"
Just bought CWWK N100 unit. I was paying attention to N5105 but ultimately waited for N100 and the reviews. Alder Lake-N is much faster than Jasper Lake.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#17
Hardware and Performance / Re: 10Gbit performance problems with Chelsio T520-SO-CR
June 24, 2023, 09:12:12 PM
*sense isn't great at routing. However the odd thing i find is that my Atom C3558 and Intel X710 hit a wall at 5-6Gbps of iperf3 traffic while Netgate claim 6100 with same CPU running pfsense plus can push almost 10G. Does anybody know what '10k ACLs' mean on their specs?
At the end I gave up trying 10G inter-VLAN routing with FreeBSD firewall, mainly because i don't actually need 10G routing. I'm moving from Supermicro 1U appliance to a Chinese fanless mini PC with new Intel N100 SoC and 5x 2.5GbE port.
If you really need 10G routing, try VyOS. It's CLI only and require steep learning curve but it's linux based and very decent at routing.
At the end I gave up trying 10G inter-VLAN routing with FreeBSD firewall, mainly because i don't actually need 10G routing. I'm moving from Supermicro 1U appliance to a Chinese fanless mini PC with new Intel N100 SoC and 5x 2.5GbE port.
If you really need 10G routing, try VyOS. It's CLI only and require steep learning curve but it's linux based and very decent at routing.
#18
General Discussion / I don't understand Step 9 of 'WireGuard Selective Routing to external provider'
June 23, 2023, 01:51:36 PM
Hello,
I've got my selective routing up and running for awhile with just 2 tunnels to Mullvad. I followed this official documentation:
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
What I don't understand is the purpose of Step 9 with that Floating rule. My setup doesn't seem to be affected with or without that rule. Can somebody explain to me what it does ? I consider myself pretty familiar with firewall rules, but with a Floating rule not selecting any interface i don't understand. Beside that, pfsense guide does not have that step which is even weirder to me.
Also, I have 2 tunnels each with both IPv4 and IPv6 gateways. Does that mean I need total of 4 of that floating rules for 4 gateways?
Thanks!
I've got my selective routing up and running for awhile with just 2 tunnels to Mullvad. I followed this official documentation:
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
What I don't understand is the purpose of Step 9 with that Floating rule. My setup doesn't seem to be affected with or without that rule. Can somebody explain to me what it does ? I consider myself pretty familiar with firewall rules, but with a Floating rule not selecting any interface i don't understand. Beside that, pfsense guide does not have that step which is even weirder to me.
Also, I have 2 tunnels each with both IPv4 and IPv6 gateways. Does that mean I need total of 4 of that floating rules for 4 gateways?
Thanks!
#19
21.7 Legacy Series / Re: IPv6 - Block traffic between local interfaces
October 22, 2021, 09:22:23 AM
Hmm i thought the firewall block inter-vlan traffic by default? I imagine that firewall remember the prefixes/addresses assigned to each interface and therefore can block it automatically?
I'm just wondering because i don't have same setup. My ISP only provide a single /64 thus i can only give it to a single interface. Perhaps i will encounter this problem later when i have more prefixes for more vlans.
I'm just wondering because i don't have same setup. My ISP only provide a single /64 thus i can only give it to a single interface. Perhaps i will encounter this problem later when i have more prefixes for more vlans.
#20
21.7 Legacy Series / NTP stopped after WAN went down briefly
August 27, 2021, 03:03:46 PM
I restarted the ISP-provided modem (in bridge mode), Opnsense then get new WAN address as usual but NTP daemon stopped permanently and could not be manually started unless I have to reboot the firewall.
My guess is that it was listening on an interface that track WAN for IPv6 address, and somehow WAN going down caused this.
Here's the full log:
My guess is that it was listening on an interface that track WAN for IPv6 address, and somehow WAN going down caused this.
Here's the full log:
Code Select
2021-08-27T00:36:15 ntpd[70683] daemon child exited with code 1
2021-08-27T00:36:15 ntpd[91311] unable to bind to wildcard address :: - another process may be running - EXITING
2021-08-27T00:36:15 ntpd[91311] restrict: 'monitor' cannot be disabled while 'limited' is enabled
2021-08-27T00:36:15 ntpd[91311] gps base set to 2021-07-11 (week 2166)
2021-08-27T00:36:15 ntpd[91311] basedate set to 2021-07-10
2021-08-27T00:36:15 ntpd[91311] proto: precision = 0.134 usec (-23)
2021-08-27T00:36:15 ntpd[70683] ----------------------------------------------------
2021-08-27T00:36:15 ntpd[70683] available at https://www.nwtime.org/support
2021-08-27T00:36:15 ntpd[70683] corporation. Support and training for ntp-4 are
2021-08-27T00:36:15 ntpd[70683] Inc. (NTF), a non-profit 501(c)(3) public-benefit
2021-08-27T00:36:15 ntpd[70683] ntp-4 is maintained by Network Time Foundation,
2021-08-27T00:36:15 ntpd[70683] ----------------------------------------------------
2021-08-27T00:36:15 ntpd[70683] Command line: /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
2021-08-27T00:36:15 ntpd[70683] ntpd 4.2.8p15@1.3728-o Thu Jul 22 12:42:44 UTC 2021 (1): Starting
2021-08-27T00:36:06 ntpd[27532] daemon child exited with code 1
2021-08-27T00:36:06 ntpd[39687] unable to bind to wildcard address :: - another process may be running - EXITING
2021-08-27T00:36:06 ntpd[39687] restrict: 'monitor' cannot be disabled while 'limited' is enabled
2021-08-27T00:36:06 ntpd[39687] gps base set to 2021-07-11 (week 2166)
2021-08-27T00:36:06 ntpd[39687] basedate set to 2021-07-10
2021-08-27T00:36:06 ntpd[39687] proto: precision = 0.134 usec (-23)
2021-08-27T00:36:06 ntpd[39687] proto: precision = 0.134 usec (-23)
2021-08-27T00:36:06 ntpd[27532] ----------------------------------------------------
2021-08-27T00:36:06 ntpd[27532] available at https://www.nwtime.org/support
2021-08-27T00:36:06 ntpd[27532] corporation. Support and training for ntp-4 are
2021-08-27T00:36:06 ntpd[27532] Inc. (NTF), a non-profit 501(c)(3) public-benefit
2021-08-27T00:36:06 ntpd[27532] ntp-4 is maintained by Network Time Foundation,
2021-08-27T00:36:06 ntpd[27532] ----------------------------------------------------
2021-08-27T00:36:06 ntpd[27532] Command line: /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
2021-08-27T00:36:06 ntpd[27532] ntpd 4.2.8p15@1.3728-o Thu Jul 22 12:42:44 UTC 2021 (1): Starting
2021-08-27T00:35:49 ntpd[70489] daemon child exited with code 1
2021-08-27T00:35:49 ntpd[81772] unable to bind to wildcard address :: - another process may be running - EXITING
2021-08-27T00:35:49 ntpd[81772] restrict: 'monitor' cannot be disabled while 'limited' is enabled
2021-08-27T00:35:49 ntpd[81772] gps base set to 2021-07-11 (week 2166)
2021-08-27T00:35:49 ntpd[81772] basedate set to 2021-07-10
2021-08-27T00:35:49 ntpd[81772] proto: precision = 0.136 usec (-23)
2021-08-27T00:35:49 ntpd[70489] ----------------------------------------------------
2021-08-27T00:35:49 ntpd[70489] available at https://www.nwtime.org/support
2021-08-27T00:35:49 ntpd[70489] corporation. Support and training for ntp-4 are
2021-08-27T00:35:49 ntpd[70489] Inc. (NTF), a non-profit 501(c)(3) public-benefit
2021-08-27T00:35:49 ntpd[70489] ntp-4 is maintained by Network Time Foundation,
2021-08-27T00:35:49 ntpd[70489] ----------------------------------------------------
2021-08-27T00:35:49 ntpd[70489] Command line: /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
2021-08-27T00:35:49 ntpd[70489] ntpd 4.2.8p15@1.3728-o Thu Jul 22 12:42:44 UTC 2021 (1): Starting
2021-08-27T00:35:34 ntpd[76094] daemon child exited with code 1
2021-08-27T00:35:34 ntpd[88905] unable to bind to wildcard address :: - another process may be running - EXITING
2021-08-27T00:35:34 ntpd[88905] restrict: 'monitor' cannot be disabled while 'limited' is enabled
2021-08-27T00:35:34 ntpd[88905] gps base set to 2021-07-11 (week 2166)
2021-08-27T00:35:34 ntpd[88905] basedate set to 2021-07-10
2021-08-27T00:35:34 ntpd[88905] proto: precision = 0.134 usec (-23)
2021-08-27T00:35:34 ntpd[76094] ----------------------------------------------------
2021-08-27T00:35:34 ntpd[76094] available at https://www.nwtime.org/support
2021-08-27T00:35:34 ntpd[76094] corporation. Support and training for ntp-4 are
2021-08-27T00:35:34 ntpd[76094] Inc. (NTF), a non-profit 501(c)(3) public-benefit
2021-08-27T00:35:34 ntpd[76094] ntp-4 is maintained by Network Time Foundation,
2021-08-27T00:35:34 ntpd[76094] ----------------------------------------------------
2021-08-27T00:35:34 ntpd[76094] Command line: /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
2021-08-27T00:35:34 ntpd[76094] ntpd 4.2.8p15@1.3728-o Thu Jul 22 12:42:44 UTC 2021 (1): Starting
2021-08-27T00:35:34 ntpd[27324] daemon child exited with code 1
2021-08-27T00:35:34 ntpd[59351] unable to bind to wildcard address :: - another process may be running - EXITING
2021-08-27T00:35:34 ntpd[59351] restrict: 'monitor' cannot be disabled while 'limited' is enabled
2021-08-27T00:35:34 ntpd[59351] gps base set to 2021-07-11 (week 2166)
2021-08-27T00:35:34 ntpd[59351] basedate set to 2021-07-10
2021-08-27T00:35:34 ntpd[59351] proto: precision = 0.135 usec (-23)
2021-08-27T00:35:34 ntpd[38070] kernel reports TIME_ERROR: 0x2041: Clock Unsynchronized
2021-08-27T00:35:34 ntpd[38070] kernel reports TIME_ERROR: 0x2041: Clock Unsynchronized
2021-08-27T00:35:34 ntpd[38070] Listening on routing socket on fd #43 for interface updates
2021-08-27T00:35:34 ntpd[38070] Listen normally on 22 ix0_vlan99 10.0.99.1:123
2021-08-27T00:35:34 ntpd[38070] Listen normally on 21 ix0_vlan99 [fe80::3333:44ff:fe55:6666%19]:123
2021-08-27T00:35:34 ntpd[38070] Listen normally on 20 ix0_vlan98 10.0.98.1:123
2021-08-27T00:35:34 ntpd[38070] Listen normally on 19 ix0_vlan98 [fe80::3333:44ff:fe55:6666%18]:123
2021-08-27T00:35:34 ntpd[38070] Listen normally on 18 ix0_vlan60 10.0.60.1:123
2021-08-27T00:35:34 ntpd[38070] Listen normally on 17 ix0_vlan60 [fe80::3333:44ff:fe55:6666%17]:123
2021-08-27T00:35:34 ntpd[38070] Listen normally on 16 ix0_vlan40 10.0.40.1:123
2021-08-27T00:35:34 ntpd[38070] Listen normally on 15 ix0_vlan40 [fe80::3333:44ff:fe55:6666%15]:123
2021-08-27T00:35:34 ntpd[38070] Listen normally on 14 ix0_vlan30 10.0.30.1:123
2021-08-27T00:35:34 ntpd[38070] Listen normally on 13 ix0_vlan30 [fe80::3333:44ff:fe55:6666%14]:123
2021-08-27T00:35:34 ntpd[38070] Listen normally on 12 ix0_vlan20 10.0.20.1:123
2021-08-27T00:35:34 ntpd[38070] Listen normally on 11 ix0_vlan20 [fe80::3333:44ff:fe55:6666%13]:123
2021-08-27T00:35:34 ntpd[38070] Listen normally on 10 ix0_vlan10 [2001:ee0:4161:a5ce:3333:44ff:fe55:6666]:123
2021-08-27T00:35:34 ntpd[38070] Listen normally on 9 ix0_vlan10 10.0.10.1:123
2021-08-27T00:35:34 ntpd[38070] Listen normally on 8 ix0_vlan10 [fe80::3333:44ff:fe55:6666%12]:123
2021-08-27T00:35:34 ntpd[38070] Listen normally on 7 ix0_vlan9 10.0.9.1:123
2021-08-27T00:35:34 ntpd[38070] Listen normally on 6 ix0_vlan9 [fe80::3333:44ff:fe55:6666%11]:123
2021-08-27T00:35:34 ntpd[38070] Listen normally on 5 lo0 127.0.0.1:123
2021-08-27T00:35:34 ntpd[38070] Listen normally on 4 lo0 [::1]:123
2021-08-27T00:35:34 ntpd[38070] Listen normally on 3 ix2 [fe80::aaaa:bbff:fecc:dddd%5]:123
2021-08-27T00:35:34 ntpd[27324] ----------------------------------------------------
2021-08-27T00:35:34 ntpd[27324] available at https://www.nwtime.org/support
2021-08-27T00:35:34 ntpd[27324] corporation. Support and training for ntp-4 are
2021-08-27T00:35:34 ntpd[27324] Inc. (NTF), a non-profit 501(c)(3) public-benefit
2021-08-27T00:35:34 ntpd[27324] ntp-4 is maintained by Network Time Foundation,
2021-08-27T00:35:34 ntpd[27324] ----------------------------------------------------
2021-08-27T00:35:34 ntpd[27324] Command line: /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
2021-08-27T00:35:34 ntpd[27324] ntpd 4.2.8p15@1.3728-o Thu Jul 22 12:42:44 UTC 2021 (1): Starting
2021-08-27T00:35:34 ntpd[38070] Listen normally on 2 ix2 192.168.1.1:123
2021-08-27T00:35:34 ntpd[38070] Listen and drop on 1 v4wildcard 0.0.0.0:123
2021-08-27T00:35:34 ntpd[38070] Listen and drop on 0 v6wildcard [::]:123
2021-08-27T00:35:34 ntpd[38070] restrict: 'monitor' cannot be disabled while 'limited' is enabled
2021-08-27T00:35:34 ntpd[38070] gps base set to 2021-07-11 (week 2166)
2021-08-27T00:35:34 ntpd[38070] basedate set to 2021-07-10
2021-08-27T00:35:34 ntpd[38070] proto: precision = 0.135 usec (-23)
2021-08-27T00:35:34 ntpd[19683] ----------------------------------------------------
2021-08-27T00:35:34 ntpd[19683] available at https://www.nwtime.org/support
2021-08-27T00:35:34 ntpd[19683] corporation. Support and training for ntp-4 are
2021-08-27T00:35:34 ntpd[19683] Inc. (NTF), a non-profit 501(c)(3) public-benefit
2021-08-27T00:35:34 ntpd[19683] ntp-4 is maintained by Network Time Foundation,
2021-08-27T00:35:34 ntpd[19683] ----------------------------------------------------
2021-08-27T00:35:34 ntpd[19683] Command line: /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
2021-08-27T00:35:34 ntpd[19683] ntpd 4.2.8p15@1.3728-o Thu Jul 22 12:42:44 UTC 2021 (1): Starting
2021-08-27T00:35:30 ntpd[51659] 20.43.94.199 local addr 192.168.1.1 -> <null>
2021-08-27T00:35:30 ntpd[51659] 17.253.68.125 local addr 192.168.1.1 -> <null>
2021-08-27T00:35:30 ntpd[51659] 2606:4700:f1::1 local addr 2001:ee0:4161:a5ce:3333:44ff:fe55:6666 -> <null>
2021-08-27T00:35:30 ntpd[51659] 2001:4860:4806:4:: local addr 2001:ee0:4161:a5ce:3333:44ff:fe55:6666 -> <null>
2021-08-27T00:35:30 ntpd[51659] ntpd exiting on signal 15 (Terminated)
2021-08-27T00:35:23 ntpd[51659] kernel reports TIME_ERROR: 0x2041: Clock Unsynchronized
2021-08-27T00:35:23 ntpd[51659] kernel reports TIME_ERROR: 0x2041: Clock Unsynchronized
2021-08-27T00:35:23 ntpd[51659] Listening on routing socket on fd #43 for interface updates
2021-08-27T00:35:23 ntpd[51659] Listen normally on 22 ix0_vlan99 10.0.99.1:123
2021-08-27T00:35:23 ntpd[51659] Listen normally on 21 ix0_vlan99 [fe80::3333:44ff:fe55:6666%19]:123
2021-08-27T00:35:23 ntpd[51659] Listen normally on 20 ix0_vlan98 10.0.98.1:123
2021-08-27T00:35:23 ntpd[51659] Listen normally on 19 ix0_vlan98 [fe80::3333:44ff:fe55:6666%18]:123
2021-08-27T00:35:23 ntpd[51659] Listen normally on 18 ix0_vlan60 10.0.60.1:123
2021-08-27T00:35:23 ntpd[51659] Listen normally on 17 ix0_vlan60 [fe80::3333:44ff:fe55:6666%17]:123
2021-08-27T00:35:23 ntpd[51659] Listen normally on 16 ix0_vlan40 10.0.40.1:123
2021-08-27T00:35:23 ntpd[51659] Listen normally on 15 ix0_vlan40 [fe80::3333:44ff:fe55:6666%15]:123
2021-08-27T00:35:23 ntpd[51659] Listen normally on 14 ix0_vlan30 10.0.30.1:123
2021-08-27T00:35:23 ntpd[51659] Listen normally on 13 ix0_vlan30 [fe80::3333:44ff:fe55:6666%14]:123
2021-08-27T00:35:23 ntpd[51659] Listen normally on 12 ix0_vlan20 10.0.20.1:123
2021-08-27T00:35:23 ntpd[51659] Listen normally on 11 ix0_vlan20 [fe80::3333:44ff:fe55:6666%13]:123
2021-08-27T00:35:23 ntpd[51659] Listen normally on 10 ix0_vlan10 [2001:ee0:4161:a5ce:3333:44ff:fe55:6666]:123
2021-08-27T00:35:23 ntpd[51659] Listen normally on 9 ix0_vlan10 10.0.10.1:123
2021-08-27T00:35:23 ntpd[51659] Listen normally on 8 ix0_vlan10 [fe80::3333:44ff:fe55:6666%12]:123
2021-08-27T00:35:23 ntpd[51659] Listen normally on 7 ix0_vlan9 10.0.9.1:123
2021-08-27T00:35:23 ntpd[51659] Listen normally on 6 ix0_vlan9 [fe80::3333:44ff:fe55:6666%11]:123
2021-08-27T00:35:23 ntpd[51659] Listen normally on 5 lo0 127.0.0.1:123
2021-08-27T00:35:23 ntpd[51659] Listen normally on 4 lo0 [::1]:123
2021-08-27T00:35:23 ntpd[51659] Listen normally on 3 ix2 [fe80::aaaa:bbff:fecc:dddd%5]:123
2021-08-27T00:35:23 ntpd[51659] Listen normally on 2 ix2 192.168.1.1:123
2021-08-27T00:35:23 ntpd[51659] Listen and drop on 1 v4wildcard 0.0.0.0:123
2021-08-27T00:35:23 ntpd[51659] Listen and drop on 0 v6wildcard [::]:123
2021-08-27T00:35:23 ntpd[51659] restrict: 'monitor' cannot be disabled while 'limited' is enabled
2021-08-27T00:35:23 ntpd[51659] gps base set to 2021-07-11 (week 2166)
2021-08-27T00:35:23 ntpd[51659] basedate set to 2021-07-10
2021-08-27T00:35:23 ntpd[51659] proto: precision = 0.135 usec (-23)
2021-08-27T00:35:23 ntpd[46990] ----------------------------------------------------
2021-08-27T00:35:23 ntpd[46990] available at https://www.nwtime.org/support
2021-08-27T00:35:23 ntpd[46990] corporation. Support and training for ntp-4 are
2021-08-27T00:35:23 ntpd[46990] Inc. (NTF), a non-profit 501(c)(3) public-benefit
2021-08-27T00:35:23 ntpd[46990] ntp-4 is maintained by Network Time Foundation,
2021-08-27T00:35:23 ntpd[46990] ----------------------------------------------------
2021-08-27T00:35:23 ntpd[46990] Command line: /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid
2021-08-27T00:35:23 ntpd[46990] ntpd 4.2.8p15@1.3728-o Thu Jul 22 12:42:44 UTC 2021 (1): Starting
2021-08-27T00:35:23 ntpd[93283] 139.59.112.6 local addr 192.168.1.1 -> <null>
2021-08-27T00:35:23 ntpd[93283] 124.108.20.1 local addr 192.168.1.1 -> <null>
2021-08-27T00:35:23 ntpd[93283] 2001:470:19:301::123 local addr fe80::3333:44ff:fe55:6666%11 -> <null>
2021-08-27T00:35:23 ntpd[93283] 118.143.17.82 local addr 192.168.1.1 -> <null>
2021-08-27T00:35:23 ntpd[93283] 20.189.79.72 local addr 192.168.1.1 -> <null>
2021-08-27T00:35:23 ntpd[93283] 17.253.84.253 local addr 192.168.1.1 -> <null>
2021-08-27T00:35:23 ntpd[93283] 2606:4700:f1::1 local addr fe80::3333:44ff:fe55:6666%11 -> <null>
2021-08-27T00:35:23 ntpd[93283] 2001:4860:4806:4:: local addr fe80::3333:44ff:fe55:6666%11 -> <null>
2021-08-27T00:35:23 ntpd[93283] ntpd exiting on signal 15 (Terminated)
2021-08-27T00:31:09 ntpd[93283] 2001:4860:4806:4:: local addr fe80::3333:44ff:fe55:6666%11 -> <null>
2021-08-27T00:31:09 ntpd[93283] 2606:4700:f1::1 local addr fe80::3333:44ff:fe55:6666%11 -> <null>
2021-08-27T00:31:09 ntpd[93283] 2001:470:19:301::123 local addr fe80::3333:44ff:fe55:6666%11 -> <null>
2021-08-27T00:31:06 ntpd[93283] 17.253.84.253 local addr 10.0.99.1 -> <null>
2021-08-27T00:31:06 ntpd[93283] 20.189.79.72 local addr 10.0.99.1 -> <null>
2021-08-27T00:31:06 ntpd[93283] 118.143.17.82 local addr 10.0.99.1 -> <null>
2021-08-27T00:31:06 ntpd[93283] 124.108.20.1 local addr 10.0.99.1 -> <null>
2021-08-27T00:31:06 ntpd[93283] 139.59.112.6 local addr 10.0.99.1 -> <null>
2021-08-27T00:31:06 ntpd[93283] 2001:4860:4806:4:: local addr 2001:db8:1111:2222:3333:44ff:fe55:6666 -> <null>
2021-08-27T00:31:06 ntpd[93283] 2606:4700:f1::1 local addr 2001:db8:1111:2222:3333:44ff:fe55:6666 -> <null>
2021-08-27T00:31:06 ntpd[93283] 2001:470:19:301::123 local addr 2001:db8:1111:2222:3333:44ff:fe55:6666 -> <null>
2021-08-27T00:31:06 ntpd[93283] Deleting interface #10 ix0_vlan10, 2001:db8:1111:2222:3333:44ff:fe55:6666#123, interface stats: received=5839, sent=5882, dropped=0, active_time=983992 secs
#21
21.7 Legacy Series / Re: Why is custom options for Unbound removed in 21.7 ?
July 14, 2021, 06:50:58 PM
I can. But this would defeat the goal of using single configuration file to restore everything. In my opinion it should be moved to Advanced section rather than removing entirely.
#22
21.7 Legacy Series / Why is custom options for Unbound removed in 21.7 ?
July 14, 2021, 06:31:49 PM
I'm currently using this feature in Opnsense (and previously with pfSense) to achieve split-horizon DNS with Unbound. It just came to my attention that 21.7 onward will no longer support it. May I ask why? I'm afraid this would be the deal breaker for me and some other users.
#23
21.1 Legacy Series / Windows 10 still see IPv6 even though IPv6 is disabled on this VLAN
June 05, 2021, 07:07:39 AM
My ISP only delegate single /64 subnet to my router, to make SLAAC works i give that whole subnet to VLAN 20 via Track interface. But a Windows 10 PC on VLAN 10 still see its IPv6 addresses, although IPv6 routing isn't working on this VLAN:
pfSense has same problem.
Is this normal behavior? I guess router advertisement somehow works on all interface and not only the interface that got IPv6 enabled.
pfSense has same problem.
Is this normal behavior? I guess router advertisement somehow works on all interface and not only the interface that got IPv6 enabled.
#24
21.1 Legacy Series / Re: Apple IOS 14 Private MAC Address issue
May 30, 2021, 04:16:32 PM
iOS allows user to disable this feature for individual WiFi networks, it's called Private Address. However i doubt this is issue though. My iphone connect to my home WiFi as usual with Private Address turned on by default.
#25
21.1 Legacy Series / Something is mysteriously flushing my firewall states
May 07, 2021, 08:40:38 PM
I've been seeing strange behavior with my OpnSense router. Occasionally, my gaming PC (on VLAN 10) got kicked out of online game server, active SSH session from VLAN 20 to a local server on VLAN 30 is dropped with 'broken pipe' error. These events always occur at same time. It's almost like i go to Firewall > Diagnostics > States Reset on Web GUI and click big Reset button.
Frequency of this problem varies from zero in 10+ hours to several occurrences within hour at evening.
How do I narrow down the cause of this strange issue? Could hardware (bad cables, bad NIC, ....) be the reason that triggered the reset of firewall states?
Frequency of this problem varies from zero in 10+ hours to several occurrences within hour at evening.
How do I narrow down the cause of this strange issue? Could hardware (bad cables, bad NIC, ....) be the reason that triggered the reset of firewall states?
#26
Hardware and Performance / Re: Intel X710 woes
May 06, 2021, 12:25:41 PM
Looks like this NIC is on firmware version 6.0.48442:
I'll try to upgrade this NIC to latest fw which is 8.30 according to Intel:
https://downloadcenter.intel.com/product/83964/Intel-Ethernet-Converged-Network-Adapter-X710-DA2
However here's the strange bit, sysctl -a | grep fc shows the flow control is disabled, probably by default as i didn't touch the system turnables:
...but dmesg and ifconfig ixl1 show Flow control is Full ????
Edit: After upgrading X710 fw to version 8.30, the NIC showed up with Flow control being None. It was 'Full' prioer to upgrade and i still didn't touch the tunables, more weird stuffs.
Code Select
ixl1: fw 6.0.48442 api 1.7 nvm 6.01 etid 800035cf oem 1.262.0I'll try to upgrade this NIC to latest fw which is 8.30 according to Intel:
https://downloadcenter.intel.com/product/83964/Intel-Ethernet-Converged-Network-Adapter-X710-DA2
However here's the strange bit, sysctl -a | grep fc shows the flow control is disabled, probably by default as i didn't touch the system turnables:
Code Select
dev.ixl.1.fc: 0...but dmesg and ifconfig ixl1 show Flow control is Full ????
Code Select
ixl1: Link is up, 10 Gbps Full Duplex, Requested FEC: None, Negotiated FEC: None, Autoneg: False, Flow Control: FullCode Select
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)Edit: After upgrading X710 fw to version 8.30, the NIC showed up with Flow control being None. It was 'Full' prioer to upgrade and i still didn't touch the tunables, more weird stuffs.
#27
Hardware and Performance / Re: Intel X710 woes
May 06, 2021, 11:58:09 AMQuote from: binaryanomaly on May 06, 2021, 11:48:56 AM
Sorry, I meant the NIC firmware itself.
You should probably see something in System -> Logfiles -> General if there are some hardware/driver issues.
I don't know about firmware, this NIC should be working out of the box with FreeBSD and everything based on FreeBSD, which include pfsense, HardenedBSD and Opnsense.
There is nothing about hardware issue in System > Log files > General.
#28
Hardware and Performance / Re: Intel X710 woes
May 06, 2021, 11:39:03 AMQuote from: binaryanomaly on May 05, 2021, 12:37:28 PM
Do you have the latest firmware?
Can you find anything in the logs?
I have an X710-T4 which runs fine so far (virtualized), except for suricata because of the jumbo frames. https://forum.opnsense.org/index.php?topic=22942.0
i'm on 21.1.5.
What kind of logs i should be looking at if it's hardware issue? If it was firewall mishandling the packets that caused 'broken pipe' error in when SSH to another VLAN , where should i look at for confirmation?
Thanks !
#29
Hardware and Performance / Re: Intel X710 woes
May 04, 2021, 01:51:09 PM
Strangely, this exactly same hardware has been running pfsense fine without any problem for 2 days. Once i pop the disk with Opnsense installed on, problem appears again. My X710 NIC or Mikrotik switches might not be the cause.
AFAIK Opnsense had flow control disabled by default and tried to match same setting on my switch. But the problem persists.
I'm thinking about downgrading to 21.1 and see how it goes in few days, but i doubt 21.1.5 is issue. Frustrating, SSH into local server to do some works with and i'm kicked out after between 5 seconds or 1 min for "broken pipe" error. This is my 2nd attempt to get a stable install with Opnsense. 2 years ago i tried Opnsense and had to go back to pfsense after series of weird issues.
I notice that connection drops seem to happen a lot more frequent during the evening, i don't know how, we aren't pushing a lot of bandwidth. Perhaps more devices at the home?
AFAIK Opnsense had flow control disabled by default and tried to match same setting on my switch. But the problem persists.
I'm thinking about downgrading to 21.1 and see how it goes in few days, but i doubt 21.1.5 is issue. Frustrating, SSH into local server to do some works with and i'm kicked out after between 5 seconds or 1 min for "broken pipe" error. This is my 2nd attempt to get a stable install with Opnsense. 2 years ago i tried Opnsense and had to go back to pfsense after series of weird issues.
I notice that connection drops seem to happen a lot more frequent during the evening, i don't know how, we aren't pushing a lot of bandwidth. Perhaps more devices at the home?
#30
Hardware and Performance / Re: Intel X710 woes
May 03, 2021, 03:47:33 PMQuote from: Supermule on May 03, 2021, 06:03:26 AM
What about jumbo frames?
i'm not using jumbo frames.
