Messages

Honestly good job on that, finding the tunables on itself is easy but finding the explanation is...... different story.

Are you gonna keep it updated? Cause as you most likely know tunables tent to change, decom depending how FBSD deems them usable and need-able.

Regards,
S.

Thank you for your kind words, it means allot! :)

Project will be updated for sure, there will be delays sometimes because of updated documentation, time and logs from test environment. You probably know that there are  differences in FreeBSD and Opnsense and repository aims on Opnsense only so it takes time but I will try my best to keep myself updated ;) 

@Lucid1010 That's a great approach! Use AI as advance search engine or to analyze data, it often give answers according FreeBSD documentation precisely on default values what can lead to issues - keep it in mind ;)


Regards,
nightcom

v2.36 is supposedly out there somewhere. I haven't had any issues with v2.32 but v2.36 is a higher number and thusly more gooderer. :) 

Yea that is true, but from this what BillyCurtis wrote, even Intel is not providing release notes. When I started this project I was searching information's for v2.32 but I couldn't find anything, not even mentioning that I couldn't find v2.34 firmware....I bet it will be same story with v2.36

There are more information's about upgrading i226 and people involved including BillCurtis, if you have some more info about v2.36 I encourage you to write it in here:
https://forum.opnsense.org/index.php?topic=48695.0

Where did you find v2.34?  I have v2.32 but unable to find v2.34. 

Sorry, my mistake (typo), I meant 2.32 and I got it from here

https://github.com/BillyCurtis/Intel-i226-V-NVM-Firmware/blob/main/README.md

Hello everyone,

I'm the author of repository and thank you for noticing my work. Purpose of this repository is describing all functions in tunables with provided examples based on my hardware and network setup. Like I wrote in repository, you can't copy paste all settings since it's tuned for my needs, hardware, ISP and network setup.

@opnessense port flapping is well know issue with i226 ethernet cards and ASPM, mostly affected firmware v2.13, v2.14, v2.17 with the partial fix released in v2.22 but still some issues with ASPM. Full fix was released in firmware 2.32/2.34, in my case I upgraded firmware of i226-V to v2.34 v2.32 and I don't have any issues with settings I provided in repository.

Edit:
Topic related to firmware upgrade of i226 cards is here on Opnsense forum
https://forum.opnsense.org/index.php?topic=48695.0


Thanks,
nightcom

Thanks all of you for this topic!

I upgraded my Hunsn RJ03 with i226-V from 2.17 to 2.32 version (1MB), all 4 ports without issues.

To anyone with same device:
Vendor, device etc. is the same as in default config, all you need to do is change MAC address and reboot to take effect.

P.S. I don't know if it's placebo but it seems more responsive after upgrade

Well if you want to know my opinion better to have this kind of option then not to have it, in my case and many others will not work probably because router will not allow but if you build your own homelab or you have flexible ISP then it's other story.

Maybe it can be on TO-DO list somewhere on bottom  ;) anyway thank you franco, I just wanted to be sure where to search root cause. Everythingwas pointing on ISP but I wasn't sure since I'm new in OPNsense, before I was using 10 years Mikrotik but I always wanted to go with OPNsense and here I'm with upgraded network speed and I'm very happy with response of GUI, community is awesome and documentation is also very good. Can't complain on anything, all I can say great work and donate couple bucks  ;D

Thanks for your support!

Yes I was reading in other cases from previous years you guys had more issues with DHCP, you guys did allot and you supported with patches community - great work.

From what I understand I just need to talk with ISP when they will come, router just listen what ISP or upstream router tells it, but at least I can show them some logs to techs.

Thank you franco once again!

Hello everyone!

I have a question regarding my logs be flooded by dhclient-script as you can see bellow

Code Select Expand

2024-09-25T20:38:39 Notice dhclient dhclient-script: Creating resolv.conf
2024-09-25T20:38:39 Notice dhclient dhclient-script: Reason RENEW on vlan02 executing
2024-09-25T20:23:39 Notice dhclient dhclient-script: Creating resolv.conf
2024-09-25T20:23:39 Notice dhclient dhclient-script: Reason RENEW on vlan02 executing
2024-09-25T20:08:39 Notice dhclient dhclient-script: Creating resolv.conf
2024-09-25T20:08:39 Notice dhclient dhclient-script: Reason RENEW on vlan02 executing
2024-09-25T19:53:39 Notice dhclient dhclient-script: Creating resolv.conf
2024-09-25T19:53:39 Notice dhclient dhclient-script: Reason RENEW on vlan02 executing

From what I was searching already on internet it can be also ISP side that he renew address every 15min, I266-V can be also BIOS setting of Intel power management but I couldn't find anything like that is BIOS and there are allot options related to Power but nothing is referring to ethernet card.

I checked also with Suricata ON and OFF, did't check with Zenarmor but he is for LAN so I guess no impact. I also use Unbound.

I also checked dhcp settings from WAN side and this is what I got:

Code Select Expand

root@OPNsense:~ # cat /var/db/dhclient.leases.*
lease {
  interface "igc0";
  fixed-address 192.xxx.xxx.20;
  next-server 192.xxx.xxx.1;
  option subnet-mask 255.255.255.0;
  option host-name "OPNsense";
  option dhcp-lease-time 20;
  option dhcp-message-type 5;
  option dhcp-server-identifier 192.xxx.xxx.1;
  renew 4 2028/8/24 10:23:14;
  rebind 4 2028/8/24 10:23:33;
  expire 4 2028/8/24 10:23:44;
}

lease {
  interface "vlan02";
  fixed-address 31.xxx.xxx.129;
  option subnet-mask 255.255.255.0;
  option routers 31.xxx.xxx.1;
  option domain-name-servers 37.143.84.228,62.58.48.20;
  option domain-name "ftth.glasoperator.nl";
  option broadcast-address 31.xxx.xxx.255;
  option ntp-servers 10.12.0.20;
  option dhcp-lease-time 1800;
  option dhcp-message-type 5;
  option dhcp-server-identifier 31.xxx.xxx.1;
  option dhcp-renewal-time 909;
  option dhcp-rebinding-time 1566;
  renew 3 2024/9/25 16:33:36;
  rebind 3 2024/9/25 16:44:42;
  expire 3 2024/9/25 16:48:36;
}


Code Select Expand

xxx in IP is of course from my side.

I only see

Code Select Expand

option dhcp-renewal-time 909 that fits pattern of 15min, do you think this is what caused flooding log file?
Internet works "fine" lets say, looks stable but sometimes I have wierd issues. Connection is new 1Gbps UP/Down, still connecting people in neighborhood so maybe that's the reason but someone will come soon from their company so just want to point it out, no reason to renew address every 15min.

Yes that's what I was thinking also, just wanted confirmation. Thank you once again and I hope I will not need to create tomorrow new topic about Wireguard I already removed all settings related to it and will build from sratch tomorrow.

Do you know should I also assign somewhere VLAN in Wireguard? I will Google tomorrow anyway.

Thanks!

It was my mistake, I didn't notice that there was one more tab and I was thinking that WAN is now in loopback what was strange to me. I already corrected screenshot and my question.

I'm now more wondering can I remove this "unassigned port igc0" from list....my Wireguard is not working what I also don't understand since all rules are refering to interfaces and not physical ports in OPNsense....but I will look into it tomorrow.

Thanks for your confirmation!

Hello everyone,

I'm in middle of changing my ISP and new provider requires to use VLAN's on certian services, like internet on VLAN300. I already did everything and it seems to work fine but I'm not sure does it's done correctly - I have doubts.

I would like to ask you for advice, correction or approval of present configuration.

What I did?
I created VLAN in Interfaces -> Other types -> VLAN




Then I went to Interfaces -> Assignments
and I assign VLAN300 to WAN, replacing present igc0 (WAN) with vlan2 (tag300) and it looks like this:


as you can see in + Assign a new interface now it's still igc0 interface that I can assign somwhere or create new interface, is it normal?

Now when I go to Interfaces -> Overview I see something like this:

My Wieguard stoped working but I think it's just a matter of reconfig but I doubt does rest of config, assigning VLAN to WAN, correct?

What I wanted to do is reverse everything and try to do it from CLI and just to reconfig WAN (igc0). Second idea was to edit my backup and hoping to find line with VLAN in port igc0 and add to it VLAN 300 and restore backup. Do I overthink and everything is fine with this config? I'm not a master of networking but WAN as loopback I don't think it should be like that.

Can community verify this and correct me if needed?

Thank you in advance


Edit: I have Zenarmor, Suricata, Unbound, ID and Wireguard services running on it also. Looks like everything is working, beside Wireguard like I wrote and I checked configs but I didn't found anything unusual or that something needs to be changed - maybe I miss something but my main question is still about assigning VLAN to WAN.