Messages

46

General Discussion / Re: OPNsense as VM on HDD pool?

« on: September 29, 2023, 06:26:26 pm »

Patrick M. Hausen and cookiemonster, thanks for your comments.

My only concern is that every once in a while, I do a large, multi-Terabyte transfer of data to or from another device, and the HDDs on Truenas crank for hours, which I assume increases I/O latency. But if OPNsense runs primarily in memory, with mostly just logging to the boot drive, as would make sense given its function, then I doubt that would be a problem for the operation of OPNsense.

47

General Discussion / Re: OPNsense as VM on HDD pool?

« on: September 29, 2023, 06:18:52 pm »

Regarding CJ's question "No comment on the performance, but keep in mind that this means your internet will be tied to your TrueNAS.  If you need to take it down for any reason, your entire network goes with it. Is there a particular problem you're attempting to solve by virtualizing it?"

I totally understand your point, and this is a good question which I've thought carefully about, and there are pluses and minuses either way. But in the end I decided to virtualize, mainly because it will allow me eliminate extra hardware and cabling, reduce energy usage, and clear some space on the shelving unit where I have my gear set up. I can't just use one of those mini firewall devices for OPNsense, at least not easily, because one of the adapters is 10gbps SFP+ and another is 2.5gpbs base-T, and finding a mini PC that supports 10gbps (especially) is difficult. So right now, I'm using an old mini Tower for OPNSense. It will be nice to clear it out of there.

Also, two physical computers (one with OPNsense, one with Truenas) means extra hardware to maintain, with twice the components that can fail.

All of that being said, yes your point is certainly valid. Virtualizing OPNsense on Truenas means that if Truenas goes down, my entire network does. That's a downside, but it's a risk I've decided to take, mainly because Truenas SCALE is extremely stable, runs for months with no problems, and is installed on server hardware with ECC memory, and the OPNsense VM will be on a 3x mirror pool, so out of three HDDs, up to two could fail and OPNsense would still function.

48

General Discussion / OPNsense as VM on HDD pool?

« on: September 29, 2023, 06:08:17 am »

I currently have OPNsense installed on bare metal with an SSD NVME boot drive, three physical interfaces, and five VLANs. I'm going to be migrating it to a VM on Truenas SCALE, which is built on Linux Debian and uses KVM for virtualization.

I'm considering installing OPNsense on a 3-disk hard drive mirror ZFS pool. It will also have 16 GB dedicated RAM. However, I'm wondering if installing it in a VM on a hard drive pool could result in latency problems given that hard drives are slow at random reads and writes?

In particular, and here is my main question: after OPNsense boots, does it mostly just stay in memory? If so, then I should be fine. If on the other hand it's constantly doing a bunch of read and write operations to the boot drive, then I'd imagine I could have problems installing it on an HDD pool.

I also have the option of installing it on an SSD pool in Truenas SCALE KVM, but I'd rather not because that pool only has two mirrored SSDs, and one of them is slightly old, so there would be less redundancy than if I put it on the 3-way HDD mirror.

49

General Discussion / Re: Host override requries local domain name to resolve

« on: September 29, 2023, 05:03:26 am »

I finally got it working. It turns out that it wasn't really an OPNSense problem. It was a problem with how I set up a static IP address and host name in the server I was trying to reach. The server I configured was Truenas Scale, and the default domain on that server is "local," which is different from the local domain I have established for the rest of the network in OPNsense.

When I changed the domain in the Truenas settings to the same one specified for the network in OPNsense, it worked. I can now reach the server with just the short name, not the FQDN.

For anyone else setting up a static IP and host name for a server (not on a lease through OPNsense DHCP), in order for name resolution to work without the fully qualified domain name, you need to ensure that the domain specified in the server with static IP matches the domain specified in the OPNsense settings for the rest of your network.

50

General Discussion / Re: Host override requries local domain name to resolve

« on: September 28, 2023, 10:22:18 pm »

Patrick M. Hausen, thanks for the explanation. Unfortunately, adding the local domain in "domain search list" in the DHCP client configuration does not solve the problem. I still need to specificy the FQDN to reach the server no matter what I do in host overrides. I guess I can live with that if I can't figure out how to fix it, but it's not ideal.

51

General Discussion / Re: Host override requries local domain name to resolve

« on: September 28, 2023, 04:48:05 pm »

Patrick M. Hausen, do you mean the "Domain search list" field under Services, DHCPv4, LAN?

If so, then entering the local domain name in this field does not solve the problem. It's still necessary to enter the full domain name, with the local domain name included, to get name resolution to the server.

52

General Discussion / Re: Host override requries local domain name to resolve

« on: September 28, 2023, 07:41:28 am »

One follow-up point:

An earlier thread discussed a similar issue: https://forum.opnsense.org/index.php?topic=25630.0.

In that thread, there was a suggestion of putting "LocalDomain" in the domain search list in the DHCP configuration settings. I tried that, with and without "opnsense" preceding LocalDomain, and it did not work for me. Maybe I didn't configure it correctly, however, or maybe it's no longer the correct approach.

53

General Discussion / Host override requries local domain name to resolve

« on: September 28, 2023, 07:03:36 am »

I have DHCP enabled in OPNsense and use it to provide leases for almost all devices on my network. However, I am trying to configure one specific device, my Truenas server, with an actual static mapping not assigned by OPNsense.  (There are reasons for this that aren't worth getting into here.)

This setup mostly works, except for one problem related to name resolution.

The static mapping of the Truenas server is 192.168.1.200. Again, this is not assigned by OPNsense. However, in OPNsense, I added a host override under Unbound mapping the domain "Truenas-server" to 192.168.1.200.

The problem, however, is that now, if I want to reach the server by name from a Linux device on the network, I'm required to prepend the name of the server with the local domain name I set in OPNsense.

So, from a Linux device, "ping Truenas-server" gives "Name or service not known." However, "ping [LocalDomain].Truenas-server" reaches the server.

What's strange is that form a Windows device, I'm able to reach the server with just "ping Truenas-server."

Does anyone know how to fix this so that the name "Truenas-server" resolves to 192.168.1.200 without the need to prepend it with [LocalDomain]?

54

23.7 Legacy Series / Re: Help! Unable to upgrade to 23.7. Process hangs.

« on: August 02, 2023, 11:25:53 pm »

For the record, this issue has now been resolved in a separate thread here: https://forum.opnsense.org/index.php?topic=35154.0

55

General Discussion / Re: Unable to update/reinstall kernel

« on: August 02, 2023, 09:33:00 pm »

The upgrade to 23.7 was successful once I got the kernel package updated. Thanks everyone for your help!

I do wonder if I should re-enable IPV6 on WAN. I'm leaning toward doing so because there might be some reason to have a public IPV6 address.

56

General Discussion / Re: Unable to update/reinstall kernel

« on: August 02, 2023, 09:17:23 pm »

Newsense, your latest suggestions have allowed me to successfully update the kernel to 23.1.11. Hopefully I will now also be able to upgrade to 23.7 through the web UI. I will report back after attempting to do so.

For the record, I made the following changes:

System-Settings-General  --- checked "Prefer to use IPv4 even if IPv6 is available"

Firewall-Settings-Advanced  --- unchecked "Allow IPv6"

Additionally, I disabled IPV6 on WAN, which I never use and was only set up because my ISP gives me both an IPV4 and IPV6 public address. (I wish I'd remembered this yesterday when you asked about IPV6, but since I never use it, I forgot that it was even enabled.)

After these changes, the kernel successfully updated through the package manager in the web UI.

57

General Discussion / Re: Unable to update/reinstall kernel

« on: August 02, 2023, 05:34:34 pm »

For the record, I let it run overnight, and there was no change. It hangs when fetching the kernel, and it won't upgrade to 23.7 due to the kernel mismatch. At this point, unless anyone has other suggestions, I'm going to give up and do a fresh install of 23.7 after I get a new SSD, which will be today or tomorrow, and then restore the config.

Also, to Franco's question, I don't use IPV6 for anything on my local network, but now that I think of it, I do have IPV6 gateways included in my gateway group, because one of my ISPs assigns my WAN interface a public IPV6 address in addition an IPV4 address.

58

General Discussion / Re: Unable to update/reinstall kernel

« on: August 02, 2023, 04:51:08 am »

OK. It's evening here in the States. I'll let it run overnight and see if it does anything by morning. If not, I guess I'll reinstall and restore from config.

However, I just ran a speed test, and my WAN speed is 815 Megabits per second, which is somewhat less than the gigabit speed I'm paying for (and I'll take that up with my ISP some other time), but it should be more than enough speed to download the firmware.

Maybe the OPNsense mirrors are slow today since 23.7 was just released yesterday.

Thanks.

59

General Discussion / Re: Unable to update/reinstall kernel

« on: August 02, 2023, 04:38:13 am »

After it says "Fetching kernel-23.1.11-amd64.txz:" it just outputs periods to the screen, slowly, every few seconds or so, forever.

The output looks like this "............................." and goes on forever.

I've let it run for hours, and that's all it does. It does it no matter how I try to update the kernel, whether in the web UI or from the command shell.

60

General Discussion / Re: Unable to update/reinstall kernel

« on: August 02, 2023, 03:44:18 am »

That didn't work. It got hung up on kernel-23.1.11-amd64.txz, as usual.

Do you know if there is a way to fetch kernel-23.1.11 and manually install it? I suspect that if I could do that, I'd then be be able to upgrade to 23.7.

In any event, here is the output after I switched to the Amsterdam mirror. First, it said this:

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 23.1.11_1 at Tue Aug  1 20:11:27 CDT 2023
Fetching changelog information, please wait... fetch: transfer timed out
fetch: /usr/local/opnsense/changelog/changelog.txz appears to be truncated: 0/284144 bytes
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 835 packages processed.
All repositories are up to date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking for upgrades (45 candidates): .......... done
Processing candidates (45 candidates): . done
Checking integrity... done (0 conflicting)
Your packages are up to date.

Then it came back with a message that I needed to update the kernel, and when I clicked on the button to update the kernel, it said this:

***GOT REQUEST TO UPDATE***
Currently running OPNsense 23.1.11_1 at Tue Aug  1 20:30:26 CDT 2023
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (45 candidates): .......... done
Processing candidates (45 candidates): . done
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking integrity... done (0 conflicting)
Nothing to do.
Checking all packages: .......... done
Nothing to do.
Nothing to do.
Starting web GUI...done.
Generating RRD graphs...done.
Fetching kernel-23.1.11-amd64.txz:

Then it hung again.