Messages

1

Hardware and Performance / Re: x710-da2 in an gen4 x4 port?

« on: December 11, 2023, 08:26:05 am »

Ok then I was correct.

Yes I guess in real world I will never reach it.

Just abit annoying that I can't use the x16 slot connected to cpu since that doubles power consumption of the system.(cpu c states..)

2

Hardware and Performance / x710-da2 in an gen4 x4 port?

« on: December 09, 2023, 06:34:28 pm »

X710-da2 is a full duplex dual 10 gigabit card pci gen3 x8. Will this be bottlenecked in a x4 port?

pcie gen3 x4 can manage 32Gbps

However since nic is full duplex I need to count on 40Gbps would mean it will be bottlenecked?

3

General Discussion / Howto change NIC ?

« on: November 07, 2023, 10:46:38 am »

Hello,
I have a dual nic which I want to change to another nic. There is only on pci slot so I can't run them in paralell.

I have VLAN's running aswell.

Do I just replace nic and configure it in CLI? Will VLAN's continue to work ?

Couldn't find any docs on this. Just some posts that make it sounds like it's a pain to achive without braking everything.

4

General Discussion / Re: Nat reflection problems 23.7

« on: August 08, 2023, 06:43:15 am »

Semi solved it myself.

Reflection seems to be working .

Had set geoip alias as source on the portforwards rule. Guess that blocks local networks..

Created a 2nd duplicate port forwarding rule with source set to local networks. I assume this also open up the possibility for local networks on the outside to access the port foward.(Don't know how easy that is to spoof..)

5

General Discussion / Nat reflection problems 23.7

« on: August 07, 2023, 08:21:35 pm »

Running Opnsense 23.7 and have been trying to set up nat reflection on my portforward.

Have a simple forward for port 22, fine to access it externaly on wan ip but not internally against wan ip.

Have enabled the following in Advanced
* Reflection for port forwards
* Reflection for 1:1
* Automatic outbound NAT for Reflection

Have also enabled reflection in port forward rule.

Have searched some and other people seems to have had the same problem, but seems it has resolved when they enabled the settings in advanced. Am I missing something else?

Cheers.

6

Development and Code Review / Re: Rest API for interface information like IP

« on: June 19, 2023, 07:50:43 am »

I wonder the same.

Want to use an ESP32 with an LCD screen to output metrics. Like public ip WAN in/out etc..

What options are there to get metrics out from opnsense, could not see anything in rest api's docs either.

Opnsense Grafana dashboard seem to use telegraf/influxdb so maybe this is the way to go? Would be nicer with fewer moving parts though

7

Hardware and Performance / Download/Upload performance difference.

« on: January 23, 2023, 12:40:14 pm »

I have a new default installation of opnsense where I have added 2 portfowarding rules.

Running with 10Gb dual nic and and an i5-12500 cpu(3Ghz, boost 4.1Ghz)
Installation is virtualized and using pci passthrugh for nic.

Been playing around with iperf3 and I notice that upload speed max out at ~9.37. Download jump around abit between 8-9.37. Guessing that when the CPU can't boost anymore speed goes down..

Why is there a difference? Ofc. there are a few firewall rules for incomming on WAN but not that many, have firewall rules between VLAN's but that does not drag down speed.
Is it translating back to local ip's which is more resource intensive then the other way?


In the end it does not really matter just curious.

8

General Discussion / Re: OPNsense - virtualized or not?

« on: January 11, 2023, 07:59:26 am »

I would guess it depends on often you tinker with the virtualization software/hardware. If virtualization layer fail/stops your internet access will go down aswell.

I am currently building the same solution myself. My reason is that I wan't to get rid of number of 24/7 running devices at home and build something which can take advantage of my 10gigabit WAN.

9

General Discussion / Re: Geoblock, block all, allow some

« on: December 26, 2022, 02:21:00 pm »

Hello,
I think I overthought it.
Just going through on howto implement my current unifi setup in opnsense.

Guess what i want to achive is
- permit country X, Y, Z allow portforward ssh to ip XXX
- permit country X, Y, Z allow portforward wireguard to ip XXX
- deny everything

10

General Discussion / Geoblock, block all, allow some

« on: December 26, 2022, 08:00:47 am »

Hello,
looking into geoblocking and I am wondering how it works.

Examples displays that you define countries which to block. However I would like to block everything and allow some countries and then continue matching next rule in list if country ip is allowed(can you do that?).

Wouldn't that be faster aswell? Since it would reduce the number ip ranges to check against?

11

19.7 Legacy Series / Re: GEOIP stopt working

« on: January 25, 2020, 05:46:51 pm »

Hmm.
Well generated a new Key at Maxmind but chose NO on "Will this key be used for GeoIP Update? " when generating key.

Which works for me now.

12

19.7 Legacy Series / Re: GEOIP stopt working

« on: January 25, 2020, 03:35:39 pm »

You should be able to paste that whole URL into a browser and it should download the zip file.. does it?

Yes as I wrote. When I paste it in a webbrowser a zip file is downloaded.

Zipfilename: GeoLite2-Country-CSV_20200121.zip
GeoLite2-Country-CSV_20200121
├── COPYRIGHT.txt
├── GeoLite2-Country-Blocks-IPv4.csv
├── GeoLite2-Country-Blocks-IPv6.csv
├── GeoLite2-Country-Locations-de.csv
├── GeoLite2-Country-Locations-en.csv
├── GeoLite2-Country-Locations-es.csv
├── GeoLite2-Country-Locations-fr.csv
├── GeoLite2-Country-Locations-ja.csv
├── GeoLite2-Country-Locations-pt-BR.csv
├── GeoLite2-Country-Locations-ru.csv
├── GeoLite2-Country-Locations-zh-CN.csv
├── LICENSE.txt
└── README.txt


I tried the recommended way to force download with recommended python 3 way but it immediately exited with:
{'address_count': 0, 'file_count': 0, 'timestamp': None, 'locations_filename': None, 'address_sources': {'IPv4': None, 'IPv6': None}}


Hmm Noticed that I get "invalid license key" in curl/other browsers where I didn't sign up for maxmind login.

13

19.7 Legacy Series / Re: GEOIP stopt working

« on: January 25, 2020, 12:56:26 pm »

I have aswell problems with geoip.

I have done a fresh install of my opnsense router. So I am at OPNsense 19.7.9_1-amd64

I have this url and when I paste it in a browser I get a ZIP file.
https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country-CSV&license_key=MYKEY&suffix=zip

I have deleted old alias and created a new geopip alias. When hitting apply I get "In order to use GeoIP, you need to configure a source in the GeoIP settings tab"

The MaxmInd option I choose when generating key are
Will this key be used for GeoIP Update? : YES
[CHECK] Generate a license key and config file for use with geopipupdate version 3.1.1 or newer. 

14

General Discussion / Loosing connection to opnsense no routing

« on: January 23, 2020, 02:45:44 pm »

Hello,
got some problems with my opnsense setup. 2-3 times/hour i loose connection to opnsense(routing) and maybe after 30secs everything comes back up again. I have looked at the logs but I don't know howto interpret the logs.

I do not use ipv6 and DHCPv6 Server is stopped. I have stopped the VPN client but doesn't seem to help either.

This is what I see in logs after I get connection back to the router. system->General logs

Jan 23 12:19:06    dhcp6c[24494]: Sending Solicit
Jan 23 12:18:34    dhcp6c[24494]: Sending Solicit
Jan 23 12:18:18    dhcp6c[24494]: Sending Solicit
Jan 23 12:18:14    opnsense: plugins_configure newwanip (,opt4)
Jan 23 12:18:14    opnsense: /usr/local/etc/rc.newwanip: Resyncing OpenVPN instances for interface VpnVPN.
Jan 23 12:18:14    kernel: pflog0: promiscuous mode enabled
Jan 23 12:18:14    kernel: pflog0: promiscuous mode disabled
Jan 23 12:18:14    opnsense: plugins_configure vpn (,opt4)
Jan 23 12:18:13    opnsense: /usr/local/etc/rc.newwanip: The VPN_VPNV4 monitor address is empty, skipping.
Jan 23 12:18:13    opnsense: /usr/local/etc/rc.newwanip: The VPN_VPNV6 monitor address is empty, skipping.
Jan 23 12:18:13    opnsense: /usr/local/etc/rc.newwanip: The WAN_DHCP monitor address is empty, skipping.
Jan 23 12:18:13    opnsense: /usr/local/etc/rc.newwanip: The WAN_DHCP6 monitor address is empty, skipping.
Jan 23 12:18:13    opnsense: plugins_configure monitor ()
Jan 23 12:18:13    opnsense: /usr/local/etc/rc.newwanip: ROUTING: skipping IPv6 default route

15

General Discussion / Opnsense have started behaving weired.

« on: January 03, 2020, 09:20:13 am »

Hello,
running opnsense and first of all I will apologize that I do not have any debug information but that's because I do not know where to look.

Recently I upgraded to OPNsense 19.7.8-amd64 and I have also switched to qotom Q555G6 hardware and since then I have had problems. When installing new hardware I restored from backup created from old hardware.

1a. When I create a firewall rule and hit apply the rule/rules does not work. However after a random amount of minutes the rule/rules suddenly starts to work and all is fine.

1b. It also happens that rules that I have is not applied after I reboot opnsense, need to disable/reenable them and I have to wait for random amount of minutes for hem to be applied.

2. I have also experienced short times of none internet access, everything goes down but then suddenly is up again. Would generaly have blamed ISP but I am not sure anymore. Since it comes up pretty fast after it happens I haven't been able to debug where the problem recides.

Have anyone experienced the same problem? Anyone got a suggestion on how I should trie to debug this?

Maybe it's time for a fresh install =/