1
Hardware and Performance / Re: Poor Throughput (Even On Same Network Segment)
« on: April 14, 2022, 07:13:46 pm »
Is there a way how I could test this with a bare metal opnsense installation? How would I proceed here?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
General Discussion / Re: Throughput across Proxmox guests and data loss
« on: April 14, 2022, 07:10:10 pm »
Fascinating topic. Glad i stumbled over this thread.
3
German - Deutsch / Re: Opnsense -> iOS FritzFon-App poppt bei Anruf nicht mehr auf + Popup Kamerasystem
« on: February 15, 2021, 01:07:05 pm »Öhm, dieses rapapc und kamera interface haben öffentlich IP-Bereiche?!?
Dir ist klar, dass du mit deinen allow any-any rules eigentlich auch alles an ein einziges Interface hängen könntest? Die jeweils anderen Subnetze hinter der OPNsense stehen so weit offen wie Scheunentore...
Ich nehme mal an destiRS hat die einzelnen Subnets zu beginn offen damit er fehlerquellen ausschliessen kann. Haettest du denn noch eine Idee wie er schaun koennte warum einige sachen funktionieren und andere nicht?
4
General Discussion / HAProxy - map files and directory selection
« on: February 07, 2020, 02:17:32 pm »
Hey Frankie 
As far as i can determine the backend selection currently functions with
when navigating to sub.domain.tld the properbackend will be selected. however i would like to be able to forward directories e.g
As far as i can determine the backend selection currently functions with
Code: [Select]
use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/mapfile.txt,bk_defaultbackend)]
with a mapfile.txt containing something like this:Code: [Select]
sub.domain.tld bk_subdomainwhen navigating to sub.domain.tld the properbackend will be selected. however i would like to be able to forward directories e.g
Code: [Select]
sub.domain.tld/dir bk_subdomaindirwhich does not work with map.dom in the usebackend code. How would i go about this ?5
Tutorials and FAQs / Re: VPN Client - Gateway issue
« on: November 26, 2018, 11:53:30 am »
Beautiful! Thank you it was the routes thingy
6
Tutorials and FAQs / VPN Client - Gateway issue
« on: November 17, 2018, 03:38:21 pm »
Hey all complete beginner here,
I am running the latest stable of opnsense and i installed the opnvpn client on opnsense which creates a gateway and client, when you start the client the gateway becomes active.
It all works fine and dandy with the installation and then my entire network is routed throught the VPN Gateway, when i start the client the default gateway (WAN_DHCP) will be overwritten directly to (VPN_DHCP) for all my lans and vlans. However, i just want one vlan to be routed through the VPN gateway
I thought it would be straight forward and a simple change of the GATEWAY in the rules for each vlan and lan would to the trick, however then the only vlan that is working then is the one with the VPN_dhcp gateway selected.
I am running the latest stable of opnsense and i installed the opnvpn client on opnsense which creates a gateway and client, when you start the client the gateway becomes active.
It all works fine and dandy with the installation and then my entire network is routed throught the VPN Gateway, when i start the client the default gateway (WAN_DHCP) will be overwritten directly to (VPN_DHCP) for all my lans and vlans. However, i just want one vlan to be routed through the VPN gateway
I thought it would be straight forward and a simple change of the GATEWAY in the rules for each vlan and lan would to the trick, however then the only vlan that is working then is the one with the VPN_dhcp gateway selected.
7
Hardware and Performance / Re: Fiber Cards (intel x520DA2)
« on: November 13, 2018, 03:17:54 pm »
I am still confused, probably because i am new to >gbit networks.
I don't use the card with a direct attached twin cables. I use supported sfp modules from https://www.intel.com/content/www/us/en/support/articles/000005528/network-and-i-o/ethernet-products.html
to have normal ethernet and fiber capabilities. One SFP slot has a 1.25gbit fiber module plugged in.
I don't use the card with a direct attached twin cables. I use supported sfp modules from https://www.intel.com/content/www/us/en/support/articles/000005528/network-and-i-o/ethernet-products.html
to have normal ethernet and fiber capabilities. One SFP slot has a 1.25gbit fiber module plugged in.
8
Hardware and Performance / Re: Fiber Cards (intel x520DA2)
« on: November 13, 2018, 08:55:47 am »Isn't it possible that the media converter messes things up for FreeBSD?
Also, a Intel 520 DA2 can't do fiber, only Direct Attached Twin Axial cables.
Keep that in mind before plugging a fiber optic in it ;-)
https://ark.intel.com/products/39776/Intel-Ethernet-Converged-Network-Adapter-X520-DA2
Its weird that you mention this and yet, both, the Ethernet SFP and the BIDI device, work without a flaw.
9
Hardware and Performance / Re: Fiber Cards (intel x520DA2)
« on: November 12, 2018, 02:55:57 pm »
anything i can do about this?
At the moment i have two different sfp modules in there that are compatible.
one Lodfiber ABCU 5710RZ 1000Base-T Sfp Copper RJ-45 100 m Transceiver
one Intel SFP-BIDI-1310 BlueOptics SFP BO15C3155620D
At the moment i have two different sfp modules in there that are compatible.
one Lodfiber ABCU 5710RZ 1000Base-T Sfp Copper RJ-45 100 m Transceiver
one Intel SFP-BIDI-1310 BlueOptics SFP BO15C3155620D
10
Hardware and Performance / Re: Fiber Cards (intel x520DA2)
« on: November 12, 2018, 02:41:03 pm »
I mean its working fine right now. Also, i get my line speeds. I was just wondering why it sates no speeds
Intel X520-DA2 82599ES (is the modelnumber)
@mimugmail
my outputs are
and
for my rj45 sfp module
Intel X520-DA2 82599ES (is the modelnumber)
@mimugmail
my outputs are
Code: [Select]
acpi0: Power Button (fixed)
ix0: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> port 0x e020-0xe03f mem 0xf7c80000-0xf7cfffff,0xf7d04000-0xf7d07fff irq 16 at device 0.0 on pci1
ix0: Using MSI-X interrupts with 5 vectors
ix0: Ethernet address: 00:1b:21:9c:06:d8
ix0: PCI Express Bus: Speed 5.0GT/s Width x8
ix0: netmap queues/slots: TX 4/2048, RX 4/2048
ix1: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> port 0x e000-0xe01f mem 0xf7b80000-0xf7bfffff,0xf7d00000-0xf7d03fff irq 17 at device 0.1 on pci1
ix1: Using MSI-X interrupts with 5 vectors
ix1: Ethernet address: 00:1b:21:9c:06:da
ix1: PCI Express Bus: Speed 5.0GT/s Width x8
ix1: netmap queues/slots: TX 4/2048, RX 4/2048
vlan0: changing name to 'ix1_vlan69'
vlan1: changing name to 'ix1_vlan10'
vlan2: changing name to 'ix1_vlan5'
ix1: link state changed to UP
ix1_vlan69: link state changed to UP
ix1_vlan5: link state changed to UP
ix1_vlan10: link state changed to UP
ix0: link state changed to UP
ifa_maintain_loopback_route: insertion failed for interface ix0: 17
ifa_maintain_loopback_route: insertion failed for interface ix0: 17
ix0: link state changed to DOWN
ix0: link state changed to UP
ix0: link state changed to DOWN
ix1: link state changed to DOWN
ix1_vlan69: link state changed to DOWN
ix1_vlan5: link state changed to DOWN
ix1_vlan10: link state changed to DOWN
acpi0: Power Button (fixed)
ix0: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> port 0x e020-0xe03f mem 0xf7c80000-0xf7cfffff,0xf7d04000-0xf7d07fff irq 16 at device 0.0 on pci1
ix0: Using MSI-X interrupts with 5 vectors
ix0: Ethernet address: 00:1b:21:9c:06:d8
ix0: PCI Express Bus: Speed 5.0GT/s Width x8
ix0: netmap queues/slots: TX 4/2048, RX 4/2048
ix1: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> port 0x e000-0xe01f mem 0xf7b80000-0xf7bfffff,0xf7d00000-0xf7d03fff irq 17 at device 0.1 on pci1
ix1: Using MSI-X interrupts with 5 vectors
ix1: Ethernet address: 00:1b:21:9c:06:da
ix1: PCI Express Bus: Speed 5.0GT/s Width x8
ix1: netmap queues/slots: TX 4/2048, RX 4/2048
vlan0: changing name to 'ix1_vlan69'
vlan1: changing name to 'ix1_vlan10'
vlan2: changing name to 'ix1_vlan5'
ix1: link state changed to UP
ix1_vlan69: link state changed to UP
ix1_vlan5: link state changed to UP
ix1_vlan10: link state changed to UP
arp: 69.0.0.60 moved from c0:ee:fb:df:7f:70 to 0c:98:38:c4:85:59 on ix1_vlan69
arp: 192.168.0.50 moved from 02:ff:60:77:1d:58 to 02:ff:60:ea:67:9c on ix1_vlan1 0
ix0: link state changed to UP
ix0: link state changed to DOWN
ix1: link state changed to DOWN
ix1_vlan69: link state changed to DOWN
ix1_vlan5: link state changed to DOWN
ix1_vlan10: link state changed to DOWN
acpi0: Power Button (fixed)
ix0: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> port 0x e020-0xe03f mem 0xf7c80000-0xf7cfffff,0xf7d04000-0xf7d07fff irq 16 at device 0.0 on pci1
ix0: Using MSI-X interrupts with 5 vectors
ix0: Ethernet address: 00:1b:21:9c:06:d8
ix0: PCI Express Bus: Speed 5.0GT/s Width x8
ix0: netmap queues/slots: TX 4/2048, RX 4/2048
ix1: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> port 0x e000-0xe01f mem 0xf7b80000-0xf7bfffff,0xf7d00000-0xf7d03fff irq 17 at device 0.1 on pci1
ix1: Using MSI-X interrupts with 5 vectors
ix1: Ethernet address: 00:1b:21:9c:06:da
ix1: PCI Express Bus: Speed 5.0GT/s Width x8
ix1: netmap queues/slots: TX 4/2048, RX 4/2048
vlan0: changing name to 'ix1_vlan69'
vlan1: changing name to 'ix1_vlan10'
vlan2: changing name to 'ix1_vlan5'
ix0: link state changed to UP
ix0: link state changed to DOWN
ix0: link state changed to UP
ix1: link state changed to UP
ix1_vlan69: link state changed to UP
ix1_vlan5: link state changed to UP
ix1_vlan10: link state changed to UP
ix0: link state changed to DOWN
ix0: link state changed to UP
ix0: link state changed to DOWN
ix0: link state changed to UP
ix0: link state changed to DOWN
ix1: link state changed to DOWN
ix1_vlan69: link state changed to DOWN
ix1_vlan5: link state changed to DOWN
ix1_vlan10: link state changed to DOWN
acpi0: Power Button (fixed)
ix0: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> port 0x e020-0xe03f mem 0xf7c80000-0xf7cfffff,0xf7d04000-0xf7d07fff irq 16 at device 0.0 on pci1
ix0: Using MSI-X interrupts with 5 vectors
ix0: Ethernet address: 00:1b:21:9c:06:d8
ix0: PCI Express Bus: Speed 5.0GT/s Width x8
ix0: netmap queues/slots: TX 4/2048, RX 4/2048
ix1: <Intel(R) PRO/10GbE PCI-Express Network Driver, Version - 3.2.12-k> port 0x e000-0xe01f mem 0xf7b80000-0xf7bfffff,0xf7d00000-0xf7d03fff irq 17 at device 0.1 on pci1
ix1: Using MSI-X interrupts with 5 vectors
ix1: Ethernet address: 00:1b:21:9c:06:da
ix1: PCI Express Bus: Speed 5.0GT/s Width x8
ix1: netmap queues/slots: TX 4/2048, RX 4/2048
vlan0: changing name to 'ix1_vlan69'
vlan1: changing name to 'ix1_vlan10'
vlan2: changing name to 'ix1_vlan5'
ix0: link state changed to UP
ix1: link state changed to UP
ix1_vlan69: link state changed to UP
ix1_vlan5: link state changed to UP
ix1_vlan10: link state changed to UP
and
Code: [Select]
ix0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=c400b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,TXCSUM_IPV6>
ether 00:0e:c4:d2:89:89
hwaddr 00:1b:21:9c:06:d8
inet6 fe80::%ix0 prefixlen 64 scopeid 0x1
inet6 2a02: prefixlen 64 autoconf
inet ip.ip.ip.ip netmask 0xffffff00 broadcast 212.51.143.255
inet 2.1.1.2 netmask 0xffffffff broadcast 2.1.1.2
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
media: Ethernet autoselect (Unknown <rxpause,txpause>)
status: active
plugged: SFP/SFP+/SFP28 1000BASE-LX (LC)
vendor: OEM PN: SFP-BX-U31-IN SN: BOGU239 DATE: 2018-01-23
module temperature: 44.84 C Voltage: 3.30 Volts
RX: 0.05 mW (-12.51 dBm) TX: 0.23 mW (-6.23 dBm)
SFF8472 DUMP (0xA0 0..127 range):
03 04 07 00 00 00 02 12 00 01 01 01 0D 00 14 C8
00 00 00 00 4F 45 4D 20 20 20 20 20 20 20 20 20
20 20 20 20 00 00 00 00 53 46 50 2D 42 58 2D 55
33 31 2D 49 4E 20 20 20 31 2E 30 20 05 1E 00 1B
00 1A 00 00 42 4F 47 55 32 33 39 20 20 20 20 20
20 20 20 20 31 38 30 31 32 33 20 20 68 90 01 6D
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
for my rj45 sfp module
Code: [Select]
ix1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=c500b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,TXCSUM_IPV6>
ether 00:1b:21:9c:06:da
hwaddr 00:1b:21:9c:06:da
inet6 fe80::21b:21ff:fe9c:6da%ix1 prefixlen 64 scopeid 0x2
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
plugged: SFP/SFP+/SFP28 1000BASE-T (RJ45)
vendor: OEM PN: GLC-T SN: C1809270106 DATE: 2018-09-30
SFF8472 DUMP (0xA0 0..127 range):
03 04 22 00 00 00 08 00 00 00 00 01 0D 00 00 00
00 00 64 00 4F 45 4D 20 20 20 20 20 20 20 20 20
20 20 20 20 00 00 00 00 47 4C 43 2D 54 20 20 20
20 20 20 20 20 20 20 20 41 20 20 20 00 00 00 7C
00 1A 00 00 43 31 38 30 39 32 37 30 31 30 36 20
20 20 20 20 31 38 30 39 33 30 20 20 00 00 00 74
00 00 11 55 AD 3D D1 1F E3 F6 0B 6B 97 FF 8D 46
80 75 CD 00 00 00 00 00 00 00 00 00 A2 CB 7B E2
11
Hardware and Performance / Fiber Cards (intel x520DA2)
« on: November 09, 2018, 06:48:34 am »
Hello Interested People,
I just changed my hardware configuration from
ISP(Fiber) -> MediaConverter (fiber to rj45) -> OPNsense
to:
ISP(fiber) -> OPNsense (ix0) (Intel 520 DA2)
I am also online like this, however i noticed in the GUI that the negotiated speeds is set to unknown, and if config shows the same. Is that an issue
media: Ethernet autoselect (Unknown <rxpause,txpause>) is what i am refering to
I just changed my hardware configuration from
ISP(Fiber) -> MediaConverter (fiber to rj45) -> OPNsense
to:
ISP(fiber) -> OPNsense (ix0) (Intel 520 DA2)
I am also online like this, however i noticed in the GUI that the negotiated speeds is set to unknown, and if config shows the same. Is that an issue
Code: [Select]
ix0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=c400b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,TXCSUM_IPV6>
ether 00:0e:c4:d2:66:77
hwaddr 00:1b:21:9c:06:d8
inet6 fe80::20e:c4ff:fed2:7777%ix0 prefixlen 64 scopeid 0x1
inet6 2a02:168:2000:e:20e:c4ff:fed2:8989 prefixlen 64 autoconf
inet 11.11.11.11 netmask 0xffffff00 broadcast 11.11.11.255
inet 2.1.1.2 netmask 0xffffffff broadcast 2.1.1.2
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
media: Ethernet autoselect (Unknown <rxpause,txpause>)
status: active
(i changed my inet ip in this printout) media: Ethernet autoselect (Unknown <rxpause,txpause>) is what i am refering to
12
Hardware and Performance / Re: A few more Qotom Devices
« on: September 23, 2018, 11:01:12 pm »
I employ two of the qotom q355g4 and they handle 1gbit finev (one as a firewall one as a rancherOS host). I even had contacted the qotom support to get a recent bios which turned out to no problem whats so ever.
13
Documentation and Translation / HaProxy reverse proxy -> ssl offloading and endpoint termination
« on: September 19, 2018, 11:21:30 am »
Hey guys,
is there a nice tutorial out there on how to accomplish a haproxy setup that directs traffic based on subdomains, and requirements.
I am thinking about a simple workflow
ssl.mydomain.de:443 -> ssl offloading -> normal-backend
sni.mydomaind:443 -> endpoint termination -> sni-backend
typically this is achieved with a ton of acls/mapping and a backend that sorts them and directs them.
Cheers,
z
is there a nice tutorial out there on how to accomplish a haproxy setup that directs traffic based on subdomains, and requirements.
I am thinking about a simple workflow
ssl.mydomain.de:443 -> ssl offloading -> normal-backend
sni.mydomaind:443 -> endpoint termination -> sni-backend
typically this is achieved with a ton of acls/mapping and a backend that sorts them and directs them.
Cheers,
z
14
Web Proxy Filtering and Caching / Re: Concept Question: HAproxy plus LAN access - internal IP
« on: September 09, 2018, 12:58:22 pm »
you can only get this fixed with a dns overwrite
Pages: [1]