Messages

Is there a way to say that adguardhome service must start after openvpn has completed?

Yes, but not like how we can use "After" commands under systemd.
Does openvpn also start on it's own? Why is openvpn a dependency for AdGuard?

Start with "service -e"

Find the AdGuard service script and park a "sleep 10" in it (at the beginning or in the start section), see if that helps.

We could also modify that service script to actually check for openvpn status, but I don't think you need to complicate things at this point.

Before doing anything manually, what does "netstat -na |grep 53" show?

Just came across this: https://www.intel.com/content/www/us/en/support/articles/000005593/ethernet-products.html

I wonder if Windows clients need this "Intel® PROSet" tool to expose these functions in Device Manager and that's maybe what the reference was in regard to.

PROset no longer available for win10 after package 20.120
Since win10 is basically over, Intel not interested in keeping PROset for it. Makes sense.
PROset though is basically the driver for winOS (gui+driver). I wonder how then you handle the vlan stuff from say Linux.
https://www.intel.com/content/www/us/en/support/articles/000026008/wireless.html

If you take the buy-once approach, the i5 would be my choice. Better to have the bigger/better engine for when the wheels get onto the autobahn. ;)

[TLS]

There's the redirect setting in the gui, try that 1st.
However, IIRC I did set that setting but it did not redirect non-ssl to the ssl TLS protocol.
So test it.

What would be your PSU -> motherboard link? USB?

No.
It's a simple pickup by mobo bios, just as my PC bios monitors various temp sensors and can control cooling fans. There's would need to be a "device" between mobo and OS, an Intel chip, and then an OS device driver to grab the info from the chip. Rather simple. The compliant PSU would need to have a filter that feeds signal from line to the mobo chip, systems with modular PSU's have a ton of wires connected to mobo. Systems with integrated PSU have all the wiring on pcb. It should not be difficult at all to achieve. Having one tiny SMD SOIC (1mmx1mm) would be nice to have for the mobo makers, but they have the phone numbers to Intel and the like.

As for USB-C ports, it's more about the ports on devices and less to do with cables. The size of sfp and rj45 on a mobo is just absurdly big. Cables are readily available (cots) and fairly inexpensive. Fiber cables are very expensive in comparison.

Which UPS does this? And which power supply and mobo combo?

None, that's my point.
Mobo makers (and PSU's) should start to incorporate it. I don't see it being a challenge of any kind, just needs to be incorporated.

Also this, why do we need SFP+ or RJ45 when USB-C (connector) has 10Gb bandwidth capability. Ethernet could technically mux to USB3.1 for 10Gb full-duplex, but also technically no need to mux it. SFP's and RJ45's take up lot's of space. Surely the locking piece is needed.

How exactly on freeBSD is your homework.

A NUT plugin for OPNsense exists and works ;-)

It's year 2026, signal overlay on power line should be standard for UPS and all mobo's, and then OS's can hook into it. What does this mean? When UPS goes to batt mode it overlays a signal onto the AC voltage powering the devices (or DC if it's telco 48vdc). Then every piece of hardware should have it's input power filtered for such signal, which is then coupled to mobo, from there you cfg the OS to take action when such signal is identified (shutdown, do nothing, warn, etc etc).

Back to topic, my 2xsfp+ with three i226v's (N150 cpu), been running a-ok, cheap china made stuff. The mobo looked quality under magnification. How long it will last I don't know. N150 is a bit low end to handle 2x10G + 3x2.5G.

Yeah, I punished myself enough for years now with my self built box - which is working alright - but God forbid it's not. I really want to go as far as possible away from boxes that break when power runs out. I do have UPS, but also that doesn't hold forever

You might need a better setup to avoid the corruption issue.
Something like https://www.vueville.com/blog/how-to-automatically-shutdown-linux-using-ups-on-power-failure/
How exactly on freeBSD is your homework.

I have ASRock NUC BOX-255H with i226V and i226LM. I'm on 2.22 with BIOS that disables ASPM for both of them. i226V works rock solid. i226LM stops forwarding traffic every few days. Can i update i226LM NVM using file for i226V? I don't care about "LM" management features. This happens on Proxmox 9 where I have 2xOPNsense VMs.

The LM has an OROM, so I guess it's the 2MB bin. I suspect the bin's are not exactly the same, but I still do suspect the -V bin would work on on the -LM hardware. The -V has some versions that are 2MB flash, while others are just 1MB flash. Given the LM hardware just appears to be different in temp range, perhaps the bins are the same? Makes sense to limit the number of unique bins.

 

I did fail trying to set the environment variables for additional debug; I guess I am out of my depth with regards to setting those on FreeBSD/OPNsense. I'll keep at it.

No worries, you can set them like this, using setenv (echo just returns the variable value). Then when you run the flash util it will pickup those environment variables.

# setenv NUL_DEBUGLOG 1
# setenv QV_DEBUG_LOG 0xFFFFFFFF
# echo $NUL_DEBUGLOG
1
# echo $QV_DEBUG_LOG
0xFFFFFFFF

Which shaper is it exactly?

flowqueue-codel

Do you get the same odd results if you use the Zenarmor flow control plugin?

Four 2.5Gb ports where three are in lagg (that's 7.5Gb worth) for internal vlans, and then one 2.5Gb to the wan device, seems like plenty-proof.

4x2.5 is 10Gb, and that's a half duplex spec, can an OPNsense router handle 20Gb of throughput with 15Gb of that in a lagg? I doubt it.
The 2x10Gb is 40Gb of throughput, that's a lot of room, but not likely to get there on an OPNsense fw-router. The DEC2687 is only rated 5Gb, 3852/62 17.4Gb.

Also to note, if everything rides lagg (lan wan, etc), then your lan-wan wan-lan is a 2x hit on the lagg as lan-to-wan wan-to-lan has to go down lagg to fw, cross fw, then back up lagg to switch to reach the wan dfg, and vice-versa. I 1Gb stream from internet is 2Gb on the lagg.

I would probably choose a 4x2.5 over using 2x10Gsfp. Why? Less headache, less parts, less costly, less power, all copper.

Duly noted, published nic speeds are deceiving these days. The spec should indicate the half-duplex speed, so full-duplex is 2x that, however, many nic's cannot achieve 2x half-duplex max speed, and often attaining that rated speed does not happen when full duplexing traffic. As example, the i226V likely cannot do symmetric 1.25Gb, but it probably can get close to 2.5Gb half-duplex. Welcome to the world of nic vendor BS and hype. ;)

2x SFP+ for 2x 10G. I want to connect my core equipment by 2x 10G, which is both future proofing and performance.

20Gb connected how, .1q in trunk?
Even so, that's for your internal stuff, or will all fw ifaces run over this lagg?
Just be sure you get the correct SFP modules.

@Waldhaar_
You only flashed one 226?

Here's some tidbit from Intel docs for flash tool, maybe try using the debug env variables and then grab an inventory

Intel ® Ethernet NVM Update Tool
Quick Usage Guide for EFI
14 332160-006
6.0 Troubleshooting
• Update to the most current base driver prior to running the NVM Update Tool to ensure the newest
features of the NVM image can be installed.
• Refer to the "NVM and Software Compatibility" section in each of the following documents:
The "Software/NVM Compatibility" tables indicate the set of NVM images and Intel ® Ethernet
Controller software releases that go together. Intel recommends that you update the NVM and
Software driver to compatible versions.
The "NVM Transition Support" tables indicate the version of NVM from which the NVM Update Tool
allows updates.
• In case of a security issue, the security revision might be incremented and then an NVM update to
an older NVM with a lower security revision might not be allowed.
• The NVM version for the X550 is NOT shown in the GUI. Only the EEtrack ID is displayed. If you run
nvmupdate with -i, the version is displayed.
6.1 Troubleshooting Using Debug Logs
1. Use the following command to get the log file if there is any error seen.
nvmupdate64e -l nvmupdate.log
This is a text file that contains history of the NVM Update Tool's execution, including the success or
failure status for each operation, and what adapters and ORMs were discovered. After running this
command, the tool creates the nvmupdate.log file under the same folder as nvmupdate.cfg. The log
file is overwritten each time the NVM Update Tool is executed.
2. Use following command to get a little more information on what is in the system by using
nvmupdate with an inventory mode.
nvmupdate64e -i -l inv.log
This provides more details about the adapters in the system to help narrow down the debug scope.
3. Use following command(s) to get a superset of debug logs.
First set following environment variables before nvmupdate execution. For debugging purposes, it
is necessary to set these flags:
export NUL_DEBUGLOG=1
export QV_DEBUG_LOG=0xFFFFFFFF
Now the log generated using the following command is much more detailed.
nvmupdate64e -l nvmupdate.log