Messages

1

24.1 Legacy Series / Re: VLAN routing improvement

« on: May 31, 2024, 12:26:08 pm »

No one has an idea ?

Is OPNsense a good router for 5Gbits/s ~ 10Gbits/s or should I better look for other tools like fd.io / tnsr ?

2

24.1 Legacy Series / VLAN routing improvement

« on: May 26, 2024, 02:45:37 pm »

I have some overkill of home network.

Base is a UDM SE, 24Port L3 switch and a L2 10GbE aggregation switch. Connected to it is an AMD (Ryzen 4650 Pro, dual Intel 10GbE NIC, 82599ES) and a xcp-ng hosting MinisForum MS-01 (12900H with 32GB RAM and dual SFP+ Intel x710); both system are connected via DAC to the aggregation switch. That switch then via DAC to the UDM SE.

On the xcp-ng host I have a virtual OPNsense 24.1.7-4 connected to one SFP+ port and three Debian 12 VM for testing in two different VLAN. Those VLAN are also known to the OPNsense on the host. No WAN.

The firewall rule is a floating one. IPv4 for LAN, OPT1 and OPT2 interface; allow all traffic in any direction (to start with)

Goal is to have a quick storage box connected to various systems (e.g. the xcp-ng host, and later Mac Studio).

The first pic shows the speed of a Debian VM on the xcp-ng to the physical box via iperf3. Nice speed of 9.25Gbits/sec. Low number of retries. No complains and quite close to the thoretical 10Gbits/sec. Understand there is overhead involved.

On the second pic I have three measurements.
1) within the same VLAN/subnet on two Debian VM. 25.9 Gbits/sec and huge retry count (~26000).
2) between two Debian in different VLAN/subnets on the same physical host with 5.19 Gbits/sec and also big retry count via a virtual OPNsense VM (~8500)
3) from a Debian VM in different VLAN/subnet to physical unraid box (via UDM SE); routing is with 3.99 Gbits/sec below expectation. Retry 42


Question 1) Is the high retry in iperf3 for case 1 and 2 above something to worry ? It's a bit academic as pure software but on the other side: still no idea where those retry numbers come from. Any chance I can find that in OPNsense logs ?

Question 2) What would be a better network setup to achieve a high speed storage network. The current OPNsense as VM is a trial to see if I can configure it somehow (and seems working basically). Might buy a second MS-01 as dedicated physical router since the UDM SE is on its limit.

3

General Discussion / Re: Beginner with IPv6 and struggle

« on: March 24, 2024, 03:10:17 pm »

Ok, somehow I got it working:
My LAN get a global IPv6 address from the edge-router (NTT Router) on connected to the WAN. On that edge router I get as expected (hoped) two /60 segments.

The first one goes to the consumer wifi router.
The second one goes to the OPNsense box which should one day in the future should be my primary router (and the consumer wifi goes as backup on the shelf).

The prefix delegation of /60 in OPNsense I sees to have to configure on two different locations (WAN interface and disabled DHCPv6server ?)

But here the big BUT: that only works if I create for both WAN and LAN a firewall rule allowing all trafic for TCP, UDP and ICMPv6.

Question to the community: what minimal rule need to be defined to allow this to work ?

4

General Discussion / Re: OPNsense, IPv6: RA not visible in Service menu

« on: March 24, 2024, 01:07:59 pm »

Yeah, just noticed too after I reinstalled 

But thanks for the help 

5

General Discussion / OPNsense, IPv6: RA not visible in Service menu [solved]

« on: March 24, 2024, 10:00:06 am »

I wonder why in the Service menu the settings for RA are not visible. The demon Radvd seems running but can’t set any parameter. OPNsense is on actual version as per March 2024.
I want to check which mode the RA might try as I continue struggle to get proper address for a router I have to use. That router get a /56 from ISP and is able to give a /60 to a consumer router right drive my wifi. But want to set OPNsense box also on a different /60.

Is there anything in addition to install to get that menu entry ?

6

General Discussion / Re: Beginner with IPv6 and struggle

« on: March 18, 2024, 05:24:41 pm »

Update: while family was (hopefully sleeping) I shutdown the regular wifi router and connected the OPNsense box direct with the ONU via a dumb 10Gb-hub.

And this way I get the proper prefixes assigned to LAN and IOT networks with distinctive IDs. Lost though then visible global IPv6 address on the WAN and shows me only the fe80::[mac]

In addition I reconnected my consumer grade wifi router back to the hub too and let it do its DS-lite stuff (used by this iPad while posting).

The question then is why I don’t get the subnets/prefix delegation when I have the OPNsense behind the rental router having a /56 assigned ?
I getting optimizitic, but still confused and not fully understand …

7

General Discussion / Beginner with IPv6 and struggle

« on: March 18, 2024, 03:32:46 pm »

Hi all, new here with OPNsense and new to IPv6. Hope you help/guide me. I have some practical experience with networks and IPv4 (also some 6 years back with pfSense).

My environment: living in Japan, weak in Japanese, have a dedicated fiber line into the house with 10Gbs and a /56 IPv6 assignment; IPv4 is established via DS-lite (and not infos provided from ISP beyond that /56 allocation). The rental router is direct connected behind the OBU/Modem and shows the /56 allocation when connected. And they want me the rental router direct behind the OBU.

What is my problem: I want to restructure my home network and isolate certain segments (e.g. general use for mobile devices, my work, my child, IOT stuff, cameras, home lab, …).

I have an overkill of Minisforum MS-01 (and 2x10Gb SFP+, 2x2.5Gb RJ45) with OPNsense dedicated installed. That should give me enough power for whatever IDS/IPS or routing I want to play later).

I managed to get an /64 allocated to the WAN (via one of the SFP+ ports) but then don’t get any IPv6 in the LAN (other 10Gb SFP+) or IOT (2.5Gb) ports. I can update the OPNsense box itself so basic connectivity is given.

But how can I now convince my LAN and IOT also to establish a /64 segment out of a (desired) /60 segment from the WAN ? How I need to configure OPNsense to try to get a /60 slice of address range for the ISP.

Or should I try to place OPNsense box between OBU and rental router ?

I looked a bit around in the online documentation from OPNsense and tried to search in the forum but didn’t found the right hints). Any guidance or hints are appreciated.
Thanks in advance .

8

Japanese - 日本語 / NTT Cross, XE-100NE and OPNsense

« on: March 03, 2024, 01:39:59 pm »

Hi, sorry for writing English in Japanese group. While living in Tokyo for quite a while my Japanese still very bad.

I struggle a bit to understand the need to use that complicated NTT XG-100NE router when attached to NTT Cross (and Asahai Net as ISP). I was not able to setup pooper mesh and had to change my wifi SSID when moving to second floor. I switch to a Buffalo AirStation setting with two units meshed which worked mostly ok; occasionally wifi drops.

My goal is to use an OPNSense roter directs after the ONU and eventually Unifi equipment. Does anyone here has luck with that setup ? Incl. DS-lite for IPv4 over IPv6 ?