526
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
527
23.7 Legacy Series / [SOLVED] New default Firewall > Rules interface OpenVPN 23.7.4
« on: September 16, 2023, 03:57:00 pm »
Hello,
I upgraded today to the latest release 23.7.4 and can see that Under Firewall > Rules a new Interface appeared "OpenVPN". I am not using OpenVPN and I can see it among the rule TAB.
Is this a new default?
Just asking for clearence.
Regards,
S.
I upgraded today to the latest release 23.7.4 and can see that Under Firewall > Rules a new Interface appeared "OpenVPN". I am not using OpenVPN and I can see it among the rule TAB.
Is this a new default?
Just asking for clearence.
Regards,
S.
528
23.7 Legacy Series / Re: Help with YouTube block on selected devices
« on: September 15, 2023, 10:53:30 am »
Not sure about AdGuard but,
On Pihole you can create groups per devices and block specific domain for a specific group/device. I am doing it home to prevent access to certain contented for certain VLANs.
Regards,
S.
On Pihole you can create groups per devices and block specific domain for a specific group/device. I am doing it home to prevent access to certain contented for certain VLANs.
Regards,
S.
529
23.7 Legacy Series / Re: Static Routes not being respected..?
« on: September 14, 2023, 12:03:47 pm »
AS mentioned by @schmuessla,
You need to perform a Policy based routing, this is done within the Firewall rules where you need to specific a GW. What this will do basically is to permit traffic and forward it to the specified destination/gateway.
https://forum.opnsense.org/index.php?topic=11880.0
https://docs.opnsense.org/manual/how-tos/multiwan.html
https://docs.opnsense.org/manual/firewall.html#policy-based-routing
Regards,
S.
You need to perform a Policy based routing, this is done within the Firewall rules where you need to specific a GW. What this will do basically is to permit traffic and forward it to the specified destination/gateway.
https://forum.opnsense.org/index.php?topic=11880.0
https://docs.opnsense.org/manual/how-tos/multiwan.html
https://docs.opnsense.org/manual/firewall.html#policy-based-routing
Regards,
S.
530
23.7 Legacy Series / Re: Traffic Graph - WAN dominates . . . why?
« on: September 14, 2023, 10:38:37 am »
Actually any interface can do that 
In my Home Network between Vlans - InterVlan traffic is higher than what is my WAN Internet connection. So many times I can see 2G throughout between several Host towards a specific Server and WAN is just lost on the bottom.
Regards,
S.
In my Home Network between Vlans - InterVlan traffic is higher than what is my WAN Internet connection. So many times I can see 2G throughout between several Host towards a specific Server and WAN is just lost on the bottom.
Regards,
S.
531
Hardware and Performance / Re: Firewall/ Router HW suggestions - do you recommend Zimaboard
« on: September 14, 2023, 10:23:14 am »
Superb,
These are good temps for a passive cooled device with an N5105 chip.
I have my in a small rack so get higher temperatures during summer. In order to accommodate for that I did adjust C states to C3.
For the sake of testing, I opened the rack temps dropped from 70C with 28C room temp to 55-60C at max during load.
So dont be bothered by the temps, they are dam good what you got there.
Regards,
S.
These are good temps for a passive cooled device with an N5105 chip.
I have my in a small rack so get higher temperatures during summer. In order to accommodate for that I did adjust C states to C3.
For the sake of testing, I opened the rack temps dropped from 70C with 28C room temp to 55-60C at max during load.
So dont be bothered by the temps, they are dam good what you got there.
Regards,
S.
532
23.7 Legacy Series / Re: Traffic Graph - WAN dominates . . . why?
« on: September 14, 2023, 10:20:12 am »
Hi,
They are all transparent.
What you see I believe is just the fact that the traffic on WAN (aggregation of all other interfaces/VLANs towards internet) has highe throughput in order to show it on a graph the Y axis need to be adjusted to accommodate that so the Steps on Y are bigger than is the ratio on the other interfaces.
Look at the graphs again, you can see that the max throughput at the time is 700Kbit, but WAN actually receives 25Mbit
Regards,
S.
They are all transparent.
What you see I believe is just the fact that the traffic on WAN (aggregation of all other interfaces/VLANs towards internet) has highe throughput in order to show it on a graph the Y axis need to be adjusted to accommodate that so the Steps on Y are bigger than is the ratio on the other interfaces.
Look at the graphs again, you can see that the max throughput at the time is 700Kbit, but WAN actually receives 25Mbit
Regards,
S.
533
Hardware and Performance / Re: Firewall/ Router HW suggestions - do you recommend Zimaboard
« on: September 11, 2023, 01:20:41 pm »Is there a benchmark of some sort for this zones?
Are this numbers within acceptable range with browsing in 2 laptops, couple of streaming devices and 3 phones?
The Core 0,1,2,3 (dev.cpu.0.temperature) 52.0 degree C
Zone 0 (hw.acpi.thermal.tz0.temperature) is at 27.9 c constant.
Pretty good temps, better than mine but on the other-hand I have pretty loaded OPN with features. This are very reasonable temps you got there. Did you do any additional tuning like playing with BIOS and the PL states or is this out of the box + OPN during load?
Regards,
S.
534
Hardware and Performance / Re: Firewall/ Router HW suggestions - do you recommend Zimaboard
« on: September 05, 2023, 11:34:25 am »
I recently bought as well a N5105 system from Ali from the TopTop shop and reviewed it a bit. On this forum there is a post for this SOC
https://forum.opnsense.org/index.php?topic=27938.15
Have a look.
Currently running the system with only OPN in barebone setup and so far didn't hit any problems.
Regards,
S.
https://forum.opnsense.org/index.php?topic=27938.15
Have a look.
Currently running the system with only OPN in barebone setup and so far didn't hit any problems.
Regards,
S.
535
23.7 Legacy Series / Re: This close to giving up
« on: August 30, 2023, 11:40:09 am »
Looks like you story didnt yet end even thou you at least moved a bit
Alright so lets go step by step and put the puzzle together.
1. Your current setup is as following? ISP > Draytek (in Bridge mode) > OPNsense (with PPPoE)
2. Your OPNsense get a public IP?
3. What are your NAT rules? Did you do your own? What mode did you set (is it hybrid)?
4. Do you have internet connectivity from OPN to Internet? (can you within OPN GUI go to Diagnostics section and try to ping 1.1.1.1 and 8.8.8.8 )?
5. If possible make print screens of NAT rules, Floading Rules, WAN rules and your LAN rules
6. Do the same above as well WAN & LAN interfaces and DHCP servers
7. Do the same for the routing table
8. Do the same for gateway tab
Regards,
S.
Alright so lets go step by step and put the puzzle together.
1. Your current setup is as following? ISP > Draytek (in Bridge mode) > OPNsense (with PPPoE)
2. Your OPNsense get a public IP?
3. What are your NAT rules? Did you do your own? What mode did you set (is it hybrid)?
4. Do you have internet connectivity from OPN to Internet? (can you within OPN GUI go to Diagnostics section and try to ping 1.1.1.1 and 8.8.8.8 )?
5. If possible make print screens of NAT rules, Floading Rules, WAN rules and your LAN rules
6. Do the same above as well WAN & LAN interfaces and DHCP servers
7. Do the same for the routing table
8. Do the same for gateway tab
Regards,
S.
536
Hardware and Performance / Re: Thoughts on using an old laptop and usb3 ethernet dongle?
« on: August 30, 2023, 09:32:07 am »
Its definitely doable but it can come with great sacrifice on your nerves. AS you mentioned the main problem you could start to hit is due to the USB2ETH dongles, you get the wrongs ones and you will go crazy.
Additional to this, form factor + Power drawn is too much in my opinion. And the CPU maybe OK but its already too old for modern systems.
Depending on what is your budged you can try to look for used miniPC with multiport setup and a CPU that has AES-NI support.
I wouldn't use laptop for this mainly as state by @Patrick M. Hausen.
Regards,
S.
Additional to this, form factor + Power drawn is too much in my opinion. And the CPU maybe OK but its already too old for modern systems.
Depending on what is your budged you can try to look for used miniPC with multiport setup and a CPU that has AES-NI support.
I wouldn't use laptop for this mainly as state by @Patrick M. Hausen.
Regards,
S.
537
Hardware and Performance / Re: Any recommendation for Access point.
« on: August 20, 2023, 04:28:18 pm »
Yes you are right, looks like was not yet compiled for that router.
Regards,
S.
Regards,
S.
538
23.7 Legacy Series / Re: Business Edition - where is how to - sorry new one here
« on: August 19, 2023, 02:08:01 pm »
Community release and Business release have different upgrade path thus its bettter to keep them appart to prevent possible mischieves.
Yes you can export configuration from any OPNsense "instance" only thing you need to care of is to update the representation of OPN Physical interfaces via some edditor.
Example.
When I was migrating from APU2 interfaces were igb. New device had a different NIC interfaces were igc. So i found in the exported config every interface named igb and replaced with igc.
Regards,
S.
Yes you can export configuration from any OPNsense "instance" only thing you need to care of is to update the representation of OPN Physical interfaces via some edditor.
Example.
When I was migrating from APU2 interfaces were igb. New device had a different NIC interfaces were igc. So i found in the exported config every interface named igb and replaced with igc.
Regards,
S.
539
Hardware and Performance / Re: Any recommendation for Access point.
« on: August 19, 2023, 11:59:20 am »
Very nice you are already trying out RC2.
How is the performce for you? I have read on the OpenWRT forum some people had 50-75M performance hit on the WiFI. Also RC03 came out few days ago.
Are you running or tried the WiFi6 AX as well on 160Mhz? In the device page its mentioned it doesnt work so I didnt try it out. Currently running it in AX mode with 80Mhz and I can hit around 850Mbit with IPerf if the WiFi is Idle.
Glad to hear your feedback on this device, so far from what I tested I had absolutely no problems. And I tested the WiFi with Iperf3 while running a RTP traffic Voice/Video and streams. I must say the latency was faboulous IRQs were hold in check and overal User experience was phenomenal (it passed the so called GF test).
Regards,
S.
How is the performce for you? I have read on the OpenWRT forum some people had 50-75M performance hit on the WiFI. Also RC03 came out few days ago.
Are you running or tried the WiFi6 AX as well on 160Mhz? In the device page its mentioned it doesnt work so I didnt try it out. Currently running it in AX mode with 80Mhz and I can hit around 850Mbit with IPerf if the WiFi is Idle.
Glad to hear your feedback on this device, so far from what I tested I had absolutely no problems. And I tested the WiFi with Iperf3 while running a RTP traffic Voice/Video and streams. I must say the latency was faboulous IRQs were hold in check and overal User experience was phenomenal (it passed the so called GF test).
Regards,
S.
540
Hardware and Performance / Re: Any recommendation for Access point.
« on: August 18, 2023, 01:03:39 pm »Currently there are 39 devices fully or partially supported in OpenWRT that have WiFi6
https://openwrt.org/toh/views/toh_extended_all?dataflt%5BWLAN+2.4GHz*%7E%5D=ax
I was always obnoxious towards Wifi6 support on OpenWRT. But looks like they did a great job over the years on it. Saying that, I bought few days ago the Asus RT-AX53U and slapped OpenWRT on it. Router works perfectly and the WiFi6 is SuperB on it.
So far I am still testing it how it will perform long term at least non stop for 1 whole week. I run OpenWRT in a Dump AP mode, with 5+ VAPs and VLANs for each VAP and the management interface. Currently its running like this for 2 days, no problems.
@newsense Thanks for the OpenWRT WiFI6 hint, I was thinking to buy another WiFi5 only device, but after looking into OpenWRT and WiFI6 again I got the RT-AX53U which si damm good
P.S. I had to return the Archer c6 v3.20 previously mentioned, it had crazy issues on OEM as well OpenWRT. 5G WiFI was dropping on higher TX power within the allowed range and WiFi5 was causing for some reason 5s-10s packet loss after 2 days runtime.
Regards,
S.