Messages

1

23.1 Legacy Series / os-nut configuration and shutdown

« on: April 19, 2023, 08:38:14 pm »

I have configured os-nut on my router with a connected UPS, and it appears to be working fine (at least, I am getting diagnostics on my UPS from the UI and there are listening sockets open).

However, the help text for enabling nut states:

Enable or disable the nut service. If enabled, the system will shutdown when the UPS emits a low battery warning.

I would like to enable nut but not have it shutdown my router automatically on low battery for a couple of reasons, most notably to avoid the power-restored-while-shutting-down race condition.

Is there any way to enable nut and not have it automatically shutdown the system?

2

Hardware and Performance / Assymetric poor performance on Sophos SG 105

« on: March 12, 2022, 02:47:39 am »

I am investigating a performance issue with my router as a new opnsense user. As configured out of the box, I could not get better than 480Mbit/sec in either direction when tested using iperf3 over the local LAN. I did discover the hardware CRC, TSO, and LRO settings, and un-disabled them. That has boosted my sending speed up to 800-950Mbit/sec, but the receive speed is unchanged.

While sending, top shows >90% system time and iperf3 CPU time. While receiving, the numbers are a little less but still close to 90%.

For comparison, I booted up Linux on the same system, and achieved 950-980Mbit/sec sending and receiving out of the box on the same interface. Other systems on the same LAN also get upwards of 950Mbit/sec in both directions.

The hardware is an Atom E3826 at 1.46GHz with 2GB RAM and 4 Intel GbE ports. I am running OPNsense version 22.1.2 (just updated and retested).

What else can I look at to improve the performance? Could some of the routing features cause that much drag on the performance? I'm not doing any content scanning.

3

22.1 Legacy Series / Re: dnscache blocklist conversion

« on: February 22, 2022, 04:02:11 pm »

Excellent, thank you very much. I indeed hadn't seen that. I see there is also an equivalent for Unbound since dnsmasq has been deprecated. Between the two I should be able to get this working.

4

22.1 Legacy Series / dnscache blocklist conversion

« on: February 22, 2022, 05:39:05 am »

I am a long-time Linux user, but I've heard good things about OPNsense, so now I am trying to build up a new router to replace my old ALIX box. Over the years, I have built up a large set of blocked domains (6,800, ouch) served by dnsmasq. I would like to port these over, but haven't found an equivalent for them in the new configuration. I have checked out the pre-configured blocklists, but none really cover all of what I'm after.

I set up a DNSBL URL for Unbound DNS on the new router pointing at an internal web server. That works no problem and I see the listed domains return an address of 0.0.0.0. However, subdomains of the listed domains aren't blocked like dnsmasq did.

I also looked at adding host overrides in dnsmasq, but that worked similarly, with subdomains not covered. It'll also produce a pretty massive configuration to put them all in the XML, so I'm not excited about that path.

Is there any way to accomplish this with the OPNsense tools? Thanks.