Messages

1

General Discussion / Multiple mDNS Repeater configs

« on: October 26, 2024, 03:58:44 pm »

Is it possible to configure mDNS Repeater to broadcast separately between networks A and B, and between C and D?

Or alternatively, can the traffic be filtered so if all 4 networks are configured, only broadcast traffic from A to B would be allowed and same for B and C.

2

Virtual private networks / Re: Proton VPN two gateways

« on: March 11, 2024, 10:19:12 pm »

its always something so simple isn't it? that'd be it, thanks!

3

Virtual private networks / [Solved] Proton VPN two gateways

« on: March 11, 2024, 03:26:25 pm »

Has anyone managed to configure two wireguard endpoints successfully in gateway group?

I have one working endpoint and cannot figure out how to make the second one function despite having followed almost the exact same steps in configuring both of them; the only difference being how the addresses are configured on wireguard > settings > instances:

for connection1 I have configured the default values provided in proton config

Code: [Select]

peer
| public key       | .conf > Peer PublicKey                  |
| allowed ips      | .conf > Peer AllowedIps (0.0.0.0/0)     |
| endpoint address | .conf > Peer Endpoint (196.196.203.202) |
| endpoint port    | .conf > Peer Endpoint (51820)           |

instance
| public key     | .conf > Peer PublicKey                  |
| private key    | .conf > Interface PrivateKey            |
| listen port    | .conf > Peer Endpoint port (51820)      |
| tunnel address | .conf > Interface Address (10.2.0.2/32) |
| peers          | proton_peer1                            |
| disable routes | check                                   |
| gateway        | tunnel address -1 (10.2.0.1)            |
for connection2 the same except tunnel, gateway and endpoint

Code: [Select]

peer
| public key       | .conf > Peer PublicKey                  |
| allowed ips      | .conf > Peer AllowedIps (0.0.0.0/0)     |
| endpoint address | .conf > Peer Endpoint (194.34.132.55)   |
| endpoint port    | .conf > Peer Endpoint (51820)           |

instance
| public key     | .conf > Peer PublicKey                  |
| private key    | .conf > Interface PrivateKey            |
| listen port    | .conf > Peer Endpoint port (51820)      |
| tunnel address | .conf > Interface Address (10.3.0.2/32) |
| peers          | proton_peer2                            |
| disable routes | check                                   |
| gateway        | tunnel address -1 (10.3.0.1)            |
then both are assigned and configured in interface assignments. at this point peer 1 handshake succeeds but peer2 doesnt.
is there some gotcha i'm missing?

4

23.7 Legacy Series / Re: After upgrade to 23.7 and OPNsense 23.7.1_3-amd64 High disk write activity

« on: October 22, 2023, 01:18:37 am »

That sawtooth pattern looks like local NetFlow capturing. Are you using insights reporting?


Cheers,
Franco

Seems like I did have NetFlow capturing turned on, it was also completely misconfigured.. 
But more importantly, I also had Unbound DNS reporting turned on and my IO usage went down on the spot after I turned that off.

Edit: Also after I hit 'Reset DNS data', that got rid of over 2gb of data. Finally I know what was piling up
That said, having that data available was quite useful so would be nice to have some better data management tied to said reporting in the future.

5

23.7 Legacy Series / Re: After upgrade to 23.7 and OPNsense 23.7.1_3-amd64 High disk write activity

« on: October 17, 2023, 10:23:07 pm »

I've noticed similar situation except over longer time period. My /var/log and /tmp are both configured for RAM disk and I've minimized logging in general, yet the disk is filling up over time and I can't figure out why.
I had to reinstall opnsense entirely at one point because disk was completely full thanks to some python module directory, and I was unable to extend the volumes as I'm not super familiar with bsd underneath the hood. You can see the reinstall time at approx 08-20 on "disk io year average" section in my attachment and how it has started steadily climbing since then again.

I had none of these problems when using pfsense :/