Topics

I've recently been upgrading to 10G at home in advance of getting my line upgraded to 3gbps symmetric, London Community Fibre.

This has been a pain.

I run Opnsense on a Lenovo ThinkCentre M93p, which has an Intel i5-4570 CPU @ 3.20GHz

To this I added an Intel X520-DA2.

One port is connected to my Netgear switch using a Twinax cable, the other to my ONT using a 10Gtek 10GBASE-T SFP+.

This was unreliable, the Twinax connection was rock solid, the 10GBASE-T module flapping every 30s or so.

So, I got a Broadcom 57810S dual Copper card.

This was unreliable, the Twinax connection was rock solid, the 10GBASE-T port flapping every 5s or so.

So, I got a Intel X540-T2 dual Copper card.

This was unreliable, the Twinax connection was rock solid, the 10GBASE-T port flapping every 5-10m or so. Better, but still not usable as DHCP/DHCPv6 would sometimes drop out.

Currently I have the ONT connected to the Netgear switch using the same 10Gtek SFP+ from above. This is 100% solid, not a single flap in three week which tells me the ONT, cabling and the SFP+ are fine.

I then  run the internet connection into into Opnsense on the twinax as a VLAN.

This works, but I really don't like having the internet on the switch, even as a VLAN, and of course it's less than ideal using up bandwidth on the Twinax link that would be used for inter vlan routing on the home side.

I am at a bit of a loss here, given the SFP+ and ONT clearly like each other, so it's not cabling, why can't I get a stable copper connection on opnsense?

All of the above have been tested with hardware offload on/off.

Any ideas gratefully received.

Thanks

I have recently had an upgrade to a gigabit network connection ( lucky me !) that is making my PC Engines APU2 creak at the seams.

Before I decide on new hardware I wanted to press an old quad-core server into service.

This should, I thought, be easy. Four hours later I've given up to have a lie down.

The APU2 has, only, as serial console. The PC doesn't have a serial console but does have VGA.

So when I restore the config at next boot everything goes wrong and I can't get it up to a menu again.
As I can't get to the menu I can't assign the interfaces.
As I can't assign the interfaces I can't get into the gui....

Does anyone know the correct procedure to restore a backup and change the console type at the same time?
Can I edit the backup file in some way?
Should I just start the config from scratch?

Thanks in advance

Hi,
I can't seem to connect to pkg.opnsense.org from anywhere, discovered trying to do a firmware check.

Code Select Expand


root@opnsense:~ # sh -x /usr/local/opnsense/scripts/firmware/changelog.sh fetch
+ set -e
+ DESTDIR=/usr/local/opnsense/changelog
+ WORKDIR=/tmp/changelog
+ FETCH='fetch -qT 5'
+ COMMAND=fetch
+ VERSION=''
+ [ fetch '=' fetch ]
+ changelog_fetch
+ opnsense-version -a
+ CORE_ABI=19.1
+ opnsense-verify -a
+ SYS_ABI=FreeBSD:11:amd64
+ URL=https://pkg.opnsense.org/FreeBSD:11:amd64/19.1/sets/changelog.txz
+ rm -rf /tmp/changelog
+ mkdir -p /tmp/changelog
+ fetch -qT 5 -o /tmp/changelog/changelog.txz.sig https://pkg.opnsense.org/FreeBSD:11:amd64/19.1/sets/changelog.txz.sig
fetch: https://pkg.opnsense.org/FreeBSD:11:amd64/19.1/sets/changelog.txz.sig: Network is unreachable


I thought this might have been a local issue but have checked from a VPS I have as well.

Code Select Expand


[root@vps:~] # nmap -sT pkg.opnsense.org

Starting Nmap 6.40 ( http://nmap.org ) at 2019-07-07 09:50 UTC
Nmap scan report for pkg.opnsense.org (212.32.245.132)
Host is up (0.028s latency).
Not shown: 996 filtered ports
PORT    STATE  SERVICE
22/tcp  open   ssh
80/tcp  closed http
443/tcp closed https
873/tcp open   rsync

Nmap done: 1 IP address (1 host up) scanned in 4.70 seconds


So host appears up but http and https are blocking.

Does anyone have any insight?

Thanks

Up front I think I've done something stupid, so am really wanting to clarify that.

Having recently decided to make the switch to opnsense due to the 'dramas' I wanted a quick way to achieve this.

I run a PCEngines APU2 4gb, although doubt that will make any difference.

For some reason I had got it into my head I could just import a pfsense config to opnsense, and as it mainly worked off I went.

I probably wouldn't have done this were is not for my OpenVPN setups as I didn't want to have to reconfigure all my (and others) client devices.

That and I have quite a few firewall aliases defined that would be a pain to setup again.

I am now suffering from random UI lockups, firewalls behaving strangely and other issues.

I am assuming, and some quick forum reading supports this,  I should never have imported a full config.

Can someone confirm that I've gone down the wrong track?

My plan to rectify is to save current opnsense config, start again and make a basic NAT config, then import OpenVPN/letsencrypt/firewall aliases only from the backup. Then I'll setup firewall/NAT rules from scratch.

Does that sound reasonable, or do I have to go scorched earth?

Thanks in advance

Thanks

I've recently made the switch from pfsense for 'reasons'.

This has in the main been a smooth process, running on a PCEngines APU2.

One small thing I'm missing is the ability to have multiple subnets advertised by radvd, but it is minor as I've just got my raspberry pi to advertise the second one.

Reason I do this is I have a HE.net for internet access, but as this could change, and hopefully will when Virgin media finally enable ipv6, I also use a block in fc00::/7 for local permanent addresses.

It would be nice if opnsense supported this as pfsense did.

Other than that I'm enjoying the interface a lot more and appreciate the ability to run libressl.

Apologies if this is the wrong area to post this.