Messages

1

General Discussion / Re: Concern on OPNsense hardware support

« on: October 02, 2018, 03:44:11 pm »

If you are concerned about hardware support you can buy the appliances directly by Deciso, or tested hardware from it's partners like Thomas Krenn or Secudos / Landitec (look at the partner site).

Regarding your hacks you should get more into details .. the problem is that perhaps not that many ppl are using your hardware and pfsense has a broader user range

Thank you mimugmail for the reply. I have bought one of the appliances in the past. They are good boxes but in all honesty a little pricey for what you are getting. I bought the A10 Dual Core non-SSD and at $500 EUR thats $577 USD. The Zotac, a C1327nano, with 8GB of RAM, 250G Samsung 860 EVO is like $250. The Zotac also includes a wireless 802.11ac card if you needed it.

I have been "around" and using OPNsense since the fork and have seen it grow. I was have been a PFsense user since 2007 and I am a heavy OSS user so I can understand, especially in the BSD world, the struggles with hardware. My post was not meant to be negative. I truly like OPNsense and many of the things they are doing and have, for about year now, only recommended OPNsense for my router recommendations where OSS would make sense.

The HPET issue and SDHCI (flash card readers) issue is one that is well documented for both early 2.x lines of PFsense  and recent versions of OPNsense. Many people complained about a regression from 17.1 to 18.x which is what promoted my post about direction.

Here is the one for HPET.

https://forum.opnsense.org/index.php?topic=7142.0

The SDHCI is also on these forums as well as an issue.

To close, I know that Deciso would like to get a hardware stream going. I mean regardless of what a person thinks of PFsense or Jim Thomson, I would bet it is a rather good revenue generator for him, but at the end of the day both PFsense and OPNsense are SDN products and I understand that they can not support every device in existence.

Keep up the good work Deciso. For now, I can work around this.

Regards,
Beloc

2

General Discussion / Concern on OPNsense hardware support

« on: October 02, 2018, 06:50:51 am »

Hey guys,

I wanted to ask a general question.. I have a Zotac C1327 NANO Mini-PC here that requires a decent amount of modification to install OPNsense on to. I had to modify the boot.conf and HINTS to disable HPET and SDHCI to even get it to boot and then still had issues with the installer as both an for nano running on a USB stick and as a VGA installer installing onto the local SSD. I actually never was able to get it installed onto the unit.

This concerns me because as a test I took PFsense 2.4.4 (as we now, still built on FreeBSD) and was able to install it with zero boot conf changes and in less than 5 mins. I understand that you guys have taken PFsense and cleaned it up, and I even run OPNsense in many locations one of which being a data-center pushing full 1G WAN links running CARP across two OPNsense boxes and they work great but why the difficulty on a very popular dual-NIC box for SMB use?

I am happy to see the changes being made but this issue concerned me on the the direction and supportability of OPNsense.

Thank you for listening guys.

Regards,
Beloc

3

General Discussion / CARP Failover with multiple interfaces

« on: August 17, 2018, 07:03:38 am »

Hello guys,

I know that CARP has the ability to do CARP groups (not VHID groups) whereas if one of the members of the group fails, then they all fail regardless of status.  I dont see the ability to do this in OPNsense and this bit me in the tail today. I have to interfaces (LAN and WAN) and I have CARPS on both. The LAN interface is plugged into a switch and the WAN interface is of course plugged into another switch provided by the ISP. My LAN switch had an issue today and the LAN interface failed over to the other OPNsense box on the other switch, however, since the WAN interface switch was fine, the WAN CARPS did not failover causing me to have an issue where traffic was coming into the router on the failed LAN switch but the gateway for the LAN was on the second router which had taken over the CARP for the LAN.. Needless to say, this caused a routing issue.

I assume this needs to be configured:

net.inet.carp.preempt: 1

Am i missing something in the configuration or was this removed?

Beloc

4

General Discussion / Routing services across IPsec tunnel

« on: June 07, 2018, 07:55:22 pm »

Hello guys.. I have a an IPsec tunnel to another location that works fine for internal access. However, I also have a domain controller on the other end of that tunnel that I would like OpenVPN to authenticate to. I have added another gateway pointing to my LAN IP as well as a static route to the IPsec tunnel endpoint address space that points to that gateway but it will still not route. I can see the route in the route table. I know this works fine on pfsense, is there anything different that has to happen on OPNsense?

Thank you for the help.