Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - HappyOpnSense

#1
Changed this weekend from PFSense to OPNSense for my main firewall. Pretty smooth, just a lot of work.

One observation is that the Quality tab does not appear in Reporting -> Health dispite the fact that gateway monitoring has not been disabled. The Gateway widget shows nicely RTT and RTTd.

Running OPNSense 24.7.7-amd64 on a N100 box.

Any suggestion ?

SOLVED: eventuellay solved this myself by performing a reset on the RRD data  (Reporting ->Settings->Reste RRD data). Once done, the tab appeared
#2
In case you need to handle a lot of WiFi AP, you migt want to have a look at https://github.com/openwisp. For a very compact WiFi AP supporting AX, you could check out the Banana PI R3 mini. Runs OpenWRT and is fairly compact.
#3
Quote from: meyergru on September 17, 2024, 09:05:59 AM
There is no choice for either DDR4 or DDR5 on theses boxes. While the N100 can support both, it is up to the manufacturer to decide which type to use, not you. You will have to find which one you need.

Speed-wise, OpnSense does not have high expectations for storage (unless you use it as a VM under Proxmox), so you are good to go with whatever you want. SSDs are directly mounted to the case and have better heat dissipation in those unventilated cases.

What I would go for is a specimen with high write endurance, as you will want ZFS instead of UFS - i.e. do not use a QLC variant and prefer "pro" types. High write endurance can also be achieved by overallocating, i.e. use a larger disk. The price difference for a 512 GByte or 1 TByte instead of a smaller disk is often negligible.

Hi @meyerguru, any specific recommendation you could make regarding NVME brand and type in terms of low power and endurance ?
#4
Considering that you're essentially replacing your Nokia ONU by a new  ONU in a SFP+ format, what are you trying to solve? Nokia ONUs are commonly used in DF networks and replace that one by a self-provided requires in the end some cooperaton by DF to make it work.
#5
Quote from: goos on August 27, 2022, 08:15:39 PM
Hi all, excited to join in on the fun here!

I currently have 22.7 running from yrzr.tx on an R4S. I now see from a few posts above that this version is broken  so I'll try 22.1.10 shortly. My hope is to replace my hp t730 for home use.

After enabling powerd and setting it to maximum cpu frequency scaling I am able to push around 400mbit in each direction through the unit in cursory iperf3 testing.
I have a Cisco T-Rex benchmarking setup and I plan to do more in depth testing - different packet sizes, number of flows, open states, etc.

When initially testing on openwrt I was able to pin irqs and receive queues for the two nics to the faster A72 cores which was a notable improvement.
Is this possible in opnsense/freebsd? I did a bit of googling and didn't find any definitive answers.

I also have two R4SE's (I dream of HA firewall at home) with 32gb of emmc onboard.
I have tried flashing a few different opnsense images using rkdevtool with no success yet (I didn't really expect it to justwork).
Anyone have any ideas on that? It seems the tool wants the image split into various partitions, but it does allow me to just flash the whole image starting at 0x0.
I haven't dived into the image build process but I'm sure I'll dig into that soon.
I have a 3v3 rs232 adapter on the way so I'll be able to get a console on these things soon.

Anyway, happy to test/help/etc!

Can only confirm that I always build the R4S images myself (R4S is one of the standard targets) and never had an issue with these. Recently upgraded from 22.1 to 22.7 without an hitch. Building on a Rock PI4 - which has an SSD - as that is native build which takes 1+ day.
#6
General Discussion / Re: Default address in case if IPSec
February 24, 2022, 08:10:18 PM
Amazing, but it seems to work.

Thnx
#7
This already assumes that a subrange like /30 or /29 can be assigned using DHCP. Is that supported by DHCP in the first place ?
#8
General Discussion / Default address in case if IPSec
February 24, 2022, 02:37:13 PM
Hi,

running OPNSense 22.1 on ARM (yes it works) using IPSec to have a secure connection to my central location. Clients behind the OPNSense FW can reach the central location as expected and FW rules work accordingly.

What doesn't work is when the OPNSense FW needs to reach the central location it self, e.g. for pkg updates as I have a local repo at my central location.

What seems to be the issue is the OPNSense uses the WAN interface address as the default (and that one can;t be used as a source address on the VPN link) rather than the LAN interface address as the default. Any suggestion on what needs to be done to have this changed. If I use ping -S <LAN address> <dest> it all works but e.g. pkg update will not use the LAN address as its source.
#9
Hi,

struggling for some days now to create a working x-build for a AMD64 host to a NanoPI R4S. Has someone this really working as I continue to run into error messages with the package build (base and kernel build seem to run fine).

I guess it's related to the cc target not being right because when I do a chroot in the build directory (make chroot DEVICE=R4S) and check the cc output I get the following

>>> chroot'ing into /usr/obj/usr/tools/config/22.1/OpenSSL:aarch64/...
root@freebsd-13-0-1:/ # cc --version
FreeBSD clang version 13.0.0 (git@github.com:llvm/llvm-project.git llvmorg-13.0.0-0-gd7b669b3a303)
Target: x86_64-unknown-freebsd13.0
Thread model: posix
InstalledDir: /usr/bin

Where I would expect an aarch64 target. Not sure where this is going wrong.

Thnx for your support
#10
BTW, solved the issue of the IPSEC module not loading by adding

ipsec_load="YES"

in /boot/loader.conf.local as this file will not be overwritten
#11
Looks like the IPSEC kernel module has not been loaded. Seen this before and while speaking looking for a solution to have this module always loaded at start up automatically.

In more detail, adding this to loader.conf but it seems that this file is overwritten every time.