Messages

I'm not sure where this "DAC uses more power" came from, but it's just the opposite.  I've been using 3 meter passive DAC for my switch-to-NAS connections for years, and they show virtually no power consumption increase on the meter when you plug them in, and are always cool to the touch.

https://community.fs.com/blog/guide-to-10g-dac-and-aoc-cables.html

Are people confusing RJ ethernet transceivers (which ARE hot power hogs) with DACs?

Not sure if this will help at all, but I also saw strange ARP behavior on a Pi 4b running just basic Raspian and PiHole...

https://github.com/royhills/arp-scan/issues/56#issuecomment-952374797

Might be something in that discussion that sparks a thought?

Or, for a little more punch: https://www.amazon.de/gp/product/B09PHHXN9V, don't know if it's coreboot, however.

Those are UEFI devices, from mine:

Code Select Expand


$ ls /sys/firmware/efi/
config_table      efivars           esrt              fw_platform_size  fw_vendor         runtime           runtime-map       systab


Are you aware of the Serve The Home megathread on these devices?  There's a lot there about the c- and p-states, bios settings and OPNsense configuration:

https://forums.servethehome.com/index.php?threads/topton-jasper-lake-quad-i225v-mini-pc-report.36699

This post specifically comes to mind:
https://forums.servethehome.com/index.php?threads/topton-jasper-lake-quad-i225v-mini-pc-report.36699/page-103#post-359615


(Don't be mislead by the title or first couple of posts, the thread walks through a bunch of CPUS - including tne N5105 - and various NIC configs - 4x and 6x of I225 vN and I226.)

There's a mega-thread (80+ page) on Serve The Home forum about this family of device.  OPNsense seems to work quite well on all of them.  My conclusions (which may be different from yours! read the thread) from following that thread almost from the beginning are:

- 5105 devices seem to be the sweet spot, balancing CPU power, wall power and price.  But, if you need more power (running box as a NAS or VM-host), then move up the Intel CPU stack.
- Assembly of these devices is hit-or-miss, make sure to check the thermals if you get one as you may need to repaste (or even shorten the standoffs) to get them working as designed.
- There are many models and revisions to choose from older J4s, newer N5, N6 and J6 CPUs, and a mix of 2x, 4x or 6x I225 and I226 NICs, so shop around.
- Get them "barebones" and supply your own SSD and SODIMMs, the packaged ones are both expensive and from sketchy sources.
- Topton (and others?) are having a sale right now (early Nov 2022), so prices are the best I've seen them.

Not answering your question, but maybe giving you some options...

Do you really want the OpenWrt device to be a secondary router?  There's the "dumb AP" mode you can configure, then all the IP management could be done in OPNsense:  https://openwrt.org/docs/guide-user/network/wifi/dumbap

Doing some reading on those tunables, I interpret the comments in the second paragraph of https://docs.freebsd.org/en/books/developers-handbook/ipv6/#_stateless_address_autoconfiguration_on_hosts as saying "accept_rtadv=0" for routers and "1" for hosts is appropriate.  My guess is that OPNsense should ship with default setting of 0.

On nd6_onlink_ns_rfc4861, I found this cryptic commit to DragonflyBSD, but nothing to justify it.  (There are a lot of posts saying "you need to set it to 1 for ISP xxx", again with no explanations offered.)

https://commits.dragonflybsd.narkive.com/sHTVVGIp/git-inet6-set-net-inet6-icmp6-nd6-onlink-ns-rfc4861-to-1-by-default

edit: fix typo

In case anyone else wants to try:

Code Select Expand

sudo vi /usr/local/etc/inc/plugins.inc.d/unbound.inc


Go to line 573, add "!" between first two parentheses

Code Select Expand

573                  if (!($alias...

I ran the unbound-control I mention above, both before and after, diffing the two results and saw all the PTR records for host entries as I expected, and none for the aliases.

Thanks for digging out those links, Ben.  Looks like my concerns are already voiced and fixed here:

https://github.com/opnsense/core/pull/5925#issuecomment-1240596555

I tested that change and it works as I expect.

https://forum.opnsense.org/index.php?topic=30167.msg145954#msg145954

I think the fix went too far.

Because a PTR record cannot exist for multiple hosts. Unbound was dashing this out anyway but it caused problems for clients.

I believe there is something broken in the logic that detects whether the PTR records should be generated.  After regenerating my unbound config, which contains a half dozen host overrides for static IPs, I see this (i.e., only PTR records for the router itself, none for any of the static IPs that have no PTR records anywhere).

Code Select Expand

> sudo unbound-control -c /var/unbound/unbound.conf list_local_data | grep PTR
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.      10800   IN     PTR     localhost.
b.l.a.h.b.l.a.h.f.f.9.b.d.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa.       3600   IN     PTR     rtr00.lan.
1.0.0.127.in-addr.arpa.    10800   IN      PTR     localhost.
15.1.168.192.in-addr.arpa.  3600   IN      PTR     rtr00.lan.

I'm unclear as to the intent at /usr/local/etc/inc/plugins.inc.d/unbound.inc:573, but it looks like it assumes all entries in "Host Overrides" are aliases?  Should I be defining my static IP hosts in some other fashion?

Code Select Expand


                      if (($alias === $tmp_aliases[0] || $tmp_aliases[0]['hostname'] === '*') && !in_array($host->server, $ptr_records, true)) {
                          /* Only generate a PTR record for the non-alias override and only if the IP is not already associated with a PTR.
                           * The exception to this is an alias whose parent uses a wildcard and as such does not specify a PTR record.
                           */


In addition to Patrick's suggestion, you'll probably learn enough going through this thread to do everything you want:  https://forum.opnsense.org/index.php?topic=22162.msg106715#msg106715

With unbound, you could add the configuration records to /usr/local/etc/unbound.opnsense.d/miscellaneous.conf .  Not sure what to do if you want to use bind.

https://docs.opnsense.org/manual/unbound.html#advanced-configurations

I haven't got as far as VLANs in my IPv6 journey, but shouldn't the first line "subnet6" allow for space in the prefix for the VLAN ID?  I.e., should it be a /60 (I'm making an assumption from the "prefix6" line at the bottom) so that for each subnet, the ULA's VLAN bits can be made to match the corresponding GUA/GUAs for that interface?

(That "matches multiple shared networks" part of the error message is what got me thinking this...)

Thanks. I was leaning that way, too, as I have a vague memory that I may have noticed this before and just forgot about it.  I haven't seen any odd behavior and I've been using AdGuardHome for well over a year now, so I'll just ignore it.