Messages

1

Documentation and Translation / Floating rules confusion

« on: November 03, 2020, 07:42:31 pm »

I'm confused....... and I think the documentation is not very clear on this

After Floating rules are evaluated, what happens next in the case of using Quick ?
Is the packet re-evaluated against the Interface groups/Interfaces ruleset?

The reason I'm asking is, the only way I can get working IPv6 is by creating a Floating IPv6 rule
e.g. Pass, WAN+Lan1, any direction, IPv6

Edit:
https://forum.opnsense.org/index.php?topic=5789.0

https://forum.opnsense.org/index.php?topic=16829.0

2

19.7 Legacy Series / Re: Port forwarding not working

« on: November 25, 2019, 01:27:54 pm »

Having issues here too. I need a simple 80,443 dest NAT to internal but the "associated filter rules" or whatever is causing it to expose the web login interface

3

Hardware and Performance / Re: Are Realtek NICs really that bad?

« on: November 10, 2019, 08:03:30 pm »

+1 same here. Using multiple Realtek 811X PCIe cards and they work fine Light-to-medium load.
The recent I219V Intel cards (and the driver), on the other hand, have been troublesome

4

Documentation and Translation / Wireless client, wpa

« on: November 04, 2019, 09:08:53 pm »

Why is there no documentation for wireless ? Do you need to install FreeRADIUS plugin to get wireless cards to function in client mode ? Suppose that you have a supported wireless interface (which I don't at the moment), how to test ?

I found this though
https://docs.netgate.com/pfsense/en/latest/wireless/wireless-interface-configuration-details.html

Wireless client with AES encryption

Config on the wireless page:

    Set Mode: Infrastructure Set SSID: SSID of AP Enable WPA: Checked Set The PSK: Shared key from AP in ascii Set WPA mode: WPA Set wpa Key Management Mode: Pre Shared Key Set Authentication: Open System Authentication Set WPA Pairwise: AES

    Channel: Use Auto or configure this to match the channel of the AP to which this client will connect.
    Mode: Infrastructure (BSS)
    SSID: The SSID of the AP to which this client will connect.

The following settings must match those found on the AP, but examples are provided:
    Enable WPA: Checked
    WPA Pre-Shared Key: The “password” set on the AP
    WPA mode: WPA2
    WPA Key Management Mode: Pre Shared Key
    Authentication: Open System Authentication


And this: https://forum.opnsense.org/index.php?topic=6886.msg30043#msg30043

5

19.7 Legacy Series / Re: Tiny internet-facing service on OPNSense - run in jail, or something else?

« on: October 22, 2019, 11:13:24 am »

Interesting topic. 11.0 is no longer available but apeears 11.2 is. OpenSSL old version. If I Remember Correctly, some ports won't build with that old version. SSHd includes insecure ciphers.
So, a number of things that could be or need to be fixed, but other than that, I think that recipe answers your question.
2. You give it an RFC1918 internal address and Destination NAT to that.

6

Tutorials and FAQs / docs/manualinstall.txt

« on: October 02, 2019, 11:02:04 am »

Suggestion: To include this in the install live media
docs/manualinstall.txt
## Manually install OPNsense, for advanced users only
# sysctl kern.geom.debugflags=16
# glabel stop diskid/DISK-......
# gpart destroy -F ada0
# gpart create -s GPT ada0
# gpart add -s 70M -t efi ada0
# gpart add -s 128k -t freebsd-boot ada0
# gpart add -t freebsd-ufs ada0
# gpart show ada0
# gpart bootcode -b /boot/pmbr ada0
# gpart bootcode -p /boot/gptboot -i 2 ada0
# newfs -Uj /dev/ada0p3
# tunefs -L OPNsense /dev/ada0p3
# mount -t ufs .. ..
#/usr/local/bin/cpdup -vvv -o /usr/lib /mnt/usr/lib
...
#/usr/sbin/mtree -U -e -q -f /etc/installed_filesystem.m...  ... ee /mnt/etc/fstab ...
# and so on... fill in the blanks..

The other files are located in /usr/local/share/dfuibe_lua/

7

19.7 Legacy Series / [SOLVED] Dumb installer

« on: October 01, 2019, 06:22:42 pm »

Why won't the dumb installer accept a GPT setup as this ?

ada0 GPT
1 EFI (70M)
2 freebsd-boot (128K)
3 freebsd-ufs (30G)

It just continues to format as MBR. 

EDIT: never mind. Where in the docs does it say that you need to select Guided mode ??

8

Hardware and Performance / Re: Odd LAN Performance Issue

« on: September 22, 2019, 05:55:50 pm »

What are your settings on these:
Hw checksum offload
Hw TSO
Hw LRO
If you leave them at the default (disable), do you still get the issue ?

Seems a bit like the e1000e Linux driver trouble with unexpected resets.
Actually, pretty much all of the intel gigabit adapters. I guess Intel don't bother making a driver that works properly at gigabit.

Anyway, some workarounds collected from different places:
1. Disable gso, gro and tso
2. Turning off Active-State Power Management, pcie_aspm=off
3. Disable C1E in BIOS/UEFI

(1.) Worked here so no need to try 2 & 3