Messages

1

24.1 Legacy Series / Re: Extend NUT configuration

« on: May 31, 2024, 03:27:23 pm »

The NUT package in OPNsense lags mainline and deployment isn't as flexible. OTOH, why not get a Raspberry Pi 4/5, connect that to the UPS and then install NUT on it? I did that while I waited for the OPNsense NUT package to catch up

2

23.7 Legacy Series / Re: DHCP Relay (multiple scopes)

« on: October 06, 2023, 02:24:34 am »

Thanks mimugmail ! Installed the plugin and taking a look - does this only support static leases or does it do dynamic ranges etc as well?

3

23.7 Legacy Series / Re: DHCP Relay (multiple scopes)

« on: October 05, 2023, 08:01:29 pm »

Hi Franco

Saw this: https://github.com/opnsense/core/issues/6829. So ISC-Kea is out of consideration and in any case, it has $$$ paywalls for features and needed MySQL or PostgreSQL for the lease db (which is a heavy requirement)

With OpenBSD's dhclient being favored, would you reckon we could still see this in 24.1?

4

Hardware and Performance / Re: Any recommendation for Access point.

« on: July 25, 2023, 03:38:23 am »

n/m - saw the OP specifically wants 6E APs

5

23.1 Legacy Series / Re: 23.1.6 firewall stopped passing traffic for about 10 mins and came back

« on: May 04, 2023, 07:29:33 am »

OPNSense 23.1.6 with Suricata and VLANs - on baremetal

The same thing has been happening to me the past 2-3 days. Traffic stops for 1-2 mins and then comes back. Nothing in logs.

Reverted to 23.1.5 and will see if the problem goes away, will update the thread then ...

6

23.1 Legacy Series / Re: OPNsense config file maintenance recommendation

« on: April 22, 2023, 04:32:35 am »

I had eight or nine VLANs and four interfaces - had the same problem

I used Visual Studio Code and its excellent XML editor, took a default Opnsense config file and went through the two and compared. Takes a while but the next time you get a mis-assigned interface, it is quite easy to put back

7

22.1 Legacy Series / Re: FreeBSD 13.1 support

« on: May 20, 2022, 09:08:25 pm »

Thank you for the info Franco !

8

22.1 Legacy Series / FreeBSD 13.1 support

« on: May 20, 2022, 07:32:13 am »

Now that FreeBSD 13.1-RELEASE is out - would it be supported soon in the 22.1 or 22.7 branch? 13.1 supports I225 for igc(4) and also freebsd-update looks promising !

9

22.1 Legacy Series / Re: [CLOSED] How do you run ZFS on a MiniPC?

« on: February 01, 2022, 05:44:01 pm »

I’m using a X11SCL-IF in a 1U Supermicro CSE-512 chassis. Supermicro has plenty of mini-itx and smaller motherboards with ECC RAM support. The Intel NUC9 Pro also supports ECC RAM. I’m not using ZFS at the moment but will probably move to ZFS with the next release. The other thing is to get SSDs like Micron that have Power Loss Protection- it helps for keeping your file systems safer during a power loss event. Not 100% safe but still a lot better than ordinary HDDs or SSDs

10

22.1 Legacy Series / Re: Appliance running hotter after 22.1 update?

« on: January 29, 2022, 10:37:40 pm »

have a look at https://forum.opnsense.org/index.php?topic=26590.0. It could be that the CPU is running in turbo mode so runs hotter but will ramp down after a while. Or it could be that you need to enable SpeedShift or equivalent in the BIOS and make sure CPU Boot Performance is set to Max Non-Turbo Performance

If your dmesg shows hwpstate_intel as active, you can also tune it t achieve the temps you want via dev.hwpstate_intel.X.epp=[0-100] where 0 = best performance and 100=most energy efficient operation. Take a look at https://www.neelc.org/posts/freebsd-speed-shift-laptop/ and https://www.freebsd.org/cgi/man.cgi?query=hwpstate_intel&apropos=0&sektion=4&manpath=FreeBSD+13-current&arch=default&format=html

11

22.1 Legacy Series / Re: With 22.1, is PowerD needed on modern (Coffee Lake+) Intel CPUs?

« on: January 29, 2022, 10:28:37 pm »

So what is expert verdict? PowerD on or off for modern (Coffee Lake onwards) Intel CPUs?

I'd say powerd is mostly a power-saving measure. So let it run for a week with powed disabled, and then one week with power enabled. Afterwards compare the CPU temperature graphs to see if there is any difference. Not scientific method, but should be enough to come to a conclusion.

With FreeBSD 13.0, once the hwpstate driver is enabled (either hwpstate_intel or then amd) then powerd isnt really needed or necessary. In fact if you use powerd++, it will warn you that it will NOT work with hwpstate_intel

from https://lonkamikaze.github.io/powerdxx/man_8_powerdxx.html:

Code: [Select]

CAVEATS
     Unlike powerd(8), powerd++ refuses to run if the frequency control driver
     is known not to allow user control of the CPU frequency (e.g. hwpstate_intel(4) ).

Doing a sysctl dev.cpu.X.freq shows the CPU going from 900 to 4113 - so it appears that FreeBSD 13 finally has good support for Intel's hardware based CPU performance driver

12

22.1 Legacy Series / Re: With 22.1, is PowerD needed on modern (Coffee Lake+) Intel CPUs?

« on: January 29, 2022, 10:22:37 pm »

To compile this driver (hwpstate_intel) into your kernel place the following line in your kernel configuration file:
device cpufreq

Is it compiled into kernel?
Also the CPU must support Intel Speed Shift Technology.

From dmesg

Code: [Select]

...
hwpstate_intel0: <Intel Speed Shift> on cpu0
hwpstate_intel1: <Intel Speed Shift> on cpu1
hwpstate_intel2: <Intel Speed Shift> on cpu2
hwpstate_intel3: <Intel Speed Shift> on cpu3
hwpstate_intel4: <Intel Speed Shift> on cpu4
hwpstate_intel5: <Intel Speed Shift> on cpu5
...

I'd say it is in the kernel and running as intended.

13

22.1 Legacy Series / [solved] With 22.1, is PowerD needed on modern (Coffee Lake+) Intel CPUs?

« on: January 29, 2022, 05:39:25 am »

I have used PowerD from 19.1 to 21.7 - it seemed to work well and keep CPU temps down + increase clock speed when required

I read that FreeBSD has a proper SpeedShift driver - hwpstate_intel ... so is PowerD something that works with hwpstate_intel or is it something that works in parallel? I disabled PowerD and still getting 900mbps from my 1Gig internet connection, with Suricata IDS turned on

So what is expert verdict? PowerD on or off for modern (Coffee Lake onwards) Intel CPUs?

[SOLVED]

PowerD or PowerD++ isnt necessary with the hwpstate_intel driver (present by default in FreeBSD 13's image for amd64)

Make sure Intel SpeedShift is enabled in the BIOS and performance is set to Max Non-Turbo performance. I have disabled powerd and can see dev.cpu.X.freq go from 900 to 4113 for my CPU (it's a E-2126G so all core turbo is 4.1 GHz)

14

22.1 Legacy Series / Re: opnatt.sh working?

« on: January 29, 2022, 05:32:47 am »

Are you talking about doing the netgraph or the wpa_supplicant?

I moved from netgraph to wpa_supplicant and can report that wpa_supplicant works fine. Did you remember to move the 99-opnatt script in /usr/local/etc/rc.syshook.d/early to the new install? And also if you are using wpa_supplicant, that you have all the certificates and wpa_supplicant.conf transferrred over as well?

If yes and you're still facing problems - maybe you should attach the pfatt or openatt logs so that we can see where the problem actually is

15

22.1 Legacy Series / issues with importing config from an existing install

« on: January 29, 2022, 03:02:52 am »

Upgraded to 22.1 (well sort of) from 21.7. But I had trouble importing the config from during the install:

I have two disks - ada0 (SanDisk) and ada1 (ADATA). One disk always has the older install so that I can switch and revert

Code: [Select]

$ geom disk list
Geom name: ada0
Providers:
1. Name: ada0
   Mediasize: 240057409536 (224G)
   Sectorsize: 512
   Mode: r3w3e8
   descr: SanDisk SDSSDX240GG25
...
Geom name: ada1
Providers:
1. Name: ada1
   Mediasize: 128035676160 (119G)
   Sectorsize: 512
   Mode: r0w0e0
   descr: ADATA SU800NS38


When I booted from from the 22.1 installer USB, ada0 contained an older version - 21.1 and ada1 contained the current 21.7.

I tried both installing from the initial 22.1 installer screen (logging in as installer) and also by installing to ada0 and running opnsense-importer to grab the config from ada1 - for some reason it doesn't like the partition layout created for 21.7. Both disks use UFS and not ZFS

Code: [Select]

$sudo opnsense-importer

<SanDisk SDSSDX240GG25 R201>       at scbus0 target 0 lun 0 (ada0,pass0)
<ADATA SU800NS38 R0427ANR>         at scbus4 target 0 lun 0 (ada1,pass1)
<AHCI SGPIO Enclosure 2.00 0001>   at scbus6 target 0 lun 0 (ses0,pass2)

Select device to import from (e.g. ada0) or leave blank to exit: ada1

Starting import for partition '/dev/ada1p3'.

Running fsck...done.
mount: /dev/ada1p3: No such file or directory
The device could not be mounted.

<SanDisk SDSSDX240GG25 R201>       at scbus0 target 0 lun 0 (ada0,pass0)
<ADATA SU800NS38 R0427ANR>         at scbus4 target 0 lun 0 (ada1,pass1)
<AHCI SGPIO Enclosure 2.00 0001>   at scbus6 target 0 lun 0 (ses0,pass2)

Select device to import from (e.g. ada0) or leave blank to exit:

In the end I backed up the config from the 21.7 and then used the GUI to load the config. But I am wondering why I could not do it during the install (or indeed even afterwards). Did the partition layout change between 21.1 - 21.7 and 22.1 ?

EDIT: I should add, once the config was imported and the plugins installed (and other than all the tunables that do NOT apply anymore for FreeBSD 13.0) - no problems so far. Will continue testing and report back