16
22.1 Legacy Series / Re: how to verify that ddclient (new DDNS) is working - FIXED
« on: May 20, 2022, 10:52:42 pm »
I posted how I did it via the gui above.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
17
22.1 Legacy Series / Re: how to verify that ddclient (new DDNS) is working - FIXED
« on: May 19, 2022, 09:09:28 pm »
I did it via the gui by selecting:
Enabled - Y
Service - Custom
Protocol - DynDns2
Server - dynupdate.no-ip.com
Username - <as appropriate>
Password - <as appropriate>
Wildcard - N
Hostnames - <as appropriate>
Check IP Method - Interface
Force SSL - Y
Interface to monitor - WAN
Then it worked fine.
Enabled - Y
Service - Custom
Protocol - DynDns2
Server - dynupdate.no-ip.com
Username - <as appropriate>
Password - <as appropriate>
Wildcard - N
Hostnames - <as appropriate>
Check IP Method - Interface
Force SSL - Y
Interface to monitor - WAN
Then it worked fine.
18
22.1 Legacy Series / Re: how to verify that ddclient (new DDNS) is working
« on: May 18, 2022, 10:18:41 pm »
No IP has a control panel you can log into also doesnt it?
19
Zenarmor (Sensei) / Re: packagesite.pkg: Not Found error
« on: May 13, 2022, 05:23:59 pm »
Yes I saw this error:
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.1/OpenSSL/latest/packagesite.pkg: Not Found
I was already ignoring it since I didnt feel like looking into it when I noticed it, so will continue to do so.
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.1/OpenSSL/latest/packagesite.pkg: Not Found
I was already ignoring it since I didnt feel like looking into it when I noticed it, so will continue to do so.
20
Zenarmor (Sensei) / Re: PPPoEeeeeeeee
« on: March 11, 2022, 03:40:44 am »
Seems to work on zenarmor but not sure about suricata, or I can select the interface in the options.
21
22.1 Legacy Series / Re: CPU utilization much higher than with pfSense
« on: February 27, 2022, 05:03:33 am »
This is often asked and normally its because pfsense defaults is to disable spectre/meltdown while opnsense enables these mitigations consuming more cpu. You can lookup the tunables to disable them and see if cpu returns to what you had before.
22
22.1 Legacy Series / Re: Appliance running hotter after 22.1 update?
« on: February 21, 2022, 02:32:53 am »
I would agree, its like installing the same app on windows 7, then upgrading to windows 8 and saying that the same app runs hotter/uses more cpu. Too much has changed under the hood to look at opnsense. The OS got bigger, uses more cpu cycles and with each new version of freebsd or whatever it will always tend to use more cpu as time goes on.
23
22.1 Legacy Series / Re: [Tutorial/Call for Testing] Enabling Receive Side Scaling on OPNsense
« on: February 12, 2022, 04:22:05 am »
Ok cool, guess it works then. Or at least no problems. Unsure if anyone is seeing some major benefit. Guess I dont hammer my firewall enough.
24
22.1 Legacy Series / Re: [Tutorial/Call for Testing] Enabling Receive Side Scaling on OPNsense
« on: February 12, 2022, 04:06:45 am »
Thank you zz00mm.
Based on what you said I did this in my screenshot.
I tested before and after things like latency, speed upload download etc from opnsense itself and from a client machine and also checked cpu etc.
Before and after I could detect no discernible difference. I was expecting some sort of speed boost but apparently not much changed.
Here is my output of commands. I guess its working although I dont see any benefit at all from it. Not sure if thats expected? Everything is the same even the temperatures of the unit.
Based on what you said I did this in my screenshot.
I tested before and after things like latency, speed upload download etc from opnsense itself and from a client machine and also checked cpu etc.
Before and after I could detect no discernible difference. I was expecting some sort of speed boost but apparently not much changed.
Here is my output of commands. I guess its working although I dont see any benefit at all from it. Not sure if thats expected? Everything is the same even the temperatures of the unit.
25
21.7 Legacy Series / Re: Why is custom options for Unbound removed in 21.7 ?
« on: February 11, 2022, 07:10:40 pm »
Problem is in open source is there are no coders developing something then just moaning that it must be maintained in a certain way is not helpful. When you bring up other companies and say company x would never have done this they would have supported Y in some way, this is illogical. They pay people to code whatever they want. Open source does not work this way. Either you contribute or you dont moan. So either write and submit the code you want added or learn to adapt like the rest of us have.
26
22.1 Legacy Series / Re: [Tutorial/Call for Testing] Enabling Receive Side Scaling on OPNsense
« on: February 11, 2022, 06:05:52 pm »
Hello,
I would also like to test this improvement with RSS. I have read through all the forum posts and believe I need to make these changes. I have a protectli with ix (ixl?) NIC driver and also 2 cores, 4 threads.
The values I believe I need to set are as following under the gui tunables section:
net.isr.maxthreads = 4
net.isr.dispatch = deferred
hw.ix.enable_rss = 1
net.isr.bindthreads = 1
net.inet.rss.enabled = 1
net.inet.rss.bits = 2
Does this above 6 tunables seem to make sense. Sorry for asking, its hard to follow but I believe they should work correctly.
Also I am on OPNsense 22.1-amd64 .
Do i need to still run this command?
opnsense-update -zfkr 21.7.2-rss -D
Or can I just change to a dev build or something?
Many thanks in advance. I will do some performance testing before and after if someone can confirm my changes
Kind regards
Pete
I would also like to test this improvement with RSS. I have read through all the forum posts and believe I need to make these changes. I have a protectli with ix (ixl?) NIC driver and also 2 cores, 4 threads.
The values I believe I need to set are as following under the gui tunables section:
net.isr.maxthreads = 4
net.isr.dispatch = deferred
hw.ix.enable_rss = 1
net.isr.bindthreads = 1
net.inet.rss.enabled = 1
net.inet.rss.bits = 2
Does this above 6 tunables seem to make sense. Sorry for asking, its hard to follow but I believe they should work correctly.
Also I am on OPNsense 22.1-amd64 .
Do i need to still run this command?
opnsense-update -zfkr 21.7.2-rss -D
Or can I just change to a dev build or something?
Many thanks in advance. I will do some performance testing before and after if someone can confirm my changes
Kind regards
Pete
27
Hardware and Performance / Re: Deciso DEC850 - CPU speed goes up only to 1500MHz instead of 3100MHz?
« on: February 09, 2022, 05:03:43 am »
I thought that if you didnt enable powerd then your cpu would not turbo. That was what i read about powerd anyway.
28
General Discussion / Re: OPNsense compared to turn-key solutions from other vendors
« on: February 08, 2022, 05:16:17 am »
I would only use it with Zenarmor as the other (free) options are not enterprise level.
29
22.1 Legacy Series / Re: Appliance running hotter after 22.1 update?
« on: February 05, 2022, 11:30:54 pm »
I believe you are correct and replied to your post on reddit with my findings. Opnsense is slower if highadaptive is not used because under some cases it uses only 1 core and this causes issues with adaptive governor in powerd. This means you must run the appliance hotter to get performance in the test you described. There is no way around it if opnsense only uses 1 core for certain things.
30
Tutorials and FAQs / Re: Access home LAN from outside - VPN or Port Forwarding (Pros and Cons)
« on: February 03, 2022, 03:45:36 am »
@ranceh it is unfortunate but ports being open in that way is no longer safe, even with key based login because a vulnerability can be found. You should consider using a reverse proxy solution such as guacamole which can give access to rdp/ssh etc instead if a vpn is not feasible or alternatively using wireguard on a port such as 53 or 443 or some port that can bypass prevenative measure that try block vpns. Another option that works well is using something like zerotier that will use udp hole punching to bypass a strict firewall or route via their beacons when that does not work. All these options are preferable to opening a port.