Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - devilkin

#1
In my case, I run my 'prod' (aka the one connecting to the internet) OPNsense on bare metal. I do have a virtualised OPNsense for testing stuff in a lab environment.

* Router does one thing does one thing, and does it well
* In case my Proxmox host goes down, it doesn't take everything with it - a hypervisor needs patches + reboots to update kernels
#2
Hmmz. Ofcourse, this means that it'll be using your public ipv6 prefix, which is not guaranteed.
Does dhcpd6 update the ip addresses, or will it keep using the old ones?

Or should I just like hand out specific ula's..?
#3
That is so straightforward it hurts. Thx!
#4
Ah. That works too, just have to figure out how to get the DUIDs. Thanks.
#5
I was hoping there was someone with a cool idea.

When working with dhcpv6, how does one need to configure isc dhcp to do the registration?
I have the impression it also doesn't work out of the box.
#6
Hi,

I was wondering if there's a way to get ipv6 addresses registered in unbound for resolving in the local lan, without having to do this manually?

I'm in the process of reconfiguring my internal network to also fully support IPv6 using SLAAC. I've also added an ULA so ideally I'd like to have that be automatically registered in unbound - but sofar the solution is eluding me.

The only way I see forward is to use dhcpv6, but if I can avoid an extra service (also android devices don't do dhcpv6), it'd be fantastic.
#7
Have you checked if there is any process that is using a lot of cpu?
#8
General Discussion / Re: Option to Opnsense?
August 25, 2024, 12:40:19 PM
I've moved from the unifi usg to opnsense, because of the lack of options and control.

I do miss the unified pane of glass where you see and control it all, but I'd never go back.
#9
You'll really have to post more information - all setups are individual, there's no way to know what might be blocking your traffic.

Screenshots of your configuration might help. It's a big jump (which was probably never tested).
#10
Awesome news! Thank you!

How usable is the UEFI build at this point?
#11
Wouldn't there be a possibility to use some form of dyndns system (eg. Gandi has their own) to register the different hostnames, which are all CNAMES pointing at a haproxy setup, which then listens on port 161 and forwards the traffic based on the hostname? SNMP can use TCP, so this should work, I think.

Per server required you just have to register the necessary CNAME record.
#12
Hi,

I've been trying to use the unbound blocklists now for +- 6 months from the previous release into this one), and while they work, it's

  • exceedingly slow to load, blocking DNS entirely during the load for 5-10 minutes
  • activating the statistics dashboard takes quite some cpu load
  • opening the stats dashboard is also exceedingly slow - getting any data in it takes an actual minute

Is this 'normal' for the unbound blacklist implementation? I've reverted to using Adguardhome which does not suffer from this, even when running next to Opnsense on the same box.

The hardware I'm running on is not the most powerful - an APU2E4, and I'd love to go back to just using unbound, but the fact that every time I change something in the block list or whitelist a domain it takes forever to settle has caused some ruffled feathers at home.
#13
You just need to add the domain (so giphy.com), not the domain/*
#14
I've been having this problem from when I started with Opnsense (20.1 series): after a while the web interface stops responding, and the logs are flooded with


sonewconn: pcb 0xfffff800840e5ba0 (192.168.20.1:443 (proto 6)): Listen queue overflow: 193 already in queue awaiting acceptance (6 occurrences)
sonewconn: pcb 0xfffff800840e5ba0 (192.168.20.1:443 (proto 6)): Listen queue overflow: 193 already in queue awaiting acceptance (6 occurrences)
sonewconn: pcb 0xfffff800840e5ba0 (192.168.20.1:443 (proto 6)): Listen queue overflow: 193 already in queue awaiting acceptance (6 occurrences)


Restarting the web interface using

/usr/local/etc/rc.restart_webgui

helps, but I'm curious as to what actually causes this and how to fix it?