Messages

Well, I like learning something new. Other signs make it look like an APU but I just find those NICs odd.

I believe it is. The idea is to cover that before moving to the rules that might be in play. Is better to cover the basics first, no?

APU board with realtek NICs. That's strange, maybe an older type.
Once you're up and running, try to use the vendor driver but don't expect a super stable system if you're putting strenuous traffic through it.

OP one of your screenshots showed that the connection via browser to 192.168.50.1:3000 timed out. If not a typo:
Now with ssh solved you can more easily diagnose. You could through a console (via ssh) see if AdGH is listening and where:

Code Select Expand

$ sudo sockstat -4lIt might not be listening on 3000 and you forgot what you set it to :)

It has to be any FAT except extFAT

Thanks but these are the intention of your rules, not necessarily how they've been setup. For folks to cast their eyes on them here, it is best to show them with screen captures. Are you able to do that? No link to hosting sites please.

but your UI is 192.168.50.1 whereas your ssh connection seems directed to 192.168.50.51 , is that correct?

The contents seem to be to do scripted SMART tests for disks. Possibly is called if you were to create a cron job to run SMART tests.
Are you able to see if it is there? /usr/local/etc/periodic/daily/smart

> The how-to on CARP leaves me with one big question: what's the WAN public IP range?
I think, just a single public ip.

From reading both myself, it appears to me that the 172.x.y.z/24 indeed is just a placeholder but for a non-routable range But the "problem" is still there for this usage i.e. can be another but must be RFC1918. Docs are now clear to me. Just another range but 1918.
And if I read the gists and reddit thread correctly, it seems no static ip needed. The scripts (there are at least two) there is an older version that used stop/starts to services, more freebsd style (shell exec) and another which seems to be more opn-aware with pluginctl.
They do the request to renewal of the dhcp lease to the isp on the single existing one - the whole purpose of the exercise.

Definitively hacky as is a clubbing together the bits to "make it happen", not stateful though.

I'm not doing it either, just saving it in my "useful to check out" if/when I decide to give it a go. Potentially.

Best to show your rules for each source and destination interfaces (VLANs in this case).
You don't have any Layer 3 routing on the managed switch, right? Just to be sure of the basics.

To "reach" ssh: $ssh {ip address}
which ip address? The one where it has been told to listen. Normally that would be the LAN ip i.e. the same one you reach the UI from.
It is in System > Settings > Administration. "Secure Shell" section. Listen interfaces should be "all". Default firewall rules will ensure traffic reaches it.
As for AdGuardHome, what happens when you attempt to connect (presumably you mean its UI) on OPN lan ip:3000 ?

I have read a lot on the previous issues that have popped up with this controller since it was baked into FreeBSD and I have been researching kernel tunables to try and increase throughput. I have noticed in my pursuit that it seems like opnsense is not loading the igc driver. When I run kldstat, I am not seeing a module loaded for the card but somehow the card is still identified:

When I run 'pciconf -a igc0', it only shows that it is attached and no driver information. Am I missing something here? I know that the freebsd man page for IGC4 says that the driver was not implemented until 14.0, but how is this card working under freebsd 13.2 base? The reason I am asking about this is that I found a driver pack that references the I225-V card that was updated on 12/23/2023 here (https://www.intel.com/content/www/us/en/download/15084/intel-ethernet-adapter-complete-driver-pack.html) and was wondering if maybe this could be helpful to alleviate the rampant issues with this controller. Other reason that I am curious is because I found this paper "Tuning FreeBSD for routing and firewalling" (https://papers.freebsd.org/2018/asiabsdcon/cochard-tuning_freebsd_for_routing_and_firewalling.files/cochard-tuning_freebsd_for_routing_and_firewalling-paper.pdf referenced in another post under this forum and it makes mention of setting the receive process limit to unlimited on Intel controllers; however, 'sysctl -a | grep rx_process_limit' only returns an oid of "hw.vtnet.rx_process_limit: 1024".
Am I missing something on this whole thing?

I'm having this exact issue. Did you ever find a fix to this?

Best to read the thread. Especially post #15 applies to your question. Even better if you create your own thread.

Well maybe wrongly but I assumed that HA on OPN was possible for a single WAN. The docs https://docs.opnsense.org/manual/how-tos/carp.html show all IPs used for the HA setup are non-routable and show a single WAN link at the front of the router/switch.
So clearly it needs a router to route from WAN to LAN(s)/VIPs but I admit having revisited now, I'm unclear.

There's a thread here that has a bunch of folks trying/working on it (and a git repo with a few forks) using scripts to overcome the need for CARP on the WAN interface when only a single DHCP IP is available there (such as a home internet connection) - essentially you copy the WAN mac of the primary to the secondary and leave that interface shutdown.  When a CARP failover is triggered, the interface is brought up and the same DHCP lease is still valid.  There'd still need to be an ARP on the broadcast domain to update the forwarding tables in the local switch (/bridge in the case of a VM) for the new port, but there'd still be minimal impact.

Thanks for that. I'm glad to hear I've not gone mad just yet.

I suggest to look at the examples in the manual. There will be good to figure out the bits that need doing even if there is no exact example for your ISP, but it will give you the steps to set each element up. https://docs.opnsense.org/interfaces.html#isp-configuration
If you have IPoE you probably need username and password. You can only get those or any required authentication credentials from your ISP.

BTW if it helps, being a long-time Stubby user, I could contribute a writeup of my setup of it. I thought I had done it in the Tutorials sections but I could be wrong. Not all my intentions make it there.