Messages

On UDPBroadcastRelay, leave the source and broadcast blank in your config. Set port as 65001.

Create a floating firewall rule and set the following:

Interfaces: select the same interfaces you put in the UDPBR config.
Protocol: UDP
Source: IP of HDR
Source Port: 65001
Dest: Net option for the network your device running the app is on.  Mine was LAN Net.

Good luck.

So I got this to work but slightly different setup.  I left source and broadcast blank in my UDP config.  But then I had to have two floating rules, since the source and destination are  randomized once the 1.1.1.1 is removed from UDP plugin.  This seems odd, I can lock this down a bit with source and dest devices but not sure if this is correct. But it is working now. See screenshot. (or I guess image links don't work?) https://imgshare.cc/fl6hu4ux



Edit: changed these to interface rules instead of floating, since LAN has a destination port of 65001 and random source, then on return IoT has source as 65001 and random destination.  So that seemed to get this to work now.

Been banging my head on the desk trying to solve this to no resolve. I have an HDHomeRun box in a seperate IoT vlan.  I've installad the udp broadcast relay plugin.  I have a floating firewall rule for UDP port 65001 for IoT and LAN networks and see allowed packets in the log. 

UDP Broacast relay config -

Port: 65001
Relay interface: IoT/LAN
Broadcast address: I've tried all kinds of combos even blank. I see traffic on 255.255.255.255 but I guess I can't use that in the plugin as it fails to start with that.  So what can I should I use here?
Source address: 1.1.1.1

Not sure how to troubleshoot this, I see allowed traffic, I see a single UDP 65001 packet from my computer, then two (return?) packets from the HDHomeRun box both UDP 65001.  But the app seems to not see the traffic. 

I welcome any help getting this figured out if it's possible. 

I did a re-install of my firewall with a restore from backup.  All is fine except I can't get this speedtest plugin to work again, my cron job exists but doesn't seem to run and the dashboard widget shows "Failed to load widget".  During the initial setup I couldn't remember which module to choose so I chose speedtest-cli but I'm thinking I should have chosen the other (that I can't remember what it's called) but also don't see how to reset the config back so I get the choice again.  I've tried uninstalling and re-installing the plugin a few times. 

I'd welcome any guidance.  :)

I haven't updated just yet.  I do rely on these backups and I'm confused a bit reading all this.  Can someone clarify what's going on here?  So, each backup file isn't a full backup?  For example with a restore we'd need a full and a diff?  I clean up backup files on the Nextcloud side, want to make sure I understand this so I don't blow out a full backup and bork up my ability to restore if needed. 

Or am I misunderstanding and this just creates a full backup on ANY change?  Along with just a goofy naming convention. 

Since it wasn't shared, here is the link to submit a bug, feature request, etc.  https://github.com/opnsense/core/issues/new/choose

Just a quick glance at a home user, with 10G backbone, but currently nearly pinning a core with only ~600Mbps file transfer.  This is a Intel i3-9100  Please @Zenarmor re-consider this decision.  I've promoted this product since inception, this is a big thorn I'm struggling with. 

It is a known fact that Unbound takes up DHCP names for dynamic leases only dynamically. If you create a reservation, it will take an Unbound restart to pick it up.

I do not exactly know how Unbound works with DHCP services other than ISC, like Kea or DNSmasq for dynamic leases, but I assume it works the same.

For me it's not a reservation, just normal dynamic leases.  The instance the prompted this post was a 3d printer that I powered on, but it happens for every newly leased device.  No, reservations or anything out of the ordinary.

I'm having a mildly frustrating issue, not sure when it started, but if there is a solution I'm ready to chase it. 

When a new device comes online, it gets it DHCP address and I can see it and it's host name under leases.  I can get to it via IP, but if I type it's host name it doesn't resolve.  A nslookup host.domain.com returns host not found, however if I restart the unbound service it's immediately available and resolves without issue.  It will eventually resolve on its own but it takes a long time, I've never waited it out fully to know how long. 

Is there a polling frequency that allows Unbound to pull in new DHCP leases?  Not sure exactly how these two talk, would have assumed any new DHCP lease would trigger something to add it to Unbound but that doesn't seem to happen. 

I do wish that OPNsense had better wifi support, it would be handy once in a while for things.

There's a decent list of wifi cards supported in freebSD 14.3.
I just not sure any would act as AP, they're all clients.

I guess you could wifi the LAN and WAN side of OPNsense, WAN side connects to the shared wifi AP, but you would still need another AP on LAN side for laptop/printer/etc AND fw to connect to. AP just needs to be layer-2, all the compute stuff can get dhcp from fw, etc. Voila, cable-less firewall.

I think that could work actually if opnsense can act as a Wi-Fi client in the wan it'd be simple enough to have a separate AP for the LAN.  Just have to figure out a compact device with a supported card.

[...]but this GL trvel router is flakey[...]

That's too bad. The GL.iNet devices are generally well-regarded by the OpenWRT folks, and it runs a modded OpenWRT from the factory. So suggesting "try OpenWRT" is kinda out the window.

I've never tried FreeBSD/OPNsense as a wi-fi client (much less AP), but I'd expect it to work OK with supported hardware. Getting that in a small form factor device might take some work. I grabbed a couple PCI-e devices (AR9380 "ath" and AX200 "iwf") off eBay to test... one of these days. How much money do you have (as time=money)?

Heh. For my wireless access at home I use an OpenWRT device broken down into two bridges (here I go with the bridges again...) where the wireless is on one with no IP assigned and a DHCP IP on the other for management only. The firewall is broken down to only separate the two bridges, and wireless clients are isolated. DHCP for both bridges is handled on my firewall. Similar concept to passeri's, but limited to my needs.

Yea that's what I thought too, I'm wondering if we just ended up with a bad unit.  Right out of the box I struggled just to get it to take updates, it'll show updating, reboot then be on the original firmware, usually after 4-5 retries/reboots it'll take the firmware.  I'm getting some interface errors in the logs, AI (if that can be trusted in the least) seems to think I have a hardware issue of some type or a firmware bug. 

Hate to even replace it, when it works it fits the bill perfectly. It's small, low power, quiet, and feature rich.  But I'm getting tired of getting nearly weekly calls of internet issues and constant pings from Uptime Kuma that it's down or high latency. 

Trying to figure out a better solution for my mother in law in an assisted living apartment complex.  They have shared WI-FI in the building but my mother in law has needs for smart TVs, printers, IoT etc. that needs to talk.  So for security and to allow her devices to talk I thought no big deal, grabbed a GL-MT3000 travel router, connected it to the apartment Wifi as WAN, setup her lan and wifi network/s, zero tier back to my opnsense firewall so she can access Jellyfin.  All is pretty good, but this GL trvel router is flakey, kinda reminds me of routers in the old days that needed a daily reboot to remain stable. I'm getting tired of fighting it...

Anyone have any thoughts on how I could plop and opnsense box down and use the Wi-Fi Wan?  I think I recall OPNsense doesn't like Wi-Fi adapters.  But thinking just rebuilding the "travel router" idea but with OPNsense instead of this goofy GL router. 

Secondly any other solutions that I might not be thinking of.   

I understand a company needs to make money. I am therefor happy to pay for my home subscription. If multicore support won't be in the free version, ok for me. Not nice, as multicore is plain standard nowadays as you other guys correctly stated, but ok.

It won't be ok however not to include multicore in home subscription. The upper plans are too pricey for my home purposes. I really think to quit home subscription, as I do not agree with that policy.

Think twice, if I were you, I would offer multicore for free, or include in home subscriptions whatever, to get more customers. Otherwise I guess you would lose them...

Locking multi-core support and limiting the number of policies in the home licensing is really gimping that tier IMO.  Making the tool cost prohibitive at a home license level. 

Just look how much Oracle charges per core... ROFLMAO...

I think you are confusing multi-core support with per-core licensing. Per-core licensing cost is pretty common across the enterprise stack. 

Oracle ZFS docs apply to Oracle hardware (former Sun) only, neither Linux nor FreeBSD.

FreeBSD uses GPT partitions. As do Ubuntu and Debian, if you follow the guide by zfsbootmenu.org. If you follow the OpenZFS guide for Ubuntu, it's /dev/disk/by-id.

FreeNAS and TrueNAS use GUUIDs. It's complicated.

Now the fact that the FreeBSD handbook is so outdated it is blatantly wrong - does not match in any way what the FreeBSD installer will (correctly) do - needs to be addressed. I'll poke some people.

Confusing is the big key word here, I'm a slight noob with FreeBSD and a full on noob with ZFS I've just been lost this whole time.

Regardless I appreciate the help and guidance here.

All good. I'd be interested into those guides you mentioned. If there is misleading documentation out there, we ought to do something about that.

https://sotechdesign.com.au/how-to-add-a-drive-to-a-zfs-mirror/

https://docs.oracle.com/cd/E53394_01/html/E54801/gayrd.html

https://askubuntu.com/questions/1301828/extend-existing-single-disk-zfs-with-a-mirror-without-formating-the-existing-hdd

https://www.devroom.io/2024/03/07/zfs-upgrade-single-disk-to-mirror/

I can go on and on, the issue is I didn't look up a freebsd specific guide. Figured ZFS was ZFS and a mirror is a mirror.  Ultimately I didn't know what I didn't know, so I guess my search was flawed.  But everything seemed to mostly agree, so figured that was the right path, and in my head a mirror is well... a mirror. I think in raid controller, on an old school RAID card I'd add in my disk, add it to the mirror, let it resilver/sync, go about my life and never think of it again.

Edit: I understand why this wouldn't have worked now, with a RAID controller, the OS and UEFI bootloader just points at the card instead of disks directly unlike ZFS.  I know know that boot info would have to exist on both disks in this instance.  IF it was just for storage I assume all that wouldn't be needed and the above guides would have been accurate.