Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - zwck

Pages1
#1
Hardware and Performance / Re: Poor Throughput (Even On Same Network Segment)
April 14, 2022, 07:13:46 PM
Is there a way how I could test this with a bare metal opnsense installation? How would I proceed here?
#2
General Discussion / Re: Throughput across Proxmox guests and data loss
April 14, 2022, 07:10:10 PM
Fascinating topic.  Glad i stumbled over this thread.
#3
German - Deutsch / Re: Opnsense -> iOS FritzFon-App poppt bei Anruf nicht mehr auf + Popup Kamerasystem
February 15, 2021, 01:07:05 PM
Quote from: chemlud on February 13, 2021, 01:49:37 PM
Öhm, dieses rapapc und kamera interface haben öffentlich IP-Bereiche?!?

Dir ist klar, dass du mit deinen allow any-any rules eigentlich auch alles an ein einziges Interface hängen könntest? Die jeweils anderen Subnetze hinter der OPNsense stehen so weit offen wie Scheunentore...

Ich nehme mal an destiRS hat die einzelnen Subnets zu beginn offen damit er fehlerquellen ausschliessen kann. Haettest du denn noch eine Idee wie er schaun koennte warum einige sachen funktionieren und andere nicht?
#4
General Discussion / HAProxy - map files and directory selection
February 07, 2020, 02:17:32 PM
Hey Frankie :D

As far as i can determine the backend selection currently functions with
Code Select

use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/mapfile.txt,bk_defaultbackend)] 

with a mapfile.txt containing something like this:

Code Select
sub.domain.tld bk_subdomain

when navigating to sub.domain.tld the properbackend will be selected. however i would like to be able to forward directories e.g
Code Select
sub.domain.tld/dir bk_subdomaindir
which does not work with map.dom in the usebackend code. How would i go about this ?
#5
Tutorials and FAQs / Re: VPN Client - Gateway issue
November 26, 2018, 11:53:30 AM
Beautiful! Thank you it was the routes thingy :D
#6
Tutorials and FAQs / VPN Client - Gateway issue
November 17, 2018, 03:38:21 PM
Hey all complete beginner here,

I am running the latest stable of opnsense and i installed the opnvpn client on opnsense  which creates a gateway and client, when you start the client the gateway becomes active.
It all works fine and dandy with the installation and then my entire network is routed throught the VPN Gateway,  when i start the client the default gateway (WAN_DHCP) will be overwritten directly to (VPN_DHCP) for all my lans and vlans. However, i just want one vlan to be routed through the VPN gateway

I thought it would be straight forward and a simple change of the GATEWAY in the rules for each vlan and lan would to the trick, however then the only vlan that is working then is the one with the VPN_dhcp gateway selected.
#7
Hardware and Performance / Re: Fiber Cards (intel x520DA2)
November 13, 2018, 03:17:54 PM
I am still confused, probably because i am new to >gbit networks.

I don't use the card with a direct attached twin cables. I use supported sfp modules from https://www.intel.com/content/www/us/en/support/articles/000005528/network-and-i-o/ethernet-products.html
to have normal ethernet and fiber capabilities. One SFP slot has a 1.25gbit fiber module plugged in.
#8
Hardware and Performance / Re: Fiber Cards (intel x520DA2)
November 13, 2018, 08:55:47 AM
Quote from: weust on November 09, 2018, 11:40:40 AM
Isn't it possible that the media converter messes things up for FreeBSD?

Also, a Intel 520 DA2 can't do fiber, only Direct Attached Twin Axial cables.
Keep that in mind before plugging a fiber optic in it ;-)
https://ark.intel.com/products/39776/Intel-Ethernet-Converged-Network-Adapter-X520-DA2

Its weird that you mention this and yet, both, the Ethernet SFP and the BIDI device, work without a flaw.
#9
Hardware and Performance / Re: Fiber Cards (intel x520DA2)
November 12, 2018, 02:55:57 PM
anything i can do about this?

At the moment i have two different sfp modules in there that are compatible.
one   Lodfiber ABCU 5710RZ 1000Base-T Sfp Copper RJ-45 100 m Transceiver
one    Intel SFP-BIDI-1310  BlueOptics SFP BO15C3155620D
#10
Hardware and Performance / Re: Fiber Cards (intel x520DA2)
November 12, 2018, 02:41:03 PM
I mean its working fine right now. Also, i get my line speeds. I was just wondering why it sates no speeds

Intel X520-DA2 82599ES (is the modelnumber)

@mimugmail
my outputs are


Code Select
acpi0: Power Button (fixed)
ix0: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> port 0x                                                                                                                     e020-0xe03f mem 0xf7c80000-0xf7cfffff,0xf7d04000-0xf7d07fff irq 16 at device 0.0                                                                                                                      on pci1
ix0: Using MSI-X interrupts with 5 vectors
ix0: Ethernet address: 00:1b:21:9c:06:d8
ix0: PCI Express Bus: Speed 5.0GT/s Width x8
ix0: netmap queues/slots: TX 4/2048, RX 4/2048
ix1: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> port 0x                                                                                                                     e000-0xe01f mem 0xf7b80000-0xf7bfffff,0xf7d00000-0xf7d03fff irq 17 at device 0.1                                                                                                                      on pci1
ix1: Using MSI-X interrupts with 5 vectors
ix1: Ethernet address: 00:1b:21:9c:06:da
ix1: PCI Express Bus: Speed 5.0GT/s Width x8
ix1: netmap queues/slots: TX 4/2048, RX 4/2048
vlan0: changing name to 'ix1_vlan69'
vlan1: changing name to 'ix1_vlan10'
vlan2: changing name to 'ix1_vlan5'
ix1: link state changed to UP
ix1_vlan69: link state changed to UP
ix1_vlan5: link state changed to UP
ix1_vlan10: link state changed to UP
ix0: link state changed to UP
ifa_maintain_loopback_route: insertion failed for interface ix0: 17
ifa_maintain_loopback_route: insertion failed for interface ix0: 17
ix0: link state changed to DOWN
ix0: link state changed to UP
ix0: link state changed to DOWN
ix1: link state changed to DOWN
ix1_vlan69: link state changed to DOWN
ix1_vlan5: link state changed to DOWN
ix1_vlan10: link state changed to DOWN
acpi0: Power Button (fixed)
ix0: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> port 0x                                                                                                                     e020-0xe03f mem 0xf7c80000-0xf7cfffff,0xf7d04000-0xf7d07fff irq 16 at device 0.0                                                                                                                      on pci1
ix0: Using MSI-X interrupts with 5 vectors
ix0: Ethernet address: 00:1b:21:9c:06:d8
ix0: PCI Express Bus: Speed 5.0GT/s Width x8
ix0: netmap queues/slots: TX 4/2048, RX 4/2048
ix1: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> port 0x                                                                                                                     e000-0xe01f mem 0xf7b80000-0xf7bfffff,0xf7d00000-0xf7d03fff irq 17 at device 0.1                                                                                                                      on pci1
ix1: Using MSI-X interrupts with 5 vectors
ix1: Ethernet address: 00:1b:21:9c:06:da
ix1: PCI Express Bus: Speed 5.0GT/s Width x8
ix1: netmap queues/slots: TX 4/2048, RX 4/2048
vlan0: changing name to 'ix1_vlan69'
vlan1: changing name to 'ix1_vlan10'
vlan2: changing name to 'ix1_vlan5'
ix1: link state changed to UP
ix1_vlan69: link state changed to UP
ix1_vlan5: link state changed to UP
ix1_vlan10: link state changed to UP
arp: 69.0.0.60 moved from c0:ee:fb:df:7f:70 to 0c:98:38:c4:85:59 on ix1_vlan69
arp: 192.168.0.50 moved from 02:ff:60:77:1d:58 to 02:ff:60:ea:67:9c on ix1_vlan1                                                                                                                     0
ix0: link state changed to UP
ix0: link state changed to DOWN
ix1: link state changed to DOWN
ix1_vlan69: link state changed to DOWN
ix1_vlan5: link state changed to DOWN
ix1_vlan10: link state changed to DOWN
acpi0: Power Button (fixed)
ix0: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> port 0x                                                                                                                     e020-0xe03f mem 0xf7c80000-0xf7cfffff,0xf7d04000-0xf7d07fff irq 16 at device 0.0                                                                                                                      on pci1
ix0: Using MSI-X interrupts with 5 vectors
ix0: Ethernet address: 00:1b:21:9c:06:d8
ix0: PCI Express Bus: Speed 5.0GT/s Width x8
ix0: netmap queues/slots: TX 4/2048, RX 4/2048
ix1: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> port 0x                                                                                                                     e000-0xe01f mem 0xf7b80000-0xf7bfffff,0xf7d00000-0xf7d03fff irq 17 at device 0.1                                                                                                                      on pci1
ix1: Using MSI-X interrupts with 5 vectors
ix1: Ethernet address: 00:1b:21:9c:06:da
ix1: PCI Express Bus: Speed 5.0GT/s Width x8
ix1: netmap queues/slots: TX 4/2048, RX 4/2048
vlan0: changing name to 'ix1_vlan69'
vlan1: changing name to 'ix1_vlan10'
vlan2: changing name to 'ix1_vlan5'
ix0: link state changed to UP
ix0: link state changed to DOWN
ix0: link state changed to UP
ix1: link state changed to UP
ix1_vlan69: link state changed to UP
ix1_vlan5: link state changed to UP
ix1_vlan10: link state changed to UP
ix0: link state changed to DOWN
ix0: link state changed to UP
ix0: link state changed to DOWN
ix0: link state changed to UP
ix0: link state changed to DOWN
ix1: link state changed to DOWN
ix1_vlan69: link state changed to DOWN
ix1_vlan5: link state changed to DOWN
ix1_vlan10: link state changed to DOWN
acpi0: Power Button (fixed)
ix0: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> port 0x                                                                                                                     e020-0xe03f mem 0xf7c80000-0xf7cfffff,0xf7d04000-0xf7d07fff irq 16 at device 0.0                                                                                                                      on pci1
ix0: Using MSI-X interrupts with 5 vectors
ix0: Ethernet address: 00:1b:21:9c:06:d8
ix0: PCI Express Bus: Speed 5.0GT/s Width x8
ix0: netmap queues/slots: TX 4/2048, RX 4/2048
ix1: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> port 0x                                                                                                                     e000-0xe01f mem 0xf7b80000-0xf7bfffff,0xf7d00000-0xf7d03fff irq 17 at device 0.1                                                                                                                      on pci1
ix1: Using MSI-X interrupts with 5 vectors
ix1: Ethernet address: 00:1b:21:9c:06:da
ix1: PCI Express Bus: Speed 5.0GT/s Width x8
ix1: netmap queues/slots: TX 4/2048, RX 4/2048
vlan0: changing name to 'ix1_vlan69'
vlan1: changing name to 'ix1_vlan10'
vlan2: changing name to 'ix1_vlan5'
ix0: link state changed to UP
ix1: link state changed to UP
ix1_vlan69: link state changed to UP
ix1_vlan5: link state changed to UP
ix1_vlan10: link state changed to UP



and

Code Select

ix0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=c400b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,TXCSUM_IPV6>
        ether 00:0e:c4:d2:89:89
        hwaddr 00:1b:21:9c:06:d8
        inet6 fe80::%ix0 prefixlen 64 scopeid 0x1
        inet6 2a02: prefixlen 64 autoconf
        inet ip.ip.ip.ip netmask 0xffffff00 broadcast 212.51.143.255
        inet 2.1.1.2 netmask 0xffffffff broadcast 2.1.1.2
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
        media: Ethernet autoselect (Unknown <rxpause,txpause>)
        status: active
        plugged: SFP/SFP+/SFP28 1000BASE-LX (LC)
        vendor: OEM PN: SFP-BX-U31-IN SN: BOGU239 DATE: 2018-01-23
        module temperature: 44.84 C Voltage: 3.30 Volts
        RX: 0.05 mW (-12.51 dBm) TX: 0.23 mW (-6.23 dBm)

        SFF8472 DUMP (0xA0 0..127 range):
        03 04 07 00 00 00 02 12 00 01 01 01 0D 00 14 C8
        00 00 00 00 4F 45 4D 20 20 20 20 20 20 20 20 20
        20 20 20 20 00 00 00 00 53 46 50 2D 42 58 2D 55
        33 31 2D 49 4E 20 20 20 31 2E 30 20 05 1E 00 1B
        00 1A 00 00 42 4F 47 55 32 33 39 20 20 20 20 20
        20 20 20 20 31 38 30 31 32 33 20 20 68 90 01 6D
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00


for my rj45 sfp module

Code Select

ix1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=c500b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,TXCSUM_IPV6>
        ether 00:1b:21:9c:06:da
        hwaddr 00:1b:21:9c:06:da
        inet6 fe80::21b:21ff:fe9c:6da%ix1 prefixlen 64 scopeid 0x2
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        plugged: SFP/SFP+/SFP28 1000BASE-T (RJ45)
        vendor: OEM PN: GLC-T SN: C1809270106 DATE: 2018-09-30

        SFF8472 DUMP (0xA0 0..127 range):
        03 04 22 00 00 00 08 00 00 00 00 01 0D 00 00 00
        00 00 64 00 4F 45 4D 20 20 20 20 20 20 20 20 20
        20 20 20 20 00 00 00 00 47 4C 43 2D 54 20 20 20
        20 20 20 20 20 20 20 20 41 20 20 20 00 00 00 7C
        00 1A 00 00 43 31 38 30 39 32 37 30 31 30 36 20
        20 20 20 20 31 38 30 39 33 30 20 20 00 00 00 74
        00 00 11 55 AD 3D D1 1F E3 F6 0B 6B 97 FF 8D 46
        80 75 CD 00 00 00 00 00 00 00 00 00 A2 CB 7B E2
#11
Hardware and Performance / Fiber Cards (intel x520DA2)
November 09, 2018, 06:48:34 AM
Hello Interested People,

I just changed my hardware configuration from

ISP(Fiber) -> MediaConverter (fiber to rj45) -> OPNsense

to:

ISP(fiber) -> OPNsense (ix0) (Intel 520 DA2)

I am also online like this, however i noticed in the GUI that the negotiated speeds is set to unknown, and if config shows the same. Is that an issue

Code Select
ix0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=c400b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,TXCSUM_IPV6>
        ether 00:0e:c4:d2:66:77
        hwaddr 00:1b:21:9c:06:d8
        inet6 fe80::20e:c4ff:fed2:7777%ix0 prefixlen 64 scopeid 0x1
        inet6 2a02:168:2000:e:20e:c4ff:fed2:8989 prefixlen 64 autoconf
        inet 11.11.11.11 netmask 0xffffff00 broadcast 11.11.11.255
        inet 2.1.1.2 netmask 0xffffffff broadcast 2.1.1.2
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
        media: Ethernet autoselect (Unknown <rxpause,txpause>)
        status: active

(i changed my inet ip in this printout)
media: Ethernet autoselect (Unknown <rxpause,txpause>) is what i am refering to
#12
Hardware and Performance / Re: A few more Qotom Devices
September 23, 2018, 11:01:12 PM
I employ two of the qotom q355g4 and they handle 1gbit finev (one as a firewall one as a rancherOS host).   I even had contacted the qotom support to get a recent bios which turned out to no problem whats so ever.
#13
Documentation and Translation / HaProxy reverse proxy -> ssl offloading and endpoint termination
September 19, 2018, 11:21:30 AM
Hey guys,

is there a nice tutorial out there on how to accomplish a haproxy setup that directs traffic based on subdomains, and requirements.

I am thinking about a simple workflow

ssl.mydomain.de:443 -> ssl offloading -> normal-backend
sni.mydomaind:443 -> endpoint termination -> sni-backend

typically this is achieved with a ton of acls/mapping and a backend that sorts them and directs them.

Cheers, 
z
#14
Web Proxy Filtering and Caching / Re: Concept Question: HAproxy plus LAN access - internal IP
September 09, 2018, 12:58:22 PM
you can only get this fixed with a dns overwrite
Pages1