Messages

121

Hardware and Performance / Re: N100 for PPPoE 1Gb?

« on: February 13, 2024, 04:44:48 pm »

Looking at buying a new hardware and moving to Opnsense (I am currently running Untangle).
It looks like an N100 is the right price/performance at the moment - but I need to get 1Gb PPPoE line performance (this is how my internet circle is delivered).

All the new hardware (have been looking at CWWK/HUNSN from ali or amazon) seems to come with i226 which seems to still have some issues? Would I be ok with this hardware?

I can't speak to PPPoE as I don't use it, but i225/i226 is hit or miss.  I've posted a thread to try and isolate the variable since some people have zero problems and others have a lot.  I'm currently using i225 with no issues.

122

Hardware and Performance / Re: Rename network interface because the the physical order is not good

« on: February 13, 2024, 04:30:43 pm »

I'm a bit confused as to your end goal here.  Once you assign an interface it will now have a name that will be used throughout the UI.  So I'm not sure what difference it makes regarding the driver number.

If you're attempting to use the same configs over multiple machines, I don't know that this is the way to go.  I believe someone posted semi recently about having two identical machines with different port orders, presumably due to the internal tracing of the board.

If there are physical labels already printed on the case, then you would just assign the same names in the UI, regardless of whether it's igb1, 2 or 3.

123

Hardware and Performance / Re: Upgrade path from quad port 1G Intel NIC

« on: February 13, 2024, 04:23:31 pm »

Clerarly the Mikrotik/Mellanox option is the best for ultimate performance and flexibility, however I think you need to first ask if your APs are actually going to output at 2.5G all the time. If you are running Ubiquiti then your Unifi Controller can help there.

Personally I would do this in increments. I would solve for the 2.5G piece first. This would then mean swapping out your quad port Intel card with a 2.5G quad card. I would stay in the Intel world bc driver compatibility is better, although Realtek is getting better all the time. I live by the "if it aint broke dont fix it" theory of life, so I would stay with Intel. The i225 is a widely used standard, so you should have no issues finding drivers. It looks like OPNsense supported i225 with 22.1.

So in summary:

1) Determine how much data you are going to run through the APs. Maybe the 1G option is still doable and you do not have to change anything.
2) If you are hitting the 1G limit on the APs then I would upgrade to a 2.5G Intel board bc of driver support/compatibility.
3) If money is no object then Mikrotik/Mellanox option is the way to go.

Steve

Oh, I know that I'll be fine with the existing 1G and don't need to upgrade to 2.5G.  I just want to in order to take advantage of the higher speed port.

I'm actually switching from Unifi to Engenius.  Between the whole "hack" and the lack of ports higher than 1G I've been looking for a change for a while now.  Wendell had a video last year talking about Engenius and a promotion they were doing of half off for those wanting to migrate from Unifi and I took advantage of that.

I know OPNsense supports the i225 as I'm currently running one for my WAN to eek out that last bit of over provisioning.   As I've noted elsewhere, I've had no problems with my setup, but a lot of people have had issues with i225 NICs.  And the fact that Intel only makes a dual port card gives me some pause.  Not sure if there's an issue there or not when so many embedded devices come with quad i225 NICs.

Due to the concerns regarding Realtek and i225 NICs along with the fact that I eventually want to upgrade to the Mikrotik, I'm not sure if I want to spend the money to test them out.  Changing to either the Realtek or the i225 would require me to take down the whole network and then go through the hassle of reordering my interfaces due to the driver change.

Is that all worth it to get the new shiny that will likely provide zero day to day benefit?  I don't know, and why I was hoping others could chime in with their experiences.  The cost of the Realtek and Zima NICs together almost equal the Mikrotik, and while I know I could fairly easily send the Realtek back to Amazon, I have no idea what a Zima return experience is like.  And lastly, I can't think of what I'd do with the quad port once I finally do upgrade to the Mikrotik.

124

Hardware and Performance / Upgrade path from quad port 1G Intel NIC

« on: February 11, 2024, 08:16:54 pm »

I'm currently using a quad port 1G Intel NIC with OPNsense and it's working great.  However, I'm in the process of replacing my APs and the new ones have 2.5G ports.  These are the options I'm looking at but I'd like to know what the community thinks and if there might be something I missed.

• A Realtek quad port 2.5G NIC.  https://www.amazon.com/Quad-Port-2-5GBase-T-RTL8125B-Ethernet-Controller/dp/B09V28PXMR
  The cheapest option at $80 and currently with an available coupon to bring the price down even further.  However, it's a Realtek so I'm concerned how well it will work with OPNsense.
• An i225 quad port 2.5G NIC.  https://shop.zimaboard.com/products/pcie-x4-to-4-port-2-5-gigabit-ethernet-card-intel-i225-chipset
  It's an Intel chipset and only slightly more expensive than the Realtek, but it also has the uncertainty of i225, especially considering it's made by Zima and not Intel.
• A Mellanox dual port 10G NIC and the Mikrotik CRS310-8G+2S+IN.
  The most expensive option at around $300 for a used Mellanox and new Mikrotik, but it would give me the most capability and flexibility.  It's also where I currently plan on ending up in the long term.

Obviously if money was no object I could just go with the third option and call it done, but I don't want to spend that much right now.  Which means I can either do nothing and deal with 1G for the time being or I try one of the under $100 options.  Not sure if they're worth the risk.

Any suggestions, predictions, or experience with any of the above?

125

General Discussion / Is there a newsletter or other capability announcement option?

« on: February 09, 2024, 10:12:35 pm »

I know that there are the release posts on the forum, blog, reddit, twitter, etc, but is there a mailing list, dashboard widget or any other functionality for updating people and calling out new capabilities?

I usually check out the release notes whenever I see them posted and I'd like to consider myself a relatively knowledgeable user of OPNsense, but somehow I managed to be completely blindsided by the fact that CrowdSec has been available functionality since 22.1.  It wasn't until I saw ZenArmor post their tutorial about it that I realized.  https://www.zenarmor.com/docs/network-security-tutorials/how-to-install-and-configure-crowdsec-on-opnsense

I think it might be helpful to have additional announcements, mailings, or something calling out things like this and not just releases.  I know not everyone reads the release notes and it can be easy to inadvertently skim past a line item.  It doesn't need to be a tutorial or anything like that.  Just a brief notice highlighting the availability or improvement in the capability of a function.  I can't think of a text example offhand, but something akin to a techtok or youtube shorts tip, but obviously not in video format as that's a lot more work than I think would be needed.

Maybe even an occasionally post highlighting some existing functionality and documentation that people may not have realized or thought about.

126

Development and Code Review / Re: BSD Future/Roadmap

« on: February 09, 2024, 10:01:06 pm »

I have not seen Kris Moore or any iX representative at a FreeBSD vendor or enterprise users summit. Neither in one of the regular bhyve/jails production users and developer calls scheduled by Michael Dexter.

Nor - if they indeed have technical difficulties with FreeBSD and specific hardware - has anyone contacted the FreeBSD foundation or the relevant developers like Kristof Provost (networking) or Warner Losh (NVMe/PCIe).

Nor have I seen any one from iX at a EuroBSDCon in years. They might attend the "domestic" (i.e. US based) conferences, I don't know.

I have not heard from any other vendor about "concerns" and certainly not from Netflix who are one of the most prominent and most intensive users of the technology.

Interesting.  Thanks for the information.  Outside of OPNsense and TrueNAS Core I'm not particularly familiar with the BSD world so I wouldn't even know where to look.

127

Tutorials and FAQs / Re: Need Setup Config Help

« on: February 09, 2024, 09:59:14 pm »

What would need to be done to fix unbound to work properly? If i left it "as is" would that cause security issues?

My end goal would be to make OPNsense my main router, after i learn how to use it.

No idea as we don't know why it's not working.  And you also skipped providing several pieces of info I've asked for at various times so it's hard to even venture a guess.

I don't use Unbound in recursive mode but I also use DoT for my upstream.

128

Hardware and Performance / Re: Intel i225/i226 2.5G NIC Information/Issue Tracking Thread

« on: February 09, 2024, 09:57:15 pm »

Uff, currently I can not find any pictures of my unit for the internals. But I will soon do a maintenance, re-pasting and cleaning so I will take a photo of the chip.

I don't believe the chip requires any sort of heat sink.  I certainty didn't remove one to check mine.

In regards of the issue, interesting so there is some dependency between H/W that is causing this?

As I mentioned the NIC that I have is performing very well.

Regards,
S.

Why do I feel like none of you read the linked PDF?  It lays out the details in there, including what they think the problem is, what issues it causes, and why only some people see it.  It also has the version table and the information of how to check your model.

129

Virtual private networks / Re: Wireguard - No Handshake, No Incomming Traffic, No Client Errors

« on: February 09, 2024, 09:50:39 pm »

At the moment the repository doesn't seem to be working. So I can't reinstall it right now.

I followed the instructions in the documentary and then used YouTube to help.

It's that whole youtube for help thing that muddies the water.  Not knowing where you got stuck originally and everything you did to try and fix it makes it hard to troubleshoot.

What issue are you seeing with the repository?  You can't install if you're not up to date.  I don't recall if that means just patches or major versions as well.

130

Tutorials and FAQs / Re: Need Setup Config Help

« on: February 08, 2024, 07:41:02 pm »

Checking the nameservers on Query Forwarding fixed the problem. I now have internet access.

Thank you. I really appreciate the help with fixing the problem.

Your problem isn't really fixed, just had a bandaid applied.  The issue is that Unbound isn't working correctly in recursive mode.  That's still the case.  What you did changed it from recursive to forwarder mode.

Depending on your use case, you may want it to be working as a forwarder instead of recursive.  But it's still a good idea to figure out why recursive mode is broken.

131

Hardware and Performance / Re: QSFP NICs and breakout cables

« on: February 08, 2024, 07:36:12 pm »

Well now. That has an effect on the landscape.

If I have to use a switch I think I'd end up with something like the Mirkotik CRS326-24S+2Q+RM to do the breakout, which means a whole passel of additional cost.

From the initial reading I had done I assumed it was something similar to LSI IR/IT firmware except without having to flash any firmware to change.

I'll probably end up revisiting QSFP later when I start working to move to shared VM storage but I won't need QSFP in OPNsense for that.

132

Development and Code Review / Re: BSD Future/Roadmap

« on: February 08, 2024, 07:30:08 pm »

I think the intentions of my starting this thread may have been misconstrued.  Currently I use two BSD systems, OPNsense and TrueNAS Core.  I've been very happy with the experience of both of them.  I assumed that would have been known by the amount of time I spend here trying to help people figure out their issues.

The future of BSD and the discussion of the path forward with TrueNAS has come up a lot in that community.  Reading through Kris' post made me wonder what the maintainers of OPNsense thought and what they saw as the way ahead.

I'm not attempting to convince anyone to switch to or from anything.  Just curious if it had been talked about as Kris mentions that there has been a lot of discussion among vendors of FreeBSD based solutions, although he doesn't mention any in particular.

We (and many other vendors of FreeBSD based solutions, some still keeping quiet) have shared a concern for years now about its long term viability in the wider marketplace of solutions being based on newer and faster paced technologies.

I'm trying to get an idea of how things might look in 2030+ so that I can keep an eye out and plan/react accordingly.  Obviously, no one knows for sure but everyone has opinions.

I hope that helps explain things.

133

Hardware and Performance / Re: Intel i225/i226 2.5G NIC Information/Issue Tracking Thread

« on: February 08, 2024, 07:18:39 pm »

BTW, just the pciconf isn't particularly helpful.  According to the Intel PDF, the issue is only seen when connected to certain equipment.  This is why I posted what I was connected to along with what speeds I observed and if I was having any problems.

134

Hardware and Performance / Re: Intel i225/i226 2.5G NIC Information/Issue Tracking Thread

« on: February 08, 2024, 07:14:50 pm »

I tried to look at the output to find similar code, but the output of the pciconf show HEX values and there is nothing that is similar to the SPEC CODEs mentioned in the sheet.

However I updated my post with the output.

Regards,
S.

What I'm referring to is the code that's directly printed on the chip.  You would have to physically look at it in order to determine that.  Here is the reference image Intel uses in the PDF.  The Spec Code would be QVKX, which amusingly isn't anywhere in their chart of I225 codes.

As far as I know, it's not possible to get the Spec Code from software.  But if someone figures out a method I'll be happy to update the first post with it.

135

Development and Code Review / BSD Future/Roadmap

« on: February 03, 2024, 08:29:41 pm »

I don't know how much folks are paying attention to TrueNAS and what they're doing now that they have both a Linux and BSD version but with the current state of affairs regarding BSD I wanted to bring it up here and see what Deciso and the maintainers where thinking regarding the future of BSD.  Here is what Kris Moore of iX Systems had to say regarding their thoughts on it.

https://www.truenas.com/community/threads/what-is-the-future-of-truenas-core.116049/page-2#post-804807

His whole post(and that whole thread as well) is worth reading, but I wanted to highlight one particular part.

Take a look at all the work Intel is pouring into Linux for up and coming technologies like CXL, which will be highly relevant to all of us very soon. Does a vendor like iX want to duplicate that effort into the FreeBSD stack, often at a very high cost of time and resource that could have been used for other efforts? Or if we do for that one tech how about others? Pick any other random feature which already has a perfectly viable equivalent on the Linux side of the fence with a very active user and developer base. You have to know where to best spend your (very limited) time and resource, and re-inventing wheels without some very tangible benefit (not just "caching up") isn't a good strategy. That said, I'm not one of those "FreeBSD is dying" doomsayers, I think it won't just "die", its going to just become more and more of a hobbyist and academia focused OS, and that's not necessarily a bad thing. But I think the odds of it having a serious resurgence at this point in wider industry relevance is very very low. Of course it could still happen, and maybe I'll eat my words someday, but just looking at the facts right now in 2024, I'd be hard pressed to place any real bet on that.

I will say that I'm very happy with OPNsense and I don't plan on moving away anytime soon.  But it makes me wonder and I'd like to know what those in charge can share regarding where they see things headed.