Messages

1

Hardware and Performance / Re: [Fixed] AMD hw random reboot

« on: July 02, 2024, 02:35:59 pm »

Interesting.  Nearly the same combination I've been running my server for the past 18 months without a single issue.

Without seeing the actual MCA errors it is impossible to start issuing blame.  Hardware not working as expected could have many root causes - CPU, motherboard, RAM, BIOS settings or BIOS code itself, the list could go on.

But sometimes it is best to move on to different hardware, especially if you don't have a compelling reason to stick with the one giving issues.

2

Hardware and Performance / Re: AMD hw random reboot

« on: June 23, 2024, 11:24:06 pm »

Early Ryzen CPUs (ZEN/ZEN+) had some issues running Linux OS, though it typically manifests as system lock up vs rebooting.  Later CPUs seem to work much better, as there are many data centers running the same processor die (EPYC).

Some immediately say "Disable C-States" but that is a very drastic solution, one of last resort.  It basically disables one of the best features of modern AMD CPUs - its power management.  Unless you have hundreds of active clients being routed on your bare metal system, you will appreciate the power savings over time.

The two things I've found to be effective on my Ryzen based servers (my OPNSense is on a Intel N5105) are:

-- In the BIOS, set Power Supply Idle Control to Typical Current Idle (or some equivalent wording in your particular BIOS)
--Don't use XMP or any overclocking timing for your DRAM.  Your 2400G is a 1st gen ZEN processor, so your memory speeds should be set to a much lower timing than the marketing "DDR4 3200" would make you think.  (See below)

I initially had issues running a 1st gen Ryzen 1500X in an Unraid server.  After changing these two parameters in my BIOS, that system has run flawlessly for a couple of years.

3

24.1 Legacy Series / Re: Alternative to using a reverse proxy and port forwarding

« on: June 11, 2024, 12:23:35 pm »

I picked up a cheap domain and use Cloudflare Tunnel in front of my reverse proxy (NPM).

Some additional benefits using free Cloudflare services are you can also do geo-blocking, get some threat/bot protection, and user authentication.

4

Hardware and Performance / Re: Is opnsense available in rasp pi 5?

« on: January 23, 2024, 09:57:34 pm »

Routers and switches are technically two different things.  In a home network, what people commonly call a "Router" is actually a combined router, switch, basic firewall and wireless access point.

In the simplest terms/view:
A router connects different networks.
A switch connects devices on a single network, and directs packets to the addressed device.

OPNsense is more accurately a router and firewall.  It does have the ability to also handle LAN switching tasks, but it is more efficiently handled by use of dedicated switch hardware (as OPNsense needs to handle switching tasks by using CPU resources).

5

23.7 Legacy Series / Re: Telegram Notifications

« on: November 11, 2023, 04:33:02 pm »

Another +1 for Telegram notifications.

People do not watch their email (unless sitting at a desk in their work environment) like the once did 15 years ago.  I use Telegram nearly exclusively for my network and server notifications, be it those generated by OS itself, applications running on servers, or even in my self generated bash scripts.  I use two different Telegram bots (one for system stuff, one for applications) that have different notification tones.  This is much more useful, as I can immediately know which are notifying me even before I take my phone out of my pocket.  With email, you get one ding, be it from your system or the third email about sales at Best Buy.

6

23.7 Legacy Series / Re: Upgrading from 23.1 to 23.7 - Newbie Question

« on: September 26, 2023, 02:40:15 pm »

Thanks franco.  I tried again, but end up with the same result.  Working with ddclient as backend.  Not working with native.

I deleted all accounts then removed and reinstalled plugin.  Set a bogus IP address in the duckdns website for my testing domain.  Reinstalled plugin.  Set Backend = native (it defaults to ddclient).  Hit Apply and restarted service.  Created account, Save, Apply.  Result was failue message in log and no update recorded on duckdns website.

Next I deleted account, set backend = ddclient.  Hit Apply and restarted service.  Created account, Save, Apply.  Success message in log and updated IP address shown in duckdns website.

Very strange.  I understand where you were going with your last post, makes perfect sense.  But I guess I'll stay on the ddclient backed for now.  It isn't mission critical for my setup, as it is only used as an ISP/firewall watchdog (all of my true domains are managed via Cloudflare tunnels).

7

23.7 Legacy Series / Re: Upgrading from 23.1 to 23.7 - Newbie Question

« on: September 26, 2023, 12:06:40 am »

Sorry to have dropped off the radar for several days.  I had been reading your responses (and much appreciate them).  My work has me doing four 12 hour days, then followed by family emergency.

I tried what was suggested previously, none of it giving much success.  I have finally received a positive result from both my logs and duckdns, by doing the unexpected - I set the Backend to ddclient, not native.

I'm not one to argue with success, but I thought that native was developed specifically to work with OPNSense?

8

23.7 Legacy Series / Re: Upgrading from 23.1 to 23.7 - Newbie Question

« on: September 22, 2023, 01:27:22 am »

franco, CJ and newsense - Thank you all for your input.  I keep on learning with it all.  As for my flash drive collection, old habits die hard.  But still a good choice - portable, can usually get it to boot on any system, and lives in the desk drawer where my servers and network live, so I (usually) can find what I need.

CJ is right - Duckdns uses a token in the password field.  I cut/past it right from my duckdns.org account page.  What is interesting (and probably a good thing?) is while the string from the log is similar in format to my token, they are not the same.  (same 8-4-4-4-12 char cadence)

As I wrote earlier, I set things up based on a recent post from here.  Not really all that much to configure, so unsure if it is dumbness on my end or ...?  Screenshots attached.

9

23.7 Legacy Series / Re: Upgrading from 23.1 to 23.7 - Newbie Question

« on: September 21, 2023, 10:57:21 am »

I did.  Set up per this post, from 2023-09-02:
https://forum.opnsense.org/index.php?topic=34575.msg173857#msg173857

Created a test domain, manually gave it an incorrect address (to see if it changed by ddclient).  I get nothing but KO in my logs:

DuckDNS update failed for 0da****1-4d80-4820-b**d-b83***6f3815 [duckdns - TEST] with ip 67.246.*3.*6 for domains qwertytest.duckdns.org, response: KO

(some data obscured by me)

10

23.7 Legacy Series / Re: Upgrading from 23.1 to 23.7 - Newbie Question

« on: September 21, 2023, 01:46:30 am »

Thanks, I had both.  Some may laugh at my key ring full of flash drives, but I have on hand what I need to get myself out of most situations.  Along with my aversion to any software version that ends in .0 (or even .1, for that matter) is why I waited for 23.7.4 to be released.

Well, that and os-ddclient to work properly with duckdns.  Which it still isn't for me.   

11

Hardware and Performance / Re: Looking for guidelines to help choose the optimal hardware or opnsense ?

« on: September 19, 2023, 08:34:00 pm »

Opnsense is currently running on a N5105 with 16GB RAM. Currently <25% RAM is used and most of the time CPU usage is below 20%... and the device acts as a heater... Would there be a more efficient solution in my context ?

What exactly are you trying to remedy?  It seems that your N5105 is performing all the tasks you specified, and is not overtaxed.  If your goal is to use less power, you will likely find that the current sweet spot for power/performance is the N5105.  The older and newer CPUs both tend to use a bit more wattage, which you will especially see if you move down one generation (as the CPU will be working harder and on an older technology node).

You may want to see if tweaking your P-State values may help power usage.  Some systems, out of the box, don't clock down as low as they could.  Your savings with this would still be minimal, and dependent on how much traffic is going through your firewall.

If it is the heat that's bothering you (and I may be incorrectly assuming you are using one of the Chinese 4 port appliances, as I run), that's just a function of a fanless system.  Without a fan, it takes more time for heat to slowly dissipate.  If you are okay with using another watt or two, there are USB fans with speed control available.  I put one which just sits on top of the case heatsink, and keeps my temps between 32-38C.

12

23.7 Legacy Series / Re: Upgrading from 23.1 to 23.7 - Newbie Question

« on: September 18, 2023, 01:39:53 am »

Done, and completely painless.  You were right smack on the money, just about 6 minutes to having the login screen back.  Updated again to 23.7.4, ran a quick audit and all is good.

13

23.7 Legacy Series / Re: Upgrading from 23.1 to 23.7 - Newbie Question

« on: September 16, 2023, 07:51:30 pm »

Thanks for the response.  This was just one of those times that you reach a fork in the road and if you take the wrong branch there may not be an easy way to go back.  Hunting for answers on your phone after you make a poor choice is never fun.  (Ask me how I know  )

My move to OPNSense came with getting one of those Topton N5105 boxes, migrating away from a getting old Asus router running Tomato.  No worries on a 15 minute update, but thanks for the heads up to be patient.

14

23.7 Legacy Series / Upgrading from 23.1 to 23.7 - Newbie Question

« on: September 16, 2023, 02:50:57 pm »

I have been running OPNSense for my home network for the past 6 months, and have been learning much about it.  I am currently on 23.1 and am ready to take the plunge to 23.7.  Before I mess up totally and take the house network down for an extended amount of time, thought I'd ask a quick question.

Is it recommended that I do an offline update (as noted in the OPNSense Documentation) or can it be done from System > Firmware > Updates in OPNSense itself?  My configuration is as basic/vanilla as it can get.