Messages

not to say I know much - but isn't llm generated code extremely unsecure as well? Wouldn't that ruin the whole point of trying to use a firewall?

The OpenWRT One is a great piece of kit.  If you are using is as just an access point, it does no firewall duties, OpenSense will handle that. 

There are numerous guides and tutorials on the web on how to setup an OpenWRT router as just an AP.  It takes not even five minutes.  Turn off all DHCP and DNS services.  Configure it to get an automatic IP from upstream DHCP server (OpenSnese) and setup your SSID's and go. 

I have a TCL TV that has Roku OS on it.  It's constantly very chatty.  I use ControlD for DNS so I have it blocked.  I tried disconnecting the TV from the network, but then there is a bright white light on the front of the TV that constantly flashes with the intensity of a thousand suns.

I looked for a new "dumb" TV with no smart features.  I quickly found out unless you want to buy a professional display costing almost as much as a car you are stuck with this scheiße. 

</rant>

You could find a used wifi router that has current OpenWRT support and just use it as a access point. 

i5-8500

i7-6700

PPPoE POWERRR!!! ^_^

I'm still on DOCSIS.  :)

Personally I use an Optiplex 3060 I picked up rather cheaply for my OPNsense router. Sure it's not exactly small or anything, but it works for me. It's also massive overkill with an i5-8500 and 12GB of RAM, but it was around $150 or so.

I'm using a Dell 7060 SFF i7-6700 8GB ram 256GB Samsung nvme drive and an Aliexpress 2 port i226 card.  Total cost $150. 

Any of the china boxes with N100 or something similar are going to be over $500 with some ram and an ssd. 

These off lease office machines are cheap and plentiful.  Anything goes wrong with it, you can swap out the NIC or swap out the entire box.  I've seen reports on these AliExpress boxes where a nic port goes bad or something else goes wrong with it like power supply and they are rendered virtually useless. 

IMO the power bills are too high with hardware like that. Better buy a cheap N100 system or something similar. Or at least that was true before the techbros bought all the RAM.

I suppose it depends on where you live and the cost of electricity.  It would take over 5 years to break even for me to invest in a small low powered N100 box.  The Dell box I have idles around 22 watts.  Most of the time it spends idling. 

I'm running this on a 4-port Topton box.

Post #39 in the thread has all the instructions.

You can link to a post if you click on the date of it : https://forum.opnsense.org/index.php?topic=48695.msg246912#msg246912

;)

Thank you!  Learn something new everyday.  ;)

Hey I'm riding the struggle bus here. I'm tinkering with a new box to familiarize myself with the upgrade process as Im sure this would be helpful for others.
I'm running this on a 4-port Topton box.
I'm currently running Windows on this. I believe I have everything correct.
I have the binaries and config files in the same directory.
Running the updater results in the following. Ive tried the 1mb and 2mb bin. I think it might be an issue with the config file. I'm not sure what the "replaces" line is used for how to get the proper parameter.

Code Select Expand

c:\intel\i226-1mb>nvmupdatew64e.exe -u -f nvmupdate.cfg -l update_log.txt

Intel(R) Ethernet NVM Update Tool
NVMUpdate version 1.41.3.1
Copyright(C) 2013 - 2024 Intel Corporation.

Bad command line parameter 'nvmupdate.cfg'.
Here is the current config.

Code Select Expand

CURRENT FAMILY: 1.0.0
CONFIG VERSION: 1.20.0

; NIC device
BEGIN DEVICE
DEVICENAME: Intel(R) Ethernet Controller I226-V
VENDOR: 8086
DEVICE: 125C
SUBVENDOR: 8086
SUBDEVICE: 0000
NVM IMAGE: FXVL_125C_V_2MB_2.32.bin
EEPID: 80000290
RESET TYPE: REBOOT
REPLACES:
END DEVICE
Here is the inventory result

Code Select Expand

Intel(R) Ethernet NVM Update Tool
NVMUpdate version 1.41.3.1
Copyright(C) 2013 - 2024 Intel Corporation.

nvmupdatew64e.exe -i -l inventory.txt

Config file will not be read.
Inventory
[00:002:00:00]: Intel(R) Ethernet Controller I226-V
Alternate MAC address is not set.
Flash inventory started.
Shadow RAM inventory started.
Shadow RAM inventory finished.
Flash inventory finished.
[00:003:00:00]: Intel(R) Ethernet Controller I226-V
Alternate MAC address is not set.
Flash inventory started.
Shadow RAM inventory started.
Shadow RAM inventory finished.
Flash inventory finished.
[00:004:00:00]: Intel(R) Ethernet Controller I226-V
Alternate MAC address is not set.
Flash inventory started.
Shadow RAM inventory started.
Shadow RAM inventory finished.
Flash inventory finished.
[00:005:00:00]: Intel(R) Ethernet Controller I226-V
Alternate MAC address is not set.
Flash inventory started.
Shadow RAM inventory started.
Shadow RAM inventory finished.
Flash inventory finished.
[00:002:00:00]: Intel(R) Ethernet Controller I226-V
Vendor                 : 8086
Device                 : 125C
Subvendor              : 8086
Subdevice              : 0000
Revision               : 4
LAN MAC                : 60BEB40D8560
Alt MAC                : 000000000000
SAN MAC                : 000000000000
ETrackId               : 80000290
SerialNumber           : 60BEB4FFFF0D8560
NVM Version            : 2.20(2.14)
PBA                    : G23456-000
VPD status             : Not set
VPD size               : 0
NVM update             : No config file entry
  checksum             : Valid
[00:003:00:00]: Intel(R) Ethernet Controller I226-V
Vendor                 : 8086
Device                 : 125C
Subvendor              : 8086
Subdevice              : 0000
Revision               : 4
LAN MAC                : 60BEB40D8561
Alt MAC                : 000000000000
SAN MAC                : 000000000000
ETrackId               : 80000290
SerialNumber           : 60BEB4FFFF0D8561
NVM Version            : 2.20(2.14)
PBA                    : G23456-000
VPD status             : Not set
VPD size               : 0
NVM update             : No config file entry
  checksum             : Valid
[00:004:00:00]: Intel(R) Ethernet Controller I226-V
Vendor                 : 8086
Device                 : 125C
Subvendor              : 8086
Subdevice              : 0000
Revision               : 4
LAN MAC                : 60BEB40D8562
Alt MAC                : 000000000000
SAN MAC                : 000000000000
ETrackId               : 80000290
SerialNumber           : 60BEB4FFFF0D8562
NVM Version            : 2.20(2.14)
PBA                    : G23456-000
VPD status             : Not set
VPD size               : 0
NVM update             : No config file entry
  checksum             : Valid
[00:005:00:00]: Intel(R) Ethernet Controller I226-V
Vendor                 : 8086
Device                 : 125C
Subvendor              : 8086
Subdevice              : 0000
Revision               : 4
LAN MAC                : 60BEB40D8563
Alt MAC                : 000000000000
SAN MAC                : 000000000000
ETrackId               : 80000290
SerialNumber           : 60BEB4FFFF0D8563
NVM Version            : 2.20(2.14)
PBA                    : G23456-000
VPD status             : Not set
VPD size               : 0
NVM update             : No config file entry
  checksum             : Valid


Post #39 in the thread has all the instructions.   

The correct name of the file is nvm.cfg as per post #39 of this thread. 

Try the 2MB.  I have the two port version and the 2MB version of the file worked. 

No luck :(

So when I try the 2MB files, the update process fails pretty much instantly.... but if I use the 1MB files, it takes a good few minutes for the update to fail

Code Select Expand

Num Description                          Ver.(hex)  DevId S:B    Status
=== ================================== ============ ===== ====== ==============
01) Intel(R) Ethernet Controller        2.19(2.13)   125C 00:013 Update failed
    I226-V


Tool execution completed with the following status: An error occurred when updating a firmware module.

It took a few tries to get it to flash.  I tried under Linux but couldn't get it to flash.  Booted into Windows 11 and got it to flash from there. 

Has anyone had any luck updating the NVM on this generic Aliexpress I226-V?

Try the 2MB.  I have the two port version and the 2MB version of the file worked. 

Where did you find v2.34?  I have v2.32 but unable to find v2.34.

Sorry, my mistake (typo), I meant 2.32 and I got it from here

https://github.com/BillyCurtis/Intel-i226-V-NVM-Firmware/blob/main/README.md

v2.36 is supposedly out there somewhere. I haven't had any issues with v2.32 but v2.36 is a higher number and thusly more gooderer. :) 

Hello everyone,

I'm the author of repository and thank you for noticing my work. Purpose of this repository is describing all functions in tunables with provided examples based on my hardware and network setup. Like I wrote in repository, you can't copy paste all settings since it's tuned for my needs, hardware, ISP and network setup.

@opnessense port flapping is well know issue with i226 ethernet cards and ASPM, mostly affected firmware v2.13, v2.14, v2.17 with the partial fix released in v2.22 but still some issues with ASPM. Full fix was released in firmware 2.33/2.34, in my case I upgraded firmware of i226-V to v2.34 and I don't have any issues with settings I provided in repository.


Thanks,
nightcom

Where did you find v2.34?  I have v2.32 but unable to find v2.34. 

[...]Has anyone else here repurposed older 1U enterprise gear for their OPNsense build, and did you stick with the original power supply or did you find a way to swap it for something more "home-friendly"?[...]

Several, but not for OPNsense. It can help... or not. It's a bit of a hobby with me, so I get pretty silly with it (link, link). The simplest is to replace the fans alone, and as I'm sure you are thinking, you just have to find quieter ones that perform adequately. Not always easy - there's native performance, but also PWM curves to consider. With a PC that should hopefully be adjustable in the BIOS. As meyergru said, the 1U form factor is not ideal.

My fan-cooled equipment tends to be bloody noisy, as I like to filter the air. It's a price I'm (usually) willing to pay.

[...]am I just throwing money away on electricity by using a 345W PSU?[...]

Perhaps. My own firewall has a max power consumption of ~200W and ~40W idle (120V AC) with a 650W PS. It's the smallest I could conveniently obtain. Is power cost such a concern that obtaining new hardware would be worthwhile? (Or would you have other reasons for such in addition to power?)

I think that's the first hot rodded router I've seen with a K&N filter on it. :)

This procedure has been applied to a generic Aliexpress, pcie x1, dual-port i226v card.

This stil has not fixed the crash with ASPM enabled, even with "default" performance profile. Only way to make the NIC work reliably is to disable ASPM (in the kernel cmdline, set the options pcie_aspm=force pcie_aspm.policy=performance).
This blocks the package C-States to at most PC2.

I have been using a "Fenvi" branded AliExpress 2 port i226v card since December without any issues.  Updated the card using the 2mb file.  Can sustain 2Gbps throughput.  I have officially 1.5Gbps cable internet that is over provisioned.

You can have a look in the BIOS.  Most BIOS have a setting to turn off ASPM or pci power management. 

Same issue here.  Using VPN gets you banned from the forum. 

Hello!

First of all, thank you for the guide!

I'm having the same problem as Olmari in post #159, though I have a generic dual-port i226v NIC (pcie x1)
The update fails without much more detail. (same exact output)

The system is a Optiplex 3050, i tried both on Linux (with the linux utility) and on a OPNsense 25.7 live ISO.
Running it on OPNsense, the inventory option didn't work (while on linux it did).
But in both cases, the update does fail in the same way.

After the failed firmware upgrade (from version 1.17) the nic doesn't have any MACaddress and it needs a reboot (hot one is fine) to be recognised correctly again.

What can be the problem here?

Thank you

Do you have a Windows machine?  I tried under Linux and OPNsense and could not get it to work properly.  Finally booted into Windows and was able to get it to read the card and flash it. 

Mine is a generic two port card as well from AliExpress.