Messages

Thinking of going to zenarmor home, have an existing Opensense install, do I have to recreate existing rules in zenarmor or does it layer on top  somehow?

I finally got around to swapping in an i350 'igb' card from an 'em' based card

I had a few gotchas that make sense in hindsight.

I expected to swap my previous card for the i350 card. Knowing the drivers and interface names would be different I planned to connect via the servers onboard NIC I have configured for management.

I found that after swapping the em card for the igb card I could not connect to my management interface. On connecting a monitor and keyboard I realized why

Previous interfaces were em0,em1,em2 and em3 on the EM quad card. The management NIC on the motherboard had been assigned em4. However once the quad port nic em interfaces were no longer there, the management nic got allocated as em0.

My plan was to edit the config following the swap and replace mentions  of em in the config with igb. I just had to do this via a monitor and keyboard as the management nic address changing caught me out. 

Also editing the config file and replacing the nic interfaces worked well.

They are both quad port so no change there.
[...]
Would swapping the NICs be a matter of reassigning the ports? (no need to move rules etc?) I have the built in NIC on the board configured as a MGMT port so I can go in and fix things after the swap. 

Whoops! Failed to notice that - I don't think I've seen a quad 82571. The dual is 3.5W - you might save a couple watts with the i350. The higher PCI-e bandwidth shouldn't make any difference. Come to think of it, though, the 8257x had some driver quirks (bad setup parameters) that were patched in Linux (not by Intel), but I don't know that they made it to FreeBSD. Drove me nuts on Windows. But if your links are not flaky, it should be fine.

On a configured system? I think you have it right... but I haven't done it, so don't bet on it on my recommendation.

Sounds like no downsides. I'll swap it out during the next outage window (lol). 

Only if you need/want the additional ports. (I probably would, but that's just me.) 3.5W vs. 5W - not much different there, either.

They are both quad port so no change there. I bought the I350T4 specifically for the build but it never got installed.

Would swapping the NICs be a matter of reassigning the ports? (no need to move rules etc?) I have the built in NIC on the board configured as a MGMT port so I can go in and fix things after the swap. 

Currently running a quad Intel 82571EB nic any benefit to switching it for an  I350T4 I have sitting around?

Thinking of trying Zenarmor

Firewall machine is a dedicated Intel i7 7600U with 24gb.

Supports a small home network on 1000/1000 fiber and around 18 client devices. No VPN.

It went smooth as smooth can be. Thanks team. Amazing work.

Thanks! I'll take the plunge once the demanding user base (family!)  are not around for a few hours.

Dear all forumer, I'm plan to do penetration testing against my OPNSense router to see any weakness in it.
Do you guys know what tools in Kali Linux to use? Thanks in advance.

If you need to ask this, you are in no way remotely qualified to penetration test anything. Live your life, don't stress about this. Sorry, got to be  said.

I have a pretty basic setup on 24.1, any war stories or issues on the built in upgrade to be aware of?

I do regular backups.

It's not a fair test running the speed test on the router itself. The proper way would be to use a wired device connected to the router via the switch (or whatever).

It's one thing ROUTING traffic at speed. It's another thing sourcing and receiving the traffic at speed. It's not the same. Traffic to and from a router itself is not the same as traffic THROUGH a router. So yes, the test itself running on the router will change the result.

Speedtest CLI is pretty good.

Apart from the NIC names, their MACa will also differ, which can be a factor when you use MAC-based rules or dynamic IPv6 aliases.

Thank you! Not running those.

You should be okay. Just make sure you have console access to re-assign the NICs on first bootup. Also you may need to redo vnstat or softflowd interface assignments if you're using those plugins.

Fortunately not using those either!

I will let you know how it goes :D

How should I approach a quad port nic replacement for a different chipset of card? Is it a matter of reassigning the interfaces? I can get back in using the onboard NIC for management, the quad card is used for production traffic.

I have a PPPoE interface that runs on a VLAN, I find after a restart I do not have internet connectivity from the LAN network as the gateway is not selected as the default route.

Once I manually reload the PPPoE interface it then enters the route table internet reachability from the LAN is restored.

Is there some config change I can make to avoid this?