Messages

106

Hardware and Performance / Re: Qotom and the thermal paste...

« on: March 05, 2019, 07:38:56 pm »

Ceramic 2 is an average. Take down the heatsink and see if there is close components exposed next to the CPU crystal die that may be shorted out if the Arctic Silver 5 is too much. And usual amout that is needed is about half to full rice bean. Pea sized sounds too much.

107

Hardware and Performance / Re: Qotom and the thermal paste...

« on: March 05, 2019, 05:50:37 pm »

Keep in mind, that Arctic Silver 5 is electro-conductive compound!
I can't see the CPU because of the heatsink, but if you have MX-4 it's safer choice.

108

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: March 04, 2019, 08:46:19 pm »

Thanks, mb, and keep up with good work!

Is "VLAN child interfaces support *with OPNsense 19.1.x" means that filtering on VLANs work without netmap kernel?

109

19.1 Legacy Series / Re: WAN Link Cycling Up and Down

« on: March 04, 2019, 08:12:40 pm »

I had this issue before more than a year with Linux based firewall IPFire. Was a bad Intel driver with some of the updates of the firewall.

Here is the workaround:

https://forum.ipfire.org/viewtopic.php?f=50&t=17549&p=111842#p111842

110

Hardware and Performance / Re: Good ITX board with limited availability

« on: March 04, 2019, 05:54:23 pm »

Denverton board will be good with 2+ 10 gigabit interfaces and with CPU with good QAT rate (8 core+). But according to high prices are too early for wide use.

111

Hardware and Performance / Re: Good ITX board with limited availability

« on: March 03, 2019, 08:35:07 pm »

OVPN performace is important, but it's not all when it comes to netmap enabled IPS/Sensei build. For a total of 8GB memory ECC is not viable as in ZFS ARC cache in Proxmox. So for a price/performacne, N3710 is far better for me as a baremetal full-blown OPNsense router. Especially with the prices of LPDDR3/ECC DDR4...

112

Hardware and Performance / Re: Good ITX board with limited availability

« on: March 03, 2019, 07:13:13 am »

The strange is that in some the charts of the review in STH figures N3700 which is always sits better than C3338.
And N3710 is even faster...
I am a bit confused...

113

General Discussion / Re: ProxMox - Opnsense

« on: March 02, 2019, 03:01:17 pm »

Did you tried to set promiscuous mode on the bridges that OPNsense is connected to?

Code: [Select]

ip link set vmbr0 promisc on
change 'vmbr0' with yours...

114

Hardware and Performance / Re: Good ITX board with limited availability

« on: March 02, 2019, 02:29:06 pm »

Will drop Fujitsu boars for now. All are with one Relatek LAN.
Found another budget solution:
https://www.supermicro.com/products/motherboard/X11/X11SBA-LN4F.cfm

Any known problems with Braswell CPUs?

115

Hardware and Performance / Re: Good ITX board with limited availability

« on: February 28, 2019, 02:10:40 pm »

The Fujitsu boards accepts 8-36V DC via DC barrel jack or via 4 pin socket.
There is other problem: one of the ethernets is Realtek

116

Hardware and Performance / Re: Good ITX board with limited availability

« on: February 25, 2019, 11:15:45 pm »

Found it in german site if anyone is interested. Now negotiating shipping and price...

https://www.rutronik24.com/search-result/nojs:1337/qs:D3543-S/reset:0

117

General Discussion / Re: Docker in the OPNsense environment?

« on: February 21, 2019, 05:39:46 pm »

I also use OPNsense not only baremetal, but on ESXi and Proxmox in different scenarios.

Dockers are very popular now and if there was an option to add some dockers to baremetal OPNsense will be more versatile.

118

General Discussion / Re: OpenVPN Multiple Servers/Ports Difficulty

« on: February 18, 2019, 10:29:53 pm »

Firs of all always change the default port (as security measure) and try not to assign used ports on any side of the router.
More than one VPN server needed to access different parts of the internal network or is one is site-to-site and the other is for road warriors(single clients)
And - yes, they can share single SSL certificate.
On my shop i have one for road warriors to acces entire network, and other for clients to access only specific server. They are on high random ports 10000-50000 and both works without issues.

119

19.1 Legacy Series / Re: How to edit the notorious "Default deny rule"

« on: February 18, 2019, 10:18:53 pm »

All of the routers that are in front of the NVR/DVRs are with enabled UPnP and i have no problem to access them from anywhere else. The problem is when i try to access them when i am behind OPNsense firewall. If i am behind plastic router or mobile network or even IPFire i have no problem. Default deny rule - rulenr 6 or rulenr 8

120

Hardware and Performance / Re: Upgrading NIC

« on: February 18, 2019, 06:33:37 pm »

To be clear, I know how to upgrade the hardware, just not sure about the process to get OPNsense to see the new hardware.

If the LAN interface is on the PCIe card, that will be changed, you must assign the new LAN port via local console.(monitor and keyboard).