Messages

Hello,

I have a seperate VLAN for every gamer in our household. (for easy management of who is downloading to much, who needs to go to bed, who is beeing punished :) )

So the VLAN's are not realy for security, but more for management especialy since we have a very slow internet connection (only 95Mbps)

All is working great except for one thing, because of the VLAN seperation, the Steam Local Network Game Transfer feature does not work, and this is very usefull for us, since we have only 95Mbps its very nice if only one PC needs to download a game/update and the other PC's can than transfer it from this PC instead of also downloading it.

I figured I can Bridge the Gamers VLAN's for this. (it is ok if they are not seperated anymore from each other, aslong as all the security to the outside stay's the same.

I am no expert and found some guides about bridging multiple VLAN's but I cant seem to get it to work,
Anyone have a "dummy's" step by step guide for me ?

I created the bridge, added the 3 gamers VLAN's to it, enabled it, and than tried adding firewall rules just allowing everything to everything between the VLAN's but it does not seem to work :(


Any tips are appreciated,


Hans

Sorry to open this up again,

I know the problem is with the non official repository's, but its still an anoying problem,

Is there a more "official" way to get AdguardHome and Zenarmour in to OPNsense without going thru there repository's (who seem to stay out of date)

Can you install the adguard home and zenarmour plugins via the official OPNsense repository ? or is there another repository that stay's correctly in sync ?

I have been just doing the double update (one time via shell after the official update) and it works fine for me, but not sure if this way might cause troubles in the long run,

so,

anyone have a correct way for me to add adguard home and zenarmour to OPNsense do it does not "break" the updating process ??

any more help and tips for this kinda noob is appreciated,


Hans

Geez, it has been said a hundred times that mimugmail packages are out of date and cause this. I mean you can clearly see from the output that it's bouncing around between "mimugmail" and "SunnyValley".

Add third party repos, please deal with your breakage.


Cheers,
Franco

Hello, I am sorry to bother you again, im kinda a realy noob amateur IT hobby guy and try to follow guide's to do stuff, (I love learning stuff,  but sadly im not getting smarter with age :) )

So I have to change something about the 3th party repo's ?

Im just asking before I start looking for a solution that I got it right ? because its the build in updater from OPNsense that tells me there are updates, but than cant do that update, but when I do the update manualy from the shell it does work ?

Or am I correct in thinking im not the one doing anything wrong and it should get fixed by the zenarmour guys ??
(this kinda points to that : https://github.com/mimugmail/opn-repo/issues/234)

If you could point me in the right direction that would be awesome :)

Hello,

Update 24.7.3_1 still same problem, packages not updating automaticaly,

Health AUTH log before I update ;

Code Select Expand

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 24.7.3_1 at Mon Sep  2 10:10:33 CEST 2024
>>> Root file system: zroot/ROOT/default
>>> Check installed kernel version
Version 24.7.3 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 24.7.3 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
SunnyValley
OPNsense
mimugmail
>>> Check installed plugins
os-adguardhome-maxit 1.12
os-sensei 1.17.6
os-sensei-updater 1.17
os-sunnyvalley 1.4_3
os-wol 2.4_2
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: ....
os-adguardhome-maxit-1.12: checksum mismatch for /usr/local/AdGuardHome/AdGuardHome
os-adguardhome-maxit-1.12: checksum mismatch for /usr/local/AdGuardHome/AdGuardHome.sig
Checking all packages......... done
>>> Check for core packages consistency
Core package "opnsense" has 68 dependencies to check.
Checking packages: ..................................................................... done
***DONE***

If I do check for update after the update ;

Code Select Expand

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 24.7.3_1 at Mon Sep  2 10:13:20 CEST 2024
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 844 packages processed.
Updating SunnyValley repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: ......... done
Processing entries: ..... done
SunnyValley repository update completed. 66 packages processed.
Updating mimugmail repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: ........ done
Processing entries: .......... done
mimugmail repository update completed. 202 packages processed.
All repositories are up to date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking for upgrades (10 candidates): .......... done
Processing candidates (10 candidates): ........ done
The following 5 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
alsa-lib: 1.2.11 [mimugmail]
brotli: 1.1.0,1 [SunnyValley]
freetype2: 2.13.2 [SunnyValley]
libfontenc: 1.1.8 [SunnyValley]
png: 1.6.43 [SunnyValley]

Number of packages to be installed: 5

The process will require 5 MiB more space.
2 MiB to be downloaded.
***DONE***

shows available packages (image included)

When I than click update it runs this ;

Code Select Expand

***GOT REQUEST TO UPDATE***
Currently running OPNsense 24.7.3_1 at Mon Sep  2 10:15:46 CEST 2024
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
Updating mimugmail repository catalogue...
mimugmail repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
Updating mimugmail repository catalogue...
mimugmail repository is up to date.
All repositories are up to date.
Checking for upgrades (10 candidates): .......... done
Processing candidates (10 candidates): ........ done
The following 5 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
alsa-lib: 1.2.11 [mimugmail]
brotli: 1.1.0,1 [SunnyValley]
freetype2: 2.13.2 [SunnyValley]
libfontenc: 1.1.8 [SunnyValley]
png: 1.6.43 [SunnyValley]

Number of packages to be installed: 5

The process will require 5 MiB more space.
2 MiB to be downloaded.
[1/5] Fetching png-1.6.43.pkg: .......... done
[2/5] Fetching freetype2-2.13.2.pkg: .......... done
[3/5] Fetching alsa-lib-1.2.11.pkg: .......... done
[4/5] Fetching libfontenc-1.1.8.pkg: ... done
[5/5] Fetching brotli-1.1.0,1.pkg: .......... done
Checking integrity... done (0 conflicting)
[1/5] Installing png-1.6.43...
[1/5] Extracting png-1.6.43: .......... done
[2/5] Installing brotli-1.1.0,1...
[2/5] Extracting brotli-1.1.0,1: .......... done
[3/5] Installing freetype2-2.13.2...
[3/5] Extracting freetype2-2.13.2: .......... done
[4/5] Installing alsa-lib-1.2.11...
[4/5] Extracting alsa-lib-1.2.11: .......... done
[5/5] Installing libfontenc-1.1.8...
[5/5] Extracting libfontenc-1.1.8: ......... done
=====
Message from freetype2-2.13.2:

--
The 2.7.x series now uses the new subpixel hinting mode (V40 port's option) as
the default, emulating a modern version of ClearType. This change inevitably
leads to different rendering results, and you might change port's options to
adapt it to your taste (or use the new "FREETYPE_PROPERTIES" environment
variable).

The environment variable "FREETYPE_PROPERTIES" can be used to control the
driver properties. Example:

FREETYPE_PROPERTIES=truetype:interpreter-version=35 \
cff:no-stem-darkening=1 \
autofitter:warping=1

This allows to select, say, the subpixel hinting mode at runtime for a given
application.

If LONG_PCF_NAMES port's option was enabled, the PCF family names may include
the foundry and information whether they contain wide characters. For example,
"Sony Fixed" or "Misc Fixed Wide", instead of "Fixed". This can be disabled at
run time with using pcf:no-long-family-names property, if needed. Example:

FREETYPE_PROPERTIES=pcf:no-long-family-names=1

How to recreate fontconfig cache with using such environment variable,
if needed:
# env FREETYPE_PROPERTIES=pcf:no-long-family-names=1 fc-cache -fsv

The controllable properties are listed in the section "Controlling FreeType
Modules" in the reference's table of contents
(/usr/local/share/doc/freetype2/reference/index.html, if documentation was installed).
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 5 packages:

Installed packages to be REMOVED:
alsa-lib: 1.2.11
brotli: 1.1.0,1
freetype2: 2.13.2
libfontenc: 1.1.8
png: 1.6.43

Number of packages to be removed: 5

The operation will free 5 MiB.
[1/5] Deinstalling freetype2-2.13.2...
[1/5] Deleting files for freetype2-2.13.2: .......... done
[2/5] Deinstalling png-1.6.43...
[2/5] Deleting files for png-1.6.43: .......... done
[3/5] Deinstalling libfontenc-1.1.8...
[3/5] Deleting files for libfontenc-1.1.8: ......... done
[4/5] Deinstalling brotli-1.1.0,1...
[4/5] Deleting files for brotli-1.1.0,1: .......... done
[5/5] Deinstalling alsa-lib-1.2.11...
[5/5] Deleting files for alsa-lib-1.2.11: .......... done
Checking all packages: .......... done
The following package files will be deleted:
/var/cache/pkg/libfontenc-1.1.8~c32e4188e2.pkg
/var/cache/pkg/alsa-lib-1.2.11.pkg
/var/cache/pkg/png-1.6.43.pkg
/var/cache/pkg/alsa-lib-1.2.11~67ac8ae257.pkg
/var/cache/pkg/brotli-1.1.0,1~8e55295843.pkg
/var/cache/pkg/png-1.6.43~e10fcb01ca.pkg
/var/cache/pkg/libfontenc-1.1.8.pkg
/var/cache/pkg/brotli-1.1.0,1.pkg
/var/cache/pkg/freetype2-2.13.2.pkg
/var/cache/pkg/freetype2-2.13.2~76fa19cd6b.pkg
The cleanup will free 2 MiB
Deleting files: .......... done
All done
Nothing to do.
Starting web GUI...done.
Generating RRD graphs...done.
***DONE***

But nothing actualy gets updated, If I check for updates again, we are in a loop,

If I than like previous times log in to SSH in the shell and do "pkg upgrade" problem is fixed and it all works,

copy of what happens in console :

Code Select Expand

root@OPNsense:~ # pkg upgrade
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
Updating mimugmail repository catalogue...
mimugmail repository is up to date.
All repositories are up to date.
Checking for upgrades (10 candidates): 100%
Processing candidates (10 candidates): 100%
The following 5 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        alsa-lib: 1.2.11 [mimugmail]
        brotli: 1.1.0,1 [SunnyValley]
        freetype2: 2.13.2 [SunnyValley]
        libfontenc: 1.1.8 [SunnyValley]
        png: 1.6.43 [SunnyValley]

Number of packages to be installed: 5

The process will require 5 MiB more space.
2 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/5] Fetching png-1.6.43.pkg: 100%  289 KiB 296.3kB/s    00:01
[2/5] Fetching freetype2-2.13.2.pkg: 100%  485 KiB 497.0kB/s    00:01
[3/5] Fetching alsa-lib-1.2.11.pkg: 100%  484 KiB 495.9kB/s    00:01
[4/5] Fetching libfontenc-1.1.8.pkg: 100%   21 KiB  21.6kB/s    00:01
[5/5] Fetching brotli-1.1.0,1.pkg: 100%  327 KiB 334.6kB/s    00:01
Checking integrity... done (0 conflicting)
[1/5] Installing png-1.6.43...
[1/5] Extracting png-1.6.43: 100%
[2/5] Installing brotli-1.1.0,1...
[2/5] Extracting brotli-1.1.0,1: 100%
[3/5] Installing freetype2-2.13.2...
[3/5] Extracting freetype2-2.13.2: 100%
[4/5] Installing alsa-lib-1.2.11...
[4/5] Extracting alsa-lib-1.2.11: 100%
[5/5] Installing libfontenc-1.1.8...
[5/5] Extracting libfontenc-1.1.8: 100%
=====
Message from freetype2-2.13.2:

--
The 2.7.x series now uses the new subpixel hinting mode (V40 port's option) as
the default, emulating a modern version of ClearType. This change inevitably
leads to different rendering results, and you might change port's options to
adapt it to your taste (or use the new "FREETYPE_PROPERTIES" environment
variable).

The environment variable "FREETYPE_PROPERTIES" can be used to control the
driver properties. Example:

FREETYPE_PROPERTIES=truetype:interpreter-version=35 \
        cff:no-stem-darkening=1 \
        autofitter:warping=1

This allows to select, say, the subpixel hinting mode at runtime for a given
application.

If LONG_PCF_NAMES port's option was enabled, the PCF family names may include
the foundry and information whether they contain wide characters. For example,
"Sony Fixed" or "Misc Fixed Wide", instead of "Fixed". This can be disabled at
run time with using pcf:no-long-family-names property, if needed. Example:

FREETYPE_PROPERTIES=pcf:no-long-family-names=1

How to recreate fontconfig cache with using such environment variable,
if needed:
# env FREETYPE_PROPERTIES=pcf:no-long-family-names=1 fc-cache -fsv

The controllable properties are listed in the section "Controlling FreeType
Modules" in the reference's table of contents
(/usr/local/share/doc/freetype2/reference/index.html, if documentation was installed).


I hope this information helps

From what I can see, in the GUI the old packages do get deleted, but nothing new installed ?? and in the Shell it also installes the new ones ?

Same problem, same fix with update 24.7.1

getting anoying tho :) :)

I had the same problem,

and I can confirm that @jphylips fix using "pkg upgrade" in the console as SUDO also fixed the problem for me.


Thank you good sir,

Hmm,

for a moment I tought I had it working, but when I also added the upload pipes now again all VLAN's are only getting max about 1/3th of the bandwith even when the other vlan's are NOT downloading anything,

ill keep tinkering on this, but if anyone else has some obvious "AHA" tips for me to try, its all welcome,


thank you,

Thanks again, I will try this soon,

Yes when I started the first time (after reading the docs :) ) I had a seperate upload and download pipe, but since it dident work I fingured ill try to get the download working first and than move on from there,

Possibly that I have my directions screwed up there, so ill be reading docs again and taking your tips and will try again and will let you know,

I aint the brightest cookie in the box, but I do try to be a nice cookie tho :) so thanks for sticking with me :)

Thanks for beeing patient with me, If it should work, im sure im doing something stupid wrong :(

I have one pipe for my full bandwith (I tried both with 95Mbps what I realy have, I tried with less and I tried with 100Mbps what the theoretical max is)

Mask set to none and everything else left alone.
(in advanced the scheduler type is "weighted Fair Queueing" I think that is correct ?, it was the standard.)

Picture of the Pipe included

I than made 3 Queues , one for each VLAN, set to use the 100Mbps Pipe and a weight of 30 , no Mask selected.

Picture of one of the Que's included (they are the same just different VLAN)

Than I have 3 Rules, one for each VLAN, and Each VLAN's Rule has a target of its own Que.
So I have 3 of these

Picture of a Rule included, all 3 are the same, just for each VLAN and each one points to its own Que



Let me know if you see anything that stands out as wrong or something I should change to try.


Thank you,


Hans

Are you trying to wake an OPN machine or one running another OS, which one?

I am waking up a OpenMediaVault server. (from one Vlan to another Vlan so the standard WOL magic packet wont work)
(so running linux) and its working now , so thanks all for helping :)

So basically,

now you got into the point where 2 of the 3 VLANs work as expected. But when 3rd VLAN tries to eat its pie it will not get any?

No, I tought it dit , but its not, its still just not working :(

Code Select Expand

also give any VLAN the MAX bandwidth if the other VLAN's are NOT using there minimum bandwidth

This you don't set, you set weights you say how much each of them eats if all eat. If there is BW to spare it should be divided automatically.

Regards,
S.

ok,

but I still need to get the first part to work :(
I will be trying some more and see if I got any improvements :(

Thanks for your continued help with this noob,

I found one error, I only had 1 que and used it for all 3 rules,

I have now 1 pipe with the full available bandwith, (without MASK set)
3 queues with 30 weight (without MASK set)
3 rules , one for each VLAN and each using a different Que

When I download full speed on one VLAN, it looked ok, when I than start a download also on a second VLAN that son's VLAN was also still ok, but my 3th VLAN for the other son got hammered :( (noticed by the screams that he was "going to die" :) :) )

So still dont know what is wrong,

I read the documentation again tho, and the problem is, in that documentation I do NOT find what I actualy need.
All I find there is to set a MAX bandwith per VLAN , I also find the option to set a MINIMUM bandwith per VLAN, but nowhere there I find the ability to set a MINIMUM bandwith per VLAN but also give any VLAN the MAX bandwith if the other VLAN's are NOT using there minimum bandwith :(

and online I only ever found guides to do this specific thing for PFsense and its from years ago and the terminology is not the same on OPNsense today :(

I am stumped, especialy since exactly this is what I wanted to do with OPNsense and is the biggest reason for starting it :) (loving all the other features also afcourse)

any more tips or stuff to try is appreciated.

This works :)

I just had to remove the -s tag from my original Curl line,


Thank you so much,


You happen to know any quick and small android app that could run that Python command so I can start my server from my smartphone ? :)

You should have,

1 Pipe and a separated queue with a weight for each individual host/VLAN you want to allocate BW

This setup can not use CODEL or FQ_Codel AQM. Otherwise weights will not be honored.

https://docs.opnsense.org/manual/how-tos/shaper_limit_per_user.html

Regards,
S.

Ah, that is what I had I think,

I have one pipe of 95Mbps

1 que's with a weight of 30

3 Rules for each VLAN that uses that Que of a weight of 30
No CODEL or anything enabled.

but its not working like that :( :(

[one Queue]

If I understand it correctly,

You created 1 Pipe for 95M and only one Queue weight of 30 in which are all VLANs/Devices?

Regards,
S.

oh, no I actualy created 3 que's in that pipe for all 3 vlan's ,

So I gues this might  be my fault !!!!

Thanks alot, I will be trying this out and I will let you know.