Topics

1

Hardware and Performance / Anyone tried one of these new Dual NIC AMD NUC machines?

« on: August 08, 2020, 02:31:46 am »

In my never ending journey to try and find some little box that's easy on power and easy on the wallet, this might be my new favourite.

https://store.minisforum.com/products/minisforum-um300-mini-pc?variant=35186874581153
AMD are pretty good on power too. 

Not sure what the NIC's are yet.

Browsing around the site, I see four other models with dual NIC including this older INTEL i3 for US$289 https://store.minisforum.com/collections/home-mini-pc-series/products/minisforum-u500-h-mini-pc however there are also new ones coming.

Has anyone tried one?

2

20.1 Legacy Series / How to route LAN traffic to VPN for one target host? LAN>VPN>TARGET

« on: April 15, 2020, 11:58:42 pm »

Dear all, I have a target IP address on a VPN which hosts an NFS mount that I'm using as a backup target.  I need an internal host to be able to connect to that 24x7 through the firewall.

It's using OpenConnect as it's a Cisco VPN, which for the most part seems to be working.  I can ping the host with the NFS mount from the OPNsense host.

I do not own the remote network, though I can ring up and get support for it e.g. to understand the topology.  However I'm stuck wondering on a few points.

If I am to add a static route to direct traffic to the foreign address, the route requires a gateway which appears does not exist in the drop down list.  I would have thought there was some kind of dynamic gateway added, but I can't find it. 

So I assume I have to manually add a gateway under System, Gateways.

Question: What do I put in the IP address field?  The target VPN connects with a 172.16. address and the host is a 10.12 address.  Must I create a new address in the first of this range?  Or can I add a third subnet that routes through the other two, given that they are not networks that belong to me?

Any other advice that I might need?

I am a bit nervous working on this remotely and trying to be careful I don't lock myself out (I currently connect via VPN). This box sits in my home and I am stuck in another country due to COVID-19. Conversely, this backup is so that if something happens to that box, I can get to it from another place while stuck overseas and bring back up the critical services! (The downsides of self hosting the first months of a new startup!)

Many thanks,

Marshalleq

3

Web Proxy Filtering and Caching / Windows Update Cache / Linux Package Cache

« on: August 09, 2018, 05:44:53 am »

Hi all - first OPNsense post having moved over from IPFire...  Being that I repair a lot of computers as favours for people, the caching of Windows Updates and Linux Packages is a big deal.  However in the age of SSL I don't really care about caching web traffic - there's just not enough HTTP traffic left and I'm not a fan of utilising man in the middle certs etc.  So, questions below:

Q1 - Does anyone know how best to configure the cache just for this purpose?  I find the terminology a bit ambiguous - seems memory might not actually mean memory.
Q2 - Is this based on the update accelerator stuff here? https://github.com/pbinks/update-accelerator

Q3 - If based on update-accelerator, did we leave mac updates out for a reason (IPFire had this). 

Thanks!

(not sure if the Mac stuff is excluded here on purpose