Messages

1

Hardware and Performance / Re: Deciso 2770, 3842, 3852, and 3862 CPU

« on: February 16, 2024, 12:37:44 am »

Its the same CPU, yes.

2

Hardware and Performance / Re: DEC2770 RAM Upgrade

« on: February 13, 2024, 09:15:27 pm »

I think for greater adoption of Deciso hardware,  there should be a support section to get manuals,  BIOS updates, specifications, etc. Comparing to Protecli's website, Deciso is harder to find out about their hardware.

Agreed! I don't expect free hardware support or anything, but a forum section or repository for manuals, user contributions, etc. would be welcome.

I ordered some RAM that should be compatible and will report back here.

3

Hardware and Performance / Re: extreme power saving possible?

« on: February 05, 2024, 08:23:32 pm »

BSD will likely never give you the best possible power savings, but you can enable PowerD and set it to the minimum profile if you haven't already. There may also be some other power-related settings in the 'tunables' menu.

4

Hardware and Performance / Re: Installation on an Untangle u25

« on: February 05, 2024, 05:35:52 pm »

the datasheet says the u25 runs on an intel atom, so theoretically yes. if it has a console port or video out you could almost certainly boot from an opnsense liveusb and install it that way.

5

Hardware and Performance / DEC2770 RAM Upgrade

« on: February 05, 2024, 05:21:08 pm »

apologies if this is covered in the documentation but i couldn't find it - i have a DEC2770 with 8GB of RAM, can I upgrade this? the board diagram looks like a standard DIMM, are there any restrictions on the type or capacity?

TIA!

6

General Discussion / Re: Captive potal and PS5

« on: February 02, 2024, 09:44:03 pm »

this sounds to me like a dns issue, i'd check your dns configs first. does a normal pc/phone/etc. have any issues using the captive portal?

7

General Discussion / Re: Tips for moving from Netgear Orbi router

« on: July 22, 2021, 12:38:26 am »

Is that orbi the mesh wifi system? I'm not intimately familiar with it in particular, but it should have an option for "AP mode" rather than bridge mode (I believe I misspoke before). If so, that's what I'd use. So your network topology would be ISP>Modem (bridge mode)>OPNsense>Orbi mesh(ap mode)/other devices.

As for the order, I'd setup OPNsense on the 280 with the WAN interface set to DHCP, enable basic things like dhcp, dns, etc. then set the modem into bridge mode, plug the OPNsense machine into it, and make sure you have internet.

Then setup the Orbi system as access points on your new LAN, and you'd be good to go.

I hope that makes sense, and I hope it works out for you!

8

General Discussion / Re: Tips for moving from Netgear Orbi router

« on: July 21, 2021, 07:20:51 pm »

If you're planning on putting the Orbi router into bridge mode, I'd take it out of the picture entirely and use it's satellites solely as access points if that's possible. I assume you don't have a static IP address from your ISP, is your modem in bridged mode? I would suggest this if possible to avoid a doube NAT situation.

Otherwise, setting up a basic network in OPNsense is pretty painless in my experience. Do you have any specific concerns?

9

Web Proxy Filtering and Caching / Re: HAProxy Clients cant access the internet properly

« on: July 21, 2021, 07:13:20 pm »

Can you post your HAproxy config?

10

Web Proxy Filtering and Caching / Not sure what I'm doing wrong HAproxy

« on: July 21, 2021, 04:55:54 pm »

Hi there, some background on my setup/intentions.

I'm trying to setup a nextcloud server on my LAN, and use HAproxy running on OPNsense as a reverse proxy and ssl offload. I currently have NAT rules allowing ports 443 and 80 direct to the nextcloud host (though I don't believe this is correct for my end goal.) and the traffic flows correctly with no SSL. When I enable the HAproxy service, nothing seems to change.

Basically, I'm not sure what firewall rules/proxy config I need. If anyone has any advice, or can point me to any resources I've missed, I'd really appreciate it. Thank you!

Here is the HAproxy config:

Code: [Select]

#
# Automatically generated configuration.
# Do not edit this file manually.
#

#
# NOTE: HAProxy is currently DISABLED
#
global
    uid                         80
    gid                         80
    chroot                      /var/haproxy
    daemon
    stats                       socket /var/run/haproxy.socket group proxy mode 775 level admin expose-fd listeners
    nbproc                      1
    nbthread                    1
    tune.ssl.default-dh-param   2048
    spread-checks               2
    tune.chksize                16384
    tune.bufsize                16384
    tune.lua.maxmem             0
    log /var/run/log local0 info

defaults
    log     global
    option redispatch -1
    timeout client 30s
    timeout connect 30s
    timeout server 30s
    retries 3
    default-server init-addr last,libc

# autogenerated entries for ACLs


# autogenerated entries for config in backends/frontends

# autogenerated entries for stats




# Frontend: cloud.mydomain (nextcloud)
frontend cloud.mydomain
    http-response set-header Strict-Transport-Security "max-age=15768000"
    bind 0.0.0.0:443 name 0.0.0.0:443 ssl prefer-client-ciphers ssl-min-ver TLSv1.2 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 crt-list /tmp/haproxy/ssl/60f61d81b268b0.59299585.certlist
    bind 0.0.0.0:80 name 0.0.0.0:80 ssl prefer-client-ciphers ssl-min-ver TLSv1.2 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 crt-list /tmp/haproxy/ssl/60f61d81b268b0.59299585.certlist
    mode http
    option http-keep-alive
    option forwardfor
    # tuning options
    timeout client 30s

    # logging options
    option httplog
    # ACL: cloudmercurysh
    acl acl_60f61c51384f19.94264676 hdr(host) -i cloud.mydomain
    # ACL: nc_caldav
    acl acl_60f61f185cebf7.32684781 path_end -i /.well-known/caldav
    # ACL: nc_carddav
    acl acl_60f61f4a0bec96.53535847 path_end -i /.well-known/carddav
    # ACL: nc_nodeinfo
    acl acl_60f61f74e56445.36705108 path /.well-known/nodeinfo
    # ACL: nc_webfinger
    acl acl_60f61f9051b7f8.52959457 path /.well-known/webfinger

    # ACTION: cloudmercurysh
    use_backend cloud.mercury.sh if acl_60f61c51384f19.94264676
    # ACTION: nc_caldav
    http-request redirect code 301 location /remote.php/dav if acl_60f61c51384f19.94264676 acl_60f61f185cebf7.32684781
    # ACTION: nc_carddav
    http-request redirect code 301 location /remote.php/dav if acl_60f61c51384f19.94264676 acl_60f61f4a0bec96.53535847
    # ACTION: nc_nodeinfo
    http-request redirect code 301 location /index.php/%[capture.req.uri] if acl_60f61c51384f19.94264676 acl_60f61f74e56445.36705108
    # ACTION: nc_webfinger
    http-request redirect code 301 location /index.php/%[capture.req.uri] if acl_60f61c51384f19.94264676 acl_60f61f9051b7f8.52959457

# Backend: acme_challenge_backend (Added by Let's Encrypt plugin)
backend acme_challenge_backend
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    # tuning options
    timeout connect 30s
    timeout server 30s
    http-reuse safe
    server acme_challenge_host 127.0.0.1:43580

# Backend: cloud.mydomain (nextcloud server)
backend cloud.mercury.sh
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    # tuning options
    timeout connect 30s
    timeout server 30s
    http-reuse safe
    server cloud.mydomain 192.168.42.22:80