Topics

1

24.1 Legacy Series / LAN+WAN on 1 (dual) NIC or on 2? Which is better?

« on: June 04, 2024, 11:44:35 am »

Hello experts

I'm building a new gateway, and I was wondering if it is better* to use two interfaces for LAN + WAN or just one dual interface?

By “better” I'm thinking of max throughput, features, security, CPU usage, etc. so quite broad. Does it make any difference, or is it all just theoretical at best?


EDIT TO ADD:

Follow-up question: If using a dual NIC for two LANs, would internal switching etc. happen or does everything still need to leave the card? In other words, would the above matter with two LANs if not with WAN + LAN?

2

23.7 Legacy Series / Baffled over strange behaviour

« on: August 01, 2023, 12:58:46 pm »

I'm having a strange problem and I have no idea where to even start. I'll try my best to explain:

At seemingly random intervals (we are talking days or weeks), the network suddenly goes down for the PCs on our LAN. Between these PCs and OPNsense there is 1 Cisco and 1 HP (fibre) switch and the connection to both of those also dies (from the PCs LAN). No WebGUI, no ping. Each time it has happened I've run around like a headless chicken trying to fix it by rebooting the switches, rebooting PCs, etc. etc. because surely it must be here the issue lies. Well, the fix was to reboot OPNsense - then everything comes up back again. But how does OPNsense taking a crap kill ping to a switch two hops away?

A simple diagram:

Several PCs connect to Cisco switch ----> HP switch connecting different LANs ----> OPNsense ---- Internet ---> Dragons

I tried using Wireshark, but couldn't see anything out of the ordinary, but then again I'm no expert. The fix for now is using an older OPNsense box, but it is a bit too slow to handle the almost 1 Gbit/s traffic, so I got to get the newer one running as soon as possible.

Running latest version (23.7 I believe?) on both boxes.

3

23.1 Legacy Series / Enable permanent logging in nano

« on: June 13, 2023, 03:02:29 pm »

Hi there 

I just installed OPNsense on a SSD disk from a nano image via SSH. Booted right up which was pretty cool as I forgot a serial cable. Now I'm wondering how I change some logs from logging to RAM to logging to disk as in non-nano images?

I thought "Local Logging - Disable writing log files to the local disk" would be the setting used, but it is off in nano.

4

General Discussion / Forum text on mobile

« on: June 05, 2023, 09:05:55 pm »

Is there a good reason that something like 2/3 of posts in the forum (always replies) are not the same fontsize as everything else? It makes reading on mobile a real pain, having to zoom in on every second post or something like that. Seems an easy fix 

5

Virtual private networks / Wireguard Always-On dies when behind OPNsense

« on: June 02, 2023, 09:26:01 pm »

Hello experts 

I have a quick question: I have WireGuard set to Always On, on some phones, but when they are on the local network on Wi-Fi inside OPNsense VPN stops working/can't connect. What is the correct way to fix this, so it isn't necessary to turn the VPN on and off? DNS override? NAT reflection? 

Thanks!

6

22.1 Legacy Series / Blocked by Default Deny... but there's a Default Allow rule

« on: December 15, 2021, 04:52:50 am »

Hi all 

I'm confused what is going on here and I'm sorry if I'm missing something obvious. If you look at the screenshots attached you'll see there's a default allow rule that allows all IPv4 traffic (rule 11) but I still get blocked by a default block rule (rule 12). Is it because of some TCP flag or something? Because HTTPS works fine while Netflix speedtest at port 443 gets blocked 

7

General Discussion / Multiple WAN IPs on each interface with DHCP possible?

« on: November 14, 2020, 10:17:45 pm »

Hello experts 

Is it possible to have multiple WAN IPs on a interface via DHCP? We have multiple WAN IPs but while they are static in practice they get handed out by DHCP upstream. This means setting up the IPs as a static Virtual IP won't work as there are no route to the addresses before a lease is made. Our current (pfsense) firewall do not support this but I'm hoping a new opnsense setup will.

Thank you.