Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - beloc

Pages1
#1
General Discussion / Concern on OPNsense hardware support
October 02, 2018, 06:50:51 AM
Hey guys,

I wanted to ask a general question.. I have a Zotac C1327 NANO Mini-PC here that requires a decent amount of modification to install OPNsense on to. I had to modify the boot.conf and HINTS to disable HPET and SDHCI to even get it to boot and then still had issues with the installer as both an for nano running on a USB stick and as a VGA installer installing onto the local SSD. I actually never was able to get it installed onto the unit.

This concerns me because as a test I took PFsense 2.4.4 (as we now, still built on FreeBSD) and was able to install it with zero boot conf changes and in less than 5 mins. I understand that you guys have taken PFsense and cleaned it up, and I even run OPNsense in many locations one of which being a data-center pushing full 1G WAN links running CARP across two OPNsense boxes and they work great but why the difficulty on a very popular dual-NIC box for SMB use?

I am happy to see the changes being made but this issue concerned me on the the direction and supportability of OPNsense.

Thank you for listening guys.

Regards,
Beloc
#2
General Discussion / CARP Failover with multiple interfaces
August 17, 2018, 07:03:38 AM
Hello guys,

I know that CARP has the ability to do CARP groups (not VHID groups) whereas if one of the members of the group fails, then they all fail regardless of status.  I dont see the ability to do this in OPNsense and this bit me in the tail today. I have to interfaces (LAN and WAN) and I have CARPS on both. The LAN interface is plugged into a switch and the WAN interface is of course plugged into another switch provided by the ISP. My LAN switch had an issue today and the LAN interface failed over to the other OPNsense box on the other switch, however, since the WAN interface switch was fine, the WAN CARPS did not failover causing me to have an issue where traffic was coming into the router on the failed LAN switch but the gateway for the LAN was on the second router which had taken over the CARP for the LAN.. Needless to say, this caused a routing issue.

I assume this needs to be configured:

net.inet.carp.preempt: 1

Am i missing something in the configuration or was this removed?

Beloc
#3
General Discussion / Routing services across IPsec tunnel
June 07, 2018, 07:55:22 PM
Hello guys.. I have a an IPsec tunnel to another location that works fine for internal access. However, I also have a domain controller on the other end of that tunnel that I would like OpenVPN to authenticate to. I have added another gateway pointing to my LAN IP as well as a static route to the IPsec tunnel endpoint address space that points to that gateway but it will still not route. I can see the route in the route table. I know this works fine on pfsense, is there anything different that has to happen on OPNsense?

Thank you for the help.
Pages1