Messages

I set up Zerotier, L3 mode on OpnSense

I use some dynamic routing, so I needed to avoid Zerotier to push any routes. They provided by BGP instead

I've set 'allowManaged=0' for Zerotier. As by specs from Zerotier, this disables both static routes push and IP assignment for interface. One is desired, another undesired, while works as it should

To deal with second part, I set up Zerotier IP via Interfaces->[Zerotier], set as "Static IP" with proper IP/Mask

It works, all good. Until I restart firewall or Zerotier service. After that, IP is lost on Zerotier interface:

Code Select Expand


ztsomenetworkname: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 5000 mtu 2800
        options=80000<LINKSTATE>
        ether e2:8f:7c:91:5b:b2
        hwaddr 58:9c:fc:10:ff:9e
        groups: tap
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        Opened by PID 87612


After that, I can go in to Interfaces->[Zerotier], Hit "Save", "Apply changes" and it works again

Code Select Expand


ztsomenetworkname: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 5000 mtu 2800
        description: Zerotier
        options=80000<LINKSTATE>
        ether e2:8f:7c:91:5b:b2
        hwaddr 58:9c:fc:10:ff:9e
        inet 172.23.76.8 netmask 0xffffff00 broadcast 172.23.76.255
        groups: tap
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        Opened by PID 87612



Is it on Zerotier's side and I should open ticket there? Or OpnSense missing some callback?

 :)

https://docs.frrouting.org/en/latest/ospfd.html
https://docs.frrouting.org/en/latest/bgp.html
https://docs.frrouting.org/en/stable-7.4/bfd.html

E.g., I want to tweak some timers for BFD. It is insane amount of work to make every option. Just edit box, people are not asking much

Even to manipulate settings, people have a snippets, ready to use chunks of the config. I have one in the hub, central Kubernetes cluster.

Terraform to be the best, but let's be modest. We are talking about edit box. For that missing edit box I have extra box eating 25Watts/hour with pfSense

I know, it is sensitive topic, but really a stopper for me to switch from pfSense

In general, UI for FRR is a joke. Literally, joke

OSPF is not usable at all, I cannot add the network, whatever form or shape I try it to squeeze it in. Error:

Code Select Expand

Error ospfd [EC 100663304] ERROR: Command returned Warning Config Failed on config line 29: network 172.23.76.0/24 area 0.0.0.0

What I am trying to achieve, is copied from my server's setup:

Code Select Expand

network  172.23.76.0/24 area 0.0.0.0

BGP settings are severely limited and cover very basic cases. Have you ever went to FRR documentation page? have you seen the options? Have you ever search through BGP (Cisco etc) forums?

https://github.com/opnsense/plugins/issues/1831
https://7dc.org/index.php/2021/05/12/opnsense-vs-pfsense-round-5-bgp-routing-with-frr/

I squeeze Tinc's additional options to public key edit box and should it be proper validation, my setup to be broken. Custom options for Unbound are via plugin or ssh into it. How does it work with reinstall from backup config? Absolutely wrong, so all these tweaks have to be done due to stubborn ideology.

For god sake, allow the custom options! If someone call current approach right, this is illiterate.

I posted some replies to reddit groups, where a lot of beginners who like OpnSense praising it. And I wish, I can like it too, but it is impossible for me to use to to stubborn mistake, someone does not want to admit and get over it

Just one big edit box can fix it. Until then, I use 2 separate boxes for me at home, where I need a Zenarmor. pfSense as primary. With this Apple-grade "decision" I use OpnSense solely as a Zenarmor addon

Is there a way to download/upload the static IP assignment under DHCP? In worst case, I will have to type or copy/paste all the assignments manually but was curious if there is an easier/reliable way out of this.

Thanks.

Didn't try it personally, but https://github.com/gxben/terraform-provider-opnsense might help you