Recent posts

#1
Virtual private networks / Re: WireGuard ProtonVPN connec...
Last post by ctrom - Today at 09:18:37 PM
Quote from: vimage22 on Today at 08:29:37 PMNot sure if this applies, as I do not use ProtonVPN, but have you tried looking at Firewall: Log Files: Live View? It helped when I was setting up WireGuard. Turn on logging here: System: Settings: Logging and Firewall: Settings: Advanced.
Yes, I have enabled logging on all of the firewall rules related to the VPN. When I look at Live View, I see many requests that are passing from local IPs out of the network, but nothing from outside coming in. I've also looked at the VPN logs and the system logs and I haven't seen anything that indicates to me a failure condition.
#2
German - Deutsch / Dedizierte OPNsense-Appliance ...
Last post by lummi - Today at 09:11:53 PM
TL;DR
OPNsense läuft aktuell als Proxmox-VM. Möchte auf dedizierte Hardware umziehen für mehr Stabilität. Suche eine 2.5GbE-Appliance die Preis, Effizienz und Zukunftssicherheit vereint.

Aktuelles Setup
Netzwerk:
  • ISP: 100 Mbit/s DSL (Glasfaser noch nicht verfügbar)
  • Switch: UniFi USW-Flex-2.5 PoE
  • AP: UniFi U7 Pro (WiFi 7), U6+
  • 4 VLANs (Infra, Home, IoT, Guest)

Proxmox-Host:
  • Mini PC von Minisforum, 16GB RAM, Dual Nic, Gbe und 2.5Gbe
  • Aktuell laufen darauf: OPNsense VM (v26.1), HAOS, Technitium DNS, Nginx Proxy Manager, UniFi Controller
  • Anbindung zum Switch: 2.5GbE
  • OPNsense nutzt real rund 1.2 GB RAM

Separater Unraid-Server:
  • Plex, Immich, Audiobookshelf u.a.
  • Steht im Infra-VLAN, Clients sind im Home-/IoT-VLAN

Das Problem: Bei jedem Proxmox-Reboot (Kernel-Updates etc.) geht das gesamte Netzwerk runter, weil OPNsense als VM läuft. Daher suche ich dedizierte bezahlbare (max 250-300€) für OPNSense.

Ich fand dsa Edge4Go von Krenn spannend, aber frage mich, ob die Gigabit Ports ausreichend? Aktuell ist der Proxmox-Host mit 2.5GbE am Switch angebunden. Mit einer 1GbE-Appliance wäre Inter-VLAN-Traffic auf 1 Gbit/s begrenzt. Das reicht vermutlich für meine aktuellen Workloads, allerdings habe ich WiFi-7-Clients und möchte ungern downgraden.

Kennt ihr sonst gute Alternativen? Oder würde euch OPNSense auf dem Proxmox Host mit anderen Infra Diensten nicht weiter stören?

Danke im Voraus!
#3
26.1 Series / Unable to access Plex within l...
Last post by johsense - Today at 09:07:44 PM
I cut over from a Netgear Orbi setup last night and all the basics are working but today noticed that I couldn't access Plex anymore (internal or external). Plex is running on my Unraid server; Unraid itself is working as expected. I don't have any VLANs setup, wanted to start with how everything was setup as a baseline.

What I've done so far:
- added plex.direct (also tried *.plex.direct) to private domains in Unbound (this alone did not allow me to access Plex within my network) (private_domains.png)
- added DNET rule (dnet.png)
- firewall rule registered (firewall_wan.png)

With the above, I'm able to access Plex from my cellphone but I can't get to it on a PC connected to the network; I can get to the webui and the console shows some messages:
- net::ERR_NAME_NOT_RESOLVED for https://xyz.abc.plex.direct:32400
- net::ERR_CONNECTION_REFUSED for http://127.0.0.1:32400
- 406 (Not Acceptable) http://192.168.1.30:32400

I get the same using https://app.plex.tv/ or https://192.168.1.30:32400

Did I miss something simple to get this working? I noticed that the firewall rule was registered in the Rules section vs Rules [new] ... does that matter?

Any help is appreciated!
#4
I block so called image hosting sites, sorry.

This works.

Interface configuration on the primary node:



CARP VIP:



Radvd config:



HTH,
Patrick
#5
lol, i emailed sales for the cpu model, they just said AMD V3000. i've asked for the specific model and no reply yet. so its one of these: https://www.amd.com/en/products/embedded/ryzen/ryzen-v3000-series.html#specifications
#6
Not sure if this applies, as I do not use ProtonVPN, but have you tried looking at Firewall: Log Files: Live View? It helped when I was setting up WireGuard. Turn on logging here: System: Settings: Logging and Firewall: Settings: Advanced.
#7
26.1 Series / Re: Monit does not update its ...
Last post by power13 - Today at 08:24:03 PM
configd.py 594 - [meta sequenceId="239"] [4f14367e-d50c-482a-a47f-7f2a0b133231] get monit status
configd.py 594 - [meta sequenceId="240"] [1c1e7a75-c97e-4eaf-835d-4bb625e52f20] generate template OPNsense/Monit
configd.py 594 - [meta sequenceId="241"] generate template container OPNsense/Monit
configd.py 594 - [meta sequenceId="242"]  OPNsense/Monit generated //usr/local/etc/monitrc
configd.py 594 - [meta sequenceId="243"]  OPNsense/Monit generated //etc/rc.conf.d/monit
configd.py 594 - [meta sequenceId="244"] [2d0fb605-a56d-4af9-a8d9-aab0d1faadac] testing monit configuration
configd.py 594 - [meta sequenceId="245"] [46c30194-9ba9-425f-94e1-0bfa0c4550a7] reload monit configuration
configd.py 594 - [meta sequenceId="246"] [ff607578-5fae-466e-b08c-d9433eddf7cb] system status
configd.py 594 - [meta sequenceId="247"] [13e90899-8209-4b33-99b1-d64c97da02ef] get monit status
configd.py 594 - [meta sequenceId="248"] [646427b1-518f-4897-8d72-4ae8d375ae9d] Show disk usage
configd.py 594 - [meta sequenceId="249"] [f65f9fba-9988-42b9-a322-76592e0c124c] trigger config changed even

Looks good to me, no errors. But same result.

Config check is fine too.

monit -t
Control file syntax OK
#8
High availability / Re: CARP VIP link local vs IPv...
Last post by GreenMatter - Today at 08:22:41 PM
Quote from: Patrick M. Hausen on Today at 02:35:12 PM- the interface configuration of both units
- the CARP VIP configuration on the active/master
So, I adjusted local link addresses - as per your advice to make sure they are different

I couldn't attached screenshots here as limit is only 250 kB (?)
Link to listed below screenshots: https://imgur.com/a/r9RSFma
Master interface: 
Backup interface:
CARP VIP global (I had multicast, same issue, so I tried unicast)
CARP VIP local:


VHID groups are fine, initially I synchronised CARP VIPs, later I changed them to unicast.
So, where's mistake???
#9
26.1 Series / Re: RAM usage changed
Last post by Tubs - Today at 08:08:59 PM
Quote from: pfry on Today at 03:21:08 AMSince you were considering a change in default values or failure to restore, are these settings the same:

Firewall: Settings: Advanced -> Miscellaneous -> Firewall Maximum States and Firewall Maximum Table Entries
System: Settings: Miscellaneous -> Disk / Memory Settings (reboot to apply changes)

I do not have a memory on all setting I might have tweaked over the last years. But I assumed that all setting are the same after a full system restore from backup.
#10
German - Deutsch / Re: NVM subsystem reliability ...
Last post by stulpinger - Today at 07:51:52 PM
Bin von ca. 150 GB (!), einmal sogar 260 GB,  bei ca. 12 GB gelandet - also im grünen Bereich
RAM disk aktiviert etc.

OK Layer 8, momentan ist bei mir in der Firma der ID10T Fehler ein Renner

Vor zig Jahren hatte unser Admin eine A4 Seite mit "Intel inside - Idiot outside" auf der Türe angebracht
kam nicht so gut an bzw. wurde bald entfernt