Conversation

Notices

1.  (mint@ryona.agency)'s status on Wednesday, 19-Jul-2023 00:22:15 JST 
   Getting filtered in both meaning by OPNsense. The urge to go back to OpenWRT increases.
   • Kerokeronim likes this.
   • Machismo repeated this.
   • gray (gray@ryona.agency)'s status on Wednesday, 19-Jul-2023 00:31:55 JST gray

     in reply to
     @mint I’ve kind of gotten wary of Opnsense. The fact that the forums only have like one guy from the team answering all the questions seems weird.
     
     OpenWRT is nice but I wish it was easier to install on x86.
      likes this.
   •  (mint@ryona.agency)'s status on Wednesday, 19-Jul-2023 00:33:57 JST 

     in reply to

     • gray
     @gray It's more of a community fork of pfSense, I guess most of the stuff that applies to pfSense applies to OPN as well.
     Speaking of, https://github.com/doktornotor/pfsense-still-closedsource
   • gray (gray@ryona.agency)'s status on Wednesday, 19-Jul-2023 00:49:51 JST gray

     in reply to
     @mint yeah I’ve been running pfsense for a little bit lately but I’m a bit uncomfortable with their stance on being open source.
     
     I’ve been considering going back to my OpenWRT ARM router.
      likes this.
   •  (mint@ryona.agency)'s status on Wednesday, 19-Jul-2023 01:21:55 JST 

     in reply to
     Zero packets pass from the LAN bridge to WAN. After fiddling with setting pings from router's side stopped passing through as well. Facing a bit of dilemma right now, if OpenWRT wasn't such a pain in the ass to update on x86, I would've switched to it immediately.
   •  (mint@ryona.agency)'s status on Wednesday, 19-Jul-2023 01:38:38 JST 

     in reply to

     • gray
     @gray LAN works just fine, I SSH'd into the router and tried pinging stuff from there. Reverted the config to some older version and rebooted, so back to square one. Got IPv6 working on router side, at least.
   • gray (gray@ryona.agency)'s status on Wednesday, 19-Jul-2023 01:38:39 JST gray

     in reply to
     @mint the initial problem was nothing would pass from lan to wan and now you can’t ping from the router itself?
   • gray (gray@ryona.agency)'s status on Wednesday, 19-Jul-2023 01:41:28 JST gray

     in reply to
     @mint I had so many problems with ipv6 when I first set up opnsense. Looking at the forums it looks like they’ve been having issues for a long time with it.
      likes this.
   •  (mint@ryona.agency)'s status on Wednesday, 19-Jul-2023 01:43:31 JST 

     in reply to

     • gray
     @gray Yeah, right now DHCPv6 or radvd or whatever isn't giving out the default route. If I add it manually on my PC, I can ping and access IPv6 addresses just fine, which suggests that in case with IPv4, it's some NAT-related issue.
   • gray (gray@ryona.agency)'s status on Wednesday, 19-Jul-2023 01:52:53 JST gray

     in reply to
     @mint I think radvd or their implementation of it is buggy. That’s exactly what was happening with me when I set it up. I had to either restart the WANv6 connection or reboot the router to get it working again.
      likes this.
   •  (mint@ryona.agency)'s status on Wednesday, 19-Jul-2023 03:18:53 JST 

     in reply to

     • gray
     @gray Found the issue, NAT rules were not applied at all because the firewall was sperging out at rules for the TUN adapter of my VPN (which in BSD shows up as full path, /dev/tun0 instead of just tun0). Without it all seems to work, but I'd rather find a way to fix that.
   •  (mint@ryona.agency)'s status on Wednesday, 19-Jul-2023 03:38:13 JST 

     in reply to

     • gray
     @gray It might've been enforced in older FreeBSD versions, but 13, which OPN is based on, accepts regular names just fine. tunX is "administratively disabled" in control panel for whatever reason, but changing adapter names to something else helps. I'm taming the beast, slowly but surely.
   • gray (gray@ryona.agency)'s status on Wednesday, 19-Jul-2023 05:39:37 JST gray

     in reply to
     @mint hopefully that doesn’t break with the next version since they’re moving to FreeBSD 13.2.
      likes this.
   • gray (gray@ryona.agency)'s status on Wednesday, 19-Jul-2023 05:40:00 JST gray

     in reply to
     @mint You got me back to messing with my OpenWRT router. Got it running on 23.05.0-rc2
      likes this.
   •  (mint@ryona.agency)'s status on Wednesday, 19-Jul-2023 05:47:30 JST 

     in reply to

     • gray
     @gray I've been running some rc build of 22.03 before switching routers. Now I think I've set everything up the same way it was set up on Thinkcentre. No noticeable speed increase since both routers are more than beefy enough to handle gigabit PPPoE+NAT, but I think I see less bufferbloat on dslreports.com test. I'd like to move my DNS setup from separate SBC to this new box, maybe also set up Pi-hole, but that'll have to wait another day.
   • gray (gray@ryona.agency)'s status on Wednesday, 19-Jul-2023 05:54:40 JST gray

     in reply to
     @mint Both my OpenWRT or pfsense router can more than handle my connection so I'm never sure how much any speed difference is placebo effect but OpenWRT feels a bit more responsive even when using dnsmasq on *sense.
     
     I've kind of been thinking of splitting out DNS to an SBC actually.
      likes this.
   •  (mint@ryona.agency)'s status on Wednesday, 19-Jul-2023 06:00:18 JST 

     in reply to

     • gray
     @gray Both Unbound and dnsmasq in default configuration seem to have trouble resolving non-ICANN domains. Regular domains that I overwrite queries for resolve as expected, but anything on OpenNIC or .ygg simply fails to resolve. Rather weird.
   • gray (gray@ryona.agency)'s status on Wednesday, 19-Jul-2023 06:15:25 JST gray

     in reply to
     @mint I was running bind9 as a recursive resolver on a raspberrypi for a while and I liked it better than unbound. Felt faster and was super easy to get up and running.
     
     I couldn't get unbound to respond to ipv6 queries no matter what the settings were. bind9 worked right out of the box.
      likes this.