Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - donatom3

#1
So Vlans are working now, but I've had 2 complete loss of internet today since being on Zenarmor emulated with the new 23.1.5-netmap2. I wasn't home so I couldn't tell if it was ZenArmor or Suricata that was the issue.
Before the netmap upgrade in the past I would only lose internet inside and I could use Zenarmors cloud portal to restart it on my router and bring internet back up, or wireguard and get into my router to restart it. Now with the new netmap I'm losing control remotely, I can't use wireguard or Zenarmor's page to restart it.
#2
I'll have to restart later today but all my vlan interfaces are having problems with this update using both emulated and native in Zenarmor with ipv4, ipv6 seems to be fine.

Restarting individual services didn't help, only stopping zenarmor did. So I will just restart the whole router later tonight when I can
#3
So I have a server running Docker. I have the server's IP address in as a gateway with a route to one of hte docker subnets. This works great except since 22.7 the server can no longer get DNS from the router.
The router replies back with 0.0.0.0.53 as the source when I'm checking my packet captures. If I change the IP address of the server but leave the gateway the same it's fine. Then I can change the gateway to the new server IP, but after the next reboot the issue starts again.

Interface   Capture output
LAN
ixl2   19:45:45.200444 IP 10.0.1.5.43508 > 10.0.10.1.53: UDP, length 51
LAN
ixl2   19:45:45.200673 IP 0.0.0.0.53 > 10.0.1.5.43508: UDP, length 55

10.0.1.5 is my internal Gateway that I have a single route to.

I notice in the state table all these states show "NO_Traffic:Single". The firewall rule I found for the 0.0.0.0.53 > 10.0.1.5 states all used the "let anything out from firewall" rule.
#4
I did this via unbound.

Go into unbound and under dns over tls. You should have four fields in unbound "DNS over TLS". Domain, Server IP, Server Port, and Verify CN". If you don't what version of OPNSense are you running?
Add each server it gives you. Should be 2 x ipv4 and 2 x ipv6(if you use ipv6)
Put in the IP address in the ip address box and the full hostname in the cn box, and 853 for the port.
This way unbound is handling everything locally and forwarding all requests to Adguard. Issue here unlike nextdns is that adguard will see everything as one device.
#5
I just waited and I can run through no issues today.
#6
Quote from: meazz1 on February 01, 2022, 01:04:06 AM
I got the same issue on 22.1 after I updated sunnyvalley to 1.2.1, os-sesi to 1.10.1.
So, I uninstalled and reinstalled zenarmor, while coiffuring ZI get the error  in hardware configuration "We could not locate ubench package, tried to install it, and installation did not work.".

Help pls.

I'm seeing the same thing wondering if it's possibly the repo.
#7
Zenarmor (Sensei) / Re: 22.1.b3
January 24, 2022, 12:53:23 AM
You need to switch back to "community' after upgrading to 22.1.b3 and upgrade to 22.1.r2
#8
This is great to hear. I'm looking at the new dec750 or a dec840 with warranty breaking ram upgrade possibly. It would mean I wouldn't need to spend the extra for the dec850 for my needs.
#9
21.7 Legacy Series / Re: OPNSense 21.7 ZFS
July 29, 2021, 08:56:13 AM
That's great. Both my installs went well so I saw no reason to go back and do this. But next time I need to setup a new unit I can save time, so glad to have ZFS.
#10
21.7 Legacy Series / OPNSense 21.7 ZFS
July 29, 2021, 04:30:30 AM
So my current install was a Freebsd install using ZFS and then bootstrap to install 21.7.
Do I gain anything by reimaging my firewall with 21.7 iso vs keeping my current install that's been upgraded to 21.7.
I don't mind taking the extra downtime now if there is an actual difference between the two, or for all intents and purposes is the bootstrap install make my machine as stock opnsense as possible.
#11
Quote from: franco on January 28, 2021, 10:10:15 AM
I kind of doubt it's fixed in FreeBSD, but we will have to see if driver updates are available... FWIW, no driver updates have been added to 21.1.


Cheers,
Franco

Thanks I have 2 qotom boxes both using the i211 chipsets and they're both having a problem with the new modem from the cable company. Was running them on 20.7.8 before the 21.1 upgrade The company even replaced the modem, but I'm seeing lots of link up and downs on only the interface connected to the modem. I'm about to try a switch in between the modem and router.
#12
I'm seeing this same issue on 21.1 with igb drivers for intel 211nics.
#13
Hardware and Performance / Re: SYS-E300-9D-4CN8TP
January 27, 2021, 07:10:36 AM
I'm running this exact model. 16gb of ram, 512gb ssd (it's what I had)
Runing IPS, Sensei, and it's been great.

Now do note where you put it. It's not the quietest, but that could also be because of the glass front of my rack. (I may remove that).

Was able to use cheap 10gtek transceivers to my Aruba 1930 switch to no problem.
Also ran one of the wintek 10gbase-t adapters to connect to my cable modem that has a 2.5gbps port and can pull 1.2gbps down on my internet.
#14
Zenarmor (Sensei) / Re: Opnsense 21.1-r1
January 25, 2021, 11:04:03 PM
Is 1.7 out, I'm not seeing an update to 1.7 on my 21.1-r1 install either.
#15
20.7 Legacy Series / Re: Testing Shaper
January 10, 2021, 06:23:29 PM
Are you using PIE or codel? I've switched all my pipes and queues to PIE on my 1.2gb/45mb cable connection.

I've attached what mine look like.
All my downstream queues have destination on the mask with PIE enabled, and upsteam has source on the mask with pie.