Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - jnm

#1
Last night as I was going to bed, I fired off the update and reboot to 17.7.10 on my APU. I got up this morning to a down network. After dragging out the laptop and serial adapter, I found the firewall was up but had reverted all the interface assignments to defaults (re0 -> WAN; re1 -> LAN; re2 -> unconfigured) and had garbled the IP address scheme.

So we went from:

  • re0 -> Public -> <private /24 network 0> (static/t6)
  • re1 -> Private -> <private /24 network 1>(static/t6)
  • re2 -> WAN -> DHCP(v6)
  • zt* -> ZeroTier -> <private /24 network 2>

to:

  • re0 -> WAN -> <private /24 network 1 from above> (static/t6)  :o
  • re1 -> LAN -> unconfigured
  • re2 -> unassigned -> unconfigured
  • zt* -> unassigned -> unconfigured

Once I reassigned interfaces and reset the IP schemes, so far it looks like everything else is okay.
I don't have any idea what happened, but ain't nobody got time for that.  :P If there's an upgrade log somewhere y'all want me to open a Github issue against, point me to the path, and I'll get on it. Or if there's more specific information you'd like, I'll see what I can do.
#2
I have an Atheros AR9280 PCI-e card in an APU, and have configured two virtual NICs in the GUI to use 802.11ng. Best I can tell from https://wiki.freebsd.org/WiFi80211n, there's a driver that supports 802.11g/ng on that card. OPNsense 17.7.9_8-amd64, though, is actually using 802.11b for the interfaces, though.

I'm very comfortable in a Linux environment, but FreeBSD is just unfamiliar enough to leave me floundering a bit. Any idea how I can confirm which driver is being loaded, and can I change that or confirm hardware support somehow?

---

EDIT:

Weird: Looks like manually setting the channel to one using 11ng forces the issue. Channel should auto-select ng when Standard is set that way, huh?
#3
OPNsense 17.7.9_8-amd64

I asked this on IRC earlier, but didn't get a response after a few hours. I figured rather than keep reposting there, I'd put it here:

If I use a bridge interface (between, say, re1 and ath0_wlan1) to serve my private LAN, how can I replicate the various anti-lockout rules that get automatically created for the LAN interface? I think I've got the actual firewall rules right, but would like to be sure. I for sure would like a little direction about the NAT/port forward rule that gets created. I've created multiple new rules that mimic the behavior of the original anti-lockout rules on the wired interface, but would love to clean it up a little by either removing the original rules or redefining them and removing my additions.

TIA, etc. :)