Messages

1

High availability / Re: BGP with CARP LAN

« on: October 23, 2024, 03:38:12 am »

Would you provide more detail of your configuration? I would like to try this configuration myself, do not have dual ISPs just 5 public IP's within the same /29.

Thanks
Z00m

2

24.7 Production Series / Re: Regular backup of OPNsense config to a local NAS (via SMB)?

« on: September 29, 2024, 09:03:25 pm »

I haven't used this util in a couple of years and it does work with OPNsense..
https://github.com/KoenZomers/pfSenseBackup

3

24.7 Production Series / Re: How to install htop

« on: September 22, 2024, 06:11:36 am »

https://www.routerperformance.net/opnsense-repo/

4

24.1 Legacy Series / Re: No Internet Access - OPNsense on VMware

« on: August 18, 2024, 03:23:00 am »

Search thru the forum on VMware and/or ESX and you'll find many other posts. If you are creating a none HA firewall. you need to modify your PortGroup and enable Promiscuous mode, MAC address changes and Forged transmits.

If you are attempting to create an HA pair, the only way I've been successful to get an HA pair to work is use the same options with a vDS (Distributed Switch). Even then I finally had to tag the WAN side to get it to work.

Hopefully this helps, attaching a screen shot of the "Security section" where the above options are disabled by default.

5

24.1 Legacy Series / Re: Periodic Speedtest

« on: July 09, 2024, 03:26:56 pm »

Rebuild an HA Cluster configuration. speedtest info within the GUI showed nothing. Checked the speedtest.csv file it didn't have a duplicate entry, nano did say it was converting from a DOS file. Nothing looked wrong, so I renamed speedtest.csv to speedtest.csv.org and ran "python3 opn_speedtest.py" which recreated the speedtest.csv file and populated it with speed output information. Information now shows in the widget in the GUI.

6

24.1 Legacy Series / Re: Cannot get out on the internet with Comcast Business service

« on: May 24, 2024, 08:17:33 pm »

I have comcast business myself with 5 IP's. so the only item I can suggest is have you spoofed the WAN mac address of your current firewall into OPNsense. I know on the residential side they use to remember your WAN mac address and I use to leave the firewall/modem off for about 1 hr to get it to release. using  a /32 is like a VPN connection it's the GW.

https://docs.opnsense.org/manual/interfaces.html

7

General Discussion / Re: Announce: os-unifi-maxit replaces os-unifi7-maxit (with Unifi8)

« on: February 28, 2024, 02:32:37 am »

Has this been attempted on HA?

8

23.7 Legacy Series / Re: HA cluster running 23.7.5 will not update to 23.7.6

« on: October 14, 2023, 02:32:31 am »

Thanks for the input, I forgot to mention in my initial post that I did try the passive node first.
Also on the primary node, I did put it into CARP maintenance mode and update found nothing to install.
Even rebooted the primary node while in CARP maintenance mode and update found nothing to install.

I'll look into this later. I did do some trickyness to these units. I moved /var & /tmp off the SSD onto second hard drive, this should not be the cause I hope.

Even turned IPv6 off to see if that helped with no luck. It's strange how the cron job runs everynight to check for updates and changes the status on the home page, then doesn't update anything.

Maybe I'll built up some VMs and see what happens.

I do have 1 strange item with this HA cluster.
Hulu & ParamountPlus will not stream thru this cluster.
They stream fine thru an old Atom CPU not in HA cluster and thru other standalone OPNsense FWs. And other streaming services work just fine. I'm going to packet capture it and see what it looks like.

9

23.7 Legacy Series / HA cluster running 23.7.5 will not update to 23.7.6

« on: October 13, 2023, 02:41:19 am »

All,
     I haven't looked into this much yet. I have a newly created HA cluster that was installed with 23.7 and upgraded to 23.7.5 before creating an HA cluster. The GUI shows pending update available, but when you click to proceed to upgrade it goes thru the process and says no updates available.
     I know updates are available as several standalone OPNsense 23.7.5 boxes showed the same pending update and they updated to 23.7.6.
     Any suggestions on what to troubleshoot? I've done the following so far.
     1) attempted to update from passive node, no success.
     2) attempted to update from active node, no success.
     3) put node1 (active) into maintenance mode and update, no success.
     4) change update server selection, no success.
     5) perform all update items via console, no success.
     6) attempted to update via pkg upgrade, no success.
     
     It's strange that standalone(s) will update, but the HA cluster will not.

10

Hardware and Performance / Re: Random Frequent CPU Spikes and Page Faults [Almost Resolved]

« on: August 08, 2023, 05:31:27 am »

Look at the information provided here.
https://bsd44.blogspot.com/2004/12/vmstat.html

Looks like faults is nothing but interrupts, so a high number shows a busy system.

Faults:
The faults section shows system faults. Faults, in this case, aren't bad, they're just received system traps and interrupts.

in Shows the number of system interrupts (IRQ requests) the system received in the last five seconds.

sy Shows the number of system calls in the last five seconds.

cs Gives the number of context switches, or times the CPU changed from doing one thing to doing another.

11

Virtual private networks / Re: Tailscale make install command not working

« on: August 07, 2023, 02:19:07 am »

the instructions are lacking, you always do the following:
make
then if successfull
make install

12

23.7 Legacy Series / Re: Apcupsd plugin - tell UPS to remain off

« on: August 03, 2023, 03:02:48 am »

Have you looked at these resources?? I'm in the process of connecting a UPS to my firewall and found these resources after searching the forum finding very little. looks like you can achieve your desired configuration by modifying/creating a custom conf file.

https://linux.die.net/man/8/apcupsd

http://www.apcupsd.org/manual/

13

Hardware and Performance / Re: Definitive list of supported wifi chipsets for ap mode

« on: July 27, 2023, 09:10:53 pm »

WIFI cards have 2 different modes: Infrastructure and Ad-Hoc. You want Infrastructure mode and not all drivers support it.

https://docs.opnsense.org/manual/how-tos/interface_wireless_internal.html

FreeBSD supports wireless adapters in access point (infrastructure) mode, but this functionality is limited to some drivers and there may be some, which do not support all options available via the web interface. Please make sure that you buy a wireless card that is supported to avoid these problems.

From my experience I ditched the wifi card out of my FW. Use an external solution to achieve my goal. My biggest roadblock if I remember correctly was I wanted 3+ SSIDs and could only get 2. This is the short list of headaches. If you search the forum you'll probably find most say do it with an external AP.

14

22.7 Legacy Series / Re: Forward the same port to two different systems

« on: July 08, 2023, 03:12:40 am »

Wan/NAT forward for each of the IP's to the destination host.

15

Hardware and Performance / Re: QAT Accelerator

« on: March 10, 2023, 04:26:28 pm »

I tested the QAT speed of my ATOM C3758 which has onboard QAT, using the openssl speed  command from this article.
https://stackoverflow.com/questions/64862544/how-to-check-compare-openssl-speed

I also saw a big decrease in CPU util on my openVPN connections after switching to the Q3758 CPU.

without using QAT
Doing aes-256 cbc for 3s on 16 size blocks: 11224359 aes-256 cbc's in 3.01s
Doing aes-256 cbc for 3s on 64 size blocks: 2947524 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 256 size blocks: 744654 aes-256 cbc's in 3.01s
Doing aes-256 cbc for 3s on 1024 size blocks: 186214 aes-256 cbc's in 2.98s
Doing aes-256 cbc for 3s on 8192 size blocks: 23475 aes-256 cbc's in 3.01s
Doing aes-256 cbc for 3s on 16384 size blocks: 12084 aes-256 cbc's in 3.09s

Results with QAT
Doing aes-256-cbc for 3s on 16 size blocks: 43725132 aes-256-cbc's in 3.01s
Doing aes-256-cbc for 3s on 64 size blocks: 15233718 aes-256-cbc's in 3.01s
Doing aes-256-cbc for 3s on 256 size blocks: 4530328 aes-256-cbc's in 3.02s
Doing aes-256-cbc for 3s on 1024 size blocks: 1214440 aes-256-cbc's in 3.06s
Doing aes-256-cbc for 3s on 8192 size blocks: 150648 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 16384 size blocks: 75565 aes-256-cbc's in 3.01s