Messages

1

24.7 Production Series / Re: System Snapshots in 24.7.3: How to Use?

« on: August 31, 2024, 02:13:24 am »

Sorry to double-reply, but I've gone and confused myself a bit.
So, I set up the crowdsec plugin with basic settings and did a snapshot. Now my list looks like the screen capture I've attached.

If I want to preserve my system as it is now on the next reboot, do I leave NR at "default," or activate the "crowdsec-basic" snapshot?

2

24.7 Production Series / Re: System Snapshots in 24.7.3: How to Use?

« on: August 31, 2024, 12:06:17 am »

Thanks! That makes sense.

So, I think the recommended usage would be just like any other snapshot system: make a snapshot before installing a system update/plugins/anything that might corrupt the system?
Do I then have to make the newest snapshot to make it the active boot environment (that is, set it to "NR")?

I think I might have found a minor bug. In the GUI, the test snapshot I made reports as 8K, which didn't make a lot of sense to me, so I went and looked at it via SSH, where it reports as 880K.

That makes a bit more sense, as I really haven't changed that much in the past 9 months or so.

Code: [Select]

root@Uhura:~ # bectl list
BE                        Active Mountpoint Space Created
default                   NR     /          1.52G 2023-12-29 23:17
opnsense-24-7-3-installed -      -          880K  2024-08-30 16:40


3

24.7 Production Series / System Snapshots in 24.7.3: How to Use?

« on: August 30, 2024, 11:49:54 pm »

Hello! I just installed OPNSense 24.7.3 and added a new snapshot under System > Snapshots, using the [ + ] button. I'm not sure I did it right. It created a new 8K snapshot with no mountpoint.
That doesn't seem right given that the default snapshot is from December 2023.

Is there a guide to look at for this feature?

4

24.7 Production Series / Re: puzzled by the ISC/KEA DHCP direction

« on: July 29, 2024, 10:14:45 pm »

Thanks!
I use the default unbound. Just to clarify:
> If you edit static mappings and use DHCP registration in DNS services Unbound or Dnsmasq simply restart your DNS service at the earliest convenience to allow your new static lease(s) to be resolved by clients.

I didn't have to manually restart unbound before when setting up a static mapping for a lease. I assume ISC/some other component restarted Unbound when I hit the [ APPLY ] button in the GUI?

5

24.7 Production Series / Re: puzzled by the ISC/KEA DHCP direction

« on: July 29, 2024, 09:28:06 pm »

Still using ISC on 24.1.10-x here.

I'm still a bit confused by all this, as OPNSense abstracts enough of it away I suppose I'm not sure what's going on under the hood when I do the following:

• Find a host in the leases list that I want to assign a static DHCP reservation.
• Assign that reservation by hitting the [ + ] button on that row and adding the IP, description, etc.
• Save changes
• On list of leases, heed the warning to hit the [ APPLY ] button to make the changes take effect.

I have always assumed that last step restarts ISC or reloads the config for ISC. All I know is that when I do the above, my static reservation now works as expected as soon as I do a DHCP refresh on the client.
What is going to change, if anything, in the above process when switching to Kea?

6

General Discussion / Unbound DNS: Registering DHCP Leases and DHCP Static Mappings with VLANs?

« on: October 28, 2023, 03:27:12 am »

Hello,
I just enabled the static mapping registration so I can point at some stuff I'm self-hosting that has fixed IPs, and I'm really impressed with how those devices became accessible by their domain names almost instantly.
But I'm not at all familiar with using unbound, and now I'm curious about something. I. have VLANs on my network, and sometimes a device has multiple NICs and exists on more than one VLAN for legitimate reasons.
By default, OPNSense seems to use the same hostname for that host in each VLAN where it has an address.

How does unbound handle this? Will it just choke completely or do unpredictable things until I go in and adjust the domain names on each VLAN to get rid of the ambiguity?

7

23.7 Legacy Series / Re: NIC Temperature Monitoring?

« on: September 11, 2023, 07:29:18 pm »

Thanks!
That doesn't seem to have worked, though.
% ipmitool sensors
Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory

8

23.7 Legacy Series / NIC Temperature Monitoring?

« on: September 11, 2023, 07:34:12 am »

Hello,
Is there a supported way to read the temperature sensor on a NIC? On a Linux system, I'd use the sensors command, but that doesn't seem to be available via the plugins repo.
Am I missing something obvious?

9

23.1 Legacy Series / Re: Building New OPNSense Box with Intel X520-DA2 -- Any Issues to Expect?

« on: June 27, 2023, 05:53:47 pm »

It should be just picked up.  I'm relatively sure that the drivers are already built into OPNSense.  Line speed is going to be a complicated issue to answer and requires a lot more information than you've provided.

How are you connecting 5 machines with a 2 port card?  Are all of them going to be on the same VLAN?  Are you using any packet inspection or purely routing?

Thanks! It works just fine. I haven't tried LACP to combine the two SFP+ ports on the LAN-side, but I think I'm going to give it a go this weekend just to see if it works. I'm getting 9.5+ Gbps with iPerf on a flat network with no VLANs (I did have to change the MTU settings on the OPNSense LAN interface and my 10Gbps test client to use jumbo frames), so all is well. Now I can move on to actually setting up VLANs. Or trying to. Not done that before.
The OPNSense box's LAN connection runs from the 10Gbps card to a QNAP M1208-8C I'm using as a core switch. The rest of my network hangs off that.

I'm looking at setting up Crowdsec and Zenarmor at some point, as well, but I'm running a home/home office network in an apartment with 3 people, so I don't feel the urge to go nuts with IDS.

10

23.1 Legacy Series / Building New OPNSense Box with Intel X520-DA2 -- Any Issues to Expect?

« on: June 17, 2023, 07:36:34 am »

Hello,
I've been using a fanless Topton box with an Intel Pentium Silver N6005 and 2x2.5 GbE ports for my OPNSense install, and am ready to upgrade to a bigger box to support 10GbE (and inter-VLAN switching to the extent I can't avoid it as I start building out VLANs on my currently flat network). This is for a small home network with no more than five 10 GbE capable machines--though some of them have two NICs.

I've picked up a Dell Optiplex 5040 with 16GB of RAM and also bought an Intel X520-DA2. Not the most powerful box ever, but it wipes the floor with the Topton box, and only cost me $120 shipped. It'll be here tomorrow and I'd like to try migrating my config on Sunday.
I'm going to make sure I update the firmware on the Intel X520-DA2 on a Windows machine before I try installing OPNSense. Is there anything else unusual I need to do, or should I expect the OPNSense installer to just recognize the card and go through without issue? I'm looking for 10GbE line speed.

Thanks!

11

23.1 Legacy Series / AQuantia AQtion AQN-108 5/2.5 GbE Network Interface Card Supported? Stable?

« on: May 20, 2023, 04:44:20 am »

Hello,

I'm aware there is an in-development version of the driver here: https://github.com/Aquantia/aqtion-freebsd


I'm curious if anyone has this driver and card working and stable on OPNSense 23.1. I'd like to set up a new box for my OPNSense install; the specs are better in every way than the box I'm using now, except I've only got two NICs--an Intel 10GbE, and an AQN-108.


If the answer is no, that's okay; I just can't use this box for OPNSense.


Thanks!

12

22.1 Legacy Series / Re: [New OPNSense User] Firmware Update Check Issues with Fresh Install

« on: October 24, 2022, 07:59:51 pm »

it's my understanding that you can actually load up the backup'd configuration file during a clean install. Is that correct?

13

22.7 Legacy Series / Re: Want to Attach Synology WiFi Access Point to OPNSense Box? Easiest way?

« on: October 24, 2022, 02:02:02 am »

Thanks! That makes a lot of sense.

On reflection, I think I'm better off upgrading my switch hardware first, before I change anything else about how my router is configured.

I'd been trying to postpone that because of the cost to buy the new hardware, but making myself do the switch-out now would simplify a lot of things I want to do later.


Thanks for talking me through this.

14

22.7 Legacy Series / Re: Want to Attach Synology WiFi Access Point to OPNSense Box? Easiest way?

« on: October 23, 2022, 10:35:31 pm »

Thank you both. This is very helpful.


Why is bridging not recommended? I've read elsewhere, more than once, that it's to be avoided, but I'm not sure why. Is it based on the assumption that the hardware isn't up to the task?


Jim, that's what I want to do eventually. I was trying to ease into it. My wireless network is almost entirely devoted to my non-technical roommates; they stream all their media over it for recreation and use it for work and personal stuff. If it gets wonky at all, it will be a Bad Time®.


I was trying to isolate it while I start redesigning my physical ethernet network (upgrading/replacing switches, etc.--I have a new core switch to deploy and my old core switch will live under that).



So, I guess what I really need is an idiot's guide to creating a separate wifi VLAN in OPNSense that can get out to the internet and access physical devices (printers, etc.) on the primary LAN. I can get fancy with it later.

15

22.7 Legacy Series / Fresh Install/Restoring from Backup? Newbie Question.

« on: October 23, 2022, 02:30:06 am »

Hello,

If I do a backup of all my settings, and a fresh install that restores from that backup, what settings do I lose? Will I have to reconfigure anything?

(I need to update to the latest production version, and want to switch to ZFS since it's recommended, which means fresh install.)

Thanks!