Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - chuliu

#1
The cpu temperature has been staying in the range of 62 to 63 Celsius recently.  I did add that line to the /boot/loader.local file and it seems to reduce further 3 degrees to 59 degrees.
#2
After I re-applied cpu thermal paste, along with changing pl1 and pl2 in bios to 10w and 12w, the temperature stays between 50 and 52 degrees.
#3
Hi,
My powerd settings are on and hiadaptive for all three options.
I have enter bios and changed cpu pl1 and pl2 to 10 and 12 following the advice from the other thread.
The cpu temperature is now at around 70 degrees.

I will apply new thermal conductivity tonight and keep you posted about the cpu temperature.

#4
Quote from: meyergru on June 16, 2022, 06:25:57 PM
Same result here with the Topton unit.

I have done not only the heatspreader with K5 pro but also use the new Changwang BIOS which offers a "performance" menu (if I remember correctly) where I lowered PL1 and PL2 to 10 and 12 Watts respectively - also, I lowered the CPU voltage by 30 mV (careful, I have read that setting this too low can render the device useless, even beyond a CMOS reset!).

My relevant tuneables are:

hw.acpi.cpu.cx_lowest=C1 (do not try lower - system gets unstable!)
hw.ibrs_disable=1 (might help a little)

I am not using powerd.


The device is at 45°C now, but only one port connected and basically sitting idle so far.

P.S.: Put every sysctl setting in tuneables in the GUI, it detects automagically which ones have to be done on boot and which can be set dynamically. I tried it and it survives a reboot.

P.P.S: I just applied 'sysctl dev.hwpstate_intel.0.epp=100' and temps dropped another 4°C.




Hi, I am running opnsense on a N5105 mini pc which I bought off aliexpress.
I too am getting high cpu temperature issues.
The cpu would go up to 81 celcius.
I am newbie to all this.
May I know in details where to type in these commands:
hw.acpi.cpu.cx_lowest=C1 (do not try lower - system gets unstable!)
hw.ibrs_disable=1 (might help a little)

Thanks.
#5
I am running opnsense on the n5105 generic box which I bought on aliexpress.
It was working fine with my two ftth, 1gb and 2.5gb respectively until I accidentally noticed that cpu temperature was very high at 81 celcius degrees.  I shut it down immediately.

I have a friend who also owns a box with similar hardware and he is running vyos.
The cpu temperature is around 65 celcius according to him.

I didn't feel the cpu was throttled due to overheating, but I did notice the case was very hot.

Is there any way I can reduce the cpu temperature?  I don't want to replace it or change to other os, since it was working fine.
#6
I have opnsense router running two wan failover with one lan.  The hardware have 4 nics, while I use only three.
My isp is hkt and hkbn.  HKT is also providing iptv service to me.  For the moment, I connect two cables, one to the wan1 of the opnsense and the other to a netgear managed switch.
Apart from the cable for iptv, there are one cable from lan port of opnsense, one cable that connects to the wireless ap, one that connects to a raspberry pi running pi-hole, and the last one that connects to a second managed switch which is in a room 10 meters away. 

I set up managed switches so that I can surf the internet, and watch iptv, all with the one cable between the two managed switches.

Please see the attachment for a current set up diagram.

I am looking for a way to use only one m-switch, by setting up opnsense's iptv passthrough functions, if it exists.


Please advise if this is doable and how to do it.
Thanks.
#7
My hardware is a cheap N5105 celeron, 8gb ram, 128gb ssd, which I bought at aliexpress for usd 158.
I set up opnsense on it and am wondering if it is a good idea to schedule periodic shutdown from 2:00am to 6:00am to let the sdd rest?  I may set up a crom job to shutdown the firewall, and a power socket with timer function to restart it.


The question is is it need the efforts?  Does it benefit the ssd by letting it stay idle for 4 hours?

Thanks.
#8
I wonder if this script will work if i have an existing wireguard server set up in my opnsense?
Also, does it work in a dual wan environment?

Thank you.
#9
I finally got wireguard working on my opnsense with dual wan after a lot of trial and error and I thought I would share my setup here for others who encounter issues with wireguard on a dual wan opnsense.  I would also like to ask if port forward is needed for your configuration as it is needed for me.

I have dual ftth connections both with dhcp public ip at home.  I would like to access the gui of opnsense firewall with wireguard when I am outside of my home.  I set up two gateway groups named failover 1 and failover 2 with one of the ftth served as a backup for the other.  I have one LAN interface 192.168.86.0/24 with dhcp server enabled.  The wireguard server is set up with internal ip 10.10.10.0/24.  I created an interface for wireguard named mywireguard.  Wan2 is my active (default) gateway as shown in the system->gateways->single.

Here is the server and client setup for my opnserver:

[server]
local tab:
listen port 51820
tunnel address 10.10.10.0/24
peers: myiphone, mymacbook, mypc

endpoints:
myiphone:
allowed ips 10.10.10.3/32
mymacbook:
allowed ips: 10.10.10.2/32
mypc:
allowed ips: 10.10.10.4/32

[client]  I take my iphone as an example
[Interface]
PrivateKey = x
ListenPort = 51820
Address = 10.10.10.3/32
DNS = 1.1.1.1

[Peer]
PublicKey = x
AllowedIPs = 192.168.86.0/24, 10.10.10.1/32
Endpoint = mywan2_ip:51820



[port forward rule]
interface : wan2
tcp/ip version : ip4
protocol : udp
destination : wan2 address
destination port range : 51820 to 51820
redirect target ip : 192.168.86.0
redirect traget port : 51820



[nat outbound rule]
interface : wan2
tcp/ip version: ip4
protocol : udp
source address:  mywireguard net
source port : any
destination address : wan2 address
destination port : any
translation target : interface address

[firewall rule wan2]
automatically created when I created port forward rule

[firewall rule mywireguard]
action : pass
quick : checked
interface : mywireguard
direction : in
tcp/ip version : ip4
protocol : any
source: mywireguard net
destination : any
destinatiny port range: any to any


Please note that the endpoint that I set up in my client app on my iphone is my wan2 ip.  This is because wan2 is my default gateway for some reason and I read somewhere that wireguard only work with the default gateway in a dual wan setup.  I see it in system->gateways->single as wan2 is marked with active.  I would appreciate if someone can tell me how it decides which gateway is active. 


Also, I needed to set up a port forward rule for wireguard to work.  This is not the case as I checked on the online documents on opnsense web site.  That article is titled set up wireguard road warrior.  Let me know if you have to set up a port forwarding rule for it to work.


Thanks.
#10
Never thought it was as easy as that!
Thanks.
#11
Hi, I am new to opnsense and software router as a whole.  I just received the intel celeron N5105 hardware with 4 network ports a few days ago with pfsense installed.  For some reason, pfsense wouldn't work well for my xbox series x giving me a double nat error.  I decided to switch to opnsense. 

Now, here is my setup:  N5105 cpu with 4 netowrk ports, dual ftth from different isps with the same speed, pi-hole with unbound on rasphberry pi, one lan with ip addresses 192.168.86.1/24 

I followed this and set up my opnsense with dual wan and set the dns servers to google and cloudflare respectively.  I didn't set the dns to my pi-hole becuase if I set it up in system->settings->general by filling up my pi-hole ip and specifying the gateways and saved it, it will give me an error saying "You can not assign a gateway to DNS server "192.168.86.150" which is on a directly connected network." 

My goal is to be able to set up pi-hole as dns server for the network for blocking youtube from my kids.  I don't mind if I cannot use unbound for dns resolver.  If I can, that is even better.  How can I set it up with the opnsense limiting me from setting up dns with an ip in the lan subnet.  Thanks.