OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of miroco »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - miroco

Pages: [1] 2 3 4
1
Hardware and Performance / Re: PCENGINES APU[1-5] Coreboot SeaBIOS Open Source Firmware
« on: December 19, 2019, 11:02:53 pm »
No I can't. This just throws:

# sysctl -a | grep -i thermal

dev.amdtemp.0.%desc: AMD CPU On-Die Thermal Sensors

Do you have any suggestions?

A finding made by the 3mdeb crew puts doubts into pfSense/OPNSense APCI compliance. Could this perhaps influence the result?

https://github.com/pcengines/coreboot/issues/351

2
Hardware and Performance / Re: PCENGINES APU[1-5] Coreboot SeaBIOS Open Source Firmware
« on: December 11, 2019, 12:26:14 am »
The most recent mainline BIOS versions for the APU1 trough APU5 platforms are out.

Temperature is showing on OPNsense dashboard.

v4.11.0.1

https://pcengines.github.io

3
General Discussion / *NIX vulnerability lets attackers hijack VPN connections
« on: December 05, 2019, 11:37:35 pm »
I just came across this.

*NIX vulnerability lets attackers hijack VPN connections.

CVE-2019-14899

https://www.bleepingcomputer.com/news/security/new-linux-vulnerability-lets-attackers-hijack-vpn-connections/

4
19.7 Production Series / Re: Download speed drastically slowing
« on: November 27, 2019, 05:47:06 pm »
If you are using Multicast (IPTV) it could have the same effect as a DDoS attack. Check your firewall log.

https://www.ionos.com/digitalguide/server/know-how/igmp-snooping/

5
19.7 Production Series / Re: System: Settings: Tunables Duplicates and Missing entries 19.7.5
« on: October 14, 2019, 04:09:55 pm »
Thank you.

This incident sparked a thought. Is the best practice between versions to revert tunables to default settings? And how does restoration of an older configuration backup file affect tunables? What I really would like to know, is if there is a risk that I at some point is having a system running obsolete tunable settings impacting the system negatively?

6
19.7 Production Series / Re: System: Settings: Tunables Duplicates and Missing entries 19.7.5
« on: October 13, 2019, 01:30:10 am »
On the face of it, the two last entries seems duplicated.

hw.igb.tx_process_limit      Unlimited packet processing    1
hw.igb.tx_process_limit      Unlimited packet processing    1

But the actual content of the very last entry is different from the previous:

Tunable:       hw.igb.tx_process_limit
Description:  Unlimited packet processing
Value:          1

Tunable:       net.link.ether.inet.max_age
Description:  ARP table refresh time (default 1200 sec)
Value:          300

@AhnHEL

I can't confirm your specific settings. Probably because I'm on a different hw platform: PC Engines APU2C4 (AMD)

I'm also om 19.7.5-amd64

7
Hardware and Performance / Re: Optimized performance of my PC Engines APU2c4
« on: September 12, 2019, 10:57:52 pm »
With the recommended settings I noticed that the frequency jumped from 1000 MHz to 1400 MHz just by clicking "Check for updates". The frequency then went back to 1000 MHz.

8
Hardware and Performance / Re: PCENGINES APU[1-5] Coreboot SeaBIOS Open Firmware
« on: September 12, 2019, 11:53:49 am »
The most recent BIOS versions for the APU1 trough APU5 platforms are out.

v4.10.0.1/v4.0.28

https://pcengines.github.io

9
General Discussion / Re: Firefox directs by default DoH queries to Cloudflare
« on: September 11, 2019, 11:08:42 pm »
Thank you both.

I'm just curious as to why, Merlin the developer of Asuswrt-Merlin, would go to such length, as to contemplating a switch in his firmware to "Block Firefox automatic DoH usage"?

10
General Discussion / Firefox directs by default DoH queries to Cloudflare
« on: September 11, 2019, 10:15:29 pm »
I came across this discussion and I wonder if or how this change to Mozilla/Firefox could impact on OPNsense?

https://support.mozilla.org/en-US/kb/firefox-dns-over-https

"In the US, Firefox by default directs DoH queries to DNS servers that are operated by CloudFlare, meaning that CloudFlare has the ability to see users' queries."

Disabling Firefox's automatic switch to DoH
https://www.snbforums.com/threads/disabling-firefoxs-automatic-switch-to-doh.58910/

11
General Discussion / Re: watch bbc iplayer using openvpn
« on: September 10, 2019, 12:46:49 pm »
Whether I connect my iPhone to my home WiFi network or use mobile data, I get the same dns using Openvpn - that of my OpnSense box. Since you are using an android device, it's maybe working differently in that regard. Perhaps it's caching the dns, in this case, your work dns.

How to flush the dns on an android phone

https://buffered.com/tutorials/how-to-flush-dns-cache/

I assume that the 10.100.1.254 address is the ip of your Opnsense box.

12
General Discussion / Re: watch bbc iplayer using openvpn
« on: September 09, 2019, 07:02:18 pm »
Assign localhost; 127.0.0.1, or the network address of your opnsense box "192.168.1.1" as dns server in your openvpn server configuration.

13
General Discussion / Re: watch bbc iplayer using openvpn
« on: September 07, 2019, 02:08:24 pm »
Hi Rob,

Have you made a DNS leak tests? Do you get the same DNS making the test on your computer at home, as making it over OpenVPN with your android device on for instance a public WiFi hotspot?

Make sure that your OpenVPN Server uses your OPNsense as DNS-server.

Maybe the BBC uses another technology to flush out those trying to access their content abroad, but it's worth a try.

https://www.dnsleaktest.com/

miroco

14
Hardware and Performance / Re: OPNsense Varia AMD APU2C4 broke - Replace with APU2D2?
« on: September 02, 2019, 02:07:19 pm »
A difference between the apu2c and apu2d revisions.

Update apu2d: Reduce leakage current between V3 and V3A power rails (can cause problems with SD cards). Add options for better compatibility with LTE modem modules.

https://www.pcengines.ch/apu2d4.htm

miroco

15
19.1 Legacy Series / [SOLVED] TIME_ERROR: 0x2041: Clock Unsynchronized
« on: July 18, 2019, 10:12:05 pm »
I noticed this today. I don't know when this began, or if it's only me who is affected. Time in Dashboard seems to correspond to time on my Mac though.

root@xxxxxxxx:~ # ntptime
ntp_gettime() returns code 0 (OK)
  time e0db421d.293293d0  Thu, Jul 18 2019 21:08:13.160, (.160928974),
  maximum error 230285 us, estimated error 153 us, TAI offset 0
ntp_adjtime() returns code 0 (OK)
  modes 0x0 (),
  offset -204.688 us, frequency 53.608 ppm, interval 4 s,
  maximum error 230285 us, estimated error 153 us,
  status 0x2001 (PLL,NANO),
  time constant 6, precision 1.000 us, tolerance 496 ppm,
  pps frequency 53.609 ppm, stability 0.000 ppm, jitter 0.000 us,
  intervals 0, jitter exceeded 0, stability exceeded 0, errors 0.


https://www.linuxquestions.org/questions/slackware-14/ntpd-kernel-reports-time_error-0x2041-clock-unsynchronized-4175636606/

Edit.

I made a new search and found out that the issue has been covered.

https://forum.opnsense.org/index.php?topic=9967.msg45447#msg45447

Pages: [1] 2 3 4
OPNsense is an OSS project © Deciso B.V. 2015 - 2020 All rights reserved
  • SMF 2.0.15 | SMF © 2017, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2