable as DHCP/DHCPv6 would sometimes drop out.
Currently I have the ONT connected to the Netgear switch using the same 10Gtek SFP+ from above. This is 100% solid, not a single flap in three week which tells me the ONT, cabling and the SFP+ are fine.
I then run the internet connection into into Opnsense on the twinax as a VLAN.
This works, but I really don't like having the internet on the switch, even as a VLAN, and of course it's less than ideal using up bandwidth on the Twinax link that would be used for inter vlan routing on the home side.
I am at a bit of a loss here, given the SFP+ and ONT clearly like each other, so it's not cabling, why can't I get a stable copper connection on opnsense?
All of the above have been tested with hardware offload on/off.
Any ideas gratefully received.
Thanks
#4
24.1, 24.4 Legacy Series / Re: IPv6 Prefix Alias
September 05, 2024, 02:42:44 PMQuote from: zoechi on June 18, 2024, 04:20:05 PM
The existing/auto-generated aliases that start with double underline (Code Select__an_interface_name) look like they could do what I need, but I haven't found a way to use them.
I tried this and it seems to work perfectly.
I created an ngroup_local_network network alias and added __lan_network and __optX_network as appropriate to it.
I then created a rule using destination invert to allow access.
This seems to be working exactly as I want it to
#5
21.1 Legacy Series / Re: Moving config
March 24, 2021, 04:31:03 PMQuote from: chemlud on March 24, 2021, 02:35:15 PM
Hi!
I haven't done that, but you could open config.xml with a text editor and add/changeCode Select<primaryconsole>video</primaryconsole>
...
<secondaryconsole>serial</secondaryconsole>
that's the original line from a config.xml with primary video console...
Other option: try as long as you find the correct interface with your LAN settings and get an IP, log into the box via ssh...
Changing to video worked !
Thank you.
#6
21.1 Legacy Series / Moving config
March 24, 2021, 02:26:03 PM
I have recently had an upgrade to a gigabit network connection ( lucky me !) that is making my PC Engines APU2 creak at the seams.
Before I decide on new hardware I wanted to press an old quad-core server into service.
This should, I thought, be easy. Four hours later I've given up to have a lie down.
The APU2 has, only, as serial console. The PC doesn't have a serial console but does have VGA.
So when I restore the config at next boot everything goes wrong and I can't get it up to a menu again.
As I can't get to the menu I can't assign the interfaces.
As I can't assign the interfaces I can't get into the gui....
Does anyone know the correct procedure to restore a backup and change the console type at the same time?
Can I edit the backup file in some way?
Should I just start the config from scratch?
Thanks in advance
Before I decide on new hardware I wanted to press an old quad-core server into service.
This should, I thought, be easy. Four hours later I've given up to have a lie down.
The APU2 has, only, as serial console. The PC doesn't have a serial console but does have VGA.
So when I restore the config at next boot everything goes wrong and I can't get it up to a menu again.
As I can't get to the menu I can't assign the interfaces.
As I can't assign the interfaces I can't get into the gui....
Does anyone know the correct procedure to restore a backup and change the console type at the same time?
Can I edit the backup file in some way?
Should I just start the config from scratch?
Thanks in advance
#7
20.7 Legacy Series / Re: One issue after the next
November 20, 2020, 01:38:59 PM
A quick note to confirm the point about aliases.
If I use an alias for static port mapping rules, it just doesn't work.
If I change them to use hard coded IP addresses suddenly it is working correctly.
I will open a bug report if I can make a simple repeatable test.
If I use an alias for static port mapping rules, it just doesn't work.
If I change them to use hard coded IP addresses suddenly it is working correctly.
I will open a bug report if I can make a simple repeatable test.
#8
General Discussion / Re: pkg.opnsense.org down
July 08, 2019, 02:37:56 PM
Thanks, it is all working again for me.
#9
General Discussion / pkg.opnsense.org down
July 07, 2019, 11:52:38 AM
Hi,
I can't seem to connect to pkg.opnsense.org from anywhere, discovered trying to do a firmware check.
I thought this might have been a local issue but have checked from a VPS I have as well.
So host appears up but http and https are blocking.
Does anyone have any insight?
Thanks
I can't seem to connect to pkg.opnsense.org from anywhere, discovered trying to do a firmware check.
Code Select
root@opnsense:~ # sh -x /usr/local/opnsense/scripts/firmware/changelog.sh fetch
+ set -e
+ DESTDIR=/usr/local/opnsense/changelog
+ WORKDIR=/tmp/changelog
+ FETCH='fetch -qT 5'
+ COMMAND=fetch
+ VERSION=''
+ [ fetch '=' fetch ]
+ changelog_fetch
+ opnsense-version -a
+ CORE_ABI=19.1
+ opnsense-verify -a
+ SYS_ABI=FreeBSD:11:amd64
+ URL=https://pkg.opnsense.org/FreeBSD:11:amd64/19.1/sets/changelog.txz
+ rm -rf /tmp/changelog
+ mkdir -p /tmp/changelog
+ fetch -qT 5 -o /tmp/changelog/changelog.txz.sig https://pkg.opnsense.org/FreeBSD:11:amd64/19.1/sets/changelog.txz.sig
fetch: https://pkg.opnsense.org/FreeBSD:11:amd64/19.1/sets/changelog.txz.sig: Network is unreachable
I thought this might have been a local issue but have checked from a VPS I have as well.
Code Select
[root@vps:~] # nmap -sT pkg.opnsense.org
Starting Nmap 6.40 ( http://nmap.org ) at 2019-07-07 09:50 UTC
Nmap scan report for pkg.opnsense.org (212.32.245.132)
Host is up (0.028s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp closed http
443/tcp closed https
873/tcp open rsync
Nmap done: 1 IP address (1 host up) scanned in 4.70 seconds
So host appears up but http and https are blocking.
Does anyone have any insight?
Thanks
#10
General Discussion / Migrating from pfsense - problem
February 14, 2018, 01:03:34 PM
Up front I think I've done something stupid, so am really wanting to clarify that.
Having recently decided to make the switch to opnsense due to the 'dramas' I wanted a quick way to achieve this.
I run a PCEngines APU2 4gb, although doubt that will make any difference.
For some reason I had got it into my head I could just import a pfsense config to opnsense, and as it mainly worked off I went.
I probably wouldn't have done this were is not for my OpenVPN setups as I didn't want to have to reconfigure all my (and others) client devices.
That and I have quite a few firewall aliases defined that would be a pain to setup again.
I am now suffering from random UI lockups, firewalls behaving strangely and other issues.
I am assuming, and some quick forum reading supports this, I should never have imported a full config.
Can someone confirm that I've gone down the wrong track?
My plan to rectify is to save current opnsense config, start again and make a basic NAT config, then import OpenVPN/letsencrypt/firewall aliases only from the backup. Then I'll setup firewall/NAT rules from scratch.
Does that sound reasonable, or do I have to go scorched earth?
Thanks in advance
Thanks
Having recently decided to make the switch to opnsense due to the 'dramas' I wanted a quick way to achieve this.
I run a PCEngines APU2 4gb, although doubt that will make any difference.
For some reason I had got it into my head I could just import a pfsense config to opnsense, and as it mainly worked off I went.
I probably wouldn't have done this were is not for my OpenVPN setups as I didn't want to have to reconfigure all my (and others) client devices.
That and I have quite a few firewall aliases defined that would be a pain to setup again.
I am now suffering from random UI lockups, firewalls behaving strangely and other issues.
I am assuming, and some quick forum reading supports this, I should never have imported a full config.
Can someone confirm that I've gone down the wrong track?
My plan to rectify is to save current opnsense config, start again and make a basic NAT config, then import OpenVPN/letsencrypt/firewall aliases only from the backup. Then I'll setup firewall/NAT rules from scratch.
Does that sound reasonable, or do I have to go scorched earth?
Thanks in advance
Thanks
#11
General Discussion / Re: [Feature request] radvd multiple subnets
February 14, 2018, 12:55:46 PM
I get a /48 from HE.net, and pass the first /64 through to the LAN, I do use some of the others for VPN, Lab network.
I then have a /64 from the fc00::/7 block for internal use.
To be honest if opnsense can't support this, I realise not a normal use case, I'm not going to loose too much sleep as I'm just advertising the fc00::/7 block from my raspberry pi at the moment and that is working fine.
I then have a /64 from the fc00::/7 block for internal use.
To be honest if opnsense can't support this, I realise not a normal use case, I'm not going to loose too much sleep as I'm just advertising the fc00::/7 block from my raspberry pi at the moment and that is working fine.
#12
General Discussion / [Feature request] radvd multiple subnets
February 04, 2018, 06:56:11 PM
I've recently made the switch from pfsense for 'reasons'.
This has in the main been a smooth process, running on a PCEngines APU2.
One small thing I'm missing is the ability to have multiple subnets advertised by radvd, but it is minor as I've just got my raspberry pi to advertise the second one.
Reason I do this is I have a HE.net for internet access, but as this could change, and hopefully will when Virgin media finally enable ipv6, I also use a block in fc00::/7 for local permanent addresses.
It would be nice if opnsense supported this as pfsense did.
Other than that I'm enjoying the interface a lot more and appreciate the ability to run libressl.
Apologies if this is the wrong area to post this.
This has in the main been a smooth process, running on a PCEngines APU2.
One small thing I'm missing is the ability to have multiple subnets advertised by radvd, but it is minor as I've just got my raspberry pi to advertise the second one.
Reason I do this is I have a HE.net for internet access, but as this could change, and hopefully will when Virgin media finally enable ipv6, I also use a block in fc00::/7 for local permanent addresses.
It would be nice if opnsense supported this as pfsense did.
Other than that I'm enjoying the interface a lot more and appreciate the ability to run libressl.
Apologies if this is the wrong area to post this.
Pages1
