Messages

1

Hardware and Performance / Re: How I installed AQC107 TP-Link TX401 10GbE Ethernet Adapter and driver

« on: November 26, 2024, 05:32:08 am »

Now with FreeBSD kernel version 14

As of now, the location I used for the new driver is:

Code: [Select]

fetch https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/aquantia-atlantic-kmod-0.0.5_3.pkg
There is one other thing.  I have updated the firmware on the NIC by installing the NIC into a windows machine, browsing to https://www.marvell.com/support/downloads.html
Then selecting CATEGORY "MARVELL PUBLIC DRIVERS"
Select PLATFORMS/OS "WINDOWS"
Select PART NUMBER "AQC107"
APPLY

As of now there are 2 files listed for download.  A windows Driver and a Windows Firmware updater utility.

Download the firmware updater utility, Date: 10/07/21, Version: 1.8.0_3.1.121a
Run the program, it will update the firmware then you can remove the NIC and place it back into the OPNsense router.

2

24.7 Production Series / Lost internet and couldn't access OPNsense GUI

« on: November 26, 2024, 05:03:33 am »

On Sunday November 24th at 9:49am all of a sudden, all my devices lost internet connectivity.

Background:  This started as a fresh install of OPNsense v24.7 back in September.  The internet comes from a modem to the WAN port of the OPNsense router.  Then the LAN port of the OPNsense router goes to a managed switch.  Devices are connected to the managed switch including a couple of wifi routers set as access points.  The OPNsense router handles the DHCP and unbound DNS.

I have a desktop connected directly to the switch, however it wasn’t getting assigned an IP address because of no DHCP.  I set the desktop to a static address on subnet.  I can access the wireless routers and managed switch’s GUI directly by entering their IP addresses.  However, I couldn’t access the IP of the OPNsense router through the LAN port.  I can ping the OPNsense router’s IP address through the LAN port, but no GUI would attempt to load. My LAN NIC happens to be aq0.

The only way for me to access the OPNsense router was using my cell phone and connect by VPN to the OPNsense router.  Then I can access the GUI’s IP address.

Once inside, I noticed the router had a configuration change on November 21st at 3:30am.  Which was the firmware update to 24.7.9_1-amd64.  It looks like the firmware 24.7.9 was also installed on November 20th previous to that.  I do have a Cron job set for Automatic firmware update.  However, the uptime showed 16 days.  This tells me the Cron job automatically updates the firmware, but never reboots the router.  Is it supposed to auto reboot the router after auto installing firmware?

I then remotely rebooted the router at 11:09am using the cell phone.  After reboot, all of my devices automatically got internet service back again.  I was able to access the OPNsense router’s GUI IP with the desktop through the LAN as if nothing had happened.  I’m assuming devices lost internet from loss of DHCP.  Not sure what was stopping me from connecting to the GUI IP address through the LAN port.

LOGS:
I noticed these logs around the time of internet loss / router access loss.

Audit:> 2024-11-24T09:49:28-05:00 Informational configd.py action allowed interface.linkup.stop for user root
2024-11-24T09:50:09-05:00 Informational configd.py action allowed interface.linkup.start for user root

Backend> 2024-11-24T09:49:28-05:00 Notice configd.py [7568c38f-b88e-4058-bf02-68f8d8e4008e] Linkup stopping aq0
2024-11-24T09:50:09-05:00 Notice configd.py [3e07894d-c4f8-42bc-81bf-dc5db50faa94] Linkup starting aq0

General> 2024-11-24T09:49:28-05:00 Notice opnsense /usr/local/etc/rc.linkup: DEVD: Ethernet detached event for lan(aq0)
2024-11-24T09:49:28-05:00 Notice kernel aq0: atlantic: link DOWN
2024-11-24T09:49:28-05:00 Notice kernel <6>aq0: link state changed to DOWN
2024-11-24T09:50:09-05:00 Notice opnsense /usr/local/etc/rc.linkup: DEVD: Ethernet attached event for lan(aq0)
2024-11-24T09:50:09-05:00 Notice kernel aq0: atlantic: link UP: speed=2500
2024-11-24T09:50:09-05:00 Notice kernel <6>aq0: link state changed to UP
2024-11-24T09:50:09-05:00 Notice opnsense /usr/local/etc/rc.linkup: ROUTING: entering configure using lan

================================

Did this happen because of firmware updates, but the router doesn’t reboot?

I was able to ping the IP of the router, but not get to the router’s GUI webpage.

There was no internet for all clients. 

=================================

This has happened before, but only after I installed Zenarmor.  It was the same fresh install in September.  I would let it run for a week before adding another feature or plugin, then wait a week then add another feature or plugin.   For example, 1 week setup unbound DNS with a block list.  Following week add VPN server, following week add Suricata IDS/IPS.  The final thing was adding Zenarmor plugin and set it up and soon after same thing happened.  Lost internet, couldn’t access router’s GUI, desktop wasn’t leased an IP address by DHCP.  Changed desktop to a static IP and now could access other devices on subnet, but not the OPNsense router’s GUI.

I tried pinging a website on the internet.  I can’t remember exactly, but I discovered IPV6 url was being resolved, but IPV4 url was not being resolved.

I was panicking because I wanted to revert settings back but couldn’t access GUI, then I tried accessing GUI by using cell phone to connect to VPN then router's GUI IP.  Got in.  Deleted Zenarmor plugin, rebooted and it was back to normal and I had normal LAN access to router and normal internet.  Thank goodness I had VPN setup.  I haven’t reinstalled Zenarmor since then, I have been too scared.  Don’t whine and complain about my lan NIC.  I can run it fine for a month and have no problems.

Any thoughts?

3

Tutorials and FAQs / Re: Error updating

« on: September 24, 2024, 01:15:40 am »

I was going to ask how to remove that repository after getting errors that it was for FreeBSD 13, but i figured out the command.

Code: [Select]

rm /usr/local/etc/pkg/repos/repo-mihak.conf

4

Intrusion Detection and Prevention / Re: How to subscribe ETPRO telemetry edition

« on: January 30, 2024, 12:09:25 am »

I sent the email to contact@opnsense.com and now I received the token.

5

Intrusion Detection and Prevention / Re: How to subscribe ETPRO telemetry edition

« on: January 28, 2024, 11:19:15 pm »

I just tried to order the free ET Pro telemetry edition and received the following 3 emails.

1st Just to let you know — we've received your order #, and it is now being processed:

2nd Thanks for creating an account on OPNsense® Shop. You can access your account area to view orders, change your password, and more at: https://shop.opnsense.com/mijn-account/

3rd The following note has been added to your order:
           Your order has been declined due to inconsistencies in your application, if you believe the provided data is valid, just send an email to contact@opnsense.com and ask us to validate your application manually.

Product                                   
ETPRO Telemetry edition

END-USER LICENSE AGREEMENT (EULA):

I have read and accept the EULA as listed

Quantity 1
Price             €0,00   
Subtotal:    €0,00
VAT:            €0,00
Total:            €0,00

6

Hardware and Performance / Re: How I installed AQC107 TP-Link TX401 10GbE Ethernet Adapter and driver

« on: January 23, 2024, 12:50:44 am »

To have the driver always load after reboot, edit the file loader.conf.local

Code: [Select]

# ee /boot/loader.conf.local
Add 1 line by typing

Code: [Select]

if_atlantic_load="YES"

Thanks for the writeup. You can do this step in the UI so the setting becomes part of a configuration backup, just in case you ever need to reinstall.

System > Settings > Tunables.

I listed this step by step with quick explanations to help others like me who are new to this.  I compiled it from bits and pieces from many posts throughout the internet.  I was tired of answers that would say, "why not just use another approved card like Intel or You have to edit a specific file, without stating how to edit the file.

Actually I tried making the driver load at boot using GUI tunables fist.
When I rebooted, I would check to see if it was loaded in the console using # kldstat, but it never was.
I tried the value YES and "YES".  It didn't seem to work.  Therefore I then used the console method of editing the file.
Unless there is something i'm doing wrong with the tunables that I can try, let me know.  Having a configuration backup is a good point.  Thanx

7

Hardware and Performance / How I installed AQC107 TP-Link TX401 10GbE Ethernet Adapter and driver

« on: January 22, 2024, 04:33:43 pm »

Hello, I just installed OPNsense for the first time.  I didn't know anything about FreeBSD, but through research, I'll give step by step of how I installed the Marvell Aquantia AQtion AQC107 driver and made it persistently load after reboot.

My install is OPNsense 23.7 which has a FreeBSD kernel version 13.  AQN107 refers to the Network card and AQC107 refers to the controller chip.
This was installed on a Dell Optiplex 7060 i7.  The driver below works with FreeBSD v13.
The TP-Link TX401 NIC is currently working on my router.  It is setup as a LAN port and is linked at 10Gb to my Zyxel XS1930-12HP switch.



Log in through the local console.

Enter shell
(Select 8)

At the command prompt #
To download the driver

Code: [Select]

# fetch https://pkg.freebsd.org/FreeBSD:13:amd64/latest/All/aquantia-atlantic-kmod-0.0.5_2.pkg
To install the driver

Code: [Select]

# pkg install aquantia-atlantic-kmod-0.0.5_2.pkg
To have the driver always load after reboot, edit the file loader.conf.local

Code: [Select]

# ee /boot/loader.conf.local
Add 1 line by typing

Code: [Select]

if_atlantic_load="YES"
(PRESS ESC key)

Leave editor
(Press a)

Save changes
(Press a)

Exit shell

Code: [Select]

# exit
Reboot system
(Select 6)

After reboot, log in through the local console.

Enter shell
(Select 8)

To check if driver is loaded after reboot (see that if_atlantic.ko is included in the list)

Code: [Select]

# kldstat
Check available interfaces.  (The AQC107 ethernet interface should be available and will be listed as aq0)

Code: [Select]

# ifconfig

8

General Discussion / Re: How to install Marvell/Aquantia AQN-107 drivers ?

« on: January 22, 2024, 12:06:00 pm »

Yes AQC107 works.

Hi, I just installed opnsense for the first time and my (Marvell Aquantia Aqtion AQC107 chipset) works fine so far.
My NIC is TP-Link TX401. 10GbE. It's running now as the LAN port connecting to a Zyxel XS1930-12HP switch.

The driver I'm using is from
https://pkg.freebsd.org/FreeBSD:13:amd64/latest/All/aquantia-atlantic-kmod-0.0.5_2.pkg

When I tried to use driver pkg.freebsd.org/FreeBSD:14:amd64/latest/All/aquantia-atlantic-kmod-0.0.5_2.pkg, it didn't work when compiling. It said something about kernel mismatch.
I guess I'll have to wait for opnsense to use FreeBSD version14 for that driver.

I had to set the driver to be persistent upon reboot.
It linked at 10G to the switch.  It's running right now as my home router.

9

Hardware and Performance / Re: Dell Optiplex, nics in both PCIe slots?

« on: January 16, 2024, 01:07:18 pm »

Actually you can use both PCIe slots.
I just installed opnsense for the first time.  I used a small form factor Dell Optiplex 7060.  It has one PCIe gen3 x4 slot and one PCIe gen3 x16 slot.  It has 1Gb ethernet port on motherboard.  I took two Intel 1GbE PCIe x4 NICs. Placed one in each slot. Booted into BIOS and it shows "Ethernet" in both slots.  Next I tried to boot from USB drive, it didn't work until I went back into BIOS and disabled secure boot.  Now it booted from USB.  Next during install it didn't show the NVME drive as an option for installation.  I went back into BIOS and changed the SATA settings from RAID to AHCI. Now It showed the NVME drive as an option to install opnsense with ZFS > Stripe.

After installation. It shows all three 1GbE ports.  The one built into the motherboard was em0 and the two NICs in PCIe x4 and x16 show up as igb0 and igb1.
I was able to assign them as LAN or WAN and I could connect to all of them. 

My next experiment is to get a dual port 10GBASE-T PCIe x8 NIC and put that in the x16 slot.

I once put a graphics card into the HP ProLiant DL360P gen8 PCIe slot and the fans just kicked up so much noise. I thought forget it and removed it.