Messages

[sysctl dev.cpu | grep temperature]

Hello,

Im testing new Intel N200 box, and came across interesting issue with CPU temperature reporting. My fanless box is practically cool to touch, but CPU temp in OPNSense is reporting 45 degrees, that it seemd to me too much. So I did some digging.

If I log in console and issue, I got more realistic CPU temp with command;

sysctl dev.cpu | grep temperature
dev.cpu.3.temperature: 35.0C
dev.cpu.2.temperature: 35.0C
dev.cpu.1.temperature: 36.0C
dev.cpu.0.temperature: 35.0C

I checked what command is OPNSense using for temp sensors and its;

sysctl -a | grep temperature
hw.acpi.thermal.tz0.temperature: 27.9C
dev.cpu.3.temperature: 45.0C
dev.cpu.2.temperature: 45.0C
dev.cpu.1.temperature: 44.0C
dev.cpu.0.temperature: 43.0C

If I stress test the machine this 2 temps come together at 55 degrees after 30 min witch is ok.

I installed HTOP and check the temp there, the lower values are reported, with occasional spike above 40 but average at 36 - 37 degrees.

I live booted linux on the same machine and checked linux temp sensors .. they are also reporting average of 36 - 38 degrees.

Out of curiosity I also spin up pfsense, and temp was also ok .. no spikes above 40 degrees. - but pfsense is using different command to read cpu temp then opnsense.

Overall this is not life threatening situation 😊 😊, but only my observation I decided to post it here. According to my testing both temps are correct higher temp is actually achieved by CPU when short load hits it, but it lasts less then a second and it falls to 36 degrees. It looks to me that the command sysctl -a | grep temperature is displaying max values in certain period, averaging in higher temp in dashboard that it really is.


I also tested this on my other firewall running Intel core I5 and there the difference is max 2-3 degrees Celsius, that its not really noticeable.

I also searched the forum, and few similar post have already been posted;

https://forum.opnsense.org/index.php?topic=34395.msg166556#msg166556

I think that it would be good to revise the temp monitoring and maybe use sysctl dev.cpu | grep temperature as it reports more "real" CPU temp.

Regards,

[directly]

Ok, lets try again  :)

First you need to identify interfaces that you would like to use...you can issue a command from console;

pciconf -lv

and search for your intereface names em0, em1, em2 and try to identify witch is witch..

Then reconfigure them again from console;

select 1 Assign interfaces, and dont use 'a' but assign them manually for WAN and for LAN.

eg. em1 for WAN and em2 for LAN

After that you go and assign IP address to interface:

Select 2 - Set interface IP address

LAN - set whatewer you plan to use; default is 192.168.1.1/24

Plug in your laptop directly into LAN port of your  opnsense router and you should be able to acccess the web GUI.

Boot opnsense and assign interface for LAN and WAN from the console. For LAN interface assign address and enable DHCP on it and connection will work since your PC will recive DHCP IP via the LAN port or via switch if you connect LAN port direct to switch.

BTW web ui url will be written in console once you assign interfaces.

I played with fitlet3 but returned it, the onboard NICs dosent work, on one part freebsd is missing Marvell driver and aditionally Intel drivers, currently non are supported even in freebsd 14. The new fitlet3 also runs verry hot, too much for my liking, that was the deciding factor to return it.

Would it make sense to include htop by default in OPNSense?..I also allways install it..not that is hard work to install it :), but sure is more usable than top.

As for linux firewall and free, you have Vyos .. but its primarily routing platform, where on the other side OPNsense is firewall platform + lots of plugins, but both can be used as router/firewall. Big downside and in my opinion why vyos is not more popular is lack of GUI, but the development in that direction looks really good. I'm using both, and both have pluses and minuses. As for the code quality I can't judge nether OPNSense or Vyos.

Hello,

It depends what you want to achieve..so first I would suggest to read what Adguardhome does, what Zenarmor does etc.. Since part of functionality is overlapping. Then decide what is suitable for you. Free Zenarmor is limited in terms of functionality, so review features of each and decide if you need paid version.

Do you have any publicly accessible web servers inside your network? If yes - crowdsec could be useful. The same with the proxy..

Obviously USB stick is properly made than. Regarding HW itself I cant be more help how to boot it, since I don't own the box. Sorry. Good luck.

How did you create USB stick? Put USB stick in your PC an try to boot from it, to verify that USB stick is ok.

There is a thread here for the same box, you just need to boot it properly.

https://forum.opnsense.org/index.php?topic=4196.0

Hey..maybe try with this ;)

https://docs.opnsense.org/manual/install.html#opnsense-installer

you should boot from USB, login with user:installer and pass:opnsense .. folow the docs afterwards.

Hope this helps.

Will do some testing when I receive the box, will try plain freebsd 14 first, if its working by default in freebsd 14 it will eventually come to opnsense, I hope :), but for freebsd 13.1 and also 13.2 diver is not there yet.

Hello,

Just checking if maybe someone has tested fitlet3 from compulab...I ordered a test unit long time ago, since they had issues with availability the delivery delayed, and I should recive it in couple of weeks now.

Meanwhile they changed Intel onboard LAN controller to Marvel 88E1512 phys. I'm not sure if the controller is supported under freebsd 13.1 or opnsense, at least thats what they stated recently on their wiki page:

http://fit-pc.com/wiki/index.php?title=Fitlet3_Errata_Notes#FITLET3ERR005:_fitlet3_default_LAN_interfaces_are_not_recognized_by_some_-nix_based_OS

Previous version fitlet2 had intel controllers all around, and it was an excellent little box, I hope that the driver issue can be included also in opnsense. What I managed to find is "some kind" of driver in freebsd 14 branch

https://cgit.freebsd.org/src/commit/?id=adff82ea35b77a2961376f0806794698d97ed018 , but since I'm no SW developer I dont have a clue if its the right one :), and if its possible to manually install it without recompiling.

Any feedback appreciated,

Regards,

please no :), this are 2 totaly different products. No serious enteprise user will merge this 2 together.

Usually I don't comment such topics, but world really doesn't need another pfsense:opnsense war, there are enough wars already.

Main curse of open source is that its open. And when money starts to talk it becomes closed, and hard to stear without common sense (pfsense example)..

Software quality would be light years better, if we wouldn't have 1000 linux distros, with all those developers working on same SW base with XY desktop manager, because they don't like what the first distro uses...but at the end it gives us variety and possibility to choose.

Just my 2c.

call me stupid but i dont see the error in cofig :), my map files, public and local have all backends (subdomains defined internet accessible and local accessible), also the https frontend has the LOCAL_SUBDOMAINS_map-rule in first place and PUBLIC in second place.

will read it a few more times :)