OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of MeltdownSpectre »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - MeltdownSpectre

Pages: [1]
1
24.7 Production Series / Traceroute / ICMP issue after 24.7.1 update
« on: August 08, 2024, 07:16:38 pm »
Updated to 24.7.1 earlier today. All went well, except I can no longer run traceroutes from any Windows machines, on any VLAN.

Traceroutes from a Linux machine (my Raspberry Pi for example) work just fine, and traceroutes from the OPNsense Web GUI are working properly as well.

My ISP has routing / peering issues with some server providers sometimes, so I use WinMTR often to diagnose issues and report them so they can get resolved.

However, after the 24.7.1 update, it seems something funky is happening with ICMP and anything after the first hop gets dropped and I just see 'Request timed out'.

I haven't made added any new rules recently, and my existing firewall rules are exactly the same as they were before updating.

As I understand, Windows traceroutes use ICMP whereas on Linux they use UDP.

Any tips on how to go about diagnosing this or any insight on what changed with 24.7.1 that suddenly started causing this? It was fine on all previous versions, including 24.7_9.

Screenshots attached (Linux vs Windows).

https://imgur.com/a/yhDp4Jo

2
23.7 Legacy Series / Traffic shaping rules not being applied (23.7.9)
« on: December 01, 2023, 07:44:33 am »
Hi,

I recently upgraded my ISP plan from 100/100 to 150/150.

I have traffic shaping with FQ-CoDel enabled on my main interface called 'Home', based on this tutorial.

https://forum.opnsense.org/index.php?topic=7423.0

Works like a charm, I get A+ bufferbloat and lag free online gaming.

I also had bandwidth limits of 20 Mbit/s down and 10 Mbit/s up on my Guest interface.

Instead of editing the existing rules, I deleted the old ones and added new bandwidth limits for the guest interface with 30 Mbit/s down and 15 Mbit/s up. However, no matter what I try, the rules aren't getting applied and the 'Status' tab under Firewall Shaper doesn't show the rules for the guest interface.

I followed this (previously) for setting bandwidth limits on the guest interface, and it worked fine.

https://docs.opnsense.org/manual/how-tos/guestnet.html

If I run a speedtest while connected to my Guest network, I get the full 150 Mbit/s up and down, so the rules aren't being applied.

Screenshots attached.

Currently running 23.7.9, and have tried rebooting multiple times after applying the shaper rules but it makes no difference.

3
22.1 Legacy Series / Using unused physical ports for existing VLANs
« on: July 22, 2022, 06:46:11 pm »
Hi,

Recently bought myself a Qotom Mini PC with 5x Intel I225-V NICs and a Celeron J4125. First thing I did was install OPNsense on it. I've been experimenting with the various features and trying to learn about VLANs.

Up until now, I didn't have any managed switches at home and pretty much every thread I come across on this forum and the forum of a similarly named firewall suggest to use a managed switch rather than an unmanaged one.

It's hard to come by managed switches in my country, especially at a reasonable price, so I asked a friend to buy one from the US and bring it with him when he returns in a few days. It's a Netgear GS308T, an 8-port managed switch that supports 802.1q VLAN tagging which I believe is what I need.

My ideal setup would consist of 3 VLANs management (VLAN10), trusted (VLAN20) and guest (VLAN30). I do not require a specific one for IoT devices since I do not have any in use at home.

The OPNsense box, along with some other devices will be placed in a networking closet and the Netgear switch will be in another part of the house.

I expect to use the interface igb0, which is the first port on the left of the OPNsense box to connect to the Netgear switch and pass 3 different VLAN tags to the switch, which will then pass them on to the OpenWrt APs allowing me to use 1 SSID for trusted devices and 1 SSID for the guest network.

However, there are 3 wired devices in the networking closet (Plex Server, Synology NAS and a Raspberry Pi) that I would want on the trusted VLAN. Conveniently, the OPNsense box has 3 physical Ethernet ports that are currently not used (igb1, igb2 and igb3).

Since the 3 VLANs I created earlier will be passed on to the switch using interface igb0, would I be able to use the igb1, igb2 and igb3 ports to connect the 3 devices in the networking closet and put them on the trusted VLAN?

I made a crappy diagram on Microsoft Paint and attached it to this post to try and get my point across in case anyone wants to avoid reading this wall of text.

I'd like to know if what I'm describing above is possible and if anyone has any suggestions / recommendations for my planned setup.

I'm not a complete newbie to networking, but the concept of VLANs are still somewhat new to me, and I'm not familiar with OPNsense enough to know if this is possible or not.

I can't share any screenshots of my existing configuration since I haven't done any of them yet. The OPNsense box has not replaced my main router yet since I'd like to figure everything out first and thoroughly test my planned config.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2