Recent Posts

1

General Discussion / Re: LACP is not working

« Last post by Julien on Today at 08:59:43 pm »

Reinstall 20.1 and restore config

thank you for your answer.
i am not near the box have to drive 2hr to get there.
is this a bug/issue with 20.7?
just trying to understand to plan my next move.

2

20.7 Production Series / Re: Multi WAN (was DoT in combo) - 192.168.1.1 or 127.0.0.1?

« Last post by lar.hed on Today at 08:58:09 pm »

No I do not - it is OUT going ONLY. I have no IN rules at all.

3

General Discussion / Re: LACP is not working

« Last post by mimugmail on Today at 08:56:10 pm »

Reinstall 20.1 and restore config

4

20.7 Production Series / Re: Multi WAN (was DoT in combo) - 192.168.1.1 or 127.0.0.1?

« Last post by mimugmail on Today at 08:55:07 pm »

Your screenshot looks strange, you allow inbound DNS and ntp on WAN??

5

General Discussion / Re: LACP is not working

« Last post by Julien on Today at 08:53:59 pm »

Did not read the full post.
Maybe it's a BSD12 topic. Did you try it with pfSense 2.5?
Is it running with OPNsense 20.1?

i havent tried it to be honest, with pfsense is working fine.
i am worried on getting it working now, and later it will maybe crashes if update will change the LACP behaivor.
i am at 20.7 i cannot go back to 20.1 ?

6

20.1 Legacy Series / Re: Installation on ZFS

« Last post by ejprice on Today at 08:15:43 pm »

I'm a huge fan of ZFS. It is an awesome, reliable, performant filesystem with undeniable resiliency. It is way better than UFS and pretty much every single FS out there. I used ZFS everywhere I can.

Now that I see a clear path to use ZFS on OpnSense, I'm already thinking of ways to do it - because ZFS is that awesome, and most importantly, resilient. 

However, to use ZFS without ECC memory is a bad idea. I won't get into the why(s) as you can just search for the plethora of articles on it. Yes, you can do it - but no, you really, really don't want to.

Also, to get the most bang for your buck with ZFS you should have a separate, fast, small SLOG device for the ZIL. To keep things cost-effective you can combine the SLOG device and the L2ARC on the same NVME and still expect reasonable performance.

Hope that helps.

7

20.1 Legacy Series / Re: Metallb and Kubernetes

« Last post by ejprice on Today at 07:57:29 pm »

Hi @kya

I'm just curious, which CNI are you using with Metallb?

(I was just looking to set this up - thanks for your post!)

8

General Discussion / Is Multi-WAN + Whitelist firewall + DNS-over-TLS possible?

« Last post by lar.hed on Today at 07:53:19 pm »

So I have been struggling a bit more than I expected...

Let's start with what was: I used to have a 6-ethernet OPNsense box, and used OPNsense 20.1 - most of what I listed in the subject worked, except failover in multi-wan. I never got to solve that problem, which I think was an firewall problem, since my hardware simply died for me one day.

It took some time to replace that hardware, and now I'm using a Qotom-Q878GE. Way over-powered for my usage but I am a nerd after all, so that is ok

Anyway with 20.7 installed, and trying to rebuild my old OPNsense from scratch, I feel I am struggling more than I like. It is simple things like multi-wan failover that does not work (yes I did the misstake to connect two ethernet cables to the same switch to simulate failover a bit more easily - corrected that with my LTE modem installed), or DNS resolution that simply refuses, or I have to reboot OPNsense for every firewall rule change I make since just applying it will make no difference, and don't even start talking about trying to forward all DNS requests from clients on LAN to Unbound inside OPNsense - and never mind that DNS-over-TLS that I am trying to get to working.

And to top it all I like to keep a tight network so I like to white list what goes out from the WAn interfaces. I just learned that is not possible since internal stuff don't pass the packet filter firewall. But dpinger seems to.

Anyway, what I need to know so to speak is: Have anyone else even tried what I am doing? Or am I alone?

PS! My old ASUS RX88 firewall router, which for the moment handles my network here at home, does all of the above - so I know that it is possible, just don't know if OPNsense can?

9

Intrusion Detection and Prevention / Re: HOWTO - Advanced Settings Suricata

« Last post by l0rdraiden on Today at 07:45:20 pm »

The configuration parameters could be brought to the web ui

10

German - Deutsch / Re: Probleme mit DHCPv6

« Last post by micneu on Today at 07:29:28 pm »

bin mir nicht sicher ob das überhaupt geht mit deiner fritzbox davor.
ich hatte bei der telekom immer ein modem (draytek vigor 165)