Messages

I made a cooling cover that takes a USB-powered 80mm fan to actively cool a DEC740/750. Please enjoy as you will, all descriptions are in the links below.

You guys are creazy to use two 10GbaseT modules with the DEC700. The NVMe is right behind the SFP+ connectors. You never run into issues with the SDD?

When I did some testing with one 10GbaseT module and compiling a kernel I ended up with (temporary) write errors due to the heat. That is without your cooling cover, of course.

operating systems are android and linux.

Can you check on Linux which dns server it really uses, 127.0.0.1 is just the local caching dns (you would have to ask the internet for it, depending on your distro).

Are you connecting the client to OPNsense using Wireguard or does OPNsense use WG to connect to the internet? What is operating system are you using?

Do you see query if you start one from the command line, with nslookup or dig?

Browser are often using DoH these days and are not using the DHCP provided DNS server and you would have to disable DoH in the browser. E.g. https://support.mozilla.org/en-US/kb/firefox-dns-over-https

If there's anything the community can do (e.g., testing, submitting requests upstream to FreeBSD, or encouraging Marvell to release a driver),

I have added the device IDs and the speed init of AQC113/113C/113CA/113CS to the 14.3-RELEASE port of the driver (taken from OpenBSD, not more :)). Would you happen to be able to test it on a basic FreeBSD 14.3-RELEASE installation. Or of course if are able to, compile it yourself for a 14.3-RELEASE based installation.
The module doesn't compile for FreeBSD 15+, there are open tickets for it.

As usual: be careful installing stuff from the internet, don't put it on your prod machine.

The code/diff and the PKG file can be found: https://git.sr.ht/~patient0/FreeBSD-ports/refs/AQC113
Direct link to PKG file :https://git.sr.ht/~patient0/FreeBSD-ports/refs/download/AQC113/aquantia-atlantic-kmod-0.0.5.1403000_4.pkg

Edit: typo and extend to mention that if can of course compiled by the user itself.

A feature request does already exist for FreeBSD https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282805. It is not worked on though.

Please forgive my poor websearching abilities.  Is there any benefit to having AVX-512 in the context of OPNsense?  Did I get that mixed up with AES-NI?

I just had a read through the 8300 model of the otherSense hardware and they write:

"This security gateway boasts a formidable 2.0 GHz, 8-core, 16-thread Intel® Xeon® D-1733NT processor with Intel AVX-512 for exceptional Firewall and VPN performance. The Netgate 8300 harnesses the power of Intel AVX-512 to accelerate VPN operations"

I have no pratical experience but it may warrants a deep look into what AVX-512 can do to accelerate VPN, and what type of VPN. Or if it's just marketing blabla.

Copy the link to the current version of the mirror you want to use and remove version and file, e.g.:

https://mirror.leaseweb.net/opnsense/releases/

That gives you a list of directories/version that are available on that mirror.

Just gave it a go and ran into the same issue. The source of the issue is that the NetBird service is not started after installation.

I was able to start NetBird by running 'service netbird onestart' from the OPNsense command line first. Then 'Connect' and so on. It works for me even after rebooting the OPNsense VM.

The other option is to enable the plugin after installation and reboot.

I'd say that is a bug in the plugin.

Also: I don't think recommend the default WireGuard port 51820 in the plugin is a good idea. It will be confusing for users that want to use pure WireGuard, which will be again using the same port

Click on the (i) next to 'Domain' and read what it says, that will clear it up for you.

I wouldn't know why it worked in the past but you filled in the 'Domain' field very wrong.

The 'Domain' field is for what domain(s) you want to be resolved by the DNS server in the IP field. And in 'Verify CN' you enter the domain of the DoT, e.g. in your case one.one.one.one.

For example if you want somedomain.net to be resolved by 1.2.3.4 and all other with 1.1.1.1:

Domain: somedomain.net, IP: 1.2.3.4, Verify CN: some-dns-server.com
Domain <empty>, IP: 1.1.1.1, Verify CN: one.one.one.one

Der GS105E kann kein Trunk

Bist Du Dir sicher, dass er das nicht kann? Ich hatte einen GS105E und habe noch immer einen GS108E welchen ich zwar schon lange  nicht mehr eingesetzt hattte. Ohne VLAN trunks wäre er mir nicht von Nutzen gewesen.

Und laut Dokumentation sollte er das könnené
Netgear Docu: configure VLANs trunks

Was er nicht kann laut Product Sheet is Port-Trunking, also zwei Port zusammenfassen.
https://www.downloads.netgear.com/files/GDC/Plus_Switches/Gigabit_Ethernet_Plus_Switches_DS.pdf

I have a weird theory. It might have something to do with routing

Do you have IP address and gateway for the bridges on Proxmox? If yes then as @meyergru mentioned that is possible. Can you remove IP and gateway from vmbr1 on Proxmox?

Has anyone actually done vlan tagging (802.1q) with a 226-V ?

My fanless Proxmox server got 4 i226-V (rev 04) NICs and it does do VLANs. Or are you referring to VLAN offloading (if that is a thing)?

Grundsätzlich ist die Empfehlung VLANs auf einem eigenen Port zu führen auf der OPNsense, getrennt vom LAN.

Auf dem GS308Ev4 ist der Port zum AP-Switch auf Trunk gestellt

Ein schrittweises Vorgehen würde ich empfehlen: Wie ist der Port des GS308Ev4 der zur OPNsense geht konfiguriert? Konfiguriere ein Port auf dem GS308E für VLAN 2 und schliesse einen Klient an um zu sehen ob es bis dahin funktionert.

Wie ist der Port der den GS105E mit dem GS308E verbindet, konfiguriert?

Wie viel Erfahrung hast Du mit VLAN im Generellen? Bist Du vertraut mit PVID setzen auf einem Port?

Betreffend Deinen Firewall Regeln:

Code Select Expand

IPv4 *         VLAN net * WAN net * * * Internet
Mit dieser Regel wirst Du nicht ins Internet kommen, sollte dies das Ziel sein. 'WAN net' bezeichnet nur den IP Bereich des WAN Interfaces. Wenn z.B. Dein WAN Interface die IP 10.10.10.5/24 bekommt, bezeichnet 'WAN net' 10.10.10.0 - 10.10.10.255.