"Recent posts
#21
25.7, 25.10 Series / Re: 25.7.8 update, lost intern...
Last post by meyergru - Today at 05:25:37 PMReminds me of https://forum.opnsense.org/index.php?topic=47099.0. In there, is a subnet calculator, too.
#22
General Discussion / Re: Where should I put the mai...
Last post by Greg_E - Today at 05:16:10 PMAnd after that, how many ports do you have on your firewall hardware?
In theory you would need the following:
LAN
WAN
Management
ports if you want to do things the easy way. You can manage the firewall from the LAN (the default configuration). Many of us just make a maintenance network if we have an extra port and use it kind of as backup if the LAN port gives us a problem. And I've had to use mine when I did something that knocked out all my other ports, makes a good use of those onboard Realtek ports that a lot of us have, works good enough to get in and fix your mistake.
In theory you would need the following:
LAN
WAN
Management
ports if you want to do things the easy way. You can manage the firewall from the LAN (the default configuration). Many of us just make a maintenance network if we have an extra port and use it kind of as backup if the LAN port gives us a problem. And I've had to use mine when I did something that knocked out all my other ports, makes a good use of those onboard Realtek ports that a lot of us have, works good enough to get in and fix your mistake.
#23
General Discussion / Re: Problems with NRPE
Last post by iYx3Zp8Q08hrNVZCHTYt - Today at 05:11:16 PMSame problem with check_procs here (other commands work) and sudo did not help. I suspect a relation to "unbound: safe command execution changes" (from the release notes of 25.7.8)?!
#24
General Discussion / Re: Where should I put the mai...
Last post by Patrick M. Hausen - Today at 04:45:51 PMIf your home LAN is 192.168.75.0/24 then the LAN interface of OPNsense must also have an IP address in that network. Picking an address from 192.168.2.0/24 for OPNsense won't work.
#25
Hardware and Performance / Re: Suggestion for Bufferbloat...
Last post by Seimus - Today at 04:29:27 PMI would advice to run the test over a cable. If you don't have at least WiFi6 + all the BW available in the channel + no noise or overlap of the channel testing via WiFi is not advised. AS any of those 3 things can introduce you Wireless specific latency.
What you should focus on its the configuration + the (basic) tuning via BW parameter. Configuration for FQ_C as well BW tuning methodology is the the docs.
The advanced tuning is not needed mostly, and its really just if you want to deep dive and squeeze it.
Regards,
S.
Quote from: cookiemonster on Today at 03:42:31 PMAlso, rookie question but I'll ask. Do zenarmor / crowdsec interfere when running the bufferbloat tests?Not directly and not by intent. This goes around to the CPU bottleneck, if your CPU can not keep up, you will see a latency introduced by the CPU processing of the packets. For example I have ZA on N100, and there is no problem to handle 500+ throughput on WAN with shaping enabled.
Quote from: cookiemonster on Today at 03:42:31 PMAnd to clarify. Can I/should I reset as per docs on my 25.1.12 version ? Suggested testing method ?Docs are valid for any OPNsense version.
What you should focus on its the configuration + the (basic) tuning via BW parameter. Configuration for FQ_C as well BW tuning methodology is the the docs.
The advanced tuning is not needed mostly, and its really just if you want to deep dive and squeeze it.
Regards,
S.
#26
Hardware and Performance / Re: Suggestion for Bufferbloat...
Last post by cookiemonster - Today at 03:42:31 PMVery good information. Thank you @OPNethu your observation of the BW is interesting.
@Seimus very thankful to you for the advice. I'll need to digest it a bit and go back to resetting all the way as per docs BUT I am on OPN 25.1.12 and worry about upgrading to latest for what other changes it might bring, unrelated to the shaper. And yes setting the BW right seems to be the hardest part. I just tested and got an A. I am closer to the AP for the test so it seems my testing methodology is something I need to be more conscious of. And the BW measured was 151 Mbps for this A result. Makes me suspect the results a little.
Also, rookie question but I'll ask. Do zenarmor / crowdsec interfere when running the bufferbloat tests?
And to clarify. Can I/should I reset as per docs on my 25.1.12 version ? Suggested testing method ?
@Seimus very thankful to you for the advice. I'll need to digest it a bit and go back to resetting all the way as per docs BUT I am on OPN 25.1.12 and worry about upgrading to latest for what other changes it might bring, unrelated to the shaper. And yes setting the BW right seems to be the hardest part. I just tested and got an A. I am closer to the AP for the test so it seems my testing methodology is something I need to be more conscious of. And the BW measured was 151 Mbps for this A result. Makes me suspect the results a little.
Also, rookie question but I'll ask. Do zenarmor / crowdsec interfere when running the bufferbloat tests?
And to clarify. Can I/should I reset as per docs on my 25.1.12 version ? Suggested testing method ?
#27
General Discussion / Where should I put the mainten...
Last post by timlab55 - Today at 03:32:12 PMI'm sure a lot of people who are new to OpnSense would like to know this as well. For example, and again I say "for example", my home network is on 192.168.75.0/24, and my OpnSense is on 192.168.2.0/24. So where would the maintenance interface go (which ip address)?
#28
25.7, 25.10 Series / Re: 25.7.8 update, lost intern...
Last post by Patrick M. Hausen - Today at 02:17:58 PMWhy are you using artificially small networks (/27 and /28) instead of the more generic and default /24?
But anyway can the devices ping the OPNsense interface in their respective network? You also might want to check that the prefix lengths ("netmasks") on OPNsense and the managed devices match and the OPNsense interface is the default gateway for all the clients.
But anyway can the devices ping the OPNsense interface in their respective network? You also might want to check that the prefix lengths ("netmasks") on OPNsense and the managed devices match and the OPNsense interface is the default gateway for all the clients.
#29
German - Deutsch / Re: IT Security Experte Floria...
Last post by Lucas P - Today at 02:15:40 PMUm ehrlich zu sein, sieht die Seite für mich maximal unseriös aus.
Zudem wirkt es auf mich so, als würdest du da nur Werbung für machen.
Zudem wirkt es auf mich so, als würdest du da nur Werbung für machen.
#30
25.7, 25.10 Series / Re: 25.7.8 update, lost intern...
Last post by MarieSophieSG - Today at 02:12:27 PMHello Patrick,
Thank you for your msg.
As the "disable FW" didn't change anything, I removed this right away, knowing that disabling FW does disable NAT (As clearly mentioned in the app' menu) so I'm back to normal since my last post.
All three interface are distinctives, 1.LAN is 192.168.101.101/27; 3.LAN-WiFi is 192.168.102.101/24; 4.LAN is 192.168.103.101/28
i.e: 1.LAN can't access the NAS on 4.LAN, which is a problem for later.
i.e: 3.LAN-WiFi devices can't access 1.LAN, which is wanted.
The IPs of the devices which can't access through the FW are 192.168.101.103; 192.168.102.103; (and 192.168.102.108 as I noticed later)
All other settings are identical, worked perfectly fine before the update, the DNS are the same for all interfaces; the FW rules are copied from 1.LAN with "allow-all".
Thank you for your msg.
As the "disable FW" didn't change anything, I removed this right away, knowing that disabling FW does disable NAT (As clearly mentioned in the app' menu) so I'm back to normal since my last post.
All three interface are distinctives, 1.LAN is 192.168.101.101/27; 3.LAN-WiFi is 192.168.102.101/24; 4.LAN is 192.168.103.101/28
i.e: 1.LAN can't access the NAS on 4.LAN, which is a problem for later.
i.e: 3.LAN-WiFi devices can't access 1.LAN, which is wanted.
The IPs of the devices which can't access through the FW are 192.168.101.103; 192.168.102.103; (and 192.168.102.108 as I noticed later)
All other settings are identical, worked perfectly fine before the update, the DNS are the same for all interfaces; the FW rules are copied from 1.LAN with "allow-all".
