Messages

1

21.1 Legacy Series / Re: Migrate existing Wireguard road warrior setup to OpnSense?

« on: June 15, 2021, 03:55:38 pm »

But you can also easily edit keys in the GUI AFAIK

D'oh!  Of course - let it do the initial set up, then just edit to match my existing configuration.  How dumb of me - making it harder than it was.  Thanks for pointing out the obvious

2

Hardware and Performance / Re: The Holy Grail of Home Lab and Office Hardware

« on: June 15, 2021, 03:49:41 pm »

I picked up two Dell VFP1445 for $125/ea as new open box on eBay this week. This is my holy grail.

Very nice indeed! 

The Fitlet2 came in - very impressed with the build quality and little touches - for example, even though it is powered through a DC barrel connector, the connector can twist lock into place.   

I think it's an OK value for the money, especially if you want something plug and play and with a bit of a warranty.  I will have to keep my eyes out for those Dell Edge SDN boxes, though - especially the rackmount versions.  Great looking kit!

3

21.1 Legacy Series / Re: Migrate existing Wireguard road warrior setup to OpnSense?

« on: May 21, 2021, 10:49:05 pm »

Aha - so the config *is* in there somewhere, eh?  I have seen everything but the path to where they are - can you give met the path?

Is it saved as part of the firewall backup/restore through the GUI or is it something I need to track separately?

Thanks!

4

21.1 Legacy Series / Re: Wireguard VPN performance not hosted on OpenSense

« on: May 21, 2021, 05:51:40 pm »

OK after lots of searching around, resolution of similar complaints with OpenVPN on another firewall lead to discussions of UDP timeouts and then I found this: https://forum.opnsense.org/index.php?topic=3901.msg13753#msg13753

So I made that change and things have improved - I now get a hiccup of just a second or two every 30-40 seconds.  I think I might be on the right path!  Still digging...

5

21.1 Legacy Series / Dynamic DNS with hover.com

« on: May 21, 2021, 04:38:43 pm »

So helping a friend with their network and they use hover for their DNS.  I did find a python script that looks like it will dynamically update DNS with Hover and there does seem to be a few paths to run python on OpnSense.  Before I run off and cobble something together thought I would check to see if anyone else has solved this and would care to share.  I've done quite a bit of searching and there are some promising threads as far as python goes, but most of those methods look like you need to be careful of upgrades wiping something out, etc.

6

21.1 Legacy Series / Wireguard VPN performance not hosted on OpenSense

« on: May 21, 2021, 04:34:09 pm »

I have a road warrior setup on PiVPN with a Raspberry Pi.  Site was using pfSense, just recently changed it over to OpnSense.  Set up the port forwarding in NAT and everything works fine. 

The issue is if I connect to a Windows machine via RDP/Remote Desktop over the VPN, the session will freeze within a couple of minutes.  Sometimes it will pick back up, sometimes I have to close the session and re-open it where I will get a couple of minutes, max.

It feels like a handshaking issue of some sort but nothing is jumping out in what would be different between OpnSense vs. pfSense (where it worked fine all last year).  There are quite a few more options in the port forwarding for OpnSense and I'm working my way through them but thought I would toss this out in case someone happens to know and could share a quick insight!

7

21.1 Legacy Series / Migrate existing Wireguard road warrior setup to OpnSense?

« on: May 21, 2021, 04:24:18 pm »

I have an existing Wireguard road warrior setup on a raspberry pi, but now that I have upgraded my OpnSense hardware to something more robust I should easily be able to consolidate everything onto OpnSense.  I've looked over the documentation and the configuration forms in the GUI, but there doesn't seem to be an easy (or at least obvious) way to transfer over the configuration of an existing Wireguard into OpnSense?  It appears to insist on auto generating all the keys and there doesn't appear to be a way to change them later?

I suppose I could configure a road warrior Wireguard, save a firewall backup file then edit it with all my existing keys and finally restore that backup - that would probably work but am I missing something that might be easier? 

It feels like with the editing backup path I could easily miss something significant that would make troubleshooting really fun either immediately or even better (ha!) much later. 

8

General Discussion / Re: Block ads inside YouTube App?

« on: April 13, 2021, 05:00:18 am »

On IoS there was an alternative front end to YouTube called Invidious which has shuttered but was FOSS so there are clones, it might be possible to set as a webapp? Only buzz I've heard though, not been hands on with the devices.

On iOS there is a paid blocker - 1Blocker - that works beautifully with YouTube in Safari.  You can also play YouTube full screen then collapse to PIP with the built in iOS PIP and that allows you to play YouTube "in the background" without subscribing to YouTube red or whatever it is.

Yes, there is a small in app purchase for 1Blocker but it's also 100% ad free which is usually the point of content blocking

9

General Discussion / Re: Slow initial DNS lookup

« on: April 13, 2021, 01:47:41 am »

well, I feel a bit silly. Long story short I have an Unifi USW-24 switch that isn't playing nice with OPNsense (not sure why yet)

Unifi switches can have weird blocking issues (that don't always show in the UI either) if you don't manually set the RTSP to something other than the factory defaults: https://help.ui.com/hc/en-us/articles/360006836773-UniFi-USW-Configuring-Spanning-Tree-Protocol

Not saying that's the issue here but it can't hurt and might solve other future issues.

10

Hardware and Performance / Re: HDD an absolute necessity ?

« on: April 13, 2021, 01:21:46 am »

SSDs are NOT needed.  It's a firewall for goodness sake - any old hard drive will work fine. I have many running on old laptop hard drives that are slow, but obviously very reliable.

And I think OpnSense has the same option to run entirely out of a RAM disk if desired - and as you surmise you can configure it to send logs to a syslog server.

11

Hardware and Performance / Re: The Holy Grail of Home Lab and Office Hardware

« on: April 13, 2021, 01:10:25 am »

Ordered the E3950 version of the Fitlet2 from here this morning: http://fitpc.com/shop/configure?c=10

Pre configured with RAM, SSD and the VSA plate. Will be interesting to see what the shipping time and out of box experience is like.

12

21.1 Legacy Series / Re: Mean catch in DHCP configuration

« on: April 13, 2021, 12:58:37 am »

Yup, you are correct. That also explains why only some clients had problems. However, most other DHCP GUIs do not expose that setting at all. There should be a large warning sign that goes along with it, since many modern IoT devices seem to be affected.

I changed the thread title since it is not really a 'bug'.

Lots of bad code out there, especially with IoT thingies. Which is why I like as many of them to be POE powered as possible.  Make a major change on the network?  Just unplug my POE switches, count to 10, plug back in and all my stuff get's rebooted

When in doubt, shut up and reboot
https://dilbert.com/strip/1999-08-04

13

Hardware and Performance / Ideas for good 1U with 4 line display?

« on: June 16, 2020, 03:23:11 pm »

I'd like to find a 1U rack mountable device with a 4 line LCD display.  I have one location where I need to have someone local check some basic stats on a routine basis over the phone where I don't have remote access - hence the desire for a 4 line LCD display on the front of the case that OpnSense could support.  I've looked at old Watchguard and other appliances but it's hard to tell what the specs on some of the devices are.  If anyone has any ideas of any models, or if there is a firewall appliance wiki, forum or something I'm missing that would be great.

I suppose there's probably a whole Reddit forum dedicated to something like this if I could just surface it. 

14

Hardware and Performance / Re: [Work In Progress] OPNsense Ported into ARM Devices

« on: April 18, 2020, 10:23:00 pm »

Glad to see ARM in the works!  The new Ubiquiti kit is ARM instead of MIPS and it would be cool once this ships if it could be used for OpnSense: https://community.ui.com/questions/Introducing-the-UniFi-Next-Gen-Gateway-Product-Line-Starting-with-UXG-Pro-/732dd4dd-10bf-463c-8622-382d77702872

Drivers and booting would be obvious issues to solve but if the price is comparable to the UDM Pro it would be a compelling hardware platform for the money!