Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - devilkin

Pages1 2 3
#1
General Discussion / Re: Pros and Cons of bare metal versus virtualization home environment
March 10, 2025, 12:54:07 PM
In my case, I run my 'prod' (aka the one connecting to the internet) OPNsense on bare metal. I do have a virtualised OPNsense for testing stuff in a lab environment.

* Router does one thing does one thing, and does it well
* In case my Proxmox host goes down, it doesn't take everything with it - a hypervisor needs patches + reboots to update kernels
#2
24.7, 24.10 Legacy Series / Re: Registering ipv6 lan addresses in DNS?
September 12, 2024, 10:09:40 PM
Hmmz. Ofcourse, this means that it'll be using your public ipv6 prefix, which is not guaranteed.
Does dhcpd6 update the ip addresses, or will it keep using the old ones?

Or should I just like hand out specific ula's..?
#3
24.7, 24.10 Legacy Series / Re: Registering ipv6 lan addresses in DNS?
September 12, 2024, 04:25:30 PM
That is so straightforward it hurts. Thx!
#4
24.7, 24.10 Legacy Series / Re: Registering ipv6 lan addresses in DNS?
September 12, 2024, 04:08:41 PM
Ah. That works too, just have to figure out how to get the DUIDs. Thanks.
#5
24.7, 24.10 Legacy Series / Re: Registering ipv6 lan addresses in DNS?
September 12, 2024, 01:06:52 PM
I was hoping there was someone with a cool idea.

When working with dhcpv6, how does one need to configure isc dhcp to do the registration?
I have the impression it also doesn't work out of the box.
#6
24.7, 24.10 Legacy Series / Registering ipv6 lan addresses in DNS?
September 12, 2024, 10:16:22 AM
Hi,

I was wondering if there's a way to get ipv6 addresses registered in unbound for resolving in the local lan, without having to do this manually?

I'm in the process of reconfiguring my internal network to also fully support IPv6 using SLAAC. I've also added an ULA so ideally I'd like to have that be automatically registered in unbound - but sofar the solution is eluding me.

The only way I see forward is to use dhcpv6, but if I can avoid an extra service (also android devices don't do dhcpv6), it'd be fantastic.
#7
24.7, 24.10 Legacy Series / Re: N100 Box - update from 24.7.1 to 24.7.2 results in much higher power draw
August 26, 2024, 03:56:28 PM
Have you checked if there is any process that is using a lot of cpu?
#8
General Discussion / Re: Option to Opnsense?
August 25, 2024, 12:40:19 PM
I've moved from the unifi usg to opnsense, because of the lack of options and control.

I do miss the unified pane of glass where you see and control it all, but I'd never go back.
#9
24.1, 24.4 Legacy Series / Re: Update my opensense from 22.7 to 24.2 no internet.
April 16, 2024, 11:24:44 AM
You'll really have to post more information - all setups are individual, there's no way to know what might be blocking your traffic.

Screenshots of your configuration might help. It's a big jump (which was probably never tested).
#10
Hardware and Performance / Re: PCENGINES APU[1-7] Coreboot SeaBIOS Open Source Firmware
April 16, 2024, 07:45:28 AM
Awesome news! Thank you!

How usable is the UEFI build at this point?
#11
24.1, 24.4 Legacy Series / Re: DNS aliases for WAN hostnames
March 01, 2024, 12:55:37 PM
Wouldn't there be a possibility to use some form of dyndns system (eg. Gandi has their own) to register the different hostnames, which are all CNAMES pointing at a haproxy setup, which then listens on port 161 and forwards the traffic based on the hostname? SNMP can use TCP, so this should work, I think.

Per server required you just have to register the necessary CNAME record.
#12
23.7 Legacy Series / Unbound blocklists - slow loading/slow statistics
August 08, 2023, 07:57:41 AM
Hi,

I've been trying to use the unbound blocklists now for +- 6 months from the previous release into this one), and while they work, it's

  • exceedingly slow to load, blocking DNS entirely during the load for 5-10 minutes
  • activating the statistics dashboard takes quite some cpu load
  • opening the stats dashboard is also exceedingly slow - getting any data in it takes an actual minute

Is this 'normal' for the unbound blacklist implementation? I've reverted to using Adguardhome which does not suffer from this, even when running next to Opnsense on the same box.

The hardware I'm running on is not the most powerful - an APU2E4, and I'd love to go back to just using unbound, but the fact that every time I change something in the block list or whitelist a domain it takes forever to settle has caused some ruffled feathers at home.
#13
23.1 Legacy Series / Re: 23.1.5_4 Unbound Whitelist Domains Broken
June 16, 2023, 03:09:44 PM
You just need to add the domain (so giphy.com), not the domain/*
#14
22.7 Legacy Series / Opnsense web interface unreacheable - listen queue overflow
October 25, 2022, 05:05:42 PM
I've been having this problem from when I started with Opnsense (20.1 series): after a while the web interface stops responding, and the logs are flooded with

Code Select

sonewconn: pcb 0xfffff800840e5ba0 (192.168.20.1:443 (proto 6)): Listen queue overflow: 193 already in queue awaiting acceptance (6 occurrences)
sonewconn: pcb 0xfffff800840e5ba0 (192.168.20.1:443 (proto 6)): Listen queue overflow: 193 already in queue awaiting acceptance (6 occurrences)
sonewconn: pcb 0xfffff800840e5ba0 (192.168.20.1:443 (proto 6)): Listen queue overflow: 193 already in queue awaiting acceptance (6 occurrences)


Restarting the web interface using
Code Select

/usr/local/etc/rc.restart_webgui

helps, but I'm curious as to what actually causes this and how to fix it?
#15
20.7 Legacy Series / Re: arp timeouts on VLAN cause connection interruptions
April 13, 2021, 08:27:49 AM
If you're using Ubiquity gear, checkout this post:

https://www.reddit.com/r/Ubiquiti/comments/mlit54/problems_with_broadcastmulticast_traffic_on_uap/
Pages1 2 3