Messages

106

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: March 04, 2019, 08:46:19 pm »

Thanks, mb, and keep up with good work!

Is "VLAN child interfaces support *with OPNsense 19.1.x" means that filtering on VLANs work without netmap kernel?

107

19.1 Legacy Series / Re: WAN Link Cycling Up and Down

« on: March 04, 2019, 08:12:40 pm »

I had this issue before more than a year with Linux based firewall IPFire. Was a bad Intel driver with some of the updates of the firewall.

Here is the workaround:

https://forum.ipfire.org/viewtopic.php?f=50&t=17549&p=111842#p111842

108

Hardware and Performance / Re: Good ITX board with limited availability

« on: March 04, 2019, 05:54:23 pm »

Denverton board will be good with 2+ 10 gigabit interfaces and with CPU with good QAT rate (8 core+). But according to high prices are too early for wide use.

109

Hardware and Performance / Re: Good ITX board with limited availability

« on: March 03, 2019, 08:35:07 pm »

OVPN performace is important, but it's not all when it comes to netmap enabled IPS/Sensei build. For a total of 8GB memory ECC is not viable as in ZFS ARC cache in Proxmox. So for a price/performacne, N3710 is far better for me as a baremetal full-blown OPNsense router. Especially with the prices of LPDDR3/ECC DDR4...

110

Hardware and Performance / Re: Good ITX board with limited availability

« on: March 03, 2019, 07:13:13 am »

The strange is that in some the charts of the review in STH figures N3700 which is always sits better than C3338.
And N3710 is even faster...
I am a bit confused...

111

General Discussion / Re: ProxMox - Opnsense

« on: March 02, 2019, 03:01:17 pm »

Did you tried to set promiscuous mode on the bridges that OPNsense is connected to?

Code: [Select]

ip link set vmbr0 promisc on
change 'vmbr0' with yours...

112

Hardware and Performance / Re: Good ITX board with limited availability

« on: March 02, 2019, 02:29:06 pm »

Will drop Fujitsu boars for now. All are with one Relatek LAN.
Found another budget solution:
https://www.supermicro.com/products/motherboard/X11/X11SBA-LN4F.cfm

Any known problems with Braswell CPUs?

113

Hardware and Performance / Re: Good ITX board with limited availability

« on: February 28, 2019, 02:10:40 pm »

The Fujitsu boards accepts 8-36V DC via DC barrel jack or via 4 pin socket.
There is other problem: one of the ethernets is Realtek

114

Hardware and Performance / Re: Good ITX board with limited availability

« on: February 25, 2019, 11:15:45 pm »

Found it in german site if anyone is interested. Now negotiating shipping and price...

https://www.rutronik24.com/search-result/nojs:1337/qs:D3543-S/reset:0

115

General Discussion / Re: Docker in the OPNsense environment?

« on: February 21, 2019, 05:39:46 pm »

I also use OPNsense not only baremetal, but on ESXi and Proxmox in different scenarios.

Dockers are very popular now and if there was an option to add some dockers to baremetal OPNsense will be more versatile.

116

General Discussion / Re: OpenVPN Multiple Servers/Ports Difficulty

« on: February 18, 2019, 10:29:53 pm »

Firs of all always change the default port (as security measure) and try not to assign used ports on any side of the router.
More than one VPN server needed to access different parts of the internal network or is one is site-to-site and the other is for road warriors(single clients)
And - yes, they can share single SSL certificate.
On my shop i have one for road warriors to acces entire network, and other for clients to access only specific server. They are on high random ports 10000-50000 and both works without issues.

117

19.1 Legacy Series / Re: How to edit the notorious "Default deny rule"

« on: February 18, 2019, 10:18:53 pm »

All of the routers that are in front of the NVR/DVRs are with enabled UPnP and i have no problem to access them from anywhere else. The problem is when i try to access them when i am behind OPNsense firewall. If i am behind plastic router or mobile network or even IPFire i have no problem. Default deny rule - rulenr 6 or rulenr 8

118

Hardware and Performance / Re: Upgrading NIC

« on: February 18, 2019, 06:33:37 pm »

To be clear, I know how to upgrade the hardware, just not sure about the process to get OPNsense to see the new hardware.

If the LAN interface is on the PCIe card, that will be changed, you must assign the new LAN port via local console.(monitor and keyboard).

119

19.1 Legacy Series / Re: How to edit the notorious "Default deny rule"

« on: February 18, 2019, 06:08:00 pm »

...your problem is in your word asymmetrical routing.

That's exactly i want to allow. We build many Dahua surveillance systems and connect them to a SmartPSS on a PC in our shop(behind the OPNsense) by a serial number with corresponding user and password. When the SmartPSS tryes to connect, it sends request to Dahua P2P servers, then Dahua P2P servers contact the corresponding NVR/DVR, which is registers in Dahua servers via UPnP on random ports behind their router, and corresponding NVR/DVR tryes to connect to SmartPSS, but can't because of "Default deny rule"
With simple router and with IPFire that works out of the box.

120

19.1 Legacy Series / Re: How to edit the notorious "Default deny rule"

« on: February 18, 2019, 09:33:53 am »

After disable state tracking in numerous places, now Default deny rule changed from rulenr 6 to rulenr 8. Still no-go. What is rulenr 8?