Messages

1

Hardware and Performance / Re: N5105 generic box, very high temperature

« on: November 25, 2023, 03:35:41 pm »

The cpu temperature has been staying in the range of 62 to 63 Celsius recently.  I did add that line to the /boot/loader.local file and it seems to reduce further 3 degrees to 59 degrees.

2

Hardware and Performance / Re: N5105 generic box, very high temperature

« on: August 14, 2023, 08:00:02 am »

After I re-applied cpu thermal paste, along with changing pl1 and pl2 in bios to 10w and 12w, the temperature stays between 50 and 52 degrees.

3

Hardware and Performance / Re: N5105 generic box, very high temperature

« on: August 09, 2023, 05:51:51 am »

Hi,
My powerd settings are on and hiadaptive for all three options.
I have enter bios and changed cpu pl1 and pl2 to 10 and 12 following the advice from the other thread.
The cpu temperature is now at around 70 degrees.

I will apply new thermal conductivity tonight and keep you posted about the cpu temperature.

4

Hardware and Performance / Re: Topton N5105 based system

« on: August 09, 2023, 04:10:00 am »

Same result here with the Topton unit.

I have done not only the heatspreader with K5 pro but also use the new Changwang BIOS which offers a "performance" menu (if I remember correctly) where I lowered PL1 and PL2 to 10 and 12 Watts respectively - also, I lowered the CPU voltage by 30 mV (careful, I have read that setting this too low can render the device useless, even beyond a CMOS reset!).

My relevant tuneables are:

hw.acpi.cpu.cx_lowest=C1 (do not try lower - system gets unstable!)
hw.ibrs_disable=1 (might help a little)

I am not using powerd.


The device is at 45°C now, but only one port connected and basically sitting idle so far.

P.S.: Put every sysctl setting in tuneables in the GUI, it detects automagically which ones have to be done on boot and which can be set dynamically. I tried it and it survives a reboot.

P.P.S: I just applied 'sysctl dev.hwpstate_intel.0.epp=100' and temps dropped another 4°C.

Hi, I am running opnsense on a N5105 mini pc which I bought off aliexpress.
I too am getting high cpu temperature issues.
The cpu would go up to 81 celcius.
I am newbie to all this.
May I know in details where to type in these commands:
hw.acpi.cpu.cx_lowest=C1 (do not try lower - system gets unstable!)
hw.ibrs_disable=1 (might help a little)

Thanks.

5

Hardware and Performance / N5105 generic box, very high temperature

« on: August 08, 2023, 05:32:56 pm »

I am running opnsense on the n5105 generic box which I bought on aliexpress.
It was working fine with my two ftth, 1gb and 2.5gb respectively until I accidentally noticed that cpu temperature was very high at 81 celcius degrees.  I shut it down immediately.

I have a friend who also owns a box with similar hardware and he is running vyos.
The cpu temperature is around 65 celcius according to him.

I didn't feel the cpu was throttled due to overheating, but I did notice the case was very hot.

Is there any way I can reduce the cpu temperature?  I don't want to replace it or change to other os, since it was working fine.

6

23.1 Legacy Series / Can I use one less managed switch with opnsense

« on: March 02, 2023, 08:46:38 pm »

I have opnsense router running two wan failover with one lan.  The hardware have 4 nics, while I use only three.
My isp is hkt and hkbn.  HKT is also providing iptv service to me.  For the moment, I connect two cables, one to the wan1 of the opnsense and the other to a netgear managed switch.
Apart from the cable for iptv, there are one cable from lan port of opnsense, one cable that connects to the wireless ap, one that connects to a raspberry pi running pi-hole, and the last one that connects to a second managed switch which is in a room 10 meters away. 

I set up managed switches so that I can surf the internet, and watch iptv, all with the one cable between the two managed switches.

Please see the attachment for a current set up diagram.

I am looking for a way to use only one m-switch, by setting up opnsense's iptv passthrough functions, if it exists.


Please advise if this is doable and how to do it.
Thanks.

7

General Discussion / Is it a good idea to schedule the opnsense firewall to shutdown for x hours

« on: January 29, 2023, 05:30:16 pm »

My hardware is a cheap N5105 celeron, 8gb ram, 128gb ssd, which I bought at aliexpress for usd 158.
I set up opnsense on it and am wondering if it is a good idea to schedule periodic shutdown from 2:00am to 6:00am to let the sdd rest?  I may set up a crom job to shutdown the firewall, and a power socket with timer function to restart it.


The question is is it need the efforts?  Does it benefit the ssd by letting it stay idle for 4 hours?

Thanks.

8

Virtual private networks / Re: Private Internet Access (PIA) WireGuard Guide/Script

« on: January 26, 2023, 01:26:24 am »

I wonder if this script will work if i have an existing wireguard server set up in my opnsense?
Also, does it work in a dual wan environment?

Thank you.

9

Virtual private networks / [solved] wireguard remote access for dual wan setup

« on: January 25, 2023, 09:16:04 am »

I finally got wireguard working on my opnsense with dual wan after a lot of trial and error and I thought I would share my setup here for others who encounter issues with wireguard on a dual wan opnsense.  I would also like to ask if port forward is needed for your configuration as it is needed for me.

I have dual ftth connections both with dhcp public ip at home.  I would like to access the gui of opnsense firewall with wireguard when I am outside of my home.  I set up two gateway groups named failover 1 and failover 2 with one of the ftth served as a backup for the other.  I have one LAN interface 192.168.86.0/24 with dhcp server enabled.  The wireguard server is set up with internal ip 10.10.10.0/24.  I created an interface for wireguard named mywireguard.  Wan2 is my active (default) gateway as shown in the system->gateways->single.

Here is the server and client setup for my opnserver:

[server]
local tab:
listen port 51820
tunnel address 10.10.10.0/24
peers: myiphone, mymacbook, mypc

endpoints:
myiphone:
allowed ips 10.10.10.3/32
mymacbook:
allowed ips: 10.10.10.2/32
mypc:
allowed ips: 10.10.10.4/32

[client]  I take my iphone as an example
[Interface]
PrivateKey = x
ListenPort = 51820
Address = 10.10.10.3/32
DNS = 1.1.1.1

[Peer]
PublicKey = x
AllowedIPs = 192.168.86.0/24, 10.10.10.1/32
Endpoint = mywan2_ip:51820



[port forward rule]
interface : wan2
tcp/ip version : ip4
protocol : udp
destination : wan2 address
destination port range : 51820 to 51820
redirect target ip : 192.168.86.0
redirect traget port : 51820



[nat outbound rule]
interface : wan2
tcp/ip version: ip4
protocol : udp
source address:  mywireguard net
source port : any
destination address : wan2 address
destination port : any
translation target : interface address

[firewall rule wan2]
automatically created when I created port forward rule

[firewall rule mywireguard]
action : pass
quick : checked
interface : mywireguard
direction : in
tcp/ip version : ip4
protocol : any
source: mywireguard net
destination : any
destinatiny port range: any to any


Please note that the endpoint that I set up in my client app on my iphone is my wan2 ip.  This is because wan2 is my default gateway for some reason and I read somewhere that wireguard only work with the default gateway in a dual wan setup.  I see it in system->gateways->single as wan2 is marked with active.  I would appreciate if someone can tell me how it decides which gateway is active. 


Also, I needed to set up a port forward rule for wireguard to work.  This is not the case as I checked on the online documents on opnsense web site.  That article is titled set up wireguard road warrior.  Let me know if you have to set up a port forwarding rule for it to work.


Thanks.

10

22.7 Legacy Series / Re: [solved] dual wan and pi-hole on opnsense

« on: January 22, 2023, 03:48:56 am »

Never thought it was as easy as that!
Thanks.

11

22.7 Legacy Series / [solved] dual wan and pi-hole on opnsense

« on: January 21, 2023, 01:11:04 pm »

Hi, I am new to opnsense and software router as a whole.  I just received the intel celeron N5105 hardware with 4 network ports a few days ago with pfsense installed.  For some reason, pfsense wouldn't work well for my xbox series x giving me a double nat error.  I decided to switch to opnsense. 

Now, here is my setup:  N5105 cpu with 4 netowrk ports, dual ftth from different isps with the same speed, pi-hole with unbound on rasphberry pi, one lan with ip addresses 192.168.86.1/24 

I followed this and set up my opnsense with dual wan and set the dns servers to google and cloudflare respectively.  I didn't set the dns to my pi-hole becuase if I set it up in system->settings->general by filling up my pi-hole ip and specifying the gateways and saved it, it will give me an error saying "You can not assign a gateway to DNS server "192.168.86.150" which is on a directly connected network." 

My goal is to be able to set up pi-hole as dns server for the network for blocking youtube from my kids.  I don't mind if I cannot use unbound for dns resolver.  If I can, that is even better.  How can I set it up with the opnsense limiting me from setting up dns with an ip in the lan subnet.  Thanks.