Messages

Thank You. Helped a lot. One last "Q". In case OPNsense business edition is not renewed (let's say someone forgets witch is a normal thing in companies). How does the device act? No more updates or just stops?

[Update:]

Update: seems that the issue is related to more to ASUS than intel. Yes, intel i226 is buggy, specially with 2.17 NVM. But there are some ASUS ASPM issues. Not recommend using this NUC for OPNsense, unless you plan to virtualize it. I've contacted ASUS, had loooooong discussion asking for firmware, maybe i226 NVM ROM to update on my own risk. Their answer is strict: no support for LAN FW updates, their current BIOS is fine. Please use Windows. :)

I've replaced my ASUS with Protectli Vault Pro VP2430. Same i226-V, same 2.17 NVM (according dmesg) and no issues. Works fine, stable. Not 2.5gbps, but about 2.3gbps with MTU1500 and I'm fine with that.

Hi everyone. I have a client that is running custom built 1U (short depth) router with Intel Xeon E3-1220 v5. Interesting part, that it is in office with up to 100 online devices during the day and redundant 1gbps uplink. More than 20 active IPSEc tunnels. 6 VLANs. Uplinks are using integrated i210 1gbps ports and 82599ES SFP for internal communication. https://bsd-hardware.info/?probe=1687988f93

Quite a beast until you run Zenarmor. then CPU is almost dead. Anyway, I always prefer a way to support a OPNsense and client would like to move to some "non custom" solution. DEC2752, according the PDF, looks like a perfect candidate. But logic kick in and states that V1500B is slower than E3-1220 v5, so it would look more like a downgrade.

How does it work, DEC2770/DEC2752 are typical PC arch devices or maybe they do have some additional HW optimization?

Hello everyone. Can't really remember when it started, but with some 24.7 update.

I'm using NAS behind OPNsense and doing 2049 port (TCP/UDP) forward on WAN. Using NFS4 so everything seems fine.

So today I've noticed that when you connecting to 2049 port and using source port above 1024 - I can see traffic on firewall log. But when src_port is 848 - can't even see the traffic.

Opened few other ports and same behavior. When source port is below 1024 - no traffic on firewall log. When src_port is 1025 - port [tcp/nfsd] succeeded.

Were there any changes that could address this? I've read few changelogs but didn't find anything.

This NUC is great candidate for small powerful firewall, but probably not now. I'm running fine on hypervisor. Have other SSD with OPNense installed. Will try next time, when some major release is out. Maybe ASPM selection in bios has no affect. Wonder what changes will 0040 BIOS introduce.

No, I didn't get any speed issues. Cannot say that is was stable 2.5gig, but near 2gig.
What BIOS version You're using? Any VLANs or IPsec tunnels?

Thank You everyone for help. Tried disabling ASPM, changing PCIe settings. Disabling cores, intel speedstep. Updated to latest opnsense. changed ram, enabled/disabled ECC. Nothing. Tried locking interface speed to 1gig, 100mb.

Also noticed that when using this NUC 'Input Errors' are huge on both interfaces. For now I would state that tis NUC is unusable with opnsense. Unless it is used as hypervisor to host it.

Will try again, when ASUS release new BIOS.

Thank you for Your reply. Yes, I have latest BIOS and tried meyergru tutorial on microcode. Microcode loaded, updated. Even verified. Currently testing "clumsy" setup:

Installed Windows 2019 Hyper-V, loaded all drivers. Created VM with OPNsense and added VLANS on hypervisor level (WAN+2x LAN) as VM interfaces. Quite overkill but still working. Even reach near 2gbps.

So I'm stuck at something not supported on the FreeBSD side. I would say that maybe I could try compiling latest driver for i226V? A bit overkill too, I would say.

Hello, I'm new on forum but with OPNsense more than 5 years. Usually my deployments end with some ITX board on RACK case. Some old i3 4xxx serries and few intel i210/i211 NICs. Sometimes cheapy realtek. Newer models with N100 are very cool, power usage wise and heat.

But currently I bought ASUS NUC 13 Rugged (BNUC13BRFA400B00IW) to try. Total disaster. It installs fine (some ACPI errors, had to use debug.acpi.disabled=1) . Even works few days. But then all the magic arrives. Whenever you give some load (in my case download even RHEL 5GB iso). WAN stops working. Gateway is offline, no errors, warnings in logs. NIC is online. fw_log incicate that requests sent, but gateway offline.

You can simply unplug wan network cable, and plug it again - everything works again for couple of hours.

CPU: Intel® Atom® x7425E
RAM: 8GB DDR5-4800
2 x Intel® Ethernet Controller I226-V
SSD: tried installing into eMMC and M.2 500GB WD_BLACK SSD
Provider: tried two providers. Both provide FTTH optic. One is using GPON based converter to cooper and DHCP assignment, other standard SFP optic converter and static IP assignment.

Tried disabling pretty much everything in BIOS. No change.