OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of JamesFrisch »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - JamesFrisch

Pages: [1] 2 3 ... 5
1
General Discussion / Re: Who uses opnsense in companies
« on: October 24, 2024, 11:03:22 am »
Who offers a better firewall ui?
To me they are pretty much all the same, no matter if pfSense, Meraki, FortiGate...


2
General Discussion / Re: Who uses opnsense in companies
« on: October 24, 2024, 07:55:54 am »
I installed multiple OPNsense firewalls in SMB environments, and also some Meraki and Unifi stuff.

The "better support and professional support" is a pipe dream. I would even say that if you are willing to pay for OPNsense support, their support is far superior. Heck let me even go one step further, Franco and Patrick in this forum offer better support than paid phone support for Meraki  ;)

The main problem OPNsense has is the "nobody ever got fired for buying blue" problem.

I have a great "nobody ever got fired for buying blue" story.
Switzerland gov needed a new emergency telephone provider.

We have the formerly state owned ISP Swisscom. They are expensive but offer ok quality.
They used their old analog line for a long time, then all of a sudden realized that they can save money by going digital. So over a pretty short time they migrated millions of users to VOIP. I even worked there at that time  ;)

We have also have the ISP Sunrise. They are the cheap competitor with worse quality. But because they never owned their own landline and always had to rent it, they were doing VOIP over the phone line and fiber for years with great success.

There are of course also many other ISPs and also VoIP only providers, but I will leave them out for simplicity.


So while Swisscom was pretty new to the VoIP game, Sunrise was rock solid for years.
Swisscom had multiple nationwide failures where the phone would go offline for hours.


Now, imagine you are in the situation to decide which one to choose as a provider for your state wide emergency line. Which one would you choose? Sunrise? Wrong!

When something goes wrong with Sunrise people will tell you:
"why the fu** did you choose Sunrise? They are only second! They are cheap! What did you expect that would happen!"
Compare that with your bosses argument "because it just works and large companies use meraki, and nobody uses opnsense". Sounds familiar?

So you choose Swisscom instead. Despite them having two nationwide VoIP failures even before the time you do your evaluation! No joke!
Guess what happened next.
Of course we had 3 additional incidents where our emergency lines went down and we had police stations publish their Sunrise mobile phone numbers so people could contact the police.
What was the public reaction to that debacle?

"Well that sucks. But nothing we can do about it. Swisscom is the market leader. If they can't do it, nobody can. This is just like the weather, it is simply something we have no influence over".


3
24.7 Production Series / Re: Updated to 24.10 broken business subsricption?
« on: October 17, 2024, 11:12:34 pm »
Problem went away, maybe CDN was not ready before.

4
24.7 Production Series / Updated to 24.10 broken business subsricption?
« on: October 17, 2024, 09:03:28 pm »
After the update, the mirror is now this:


https://opnsense-update.deciso.com/${SUBSCRIPTION}/FreeBSD:14:amd64/24.10   


and when searching for an update it will fail.


In the settings, if I try to safe them, I will get this error, even though I have selected business:

Subscription cannot be set for non-subscription firmware mirror


5
German - Deutsch / Re: neue Hardware für OPNSense
« on: October 09, 2024, 02:19:32 pm »
n100 ist genial. Allerdings haben diese Chinaimporte auch Nachteile.

Garantie kannst du komplett streichen.
BIOS und/oder Idle Verbrauch ist teilweise übel.

Ich persönlich nehme da lieber einen alten OfficePC mit einer NIC.
Braucht auch nur 15W, obwohl dies ein alter 2017 intel i5 8000 mit alter Chelsio 520 ist.

6
24.7 Production Series / Re: OPNsense as a VM in Proxmox, what FS to select UFS or ZFS
« on: September 19, 2024, 08:18:16 am »
I would go with UFS, simply because I assume that virtualized ZFS is not a great idea and since you virtualize OPNsense, you can use Snapshots/Backups in Proxmox.

7
German - Deutsch / Re: Vorstellung und eine Herausforderung
« on: September 04, 2024, 02:25:52 pm »
Hi Tosan

Geht so nicht.
Du hast ein Fritte und dahinter eine OPNsense. Damit halst Du Dir viele Probleme ins Haus, von Double NAT über mühsame Firewall Regeln usw.   :P


Was du brauchst, ist eine Modem im Bridge Mode (kann die Fritte nicht), damit deine OPNsense als Modem arbeiten kann.


Eventuell kannst du was mit DMZ basteln, aber das halte ich auch für Quark.
Was hast du für ein Internetanschluss? Glas? Kupfer?

8
General Discussion / Re: Is OPNsense hanging - causing network slowness?
« on: August 11, 2024, 10:41:08 am »
Speedtest are good measuring max bandwith but not so great in measuring stability.
You could run a ping test to google.com instead (both for IPv4 and IPv6) and see if there are spikes in the response time or even timeouts.

I am currently doing the same thing, not sure if my AP, Switch or OPNsense is acting up.
Since I only have ping problems from my Laptop, but not if I ping from OPNsense Interfaces: Diagnostics: Ping
I know that the problem has to be my hardware in between  :)

9
German - Deutsch / Re: Kaufberatung für Neuling
« on: August 09, 2024, 08:36:04 am »
Bei "nur" 1Gbit reicht zum Start auch ein alter Office PC, den du noch rumstehen hast.
Mein alter i3-8100 macht 10Gbit, mit Surricata 6,5Gbit.

WireGuard speeds habe ich nicht getestet, brauche ich nur für RDP und paar webGUIs.


10
German - Deutsch / Re: Verständnisfragen OpenVPN Instanzen, Server, Multi Site-to-Site
« on: August 02, 2024, 12:42:28 pm »
Das beantwortet die Frage nicht wirklich.
Ein Tunnel ist das genaue Gegenteil von getrennten Netzwerken, da es darum geht getrennte Netzwerke zu verbinden :)

Was müssen denn für Daten fliessen? Ein Beispiel, möchtest du von der Hauptzentrale auf remote Geräte zugreifen? Oder senden diese Remote Geräte Daten? Braucht es dafür überhaupt einen Tunnel oder wäre https nicht einfacher? Fragen über Fragen. Technisch ist alles easy machbar, aber ein sauberer Plan muss her.

Kommst du aus der Netzwerk oder IT Branche? Ich würde mir eventuell externe Hilfe holen. Oder du erstellst erstmal ein Konzept. Dann hast du den schwierigsten Teil geschafft und die OpenVPN Anleitungen von Opnsense sind der einfache Part. Jedenfalls wenn du einigermassen IPv4/6, Subnetze, DynDNS, a und aaaa records verstehst.

11
German - Deutsch / Re: Verständnisfragen OpenVPN Instanzen, Server, Multi Site-to-Site
« on: August 01, 2024, 01:08:58 pm »
Du brauchst nur eine Instanz, es sein denn du brauchst unterschiedliche server configs.
Wüsste nicht wozu, kenne aber auch deinen use case nicht.

12
German - Deutsch / Re: Verständnisfragen OpenVPN Instanzen, Server, Multi Site-to-Site
« on: August 01, 2024, 11:38:44 am »
Quote
Was genau ist der unterschied zwischen einer Instanz und dem Legacy Server?

Eines ist die neue Implementierung, das andere die legacy.

Quote
Sollte man für diese Anzahl eher eine einzelne Instanz, mehrere Instanzen oder mehrere Server erstellen?
Die Anzahl ist dabei nicht entscheidend, sondern der use case.


Quote
Macht es Sinn noch Legacy Server zu erstellen oder fallen die eh irgendwann weg?
Natürlich weg. Ich würde mich eher fragen, ob es noch zeitgemäss ist OpenVPN anstelle von Wireguard zu verwenden.


An deiner Stelle würde ich mich ein wenig in die Materie einlesen, deine Netzwerke aufzeichnen und ein WireGuard test site to site einrichten.


Quote
ca. 15 parallele Site-to-Site Verbindungen an.

bist Du dir da sicher? Oder meinst du 15 road warrior Verbindungen?
Sollten es tatsächlich 15 site-to-site sein, hätte ich da meine Bedenken...

13
General Discussion / Re: Streaming issues with OPNsense
« on: July 29, 2024, 10:39:28 pm »
Bufferbloat is probably always good to check, but this can't be the problem here.

Streaming videos is not real time and are not at all concerned about latency.

14
General Discussion / Re: Streaming issues with OPNsense
« on: July 24, 2024, 09:22:06 pm »
Quote
JamesFrisch, FraLem, I'm streaming things like Netflix, Prime, Apple TV, etc.

These are all unicast and work perfectly fine with double NAT and without igmp :)

Quote
However, JamesFrisch, after reading what you wrote about WiFi, I put the TV on a 5G network (it was on a 2.4G network I had set aside for IOT) and the problem seems to be gone.

Awesome, great to hear that it helped you!


15
General Discussion / Re: Streaming issues with OPNsense
« on: July 23, 2024, 04:17:07 pm »
Before you read that, make sure that the Wifi really is the problem by pinging your TV.


FraLem is asking you if you are live streaming TV channels from your ISP. In some very rare edge cases, that traffic is multicast. Multicast has some special caveats. 

What live tv streaming are you using?


Quote
The TV streams flawlessly when I bypass my home network and connect it directly to the ISP modem WiFi.

I somehow skipped that one.
So your ISP modem is not in bridge mode? You just put OPNsense behind your ISP modem?
Because then it could be a multicast problem.

You realize that this will get you double NAT?
I would either put your ISPs modem into bridge mode or replace it with your OPNsense completely.

Pages: [1] 2 3 ... 5
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2