Messages

another update from my side,

After a while, researching discovered that assigning a ULA as I did does not work. Now taken a GUA address using part of my /56 to use a GUA /64 network for Wireguard (and I think this applies to any VPN type).And what I now find out is that IPv6 is a real pain in the ass. For a consumer this is far too complicated compared to IPv4.
Since I have a dual stack connection, it is not that much of a problem, but more for me to gradually familiarize myself with IPv6. My conclusion for all the problems I have encountered with VPN and IPv6 is:
Do you want to set up a Wireguard VPN with world wide web access - Use a GUA address, where, depending on your provider, you create a network within, for example, the /56 part of your internet address. With opnsense you do not assign this internet address via slaac or dhcpv6, but manually. For a local IPv6 VPN you use ULA addresses as they do not have access to the world wide web.
With GUA you do encounter the fact that the addresses can be dynamic depending on the provider and could therefore change, resulting in a non-working connection.
Furthermore, for a WAN reference with a DCHP you use a hostname to IP. In short, you request a hostname from a provider. Yes, create an AAAA reference to your WAN ipv6 address and have this updated by dynamic DNS.
For now my conclusion is that if I want a secure connection with internet connectivity I need a wireguard connection with a GUA and for a local connection 1 with a ULA address. Which always means 2 Wireguard connections. Or can I also cram them into 1 Wireguard profile so that I have both?

Update from my side. There were some errors in my configuration. The whole Handshake thing now works for IPv4 and IPv6. Now the following problem arises: IPv4 internet works as it should, only no internet on IPv6. And now I really have no idea what I'm doing wrong. here in my configuration. I hope maybe someone sees what I'm doing wrong?
I only have a standard rule in the firewall that allows IPv6 traffic.

I have IPV4 wireguard working.
For IPV6 I have a working reference to the /128 address of the router via dynamic DNS.
I have created an ipv6 firewall rule that points to port 51821 of the firewall and on which the wireguard interface also runs.
To date, only a rule has been added to the interface that allows all IPv6 traffic. However, I see in the peer's logs that the handshake is not being achieved. Are there any steps needed to get a working ipv6 wireguard handshake ?

Anybody a idea?
Want to use cloudflare ddns with ipv6.
I setup a aaaa record in cloudflare to point to. As a password I used the global API. 
See pictures for the settings this is with the mentioned patch and opnsense backend.
When I check the logs ddclient is trying to write an a record. This results in a error see the screen capture. Obviously the record that it should write is a aaaa record.

Okay my fault i didn't read the topic well. I have the same error with os-ddclient. I have opnsense as the backend and cloudflare setup as ipv4. I see one update of my ip-adres on cloudflare and then i get this error:
Error   ddclient   Unable to read file /var/tmp/ddclient_opn.status

For now using the os-dyndns hope there will be a solution as this is legacy and usable untill 23.7 arrives :-\


Verstuurd vanaf mijn CPH2449 met Tapatalk

Well after some more testing I found out disabling igmp snooping on all network equipment everything works as expected.
From there I tested further and found out enabling the setting  Validate IGMPv3 IP Header on my Netgear managed switches helped. Do not know why but even after several reboots etc. The printer is recognized and installed and prints fine and no side effects lol. If anybody knows what the setting Validate IGMPv3 IP Header does let me know :-)

Verstuurd vanaf mijn CPH2449 met Tapatalk

Hi all,

I have a printer that i want to share that is on LAN 2 and i want to share it on all of my other lan networks.
Firewall rules are basic:
LAN 2 is a separate network for IOT and guests and that is where the printer is located.
Traffic is blocked here to all secure networks so devices cannot communicate to lan 1 and 3.
LAN 1 and 3 aloows acces to all interfaces so i can connect to devices that are on LAN 2.
On wifi and on a wired interface i can connect to the web interface of the printer on 192.168.3.15.
But the printer cannot be used to print.
Do i need to setup some firewall rule to make printing posible from LAN 1 and 3?

Hi all.

What works I can cast from Lan 1 (private) to Lan 3 (IOT-guests) so that works.
This works when mdns-repeater is installed and interface LAN1 and LAN3 is selected.
The only thing that I can't seem to get working is using speakergroups when controlling then from LAN1. Either they do not show up and when they do not all of the speakers work. What also is not working is using the speaker pair (stereo) with the same result as described earlier.
I installed UDP broadcast relay relayed UDP port 5353 and 1900.
And added firewall rules to forward ports 5556 and 5558 and 8008 from LAN 3 to LAN 1 vice versa LAN 1  can always accès LAN3.
Is there anybody who has tips or maybe a working solution?

Verstuurd vanaf mijn CPH2449 met Tapatalk

With dynamic dns I have successfully setup cloudflare with ipv4. But now I would like to do the same with ipv6. But can't find a way to do this. I have created a dns record in cloudflare with a aaaa record dns only but in opnsense I have no clue what to do next.
Is there anybody who knows how to do this ?

Verstuurd vanaf mijn SM-G990B met Tapatalk

Follow this https://forums.servethehome.com/index.php?threads/topton-jasper-lake-quad-i225v-mini-pc-report.36699/page-103#post-359615

For me this worked

Are you aware of the Serve The Home megathread on these devices?  There's a lot there about the c- and p-states, bios settings and OPNsense configuration:

https://forums.servethehome.com/index.php?threads/topton-jasper-lake-quad-i225v-mini-pc-report.36699

This post specifically comes to mind:
https://forums.servethehome.com/index.php?threads/topton-jasper-lake-quad-i225v-mini-pc-report.36699/page-103#post-359615


(Don't be mislead by the title or first couple of posts, the thread walks through a bunch of CPUS - including tne N5105 - and various NIC configs - 4x and 6x of I225 vN and I226.)

Thanks for pointing me to this forum.
Thanks to a user there changed some bios settings and added some code to opnsense.
Now I am running 7 °c Cooler and a lot more efficiënt. Also replaced the rebranded "samsung" adapter for a Mean WELL GST60A12-P1J 12V before it had the chance to set my house on fire [emoji3]

Verstuurd vanaf mijn SM-G990B met Tapatalk

That's okay  ;)

Figured out what the problem was thought i added the interface to mDNS Repeater.
But i didn't  :o added the interface and problem solved .

topic can be closed 

i have 2 LAN interfaces LAN 1 for trusted devices and LAN 2 is for guests and iot devices.
On LAN 1 i run homeassistant with esphome to contole some esp32 devices that are located on LAN 2.
Within homeassistant those devices can be controled as home assistant detects them on the specified port.
But when i run the esphome addon to maintain or send code the esp devices are not detected.
The addon cannot resolve the "esp32 name".local to a ip-adres.

The .local doesresolve when the device is on the same LAN interface as home assistant.

Hi all

With esphome I get this error

INFO Reading configuration /config/esphome/esphome-bluetoothtracker.yaml... INFO Starting log output from esphome-bluetoothtracker.local using esphome API WARNING Can't connect to ESPHome API for esphome-bluetoothtracker.local: Error resolving IP address: [Errno -5] No address associated with hostname INFO Trying to reconnect to esphome-bluetoothtracker.local in the background

How do I solve this problem ?

I use unbound and adguardhome to handle dns.

Regards

Marco

Verstuurd vanaf mijn SM-G990B met Tapatalk

Little update :

I enabled C-states to go lower than the standard C1 as discribed in this forum.
In the bios settings i also saw this was supported.

Used the following :

Add four new entries under system -> settings -> tunables:
Code: [Select]
dev.cpu.0.cx_lowest
dev.cpu.1.cx_lowest
dev.cpu.2.cx_lowest
dev.cpu.3.cx_lowest

and use C3 as value for each of them. Then the tunings survive a reboot.

sysctl hw.acpi.cpu.cx_lowest=c3

use sysctl dev.cpu |grep cx to check.

result:

root@OPNsense:~ # sysctl dev.cpu | grep cx
dev.cpu.3.cx_method: C1/mwait/hwc C2/mwait/hwc C3/mwait/hwc
dev.cpu.3.cx_usage_counters: 46876 49150 83868
dev.cpu.3.cx_usage: 26.05% 27.32% 46.62% last 115us
dev.cpu.3.cx_lowest: C3
dev.cpu.3.cx_supported: C1/1/1 C2/2/253 C3/3/1048
dev.cpu.2.cx_method: C1/mwait/hwc C2/mwait/hwc C3/mwait/hwc
dev.cpu.2.cx_usage_counters: 39024 50810 89534
dev.cpu.2.cx_usage: 21.75% 28.32% 49.91% last 350us
dev.cpu.2.cx_lowest: C3
dev.cpu.2.cx_supported: C1/1/1 C2/2/253 C3/3/1048
dev.cpu.1.cx_method: C1/mwait/hwc C2/mwait/hwc C3/mwait/hwc
dev.cpu.1.cx_usage_counters: 65075 60643 84334
dev.cpu.1.cx_usage: 30.98% 28.87% 40.14% last 89us
dev.cpu.1.cx_lowest: C3
dev.cpu.1.cx_supported: C1/1/1 C2/2/253 C3/3/1048
dev.cpu.0.cx_method: C1/mwait/hwc C2/mwait/hwc C3/mwait/hwc
dev.cpu.0.cx_usage_counters: 242513 860335 413
dev.cpu.0.cx_usage: 21.98% 77.98% 0.03% last 78us
dev.cpu.0.cx_lowest: C3
dev.cpu.0.cx_supported: C1/1/1 C2/2/253 C3/3/1048

Still i do not see any change in the lobby that the processor is lower than 2GHZ :-(

Hi all
Just started to use opnsense everything went smoothly but there is one thing I ran into.
Powerd is not doing anything it is enabled and set to adaptive ( but any other shows the same result )
My cpu speed is constanly at 2 ghz.
My temps are not that bad 51 idle and with load around 70 degrees.
But I woud like to be as energie efficiënt as possible.
Intel c states and intel speedstepping are enabled.
My unit is a Topton n5105 with 4 intel i226 nics.
Hope somebody can help me.

Verstuurd vanaf mijn SM-G990B met Tapatalk