Messages

1

Hardware and Performance / Re: Question about DEC740 SFP+ (home use)

« on: October 09, 2023, 07:45:01 pm »

I'm not sure where this "DAC uses more power" came from, but it's just the opposite.  I've been using 3 meter passive DAC for my switch-to-NAS connections for years, and they show virtually no power consumption increase on the meter when you plug them in, and are always cool to the touch.

https://community.fs.com/blog/guide-to-10g-dac-and-aoc-cables.html

Are people confusing RJ ethernet transceivers (which ARE hot power hogs) with DACs?

2

General Discussion / Re: Corrupted ARP entry.

« on: June 30, 2023, 07:47:22 pm »

Not sure if this will help at all, but I also saw strange ARP behavior on a Pi 4b running just basic Raspian and PiHole...

https://github.com/royhills/arp-scan/issues/56#issuecomment-952374797

Might be something in that discussion that sparks a thought?

3

Hardware and Performance / Re: Hardware Sugesstions with Coreboot for < ~ 300€

« on: February 22, 2023, 07:12:18 pm »

Or, for a little more punch: https://www.amazon.de/gp/product/B09PHHXN9V, don't know if it's coreboot, however.

Those are UEFI devices, from mine:

Code: [Select]

$ ls /sys/firmware/efi/
config_table      efivars           esrt              fw_platform_size  fw_vendor         runtime           runtime-map       systab


4

Hardware and Performance / Re: N5105 constantly at 2ghz

« on: January 08, 2023, 07:06:02 pm »

Are you aware of the Serve The Home megathread on these devices?  There's a lot there about the c- and p-states, bios settings and OPNsense configuration:

https://forums.servethehome.com/index.php?threads/topton-jasper-lake-quad-i225v-mini-pc-report.36699

This post specifically comes to mind:
https://forums.servethehome.com/index.php?threads/topton-jasper-lake-quad-i225v-mini-pc-report.36699/page-103#post-359615


(Don't be mislead by the title or first couple of posts, the thread walks through a bunch of CPUS - including tne N5105 - and various NIC configs - 4x and 6x of I225 vN and I226.)

5

Hardware and Performance / Re: intel nics i225 with Opnsense

« on: November 03, 2022, 05:45:31 pm »

There's a mega-thread (80+ page) on Serve The Home forum about this family of device.  OPNsense seems to work quite well on all of them.  My conclusions (which may be different from yours! read the thread) from following that thread almost from the beginning are:

- 5105 devices seem to be the sweet spot, balancing CPU power, wall power and price.  But, if you need more power (running box as a NAS or VM-host), then move up the Intel CPU stack.
- Assembly of these devices is hit-or-miss, make sure to check the thermals if you get one as you may need to repaste (or even shorten the standoffs) to get them working as designed.
- There are many models and revisions to choose from older J4s, newer N5, N6 and J6 CPUs, and a mix of 2x, 4x or 6x I225 and I226 NICs, so shop around.
- Get them "barebones" and supply your own SSD and SODIMMs, the packaged ones are both expensive and from sketchy sources.
- Topton (and others?) are having a sale right now (early Nov 2022), so prices are the best I've seen them.

6

General Discussion / Re: Firewall blocks traffic from delegated IPv6 prefixes

« on: October 19, 2022, 06:49:52 pm »

Not answering your question, but maybe giving you some options...

Do you really want the OpenWrt device to be a secondary router?  There's the "dumb AP" mode you can configure, then all the IP management could be done in OPNsense:  https://openwrt.org/docs/guide-user/network/wifi/dumbap

7

22.7 Legacy Series / Re: Yet another post about IPv6 connectivity loss after upgrading OPNsense

« on: September 19, 2022, 04:51:45 am »

Doing some reading on those tunables, I interpret the comments in the second paragraph of https://docs.freebsd.org/en/books/developers-handbook/ipv6/#_stateless_address_autoconfiguration_on_hosts as saying "accept_rtadv=0" for routers and "1" for hosts is appropriate.  My guess is that OPNsense should ship with default setting of 0.

On nd6_onlink_ns_rfc4861, I found this cryptic commit to DragonflyBSD, but nothing to justify it.  (There are a lot of posts saying "you need to set it to 1 for ISP xxx", again with no explanations offered.)

https://commits.dragonflybsd.narkive.com/sHTVVGIp/git-inet6-set-net-inet6-icmp6-nd6-onlink-ns-rfc4861-to-1-by-default

edit: fix typo

8

22.7 Legacy Series / Re: dns override issue after updating to 22.7.3_2

« on: September 09, 2022, 05:27:08 pm »

In case anyone else wants to try:

Code: [Select]

sudo vi /usr/local/etc/inc/plugins.inc.d/unbound.inc

Go to line 573, add "!" between first two parentheses

Code: [Select]

573                  if (!($alias...
I ran the unbound-control I mention above, both before and after, diffing the two results and saw all the PTR records for host entries as I expected, and none for the aliases.

9

22.7 Legacy Series / Re: dns override issue after updating to 22.7.3_2

« on: September 09, 2022, 04:53:29 pm »

Thanks for digging out those links, Ben.  Looks like my concerns are already voiced and fixed here:

https://github.com/opnsense/core/pull/5925#issuecomment-1240596555

I tested that change and it works as I expect.

10

General Discussion / Re: Confused by Unbound PTR resolution

« on: September 08, 2022, 08:02:04 pm »

https://forum.opnsense.org/index.php?topic=30167.msg145954#msg145954

I think the fix went too far.

11

22.7 Legacy Series / Re: dns override issue after updating to 22.7.3_2

« on: September 08, 2022, 07:39:43 pm »

Because a PTR record cannot exist for multiple hosts. Unbound was dashing this out anyway but it caused problems for clients.

I believe there is something broken in the logic that detects whether the PTR records should be generated.  After regenerating my unbound config, which contains a half dozen host overrides for static IPs, I see this (i.e., only PTR records for the router itself, none for any of the static IPs that have no PTR records anywhere).

Code: [Select]

> sudo unbound-control -c /var/unbound/unbound.conf list_local_data | grep PTR
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.      10800   IN     PTR     localhost.
b.l.a.h.b.l.a.h.f.f.9.b.d.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa.       3600   IN     PTR     rtr00.lan.
1.0.0.127.in-addr.arpa.    10800   IN      PTR     localhost.
15.1.168.192.in-addr.arpa.  3600   IN      PTR     rtr00.lan.
I'm unclear as to the intent at /usr/local/etc/inc/plugins.inc.d/unbound.inc:573, but it looks like it assumes all entries in "Host Overrides" are aliases?  Should I be defining my static IP hosts in some other fashion?

Code: [Select]

                      if (($alias === $tmp_aliases[0] || $tmp_aliases[0]['hostname'] === '*') && !in_array($host->server, $ptr_records, true)) {
                          /* Only generate a PTR record for the non-alias override and only if the IP is not already associated with a PTR.
                           * The exception to this is an alias whose parent uses a wildcard and as such does not specify a PTR record.
                           */


12

General Discussion / Re: Adblocker - Need Help

« on: August 23, 2022, 11:15:15 pm »

In addition to Patrick's suggestion, you'll probably learn enough going through this thread to do everything you want:  https://forum.opnsense.org/index.php?topic=22162.msg106715#msg106715

13

22.1 Legacy Series / Re: Add DNS SRV record for KMS

« on: July 13, 2022, 05:43:51 pm »

With unbound, you could add the configuration records to /usr/local/etc/unbound.opnsense.d/miscellaneous.conf .  Not sure what to do if you want to use bind.

https://docs.opnsense.org/manual/unbound.html#advanced-configurations

14

22.1 Legacy Series / Re: IPv6: static ULAs help

« on: July 10, 2022, 07:19:08 pm »

I haven't got as far as VLANs in my IPv6 journey, but shouldn't the first line "subnet6" allow for space in the prefix for the VLAN ID?  I.e., should it be a /60 (I'm making an assumption from the "prefix6" line at the bottom) so that for each subnet, the ULA's VLAN bits can be made to match the corresponding GUA/GUAs for that interface?

(That "matches multiple shared networks" part of the error message is what got me thinking this...)

15

General Discussion / Re: AdGuardHome checksum mismatch

« on: July 07, 2022, 10:20:31 pm »

Thanks. I was leaning that way, too, as I have a vague memory that I may have noticed this before and just forgot about it.  I haven't seen any odd behavior and I've been using AdGuardHome for well over a year now, so I'll just ignore it.