Topics

1

17.7 Legacy Series / upgraded to 17.7.10 - lost interface assignments

« on: December 15, 2017, 03:04:51 pm »

Last night as I was going to bed, I fired off the update and reboot to 17.7.10 on my APU. I got up this morning to a down network. After dragging out the laptop and serial adapter, I found the firewall was up but had reverted all the interface assignments to defaults (re0 -> WAN; re1 -> LAN; re2 -> unconfigured) and had garbled the IP address scheme.

So we went from:

• re0 -> Public -> <private /24 network 0> (static/t6)
• re1 -> Private -> <private /24 network 1>(static/t6)
• re2 -> WAN -> DHCP(v6)
• zt* -> ZeroTier -> <private /24 network 2>

to:

• re0 -> WAN -> <private /24 network 1 from above> (static/t6) 
• re1 -> LAN -> unconfigured
• re2 -> unassigned -> unconfigured
• zt* -> unassigned -> unconfigured

Once I reassigned interfaces and reset the IP schemes, so far it looks like everything else is okay.
I don't have any idea what happened, but ain't nobody got time for that.  If there's an upgrade log somewhere y'all want me to open a Github issue against, point me to the path, and I'll get on it. Or if there's more specific information you'd like, I'll see what I can do.

2

17.7 Legacy Series / wireless interfaces only running 802.11b despite n capability/ GUI config

« on: December 08, 2017, 08:53:06 pm »

I have an Atheros AR9280 PCI-e card in an APU, and have configured two virtual NICs in the GUI to use 802.11ng. Best I can tell from https://wiki.freebsd.org/WiFi80211n, there's a driver that supports 802.11g/ng on that card. OPNsense 17.7.9_8-amd64, though, is actually using 802.11b for the interfaces, though.

I'm very comfortable in a Linux environment, but FreeBSD is just unfamiliar enough to leave me floundering a bit. Any idea how I can confirm which driver is being loaded, and can I change that or confirm hardware support somehow?

---

EDIT:

Weird: Looks like manually setting the channel to one using 11ng forces the issue. Channel should auto-select ng when Standard is set that way, huh?

3

17.7 Legacy Series / how to move anti-lockout rules to a bridge interface

« on: December 08, 2017, 08:01:57 pm »

OPNsense 17.7.9_8-amd64

I asked this on IRC earlier, but didn't get a response after a few hours. I figured rather than keep reposting there, I'd put it here:

If I use a bridge interface (between, say, re1 and ath0_wlan1) to serve my private LAN, how can I replicate the various anti-lockout rules that get automatically created for the LAN interface? I think I've got the actual firewall rules right, but would like to be sure. I for sure would like a little direction about the NAT/port forward rule that gets created. I've created multiple new rules that mimic the behavior of the original anti-lockout rules on the wired interface, but would love to clean it up a little by either removing the original rules or redefining them and removing my additions.

TIA, etc.