"Recent posts
#1
General Discussion / Re: Help needed with DNSCrypt ...
Last post by Patrick M. Hausen - Today at 10:41:48 PM$PERSON has got a couple of accounts under the same name in various tech related forums. I suspect they are human but tend to copy & paste AI slop trying to be "helpful".
#2
26.1 Series / Unbound DNS
Last post by haim9080 - Today at 10:32:02 PMHello everyone, I have OPNSENSE at home running on a MINIPC with N100, and 16GB RAM, now I did UNBOUND DNS and I put a domain in the ALLOWLIST, and I do a cache refresh and everything, it doesn't work.
But if I make an exception for it, it will work. How can I fix this?
https://jumpshare.com/s/5M6HGv9aVYS48Vw0vbFb
But if I make an exception for it, it will work. How can I fix this?
https://jumpshare.com/s/5M6HGv9aVYS48Vw0vbFb
#3
General Discussion / Re: Help needed with DNSCrypt ...
Last post by nero355 - Today at 10:20:04 PMQuote from: hushcoden on Today at 04:12:49 PMThanks guys, and how do you understand it's actually a bot?The way the posts were written and all the wrong things they contained on the Pi-Hole Discourse in my case :)
#4
Hardware and Performance / Re: DEC3920 Quick Review
Last post by dirtyfreebooter - Today at 06:36:38 PMA1 seems have some ideas.
A1 seems to be stupid here and dev.igc.0.eee_control=1 means energy efficient ethernet is DISABLED already...
i226 on FreeBSD is annoying.
ASPM L1 is enabled for igc NICs from pciconf, Disabled for ax (10g) NICs. I am going to try some of these, as i tried to leave everything as it shipped / defaults.
seems like all the sysctls around energy where set correctly already. setting hw.pci.enable_aspm=0 and rebooting did not do anything, igc still has ASPM enabled. there seems to be a global ASPM on/off in the BIOS. this happens so quickly and frequently, i am questioning how Deciso did not already discover this.. in their testing...
QuoteYour issue is a well-documented hardware/driver bug with the Intel I226-V and the FreeBSD igc driver. The root cause is a TX hang quirk in the I226 hardware that the Linux driver handles via automatic recovery, but the FreeBSD driver does not — causing the NIC to silently freeze while the OS thinks the link is still up.
Looking at your specific sysctl output, there are several clear indicators and actionable fixes:
What Your sysctl Reveals
dev.igc.0.eee_control: 1 — Energy Efficient Ethernet (EEE) is enabled. This is a primary known trigger for I226-V link hangs.
dev.igc.0.fc: 3 — Flow control is set to bidirectional (TX+RX both on). This has been associated with link drops under traffic on this NIC family.
dev.igc.0.watchdog_timeouts: 0 — The FreeBSD driver's watchdog never fires, confirming it lacks the TX hang detection/reset logic that Linux's igc_main.c has at line ~3150. Traffic stops silently.
dev.igc.0.link_irq: 8 — 8 link state interrupts over the session; the hang doesn't necessarily show as a link-down event.
dev.igc.0.mac_stats.missed_packets: 297 — Minor but consistent with the NIC entering a degraded state over time.
fw_version: EEPROM V2.25-0 — You're on the latest
A1 seems to be stupid here and dev.igc.0.eee_control=1 means energy efficient ethernet is DISABLED already...
i226 on FreeBSD is annoying.
ASPM L1 is enabled for igc NICs from pciconf, Disabled for ax (10g) NICs. I am going to try some of these, as i tried to leave everything as it shipped / defaults.
seems like all the sysctls around energy where set correctly already. setting hw.pci.enable_aspm=0 and rebooting did not do anything, igc still has ASPM enabled. there seems to be a global ASPM on/off in the BIOS. this happens so quickly and frequently, i am questioning how Deciso did not already discover this.. in their testing...
#5
Hardware and Performance / Re: DEC3920 Quick Review
Last post by dirtyfreebooter - Today at 06:27:15 PMhaving a bit of trouble with the 2.5g interfaces. seems like after a decent amount of traffic passes through, i lose the WAN connection on igc0. there are no messages in dmesg or system log.
if i pull the ethernet cable and plug it back in, instant fix.
all i did was swap out the VP2440 for the DEC3920. otherwise my network has been stable for years. i guess i might have to pull it out and do longer stress tests? seems to occur once WAN on igc0 hits around 100GB of traffic.
the confusing part is there is zero feedback from kernel/dmesg.
this now happened twice since moving DEC3920 from lab test to my main firewall
Code Select
# ping google.com
PING google.com (142.251.46.142): 56 data bytes
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down
^C
--- google.com ping statistics ---
6 packets transmitted, 0 packets received, 100.0% packet loss
if i pull the ethernet cable and plug it back in, instant fix.
Code Select
ping google.com
PING google.com (142.251.46.142): 56 data bytes
64 bytes from 142.251.46.142: icmp_seq=0 ttl=119 time=3.047 ms
64 bytes from 142.251.46.142: icmp_seq=1 ttl=119 time=2.780 ms
64 bytes from 142.251.46.142: icmp_seq=2 ttl=119 time=2.550 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 2.550/2.793/3.047/0.203 ms
all i did was swap out the VP2440 for the DEC3920. otherwise my network has been stable for years. i guess i might have to pull it out and do longer stress tests? seems to occur once WAN on igc0 hits around 100GB of traffic.
the confusing part is there is zero feedback from kernel/dmesg.
this now happened twice since moving DEC3920 from lab test to my main firewall
#6
25.7, 25.10 Series / dnsmasq dhcp: Clients accumula...
Last post by fab - Today at 04:37:22 PMHello dear forum. I'm trying to migrate to the new dnsmasq DNS/DHCP server at the moment. But I have a strange problem, that if upstream [WAN] changes the delegated /56 prefix (when restarting the router for example), my WHOLE network accumulates these new addresses without invalidating the old defunct IPv6 addresses and the servers and workstations still try to use these invalid addresses, which of course ends with an error. And I can't test this without completely restarting my router. I still haven't found an option to trigger this dnsmasq functionality without restarting my router (sorry for being such a noob). It worked flawlessly with the old ISC dhcp server, and the old addresses were invalidated properly. I'm really frustrated, because I have no idea why this is happening. The only thing I can do if upstream [WLAN] disconnects (through a reboot of OpnSense), is restart all my servers and workstations, to get a good set of IPv6 addresses until [WLAN] goes down again.
And there's another problem (which many people seem to have according to google). On some machines there are still "valid" IPv6 addresses which have a lifetime of 24h and I can't get rid of them.
I can't give much of logs (there aren't many informative messages anyway), but I hope someone can help me anyway. But please be a little patient, I'm not dumb, but this kind of problem is completely new to me and IPv6 is really complicated. On one side I want the new functionality (if it worked) and on the other side my old setup with ISC dhcp worked as expected (I have 7 VLANs which worked flawlessly).
Thanks alot,
fab
And there's another problem (which many people seem to have according to google). On some machines there are still "valid" IPv6 addresses which have a lifetime of 24h and I can't get rid of them.
I can't give much of logs (there aren't many informative messages anyway), but I hope someone can help me anyway. But please be a little patient, I'm not dumb, but this kind of problem is completely new to me and IPv6 is really complicated. On one side I want the new functionality (if it worked) and on the other side my old setup with ISC dhcp worked as expected (I have 7 VLANs which worked flawlessly).
Thanks alot,
fab
#7
General Discussion / Re: Help needed with DNSCrypt ...
Last post by hushcoden - Today at 04:12:49 PMThanks guys, and how do you understand it's actually a bot?
Hopefully I won't fall for it again next time...
Hopefully I won't fall for it again next time...
#8
General Discussion / Re: Help needed with DNSCrypt ...
Last post by Patrick M. Hausen - Today at 03:56:49 PME.g. the explanation of forward first is the wrong way round.
#9
26.1 Series / Re: Is os-ddclient avail still
Last post by nero355 - Today at 03:43:46 PMCheck the NOTE @ https://docs.opnsense.org/manual/dynamic_dns.html and figure out how to switch to the new native solution :)
#10
General Discussion / Re: Help needed with DNSCrypt ...
Last post by nero355 - Today at 03:37:54 PMQuote from: hushcoden on Today at 11:53:17 AMMany thanks for your explanation, much appreciated.You can not talk to "him" since it's some kind of SPAMbot that has started posting "Machine Learning Chatbot"-like answers on Forums of which many are also outdated and incorrect so watch out !! ;)
