1
Hardware and Performance / Re: Enable ZFS self healing by mirroring across 2 partitions of same SSD?
« on: April 18, 2024, 07:53:43 pm »
Incredibly helpful info, thank kindly! I appreciate your efforts.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Hardware and Performance / Re: Enable ZFS self healing by mirroring across 2 partitions of same SSD?
« on: April 18, 2024, 07:40:36 pm »
Ah I see, that makes sense.
How about bitflips (eg cosmic ray)? This would mitigate them wouldn’t it?
I gather they are very rare but nevertheless, would my scheme work?
How about bitflips (eg cosmic ray)? This would mitigate them wouldn’t it?
I gather they are very rare but nevertheless, would my scheme work?
3
Hardware and Performance / Re: Enable ZFS self healing by mirroring across 2 partitions of same SSD?
« on: April 18, 2024, 07:33:46 pm »
As I understand it, ZFS computes and stores checksums for everything (blocks?). It uses these to determine whether the block is in tact or damaged. If damaged then it will refer to the mirror to see if that block is in tact. It will then automatically write the undamaged block over the damaged one - thus self healing. With only one copy of the data then self healing isn’t possible.
Isn’t that accurate?
In other words, this is the only way I can defend against bitrot, on this hardware. If I can do more I would love to do so.
Isn’t that accurate?
In other words, this is the only way I can defend against bitrot, on this hardware. If I can do more I would love to do so.
4
Hardware and Performance / Enable ZFS self healing by mirroring across 2 partitions of same SSD?
« on: April 18, 2024, 07:13:44 pm »
My ZFS root accumulated some file damage and then refused to mount.
I will rebuild the filesystem from scratch but want to increase resiliency by making use of ZFS’s self healing abilities which requires mirrored data.
I’m using a Protectli device which only has one drive bay (a mini pcie port for mSATA cards).
My idea is to split that 128gb drive into two 64GB partitions then make the OPNSense system root a mirrored zpool across the two.
I will also run daily snapshots to external drives and so on, but I want better prevention rather than just better cures.
Is this a good plan?
I will rebuild the filesystem from scratch but want to increase resiliency by making use of ZFS’s self healing abilities which requires mirrored data.
I’m using a Protectli device which only has one drive bay (a mini pcie port for mSATA cards).
My idea is to split that 128gb drive into two 64GB partitions then make the OPNSense system root a mirrored zpool across the two.
I will also run daily snapshots to external drives and so on, but I want better prevention rather than just better cures.
Is this a good plan?
5
Virtual private networks / Cannot delete OpenVPN instance - bug?
« on: April 15, 2024, 12:50:45 am »
Hi. The VPN > OpenVPN > Instances GUI page has a 'delete selected' button at the bottom of the list, but the items in the list do not have a 'select' checkbox so I am unable to delete the instance I have defined there.
Is this a GUI bug perhaps?
N.B. The logs are showing this error:
Is this a GUI bug perhaps?
N.B. The logs are showing this error:
Code: [Select]
Error openvpn /usr/local/opnsense/scripts/openvpn/ovpn_service_control.php: The command '/usr/local/sbin/openvpn --config '/var/etc/openvpn/instance-2f5ea79b-4cb0-4e59-bbbf-d87bd9ab72e3.conf'' returned exit code '1', the output was ''
6
High availability / Re: Complex multi-wan (one internal service available via one WAN only)
« on: April 04, 2024, 12:57:21 pm »
Solved:
- DNS: your.domain:
- A record points to WAN2 IPv4 public address
- Static Route:
- Not needed
- Firewall > NAT > Port Forward > + Add
Interface: WAN2
TCP/IP Version: IPv4
Protocol: TCP
Destination: This Firewall
Destination Port Range: <port> -> <port>
Redirect target IP: <file_server>
Redirect target port: <port>
NAT reflection: Use system default [enabled]
- Firewall > Rules > LAN >+ Add
Action: Pass
Interface: LAN
Direction: in
TCP/IP Version: IPv4
Protocol: TCP
Source: <file_server>
Destination: any
Destination port ranges: any -> any
Gateway: WAN2
- Firewall > Rules > WAN2 > + Add
This will get automatically created:
Protocol: IPv4, TCP
Destination: <file_server> : <port>
- DNS: your.domain:
- A record points to WAN2 IPv4 public address
- Static Route:
- Not needed
- Firewall > NAT > Port Forward > + Add
Interface: WAN2
TCP/IP Version: IPv4
Protocol: TCP
Destination: This Firewall
Destination Port Range: <port> -> <port>
Redirect target IP: <file_server>
Redirect target port: <port>
NAT reflection: Use system default [enabled]
- Firewall > Rules > LAN >+ Add
Action: Pass
Interface: LAN
Direction: in
TCP/IP Version: IPv4
Protocol: TCP
Source: <file_server>
Destination: any
Destination port ranges: any -> any
Gateway: WAN2
- Firewall > Rules > WAN2 > + Add
This will get automatically created:
Protocol: IPv4, TCP
Destination: <file_server> : <port>
7
High availability / Re: Complex multi-wan (one internal service available via one WAN only)
« on: March 31, 2024, 10:21:31 pm »
Are VLANs the answer?
8
High availability / [SOLVED] Complex multi-wan (one internal service available via one WAN only)
« on: March 25, 2024, 01:01:16 pm »
Is it possible to host a public file server from just one specific WAN gateway when I have two WAN gateways attached?
See attached diagram.
My two WAN connections:
- WAN1: IPv6 with a static public IP address, plus IPv4 using CGnat (no public IP address)
- WAN2: IPv4 with a static public IP address, no IPv6
I have these configured in OPNSense as a fail-over multi-WAN group with WAN1 as primary.
The problem is that I have external clients who need to reach the file server but they themselves are on IPv4-only connections and therefore cannot reach the fileserver which spends 99% of its time on the IPv6 connection only.
Is there a way to allow external IPv4 clients to reach that internal file server while keeping the fail over multi-wan policy in place?
See attached diagram.
My two WAN connections:
- WAN1: IPv6 with a static public IP address, plus IPv4 using CGnat (no public IP address)
- WAN2: IPv4 with a static public IP address, no IPv6
I have these configured in OPNSense as a fail-over multi-WAN group with WAN1 as primary.
The problem is that I have external clients who need to reach the file server but they themselves are on IPv4-only connections and therefore cannot reach the fileserver which spends 99% of its time on the IPv6 connection only.
Is there a way to allow external IPv4 clients to reach that internal file server while keeping the fail over multi-wan policy in place?
Pages: [1]