Messages

Windows 11 doesn't update the clock very often by default:
https://www.elevenforum.com/t/how-often-should-clock-synchronize.1181/

Coupled with pc vendors cutting g cost corners and using the less than stable oscillators on the system board leads to clock drift in windows.

I adjust mine every hour, unless I need something more precise. Should keep your drift within a second or two at most.

Adam

I've done something similar before, except I setup a port on the firewall with all of the clans tagged, and another on my switch with all of the clans tagged. I then assigned switch ports to whatever clan I wanted the connected device to be in.

The vlans for you switch (2 and 99) are not defined on the firewall, is vlan 10 defined on the swithport connected to the firewall?

I'd start with grabbing some packet captures of the DNS traffic at the firewall and see if the issue is internal or external.

Realtek has a checkered past with their FreeBSD drivers. Personally, I've had several OPNSense builds using the RTL8111 adapters, and have had decent luck with them. Had a dual port card in a box my son took to college, and it help up without issue to 4 college boys gaming on the internet.

I have not tried a USB to Ethernet adapter with OPNSense. My advice is to give it a try - it may work well enough for your needs.

Adam

Is there a place to set the default phase 1 and phase 2 proposals?

I upgraded two boxes to 23.7 and moved from tunnels to connections and noticed the tunnels wouldn't come up until I change one side from "default" to a handful of proposals.

The "Additional Pools" are for pools within the subnet of the interface:

"If you need additional pools of addresses inside of this subnet outside the above Range"

I have some legacy subnets where the ip's were not managed well, and have statics all of the place. I setup one small subnet, then added a copy of other pools in between the statics.

I think you'll have to setup a vlan to service dhcp out of the new subnet

it auto detected them.

I purchased a 4 port Celeron j4125 appliance using the 2.5gb Intel nice. No issues at all with it. I have a lan, wan and a trunked in terrace with multiple vlans.

Wan interface connects directly to a Motorola cable modem with a 2.5gb Nic. Lan and trunk interfaces are connected into a Ubiquiti 2.5gb switch.

I work from home full-time, and push a lot of data through this. Works well, and I'm happy with it.

I've done this many times. Feel free. to reach out to me if you need help.

I'd be willing to test the Crowdsec plugin when you're ready.

I believe it's a Realtek rtl8111 chipset. I had one a while ago and remember the name.

Check your sticky settings under Firewall>Advanced>Multi-wan. You may want to experiment to see what provides you the most stability.

Not sure if this helps or not, but I have an intel X540-t2 and a X550-t2 (both use the ix driver), and both defaulted to 1500 mtu's. Both are configured with one untagged interface, and one with tagged and untagged interfaces configured.

Under Firewall, Advanced, Multi-wan you'll need to enable "Sticky Connections". You'll also probably want to set a reasonable value in the timeout - say 10 or 15 minutes.

I grabbed the link local address for my pihole (starts with fe) and configure the DHCP6 server to hand out that as the DNS server.
Set the " Use the DNS settings of the DHCPv6 server" in the Router Advertisements.
Make sure to set pihole to listen on all interfaces, and away you go.