Messages

and I care for it with all my heart.

Just not soo much to get a burnout...

You should add in mindlessly paste from AI.

Just don't use those "Machine Learning Chatbots" at all !!! :(



The other day a guy Copy->Pasted something from one while I was asking something about HIS project... d0h!

I have three LANs so I thought I'd try one or two before changing the final one that has many more hosts on it.
That was unsuccessful because, even though in ISC DHCPv4 config I unchecked the box for those two LANs, ISC seemed to still be bound to port 67 on those LANs.

So I had to do all three at once and make sure ISC was really stopped.

That is as expected.

Then I noticed in the Kea error logs that the "Control Agent" is deprecated. So though I at first checked the box to turn it on in that page, I later went back and turned it off.

Only needed for HA setups! ;)

Early going, but so far so good. Hoping for a smooth update to v26.

+1 :)

From what I understand, it is PPPoE that can be the problem & it requires a pretty decent single core clock speed as the PPPoE implementation in FreeBSD is not multithreaded yet.

It is multi-threaded just not multi-core capable as in 'Use the processing power of more than 1 CPU Core' ;)

So it will never go further than 4 x 25% of each Core at best in case of my N5150 for example !!



Anyways...



Just get a nice N100 "NUC" with Intel NICs and be happy! :)

a favorites menu

Was thinking about requesting something like that too for a time now :)

I would then add the stuff I like to check often like DHCP Leases/ARP Cache and ofcourse everything related to my network that I am actually using at the moment.

You could also have a Group in the Favorites section where each group would be all settings related to one specific Network/VLAN/Subnet or the WAN for example.

#SooManyIdeas!!!

[/EDIT :]

I haven't tried the professional Netgear switches and I do expect better of them, but I had a terrible experience with a cheaper Netgear smart switch and had to return it.

It was leaking RAs across the VLANs.

Do you happen to remember the exact model and revision ?


/EDIT :

GS308EP with firmware 1.0.1.4

I was still very green at the time but I don't think this was user error.  There was no working combination to prevent the RA spillage.

Ha!  Looks like they fixed it some months after:

https://kb.netgear.com/000066737/GS308EP-Firmware-Version-2-0-0-5

:-)

Thank you! :)

Sorry you had so many problems with it.

I am actually saying I did not ;)

The import / export feature with KEA is amazing. It's the best part of it IMO.

Totally agree!

Cisco/CCNA best practices do not say to "skip VLAN 0-5."

It was either 0-4 or 0-5 when I took my CCNA somewhere in 2013/2014 so maybe things have changed by now... dunno... :)

- Did you setup new Firewall Rules similar to those that the LAN network has by Default ?

No. I did not add any additional firewall rules.

I intentionally kept the firewall rules in their out-of-box state so that any custom rules would not introduce variables or interfere when asking for community support.

I am not sure if the rules that the default LAN Interface has after a fresh install are also applied when you create the new "Bridged LAN Interface" so to speak since it basically is a NEW Interface like any other newly created interface...

You need to have the firewall rules that allow IPv4 and IPv6 communication to other networks + internet access and ofcourse :

- DHCP settings are also adjusted ?

for LAN ipv4 config type was static ipv4 with dhcp server for LAN interface. not sure if this answers the question, or are you referring to something else?

DHCPv4 at least for that new "Bridged LAN Interface" in order to get IPv4 addresses.

But you told us already that regular wired LAN Clients have a fully working connection on the "Bridged LAN Interface" so I am guessing you have applied these settings already ?!

** BUMP **

I am really curious if this is the case or not :

I really liked the ISC DHCP option and hope the KEA DHCP option does the same :)

I thought the check mark was odd as well, and that it indicated the CSV had been parsed successfully, but I was looking for a "Go" or arrow or "Submit" button, but after a few seconds I clicked on the check mark and Bob was suddenly my uncle.

+1 when moving from ISC DHCP to KEA DHCP and Importing/Exporting the Static DHCP Mappings but it did not took me a hour to figure it out :)

Unplug and replug LAN or reboot the switch it's connected to - UI access gone.

Hmm... never tested that...

The same goes for OpenSSH Server ?!

Luckily the device has a regular Power On/Off button as a last resort so a clean "reboot" can be performed...

See : https://forum.opnsense.org/index.php?topic=50567.msg258716#msg258716

TL;DR : It's work in progress and there will be a lot of improvements to avoid misunderstandings :)

Because it does not work for interfaces that are created on-the-fly or change their IPs if the BIND is not done to the anonymous socket 0.0.0.0, which denotes "all" interfaces, including such that do not exist (yet).

Just try to use a VPN interface: It will seem to work, but on the next reboot, the service fails because it cannot bind to a non-existing interface.

So, the usual way is to bind services to "all" interfaces and block access using firewall rules.

But if I understand you correctly then there is no issue in binding it on the Default LAN Interface since you are probably never ever going to change anything there anyway ?!

And if you need access from a VPN or another network you can use firewall rules for those :)

In OPNSense I had, and still have, System -> Settings :  Listen Interfaces ALL (recommended).

Looks like I have to change this to LAN and Wireguard only(?) although it is not recommended?

I still don't understand why this is not recommended ?!

IMHO it's totally logical to bind things like the webGUI and SSH to just the Management VLAN network a.k.a. the default LAN Interface in the case of OPNsense :)

Even found a old IPcam, which when booted screams something in chinese. think its hacked, now it got time to check it.

LOL! ^_^

Good luck & Have FUN !!! ;)