Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Kingrat

#1
19.7 Legacy Series / Re: Using Opnsense as DHCP server
October 19, 2019, 05:12:29 AM
It looks like what you are doing is trying to use dhcp helper/relay type configuration. ISC dhcpd does support it but this feature is not currently implemented in either *sense project. They may not have enough people demanding it to make it worth the time it would take to implement/it is probably lower on the priority list unless someone wants to step up and implement it in a good way. There are several issues on github for this already including https://github.com/opnsense/plugins/issues/1105

In general I would say if your network is large enough to need the complexity of the dhcp relay you would probably be better served by building your own dedicated hosts for it anyway in which case it shouldn't be an issue. To set things up the way it is currently you would just need to create vlan interfaces on the OPNsense firewall, you will need ip addresses and access to the networks you want to have connect to the internet or other networks anyway right? In my mind its not a big deal for most smaller networks to just set it up the straight forward way...

In case you just missed it look under interfaces, other types, vlan, and you can click the add button. All you need then is the parent interface it will be on and the vlan tag.
#2
What about the alias tables under /var/db/aliastables? Are you being blocked because your address is or is not in one of those (because it is not updating?) There was just a commit to address geo ip alias tables not updating (no expiration set in config)

If your alias tables in there are not actually updating try opnsense-patch ae5692b which includes setting a default expiration of 1 day.
#3
Looking at my config it looks like I did have powerd enabled with hadp which seems to be problematic historically.

Temp idles around 56c with or without core boost.

I currently restored my config in to a VM so I can troubleshoot the hardware. I reloaded from scratch and I am currently running 4 processes of openssl speed in a loop to load up all cores to 100%, temp is sitting around  59c with 400% load. I updated it from console but have not restored my config on to it.

So far so good but I am going to bake it for a day or two and see if it fails. I have a console connection hooked up now so hopefully I get something if it does crash again. I will try and enable powerd again on it and see if that causes it to hang to confirm if that is the issue.
#4
Anyone else having stability issues/crashing since the clock boosting was added? I have tried 4.9.0.2 and a couple of versions inbetween as well as 4.10.0.0, all releases have been unstable for me past 4.9.0.1 since the added cpu boost. I have removed all the tunables I had in /boot/loader.conf.local from before, it seems to give me a CAM status: Command timeout message in dmesg before becoming completely unresponsive. I had tunables in place before that which were required in the past to install older versions of opnsense for ahci issues which have since been fixed. I have the KingFast 16GB msata in mine. It seems to run between 6-12 hours between lockups on average, sometimes a couple of hours sometimes a day.
#5
Im on Spectrum as well in a TWC legacy area. IPV6 has always worked fine for me after a fresh reboot but I had problems with it not working after basically any hiccup that caused the lan interface to flap eg. disconnecting or updating my switch. I had to check "Prevent Release" under my WAN interface and that fixed that issue for me. I'm even using a /56 prefix and have no more problems with IPV6 currently.
#6
I was under the assumption that you can select the rules using the left checkbox or the top left checkbox to select/deselect all of the rules and then click the lower left buttons to enable or disable all of the selected rules. On the right I manually disabled some of them to see if I could change them all to enabled or disabled and didn't have any luck.

I did try it later on different rules or with a single rule selected and it seemed to work then so I don't know if maybe its just super slow with multiple rules or has issues with multiple rules being selected. I have been out of town and haven't really gone deeper in to it yet.
#7
18.7.3, selecting the sids I want to enable or disable and clicking either button for enable/disable selected does not appear to be working. Any ideas? Bug?

#8
18.1 Legacy Series / Re: Firewall rule ignored
September 17, 2018, 01:32:17 AM
This is the expected behavior. You would need a switch that supports ACLs as the traffic between devices on the same lan should never pass through the firewall.

You could use the firewall on the host itself OR put the host on its own VLAN so that it is no longer on the same network, then you could control access to it with firewall rules.
#9
Easiest would be to go to go to menu option 13) Restore from a backup and select a config from before you made the change.