Messages

@pmhausen, how would I go about submitting a panic to help troubleshoot what might be causing this? Thanks.

You need to add the following to /boot/loader.conf.local :

sfxge_load="YES"

With that said, I've had issues with my Solarflare card. I have an SFN7122F that doesn't seem to work under Opnsense. Anytime I load the driver in loader.conf and reboot, the system panics after networking starts. The same card works fine under Linux. Seems to be an issue with the sfxge driver under FreeBSD 13.

This forum has seen an uptick in users since the pfsense exodus and might see some more. Ubiquiti breach worse than they said: https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/

Cool, I managed to get the kernel module to work, was able to maintain 900Mbit/sec through the tunnel with iperf3 running on the firewall. I have to believe load will be lower if I just route through it.

It looks like removing wireguard-go from the command line removes os-wireguard (which includes the UI interface for wireguard). Any way to remove this dependency?

Code Select Expand

[root@OPNsense ~]# pkg delete wireguard-go
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 2 packages (of 0 packages in the universe):

Installed packages to be REMOVED:
os-wireguard: 1.5
wireguard-go: 0.0.20210323,1

Number of packages to be removed: 2

The operation will free 3 MiB.

Proceed with deinstalling packages? [y/N]

Now that 21.1.4 has released, how do you transition to the kernel wireguard module? Do you have to uninstall wireguard-go first? Thanks.

Any idea when 21.1.4 will ship? :) No worries if you can't say.

@randomwalk,

as MrB stated there's an API available. In fact, a user wrote a solution to automatically create and manage wireguard keys for PIA. This could be the basis for a similar solution for MullVad: https://github.com/FingerlessGlov3s/OPNsensePIAWireguard

The Realtek NIC is more dependent on CPU performance. Have you tried disabling specter and meltdown mitigations? Also, make sure to enable powerd and set to "max" or "hiadaptive". These two make the biggest impact in throughput performance.

https://www.reddit.com/r/OPNsenseFirewall/comments/mascfl/another_pfsense_refugee_slow_wan_throughput_where/

I've been on Metronet for almost 2 years now with no issues but with a static IP. You might call in and ask for their free 1 year static trial option. They sometimes will even reset the trial period for you.

If you're looking for something that's relatively cheap ( ~ $150 on ebay), upgradable, can handle 1Gb link (it has a 3.1GHz CPU) and low power (idles at 10 watts), then check out the HP 290. There's a big thread below on the many use cases. Unfortunately it's not rack mountable but it is a small form factor. It has one 80mm fan but very quiet.

https://forums.serverbuilds.net/t/official-hp-290-p0043w-owners-thread/2829

This was covered recently on reddit from a user also on CenturyLink:

https://www.reddit.com/r/OPNsenseFirewall/comments/ma7x8h/wan_is_limited_to_750mbs_upload_on_1_gig_fiber/grrq9h3/?utm_source=reddit&utm_medium=web2x&context=3

I'm hitting close to that with a Celeron G4900 on a 1Gb symmetrical link on PIA. I started a thread on this: https://www.reddit.com/r/OPNsenseFirewall/comments/m8qhys/wireguardgo_is_good_enough/

@N0_Klu3, I've set it up where Adguard listens on port 53 and point the upstream DNS to the Unbound DNS server on OPNSense. You just need to change the port Unbound is listening on (e.g. 7553) and update Adguard upstream section accordingly.

This way local IP addresses have name resolution since the DHCP server on OPNsense registers all addresses and returned by Unbound. Hope this helps.

https://lists.zx2c4.com/pipermail/wireguard/2021-March/006494.html

Status of wiredguard in FreeBSD 13 and an unflattering opinion by Jason Donenfeld on a certain network company that contracted wireguard in FreeBSD 12. This might explain why some people have complained of kernel panics in PFsense 2.5.