Messages

31

16.1 Legacy Series / Re: Easiest way to delete expired DHCP leases? Or feature request for that ability?

« on: February 14, 2016, 03:57:19 pm »

Many DHCP services work like this by design, they won't start re-issuing used DHCP addresses if there are previously unused ones in the IP range given to it EVEN IF those leases have expired.

The simple answer is if that same device comes back onto the network at some point in the future it'll get (re)assigned the address it had before, even if its lease had expired. This can have some benefits both for logging and for devices that are really aggressive about getting the same address as they did once-upon-a-time.

Typically, once the never-used leases have been issued, it'll probably start from the bottom of the range and re-issue the oldest ones in a round-robin sort of fashion.

I've not hit the top of the range I assigned with my OpnSense install yet, but this seems to be the pattern it is following.

32

16.1 Legacy Series / Re: Intrusion Detection Settings - Left vs. Right Checkboxes?

« on: January 31, 2016, 03:16:30 pm »

Ah. Thanks for that. I bumped into that bug while poking around with the feature too.

33

16.1 Legacy Series / Intrusion Detection Settings - Left vs. Right Checkboxes?

« on: January 30, 2016, 04:53:44 pm »

Hi all, I'm a bit confused about the checkboxes here...

For example, under rulesets, we have the first item "botcc.portgrouped" with a check box to the immediate left and to the right a checkbox for "enabled".

Obviously, the right checkbox is explanatory.  What's the left checkbox for?

34

15.7 Legacy Series / Re: High CPU Usage, I think, please let me know if this is normal

« on: December 24, 2015, 10:13:05 pm »

Update, I did get my Squid issues sorted and turned it back on.  My CPU usage is down to about 5%.

Perhaps my initial Squid errors were causing it to restart over and over and thus the high load.

35

15.7 Legacy Series / Re: High CPU Usage, I think, please let me know if this is normal

« on: December 24, 2015, 12:03:56 am »

While troubleshooting a different issue, I noted that Squid was using most all of that...

top -SH from Shell showed it at ~35%. I did find something noting Squid using that much can be normal on an older Squid.org mailing list.

I've had to disable Squid for a different reason and that dropped me to about 5% CPU usage.

36

15.7 Legacy Series / Re: High CPU Usage, I think, please let me know if this is normal

« on: December 23, 2015, 11:14:41 pm »

I have the exactly the same CPU as you and that's typically what I see mine at. I can't say if that's normal or not.

37

15.7 Legacy Series / Re: Running OPNSense on a Mac Mini through VirtualBox

« on: December 20, 2015, 03:20:44 am »

Certainly, the first one at the top of this page is the exact one I used:

http://mirror.wdc1.us.leaseweb.net/opnsense/releases/15.7.18/

OPNsense-15.7.18-OpenSSL-cdrom-amd64.iso.bz2   204M   09-Nov-2015 06:10

You could probably restore that to a USB drive and boot from it.

38

15.7 Legacy Series / Re: Running OPNSense on a Mac Mini through VirtualBox

« on: December 19, 2015, 09:06:51 pm »

It probably should! I don't know for certain, but I just burned the image as is to a CD and it booted fine for me without having to do anything else to it.

39

15.7 Legacy Series / Re: Running OPNSense on a Mac Mini through VirtualBox

« on: December 17, 2015, 11:37:09 pm »

It should boot, you're using the 64 bit version?

You might have better luck with a CD image.  Almost any USB external CD drive will work with that mini.

40

15.7 Legacy Series / Re: Running OPNSense on a Mac Mini through VirtualBox

« on: December 17, 2015, 12:45:58 am »

No, the only thing I made sure to do was set the power options in OS X first so it would never go into sleep. This writes them to PRAM so your firewall won't go into hibernation with a different OS.

I then just used the OPNsense CD I made and installed it by booting from the CD.  When it was done it booted fine.

41

15.7 Legacy Series / Re: Running OPNSense on a Mac Mini through VirtualBox

« on: December 16, 2015, 07:50:24 pm »

When I was testing, I ran it on one of the original "white" Mac minis (Core 2, 18.3GHz) I had lying around - the answer is - not much at all for a home router. It's very efficient.

42

15.7 Legacy Series / Re: Squid cache seems to not be used

« on: December 16, 2015, 07:48:08 pm »

I was looking for roughly the same, there is a ticket in for some expanded Squid options via the GUI.  I hope the 16.1 milestone for them comes true! (I also wish I could code at all so I could help.)

https://github.com/opnsense/core/issues/417

43

15.7 Legacy Series / Re: Running OPNSense on a Mac Mini through VirtualBox

« on: December 16, 2015, 12:02:04 am »

I'm not using OPNSense with VB, but I have used VirtualBox on the same model Mac mini you have.

My experience mirrors yours on network thru-put and high CPU usage. Don't get me wrong, VirtualBox is fantastic for needing to run something once in awhile (free!), but for a better experience I'd look at Parallels or VMware (We use the former at work and I use the latter at home.)

I switched to VMware for my 24/7 app and my CPU usage for the same version of Windows dropped to 1/3rd what it was and my transfer speeds improved drastically.

Before I bought, I downloaded the 30 day trial. You might want to give it a try and see if it solves your issues.

Alternately, for home, I picked up one of these small form factor HPs for about $50US on eBay and reused a 100MB USB Ethernet Adapter on my WAN side. OPNsense works wonderfully with it!

http://www.newegg.com/Product/Product.aspx?Item=N82E16883281931

44

15.7 Legacy Series / Re: Firewall: NAT: Port Forward

« on: December 14, 2015, 02:31:48 am »

Mine looks just like yours, except as you noted from your examples mine uses WAN.

When setting up the NAT, you need to click Advanced and it should be in the list as "WAN Address" I believe.

45

15.7 Legacy Series / Re: DNS MX Record?

« on: December 07, 2015, 11:54:20 pm »

Apologies if this is in the GUI and I'm overlooking it.  I'm interested in having OPNsense take over my DNS duties as it seems to do everything I need for my relatively simple LAN.

I need one host to have an MX record, but I can't seem to find an option to add it. If it does not exist, maybe a simple checkbox "

• Add an MX Record for this host" could be done at some point?

Okay, I looked high and low for this, I don't believe it currently exists. I'm going to make a formal request over in GitHub.  :)