"Recent posts
#1
General Discussion / Re: What is the memtester tool...
Last post by drosophila - Today at 07:40:32 PMQuote from: nero355 on Today at 04:09:16 AMThat you are looking for ECC RAM + CPU and Motherboard that support it.DEC4280 – OPNsense® Rack Security Appliance
Memory 64GB DDR4
So Decisio is just understating their hardware capabilities?
Quote from: nero355 on Today at 04:09:16 AMSuch software tool does not exist unless you run Windows from the Windows 95/98 era and use tools that were more a workaround instead of anything actually useful ;)Like this?
https://man.freebsd.org/cgi/man.cgi?query=memtester&sektion=8&manpath=FreeBSD+13.1-RELEASE+and+Ports
#2
General Discussion / Re: ISC DHCP deprecated
Last post by jp0469 - Today at 07:34:55 PMQuote from: endurium on Today at 04:45:35 PM...namely the ability specify a specific DNS service for a certain group of devices, for example, pointing all of my smart TV and media devices to Adguard Home or Pi-Hole.
You can accomplish that using DNSmasq by applying tags.
#3
Virtual private networks / Re: WireGuard ProtonVPN connec...
Last post by ctrom - Today at 07:25:56 PMQuote from: vimage22 on Today at 02:46:33 PMOne little typo, happens to me as well. Maybe my post here might give you ideas? (#8) https://forum.opnsense.org/index.php?msg=262436
But without a lot more info on your config, not sure I can figure this out. Might be a Rule issue?
I've attempted to capture all of the relevant settings here. If I've overlooked something please let me know.
WireGuard settings:
Instance:
Listen port: 51820
MTU: 1420
DNS Servers: 10.2.0.1
Tunnel address: 10.2.0.2/32
Disable routes: yes
Gateway: 10.2.0.1 - this is not specified in the ProtonVPN connection details, but the OPNsense setup documentation indicates this should be set.
Peer:
Allowed IPs: 0.0.0.0/0
Endpoint address: 79.127.136.222
Endpoint port: 51820
Interfaces:
WAN_ProtonVPN:
Device: wg0
IPv4: None
VPNOnly:
Device: vlan0.50
IPv4: Static
Address: 10.12.50.1/24
Gateway:
Name: ProtonVPN
Interface: WAN_ProtonVPN
IP Address: 10.2.0.2 - I'm unsure about this setting. I had it set to 10.2.0.1 and the gateway was reporting offline. After changing it to 10.2.0.2 the gateway reported online, but Gemini is insisting that this is inaccurate because it is creating a loop within the router.
Firewall:
NAT Outbound:
Mode: Hybrid
Custom Rule:
Interface: WAN_ProtonVPN
Source address: 10.12.50.0/24
Translation / target: Interface address
Static-port: yes
Aliases:
WG_VPN_Hosts: 10.12.50.1/24
Rules:
I have tried many different rules at this point including:
| ID | Interface | Quick | Action | Direction | Source | Destination | Gateway | Advanced |
| 1 | Any | No | Pass | Out | WAN_ProtonVPN address | (invert) WAN_ProtonVPN net | ProtonVPN | Allow options:1 Disable reply-to:1 |
| 2 | VPNOnly | Yes | Pass | In | VPNOnly net | RFC1918_Networks | None | |
| 3 | VPNOnly | Yes | Pass | In | WG_VPN_Hosts | 10.2.0.1 | ProtonVPN | Set local tag: NO_WAN_EGRESS |
| 4 | VPNOnly | Yes | Pass | In | WG_VPN_Hosts | (invert) RFC1918_Networks | ProtonVPN | Set local tag: NO_WAN_EGRESS |
| 5 | WAN | Yes | Block | Out | any | any | None | Match local tag: NO_WAN_EGRESS |
| 6 | VPNOnly | Yes | Pass | In | any | any | ProtonVPN | Disable reply-to:1 |
| 7 | WAN_ProtonVPN | No | Pass | In | any | any | None |
These rules haven't been active all at once and there are many variations on these that I have tried in my experimentation.
#4
26.1 Series / Re: OPNsense System Tunables C...
Last post by Seimus - Today at 07:21:14 PMQuote from: nightcom on Today at 01:46:18 PMI'm the author of repository and thank you for noticing my work. Purpose of this repository is describing all functions in tunables with provided examples based on my hardware and network setup. Like I wrote in repository, you can't copy paste all settings since it's tuned for my needs, hardware, ISP and network setup.
Honestly good job on that, finding the tunables on itself is easy but finding the explanation is...... different story.
Are you gonna keep it updated? Cause as you most likely know tunables tent to change, decom depending how FBSD deems them usable and need-able.
Regards,
S.
#5
26.1 Series / Re: Multi WAN load balancing v...
Last post by dash - Today at 07:19:09 PMA big thanks to you.
#6
26.1 Series / Re: Multi WAN load balancing v...
Last post by OPNenthu - Today at 07:15:03 PMOk, thanks.
I'll step back and see if something comes to me, though I'd also be very happy if someone else showed me what I missed. I'm doing this for learning opportunity.
I'll step back and see if something comes to me, though I'd also be very happy if someone else showed me what I missed. I'm doing this for learning opportunity.
#7
26.1 Series / Re: Multi WAN load balancing v...
Last post by dash - Today at 07:11:35 PMYes I did. On each modification.
#8
German - Deutsch / Re: Erweiterungen
Last post by Patrick M. Hausen - Today at 06:48:09 PMAuf der "richtigen" Konsole, also nicht SSH sondern VGA oder seriell, müssten sogar die Details stehen.
Auf einem Standard-FreeBSD stehen diese ebenfalls in /var/log/messages, wahrscheinlich /var/log/system-irgendwas auf der Sense.
Auf einem Standard-FreeBSD stehen diese ebenfalls in /var/log/messages, wahrscheinlich /var/log/system-irgendwas auf der Sense.
#9
German - Deutsch / Re: Erweiterungen
Last post by drosophila - Today at 06:35:22 PMAlles ist OK bis hier hin:
QuoteChild process pid=41919 terminated abnormally: Segmentation faultWelcher Prozeß das ist kann man nur auf der Konsole mit einem gut getimeten ps fax herausfinden.
#10
26.1 Series / Re: Multi WAN load balancing v...
Last post by OPNenthu - Today at 06:29:37 PMI'm reaching now, but did you reset the state table after making the changes? Just in case.
Established TCP can take 24h to expire, so that could maybe be short-circuiting our efforts.
Established TCP can take 24h to expire, so that could maybe be short-circuiting our efforts.
