Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - nikkon

#1
Hardware and Performance / Re: DEC750 NVME failing
July 15, 2025, 02:11:28 PM
amazing, I will do this.
weird it degraded in less than 2 years

I will probably disable any cache in the future.

Thank you
#2
Hardware and Performance / DEC750 NVME failing
July 15, 2025, 11:22:56 AM
Hi community,

I own a DEC750 with nvme running 25.1.10 Recently I got a failed smart message:


smartctl 7.5 2025-04-30 r5714 [FreeBSD 14.2-RELEASE-p3 amd64] (local build) Copyright (C) 2002-25, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION === Model Number: TS256GMTE652T2 Serial Number: H433990185 Firmware Version: 52B9T7OA PCI Vendor/Subsystem ID: 0x1d79 IEEE OUI Identifier: 0x000000 Controller ID: 1 NVMe Version: 1.3 Number of Namespaces: 1 Namespace 1 Size/Capacity: 256,060,514,304 [256 GB] Namespace 1 Utilization: 255,796,785,152 [255 GB] Namespace 1 Formatted LBA Size: 512 Local Time is: Tue Jul 15 09:47:04 2025 CEST Firmware Updates (0x14): 2 Slots, no Reset required Optional Admin Commands (0x0017): Security Format Frmw_DL Self_Test Optional NVM Commands (0x005f): Comp Wr_Unc DS_Mngmt Wr_Zero Sav/Sel_Feat Timestmp Log Page Attributes (0x0f): S/H_per_NS Cmd_Eff_Lg Ext_Get_Lg Telmtry_Lg Maximum Data Transfer Size: 32 Pages Warning Comp. Temp. Threshold: 85 Celsius Critical Comp. Temp. Threshold: 90 Celsius

Supported Power States St Op Max Active Idle RL RT WL WT Ent_Lat Ex_Lat 0 + 9.00W - - 0 0 0 0 0 0

Supported LBA Sizes (NSID 0x1) Id Fmt Data Metadt Rel_Perf 0 + 512 0 0

=== START OF SMART DATA SECTION === SMART overall-health self-assessment test result: FAILED!

NVM subsystem reliability has been degraded

SMART/Health Information (NVMe Log 0x02, NSID 0xffffffff) Critical Warning: 0x04 Temperature: 43 Celsius Available Spare: 100% Available Spare Threshold: 10% Percentage Used: 159% Data Units Read: 15,175,817 [7.77 TB] Data Units Written: 868,173,472 [444 TB] Host Read Commands: 166,826,964 Host Write Commands: 6,380,384,852 Controller Busy Time: 74,813 Power Cycles: 22 Power On Hours: 22,786 Unsafe Shutdowns: 16 Media and Data Integrity Errors: 0 Error Information Log Entries: 0 Warning Comp. Temperature Time: 234 Critical Comp. Temperature Time: 0 Thermal Temp. 1 Transition Count: 13638 Thermal Temp. 1 Total Time: 111289

Error Information (NVMe Log 0x01, 16 of 256 entries) No Errors Logged

Self-test Log (NVMe Log 0x06, NSID 0xffffffff) Self-test status: No self-test in progress Num Test_Description Status Power_on_Hours Failing_LBA NSID Seg SCT Code 0 Extended Completed: failed segments 22597 - - 2 - - 1 Extended Completed: failed segments 22556 - - 2 - - 2 Short Completed: failed segments 22554 - - 2 - - 3 Short Completed: failed segments 22549 - - 2 - - 4 Short Completed: failed segments 17155 - - 2 - - 5 Short Completed: failed segments 12464 - - 2 - -


I haven't open the box yet, so my questions are:

can the nvme be changed?

if yes what type should I buy

is there an install from scratch procedure?

Thanks you
#3
General Discussion / Re: DNS resolver question
July 10, 2025, 01:49:30 PM
this works. thank you
i missed that check.

#4
General Discussion / DNS resolver question
July 08, 2025, 05:10:14 PM
Hi all,

I have a problem on my internal network regarding dns resolution.
the name of the opnsense box is firewall.balaci.eu
 
nslookup firewall.balaci.eu
Server:      172.16.10.1
Address:   172.16.10.1#53

Name:   firewall.balaci.eu
Address: 213.10.27.11
Name:   firewall.balaci.eu
Address: 10.0.0.1
Name:   firewall.balaci.eu
Address: 172.16.10.1
Name:   firewall.balaci.eu
Address: 172.16.40.1
Name:   firewall.balaci.eu
Address: 172.16.30.1

it replies well on nslookup. Now the problem is, I am using NGINX proxy manager to distribute a wildcard certificare to all my internal appliances and firewall.balaci.eu is pointing to 172.16.10.1/24 interface.
it is never loading when I write it in the browser.
What am I missing?

Thank you
#5
Use the same gateway for the ips on your different vlan
#6
1. Is possible
Create the openvpn setup - connect and valide it works. Then associate a virtual interface to your ovpn instance (ovpn1 in my case), enable it but don't add any ip or rules on it. Then create an nat outbound rule on that interface to any.
I suppose your vlan network has a few ip's assigned and everything works. If so, create a new gateway for the recently created openvpn connection and go to fw rules - vlan interface :
Add a pass rule for that interface, source you entire lan, destination any and gateway (the ovpn gateway)

This should do it.
#7
I got the rule fixed. Thanks Bob.Dig
you helped me fixed this

my VLAN10 rule was wrong
#8
you were right! the connection was broken. now it works.
interface: wg2
  public key: IiTLluo4hmsCYRq9Ln25Dj7sXn0zq9Ik********
  private key: (hidden)
  listening port: 51820

peer: L79E4IoaVZBXOyoMM82TvUIbiKlloRbUn********
  endpoint: 83.97.115.18:51820
  allowed ips: 0.0.0.0/0
  latest handshake: 1 minute, 34 seconds ago
  transfer: 184 B received, 680 B sent
  persistent keepalive: every 20 seconds

step1 done.
now let's see the rules.

1. I have no rules for the virtual interface mapping wg2.
2. the lan interface where I plan to use this as gateway has the following rule:
https://ibb.co/4JdGFHT
3. NAT outbound
https://ibb.co/Px5sskg

one interesting situation is this: when I add SURFSHARK_Wireguard as gateway for a specific host in the VLAN10 lan, If I ping the VLAN10 gateway from the host itself, I can't get to it.

#9
the private key needs to be generated on the surfshark portal - so I did.
as in this : https://zone13.io/opnsense-surfshark-selective-traffic-routing-using-wireguard-2/
they don't specify the need for a keep alive value but I'll add 20s.
---
3 min later: I get traffic only for send. nothing received still

interface: wg2
  public key: OcSv/oo0elDtDPmGQ+5zVr0jUWUSUBfS7*********
  private key: (hidden)
  listening port: 51820

peer: L79E4IoaVZBXOyoMM82TvUIbiKlloRb*********
  endpoint: 83.97.115.18:51820
  allowed ips: 0.0.0.0/0
  transfer: 0 B received, 3.32 KiB sent
  persistent keepalive: every 20 seconds
#10
this is how it looks like now:

root@yoda:/usr/local/etc/wireguard # cat wg2.conf
####################################################
# Interface settings, not used by `wg`             #
# Only used for reference and detection of changes #
# in the configuration                             #
####################################################
# Address =  10.14.0.2/16
# DNS =
# MTU =
# disableroutes = 1
# gateway =

[Interface]
PrivateKey = kMfvy7/6Ec4d73ERKJ90MqUkMug9Kh********
ListenPort = 51820

[Peer]
# friendly_name = WireGuard_tbs
PublicKey = L79E4IoaVZBXOyoMM82TvUIbiKlloR*******
Endpoint = ge-tbs.prod.surfshark.com:51820
AllowedIPs = 0.0.0.0/0
#11
you're right as well.
Wireguard is back.

wg2 seems connected but 0 traffic

https://ibb.co/2FPm6xM
#12
I've switch the WireGuard to openvpn. I'll fix the WireGuard config later. However the same config file works on desktop - something to check out for me.
Next, I've changed the interface from wg2 to openvpn1.
What have you noticed in the rules? I can't figure out the mistakes ☹️
Thank you
#14
Just realized they haven't went through as the size is to big. Let me re do
#15
Hi folks,

I am reopening this topic hoping that some of you may be able to help me. I spent the last week trying to figure this out and there is something off here.

I on OPNsense 24.7.7-amd64 and as for VPN provider I am using Surfshark.
I'll post here a short description of my setup:
I am trying to route via Surfshark WireGuard the a few hosts from the Lan network named VPN_VLAN10 (172.16.20.1/29)

Step 1:
I created the wireguard setup:
wg2 is the device under instances. as in the following attachement it looks connected however it never receives any traffic.

Step 2:
I assigned a virtual interface to WG2 and I named Surfshark_VPN.

Step 3:
I created a new Gateway which unfortunately doesn't connect.

Step 4:
I add the NAT outbound rule
Surfshark_VPN   any   *   *   *   Interface address   *   NO   

Step 5:
I add the firewall rule on the Lan interface I want to use this connection as gateway
IPv4 *   torrent_host_ip_lan    *   *   *   SURFSHARK_Wireguard   *

Now, from the host specified at step5 I cannot ping anyware, neither 172.16.20.1 which is the gateway for the VPN_VLAN10 lan network.
There is something I am completely missing, but I simply can't see it. on one hand the wireshark gateway is not connecting, second when I activate the routing via SURFSHARK_Wireguard gateway rule on the lan interface, I can't reach the lan gateway anymore.

Any suggestion at this point is highly appreciated.

Thank you