subnetspider

Today I've set up two OPNsense 26.1 Firewalls in a HA configuration on a single DSL internet connection.

Failover is working, the backup OPNsense does connect the PPPoE session, and requests a IPv6 prefix via DHCPv6, but it doesn't disconnected the PPP session after the main OPNsense comes back online.

Not sure why, I've set up CARP on the igb0_vlan interface, but it's not working. I probably forgot something, needs more troubleshooting.

Still, pretty nice not needing a router in front of the OPNsense Firewalls. :)

Just tried upgrading my OPNsense from 25.7 to 26.1 - but it failed (upgrade hang with the hostwatch plugin, then the UI died because of Zenarmor getting stuck).
Luckily, I created a ZFS snapshot just before that, so a simple "zfs rollback snapshot@timestamp && reboot" and I'm back. Nothing beats the ability to "Ctrl + Z" at a filesystem level.

Today I shut down another one of my Proxmox VE VMs, after migrating the last of it's jails (NSD, Unbound, AdGuard Home, and the 2nd HAProxy carp instance) to my HP t620 thin client.

This little machine has been running my new Zabbix Server for the last 6 months.

I've also set up automated ZFS replication on my main FreeBSD server to back up all the data on it every night, so I don't have to worry about the single SSD dying anymore.

Now only NetBox (Ubuntu LXC) and the Minecraft Server (Windows Server 2022) remains on Proxmox, the former will be migrated to a VNET jail, the latter to a bhybe VM.

Let's see how long that'll take me... 🫠

Just found out (after troubleshooting for 2+ hours) that the reason why one of our customers VoIP equipment can't reach their SIP registrar's servers IP, is because of peering issues.

Funnily enough, it works fine when I route the SIP traffic over the backup 4G connection, whose ISP has direct peering with the SIP registrar.

I fully expected the Sophos XGS Firewall to be the culprit, but of course, this time it worked perfectly. Times like these feel like Sophos is gaslighting me into believing it never has problems.

But alas, this problem is for someone else to solve. 🫠

/s

Well then, the first of my 2-node DIY Sophos Firewall HA cluster nodes is now shut down...

Time to install OPNsense on it.

@nuintari@mastodon.bsd.cafe AFAIK it should not matter if you use SwitchOS or RouterOS as long as the switch chip is capable of offloading everything. Some cheaper devices used to (?) have most interfaces connected to a switch chip, and some to the CPU, which may have been the cause of the low performance.

I've tried both the hAP ax LTE6 lite and the hEX refresh (E50UG) and I didn't notive anything, but alas they're routers, not switches. 🤷‍♂️