1
22.1 Legacy Series / Re: DHClient stops suddenly? WAN-Connection down a few times a day
« on: May 13, 2022, 11:46:04 pm »
Does anyone has a solution or workaround for this?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
22.1 Legacy Series / Re: DHClient stops suddenly? WAN-Connection down a few times a day
« on: April 21, 2022, 06:40:44 pm »
Yes, I confirm : saving gateway settings and apply (without any modification) bring it back alive 
3
22.1 Legacy Series / Re: Running native ipv6 but I get no ipv6 default route
« on: April 19, 2022, 08:40:00 pm »
did you check if opnsense itself find an ipv6 route?
On my side,devices on my LAN receive an IPv6 address but won't reach internet:
- traceroute from laptop to google dns (ipv6) will stop when reaching opnsense
- traceroute from opnsense itself to google ipv6 dns give "no route to host"
I didn't tried the netgear switch trick but has opnsense itself cannot find its way,
my situation is a bit different.
what about you @gunnarf ?
On my side,devices on my LAN receive an IPv6 address but won't reach internet:
- traceroute from laptop to google dns (ipv6) will stop when reaching opnsense
- traceroute from opnsense itself to google ipv6 dns give "no route to host"
I didn't tried the netgear switch trick but has opnsense itself cannot find its way,
my situation is a bit different.
what about you @gunnarf ?
4
22.1 Legacy Series / Re: DHClient stops suddenly? WAN-Connection down a few times a day
« on: April 19, 2022, 04:18:39 pm »
Hi !
Did you find a solution to you issue ?
I'm not sure I have same issue, but I recently noticed that my backup WAN gateway (second WAN) sometimes appear down in opensense.
A simple DHCP release/renew (interface/overview menu) is good enough to get the gateway back to green.
my backup wan is a LTE router set in bridge mode.
Did you find a solution to you issue ?
I'm not sure I have same issue, but I recently noticed that my backup WAN gateway (second WAN) sometimes appear down in opensense.
A simple DHCP release/renew (interface/overview menu) is good enough to get the gateway back to green.
my backup wan is a LTE router set in bridge mode.
5
22.1 Legacy Series / Lenovo won't boot with 22.1 on internal ssd (no OS found)
« on: February 28, 2022, 11:37:09 pm »
Hi!
I'm struggling with my lenovo m720q to boot on internal SSD (PCI NVME) with 22.1.
it was working fine for months before with older version.
Install works fine but I tried several bios & install settings without success: when reboot, it says error 1962, no operating system found (boot loop).
I though ssd was dead so I tries a new one: same issue.
As a temporary work around it does boot and reboot fine with installation on external USB HDD (an old 80GB I had in my drawer)
ideas welcome...
I'm struggling with my lenovo m720q to boot on internal SSD (PCI NVME) with 22.1.
it was working fine for months before with older version.
Install works fine but I tried several bios & install settings without success: when reboot, it says error 1962, no operating system found (boot loop).
I though ssd was dead so I tries a new one: same issue.
As a temporary work around it does boot and reboot fine with installation on external USB HDD (an old 80GB I had in my drawer)
ideas welcome...
6
General Discussion / Re: What's the issue with the poor man bridge aka the dmz double nat ?
« on: January 29, 2022, 07:55:57 pm »
Hi both ! thanks for your great feedback, it give me some thinking and homework (this idea to disable NAT in opnsense need extra processing in my head.
@marcquark, I agree with your point and I would like to add in 'pro' that I could connect work computers ( I mean laptop provided by work) directly on the ISP router : So they stay out of my LAN (they don't need) and also not exposed to any misconfiguration I might do on my opnsense router
@marcquark, I agree with your point and I would like to add in 'pro' that I could connect work computers ( I mean laptop provided by work) directly on the ISP router : So they stay out of my LAN (they don't need) and also not exposed to any misconfiguration I might do on my opnsense router
7
General Discussion / Re: What's the issue with the poor man bridge aka the dmz double nat ?
« on: January 27, 2022, 06:07:30 pm »
Yes, I know.
But there's some place where only available solution is ISP modem that cannot be set in bridge and cannot be removed/replaced.
So, that's why I ask what could be the issues with double NAT through DMZ.
No offense, but I don't ask how to avoid this ;-)
But there's some place where only available solution is ISP modem that cannot be set in bridge and cannot be removed/replaced.
So, that's why I ask what could be the issues with double NAT through DMZ.
No offense, but I don't ask how to avoid this ;-)
8
General Discussion / What's the issue with the poor man bridge aka the dmz double nat ?
« on: January 27, 2022, 04:03:52 pm »
Hi !
I have read several times that double nat in principle is bad and I understand the issues that it can brings.
But it's less clear when it comes to use double nat through DMZ (sometimes called the poor man bridge mode).
Let's assume that I have 2 routers:
- ISP router, connected to internet on one side, providing a DMZ lan RJ45 on the other side.
ie: all incoming traffic from internet will be forwarded to a defined RJ45
- An Opnsense router with WAN port connected to DMZ RJ45 mentionned above and my LAN on the other side.
What could go wrong exactly ?
or what would work fine with ISP router in bridge mode that would not work with the DMZ trick ?
if it matters:
- I use VPN to access my LAN from my smartphone when I'm away (using vpn server in opnsense).
- I have some playstations (those devices are sensitives to NAT topics).
I have read several times that double nat in principle is bad and I understand the issues that it can brings.
But it's less clear when it comes to use double nat through DMZ (sometimes called the poor man bridge mode).
Let's assume that I have 2 routers:
- ISP router, connected to internet on one side, providing a DMZ lan RJ45 on the other side.
ie: all incoming traffic from internet will be forwarded to a defined RJ45
- An Opnsense router with WAN port connected to DMZ RJ45 mentionned above and my LAN on the other side.
What could go wrong exactly ?
or what would work fine with ISP router in bridge mode that would not work with the DMZ trick ?
if it matters:
- I use VPN to access my LAN from my smartphone when I'm away (using vpn server in opnsense).
- I have some playstations (those devices are sensitives to NAT topics).
9
21.7 Legacy Series / Re: How to use setting under Unbound:"Verfiy if CN in certficate matches"
« on: December 12, 2021, 09:37:31 pm »
Hi !
May I ask how to check if the provided "verify CN" works fine ?
I tried to figure out what to use with quad9...I found it may be dns.quad9.net...can I confirm this with opnsense logs or something?
May I ask how to check if the provided "verify CN" works fine ?
I tried to figure out what to use with quad9...I found it may be dns.quad9.net...can I confirm this with opnsense logs or something?
10
General Discussion / Re: IPv6 questions
« on: April 26, 2021, 12:11:44 pm »Rather go the Wifi shedule or VLAN route than play wack-a-mole anyway, you only have to change the DUID or MAC on the client and you get a new address, most 10 year olds probably now how to get around that sort of block.
I faced this some monthes ago: not really on purpose by the kids, but some android now offer random mac address on wifi.
This is a good idea for public wifi, but not good for home :-)
To avoid this, I restricted wifi AP with mac address white list: so only known mac are allowed (this option on phone to use random MAC has to be disabled)
This "Static ARP" option in DHCP can be usefull too, all this to be combined with dedicated VLAN/AP
So at the end, only known MAC can be used have to match known IP on a dedicated VLAN/subnet, so you can rules them all :-)
I have done only in IPv4 so far, due to this SLAAC only on android (also I didn't see something similar to static ARP on DHCPv6)
it may be possible to manage with the alias on MAC trick.
11
General Discussion / Re: humble suggestion:change or record default number of items listed from 7 to all.
« on: April 26, 2021, 11:51:58 am »
Well if there is trick to change this "7" in a settings files, could also do the job :-)
12
General Discussion / humble suggestion:change or record default number of items listed from 7 to all.
« on: April 26, 2021, 09:31:38 am »
Hi!
Would it be possible to change or remember the default items displayed in lists ?
I mean this:
7 is pretty small for modern screen and it's often needed to spend a little time to "where's my ryles? oh I forget there's only 7 displayed, let's change it".
if it's possible to consider this, I would be happy to have a tuning somewhere to change default value to "All".
Or it may be even easier just to keep last change: once I set "all" (or 50 or whatever), it should keep it for next visit.
What do you think ?
Would it be possible to change or remember the default items displayed in lists ?
I mean this:
7 is pretty small for modern screen and it's often needed to spend a little time to "where's my ryles? oh I forget there's only 7 displayed, let's change it".
if it's possible to consider this, I would be happy to have a tuning somewhere to change default value to "All".
Or it may be even easier just to keep last change: once I set "all" (or 50 or whatever), it should keep it for next visit.
What do you think ?
13
General Discussion / Re: Share internet bandwidth amongst users UN-evenly
« on: April 25, 2021, 10:38:41 pm »
Finally I found some hope here:
https://forum.opnsense.org/index.php?topic=16181.0
Following japtain.cack suggestion, I doubled my rules, one with "interface WAN", one similar with "Interface WAN/ Interface2 LAN".
It seems to work : I finally was able to drop down the low weight device when needed.
Further tests on going, and screenshot of all rules to come.
Do this workaround make sense ?
https://forum.opnsense.org/index.php?topic=16181.0
Following japtain.cack suggestion, I doubled my rules, one with "interface WAN", one similar with "Interface WAN/ Interface2 LAN".
It seems to work : I finally was able to drop down the low weight device when needed.
Further tests on going, and screenshot of all rules to come.
Do this workaround make sense ?
14
20.1 Legacy Series / Re: Traffic shaper is not working properly for me
« on: April 25, 2021, 10:35:14 pm »
Hi !
I do have VLANs but didn't wanted to do specific shaper on it....but still, I wasn't able to make the traffic shaper on my LAN (without V).
I apply same idea: I made eachs rules twice, with and without the LAN in interface2, seems to works much better now!
if some are interested, my post is here: https://forum.opnsense.org/index.php?topic=22776.msg108503#msg108503
I will add information about my tests with the idea from japtain.cack
I do have VLANs but didn't wanted to do specific shaper on it....but still, I wasn't able to make the traffic shaper on my LAN (without V).
I apply same idea: I made eachs rules twice, with and without the LAN in interface2, seems to works much better now!
if some are interested, my post is here: https://forum.opnsense.org/index.php?topic=22776.msg108503#msg108503
I will add information about my tests with the idea from japtain.cack
15
General Discussion / Re: Share internet bandwidth amongst users UN-evenly
« on: April 25, 2021, 05:28:39 pm »
Hi!
After re-read a bit more the document, I thought it may be better to re-use somewhat the howto with weighted queues here:
https://docs.opnsense.org/manual/how-tos/shaper_prioritize_using_queues.html
I tried a simple test:
Pipe: 10Mbps (~my DSL max DL speed):
Then, I added a couple of queues, with weight 1 & 9 (tried 1 & 100, no difference).
And the rules:
My expectation is that the devices matching weigth 9 shall have prority and more bandwidth than devices with weight 1.
So I launch a download on 192.168.1.90 using my full bandwidth and with weight 1.
Then, I launch some download on 192.168.1.14 and expected it will take priority...But it's stuck with few kbps while download on 192.168.1.90 is almost not impacted !
Did I do something wrong ?
After re-read a bit more the document, I thought it may be better to re-use somewhat the howto with weighted queues here:
https://docs.opnsense.org/manual/how-tos/shaper_prioritize_using_queues.html
I tried a simple test:
Pipe: 10Mbps (~my DSL max DL speed):
Then, I added a couple of queues, with weight 1 & 9 (tried 1 & 100, no difference).
And the rules:
My expectation is that the devices matching weigth 9 shall have prority and more bandwidth than devices with weight 1.
So I launch a download on 192.168.1.90 using my full bandwidth and with weight 1.
Then, I launch some download on 192.168.1.14 and expected it will take priority...But it's stuck with few kbps while download on 192.168.1.90 is almost not impacted !
Did I do something wrong ?