Messages

https://github.com/opnsense/docs/blob/77fd7b8b7a844092fbff832f28a1f26574a23d65/source/manual/how-tos/lan_bridge.rst

Thanks, this worked!

If I have some extra lines to extend here and there, could I send to you for importing into the docs?

I would be more cautious to conclude so quickly, that the ECC support has REALLY been completed 100%. Knowing the history of this topic dates back to more than 2 yrs in fact, with many miscommunication and blind guessing!

Thanks for the constant status updates :) Eagerly waiting for your results.

By the way: pls dont forget that there is a current known issue in coreboot 4.8.x regarding CPU downlclocking:
https://github.com/pcengines/coreboot/issues/196

so make sure the poor performance is not because the APU lowers the clockrate after couple of minutes uptime to  @600 Mhz , instead of 1Ghz :)

Hello all,

I know this is an old thread, but hope resurrecting from the dead wont harm anyone.

I am trying to accomplish something similar as the OP.

My router has a total of 3 interfaces:

- igb0: that physical interface is connecting to the WAN, there is no question at this part
- igb1: that physical interface was formerly configured as  THE "LAN" interface. This interface connects to a L2 switchport, and has been configured with a static IP for example 10.0.0.1 (the LAN subnet is for example 10.0.0.0/24). All clients reach the internet through the L2 switchport conecting to the routers igb1 interface
- igb2: that physical interface was never used, and as a result never created, e.g. its not listed in the interface list

But, now I have to implement a new change: enable igb2 (called OPT1 in the interface list). Connect a PC to igb2, that should be part of the same 10.0.0.0/24 LAN as the rest of the network behind igb1. This new PC should also be able both to reach internet through the router. Existing users should reach the router through the same "igb1" interface, as before.
Unfortunately connecting this PC to the existing L2 switch on an unused switchport is not an option. I thought a virtual interface called "bridge0" setup as "Other type\bridge", populated with two members:
member1: igb1
member2: igb2
would be the only viable solution. And this is where I am actually stuck: I administer the router via HTTP (its IP 10.0.0.1, assigned to igb1) from a PC. I somehow figured out, that the LAN address 10.0.0.1 should be migrated from the physical interface called "igb" to the newly created virtual interface called "bridge0". But doing it from the network in-band sounds a very risky procedure, as any mistake or incorrect sequence of steps done can lock me out of the box in a millisecond. Perform this whole LAN bridging config via out-of-band (serial connection) sounds more reasonable.

And this is where I stuck: all I could find was this thread in the forum, the opnsense GUI or the WIKI is 0.00% helpful in this topic. After reading this Step1-5 procedure, I believe some steps in the middle are either missing, or not explained in greater details. But for me it results loss of access to the router, and have to roll-back interface assignment: LAN --> igb1 to get access to the router again (thanks god I have a serial, and the router is in physical proximity).

Somebody with some spare time could maybe copy-paste the entire text from step1-5, and extend with some more verbose details, like which interface(s) owns the LAN mgmt IP at what step, which physical interface (igb1,2) is member of what group (bridge or solo or unassigned?) during the procedure, which step requires mandatory config apply, router reboot, which menu item in the GUI should be used to perform the step, etc. etc. etc.?

I do understand jokes, its just that I dont like them :)

Ok, to be serious: (possibly) the core team are wasting a lot of their precious time if the frequently asked questions are answered every single time in this forum. Instead of getting the same answer (as it has already been typed into the database in the past), copy-paste it to a relevant place on the wiki. Instant win! No need to type it twice, forum is not inflated unnecessarily, and wiki pages are progressing at least into some form of completion.

I think thats what I am going to do. After I learned how Github basics works.

The only thing worries me, why nobody from the thousands of community member has already added these simple parts? Is your approval system, that makes people give up the effort to make docs better?

I must agree with every single word you said. The reason people in this forum keep asking the same 20 questions  over and over and over, that docs are in very bad shape. The wiki is not at the level of being called as documentation. I'd spend money on a proper written book, only problem nobody will write a proper book about a software that changes every 2 weeks :-(

And of course, you could always help by submitting something to the wiki once you find out how it works, that's what some of us do, you then help others. Yes, things change quite often, that's because OPNsense is evolving - and long may it continue to do so.

I know its difficult for you guys -who revolve around this product 24/7/365 and know most of its parts by heart- to believe me, that the product documentation needs a general overhaul. Take this as positive constructive  criticism, no reason to be offended at it.

I always recommend in such situations, try to find some volunteer friends, who are not IT illiterates (know some Linux/BSD basics and familiar with the workings of a generic firewall), but (important!) have zero experience with this specific product. Sit with them together, and tell them:

"Hey buddy, here is a "new" firewall called Opnsense, here is a blank PC or SoC. Goal is to have a running router with some basic firewall setup and a working WAN connection. Pls try to install it without assistance. Try to use only the wiki.opnsense.org and try to find answer for all your questions there."

I would record all the obstacles, that the wiki was unable to solve, thus would generate +1 more unnecessary thread opened here in this forum.

https://wiki.opnsense.org/manual/install.html --> for example, this one seems to me a very rudimentary draft page: the CLI setup for the interfaces has been finished with these 2 lines, no further explanation, no helping hand if one got stuck here or what to do if someone makes a mistake:

After installation the system will prompt you for the interface assignment, if you ignore this then default settings are applied. Installation ends with the login prompt.


Some links to more "advanced" setup like WAN-PPPOE would be feasible.

"OPNsense installation images are provided on a regular bases together with mayor versions in January and July. More information on our release schedule is available from our package repository see README" -->
https://pkg.opnsense.org/releases/16.1/README : this URL is broken for example.

No description of the naming convention of the releases: <2digit YEAR code>.<1 digit code of the month when the major release was issued>.<bi-weekly updates until the next major releases comes>. Most probably this is all trivial for experienced people, but not really for newcomers.

https://wiki.opnsense.org/manual.html --> I dont really understand what this picture of a happy dutch guy has to do with the manual, but whatever. Ok, to be ontopic: separation of the so called user manual vs. developer manual would suggest as a normal firewall admin all I can possible need, will be found in the user manual. Unless I am a plugin developer, in which case I should consult the developer manual. But this is clearly not the case, in order to even understand the basic architecture of this product (which is hardly pictured anywhere), I need to read through the developer-centric manual. As I'm not developer, for me its rather difficult to understand, which parts of the modification makes me a "developer" while other changes are by nature of the product, and even normal firewall admins have to do it via that way.

Again, no blaming, just would highlight this as an unacknowledged issue.

I'm on 4.0.19. Live CD is a good idea .. I can try this next week.

Ok.
By the way, better to use firmware 4.0.18, because 19 has some new boot issue, that has been found recently, and its a big mistery when will pcengines fix it in 4.0.20.

Update: actually they released it already:
https://pcengines.github.io/#lr-12
There seems to be a related fix: "pfSense 2.4.x fails to boot when no USB stick is plugged"

Quick question: can you tell me
1) what BIOS is running on the board (should be the first thing visible on the serial output if powered on)
2) What storage have you added to the board? Are you trying to boot from SD card or from internal mSATA or something else?

Ps. I managed to run Freebsd 11.2 from a USB drive in Live mode, did not install it to the internal mSATA hard drive.

My apprentice set it up last week, did some BIOS Updates, will start tomorrow :)

Thanks, I'm really curious to see your results!

Hi,
I'm running pfSense for years and am quite familiar with it. Now I want to check if I should switch to OPNsense, therefor I need to read the documentation a little.

My problem is that the Wiki feels very confusing. Am I the only one having problems with it?

What I feel makes it difficult to read:

- I can't see if there are subpages to a chapter. When I click on it I can see the small "tree structure" icon. I would prefer to see directly if there is more behind this point.
- The structure feels not straightforward. After initial installation I want to set up rules. I can't find a chapter "Firewalling". Either it's hidden in a sub-chapter but as I am new to OPNsense, I feel "lost".
- What role does "HowTos" play? Is it part of the documentation or are these specific scenarios which are described in more detail?

I know, you can use the search function, but if you are new and want to get a first overview and the principles behind, I feel very difficult.

So my question to you: Am I using it wrong? Is there a better place to start?

Thanks for your feedback and help :)

I must agree with every single word you said. The reason people in this forum keep asking the same 20 questions  over and over and over, that docs are in very bad shape. The wiki is not at the level of being called as documentation. I'd spend money on a proper written book, only problem nobody will write a proper book about a software that changes every 2 weeks :-(

It's here on my table and installed, but I didnt find the yet, sorry.
Hopefully next week :/

Hello, did you manage to check it?

It's here on my table and installed, but I didnt find the yet, sorry.
Hopefully next week :/

No problem, take your time and have fun! Hope you can find some clever solution, I am mostly stuck since some time.

Note: be careful what BIOS version you flash! Check these links to be in picture:
https://pcengines.github.io
https://github.com/pcengines/coreboot/issues/196
http://www.pcengines.info/forums/?page=post&id=4C472C95-E846-42BF-BC41-43D1C54DFBEA&fid=6D8DBBA4-9D40-4C87-B471-80CB5D9BD945
http://pcengines.ch/howto.htm#bios

Yes, its kinda mess how unorganized the docs are for this company.

Next week I should get my device and will put it in my lab. Lets see ..

Hello mimugmail,
did you have a chance to look at the perf of the his box?

I would prefer upload instructions, preferably sftp, as I don't know where to publish it without causing the mirrors to resync it which would work against the general idea of deprecating the use of older versions.


Cheers,
Franco

You should at least issue a warning (similar to a new release issued), when old versions will be deleted. Not in ad-hoc manner, like randomly after 18.7.3 is out. Would be preferred to push this info right into the face of users when they are e.g. at the download page. Currently neither the https://opnsense.org/download/ nor the on-device opnsense webgui / firmware update says anything about when the actual release should expire.

Take this as kind recommendation, to make the product more mature in terms of support predictability.