I do use PFBLOCKERNG ip blocking for geoip restrictions and also to alias blocked websites ip to route over Singapore VPN. So I ended up installing FREEBSD version of AdGuard home and using that instead. The problem was that Unbound didn't support parralel querying for faster performance. I also tried PFBLOCKERNG for whole home adblocking. I also tried NTOPPNG and it was good for diagnosis but doing any port scanning with NTOP on will cause full utilization of CPU. I also tried load balancing (two WANs with same priority in gateway group) and it does work on certain loads such as multi connection speedtests and torrents but I felt that it can cause problems in some sites which makes connections to different IPs.Ĭurrently I'm doing whole home OVPN (rather from certain devices) and it's working amazingly well. Mulit WAN is perfectly working, I'm currently doing failover between two WANs. I tried Suricata, tbh I don't think I need it at my home and it needs regular maintenence for fixing the rules. Overall, OpenWRT seems more mature for my use cases? I mean so many issues in getting something like this working which I could get it running in OpenWRT with no such challenges. So far things are working, I am still playing with how the fail over and load balancing should work. Setting this to true fixed the problem, as it is probably BSNL not responding. Mar 22 12:56:25 mercury dhcp6c: status code for NA-0: no addresses Mar 22 12:56:19 mercury dhcp6c: status code for NA-0: no addresses Mar 22 12:56:13 mercury dhcp6c: status code for NA-0: no addresses Mar 22 12:56:06 mercury dhcp6c: status code for NA-0: no addresses Mar 22 12:56:00 mercury dhcp6c: status code for NA-0: no addresses Mar 22 12:55:54 mercury dhcp6c: status code for NA-0: no addresses Mar 22 12:55:47 mercury dhcp6c: status code for NA-0: no addresses Mar 22 12:55:41 mercury dhcp6c: status code for NA-0: no addresses Mar 22 12:55:33 mercury dhcp6c: status code for NA-0: no addresses Every 4 seconds or so the resolver was getting restarted which breaks everything as DNS fails. I searched online but couldn't find a solution that worked for me. Log entries like below were being logged repeatedly. The unbound DNS resolver kept on getting restarted. So BSNL Internet was setup on the regular VLAN interface and Kerala Vision on the bridge interface.įinally, I was able to get my WAN interfaces up, now the next problem. I anyway I found a work-around in pfSense forum ( MAC address spoofing on VLAN's and impressions from a second-try user) where you need to create bridge interface with just the VLAN interface as a member, and on the bridge interface you can spoof the mac. But the issue is, I need two different macs when talking to Kerala Vision and BSNL (as that's what is originally registered on their end and I didn't want to get it reset). I did the same config on pfSense and here they were pretty direct and mac spoofing on VLAN interfaces is not supported and must be set on the parent interface (this is the feature request Feature #1337: VLANs with different MAC address than parent interface - pfSense - pfSense bugtracker). The layout also seemed better than OPNsense. Now on pfSense, the UI is more clean and polished. The logs show PPPoE timeout and retrying. Maybe once or twice, the BSNL interface came up but got disconnected in a short time. However for BSNL and Kerala Vision, as they do mac binding, I needed to spoof the mac.īut this doesn't appear to be supported natively OPNsense, and my PPPoE interfaces never even came up. On OPNsense, the the voice interface came up fine cause it was just a static IP config and didn't need mac spoofing. Then VLANs are setup for each (1830 for BSNL Voice, 702 for BSNL Internet and 140 for Kerala Vision). The Kerala Vision and BSNL connections come over the same fiber, goes into my Huawei ONT in transparent bridge mode (well, it doesn't have any other mode ) and then into the router, on the same port. Maybe it is bit of unique or non-supported, I do not know, but the same config works on first try in OpenWRT without issues. I couldn't even get my BSNL and Kerala Vision connections up for some reason. At first I tried OPNsense, but to be honest, I didn't find it whole thing as refined or polished as pfSense. So I got the mSATA SSD module (and a keyboard ) and I was trying to set up things over the last 1-2 days. More details around the process of acquiring it is in another thread - Important - All international "Gift" packages now liable for customs duty 41.2% | Online Shopping I had recently acquired a mini pc with 4 intel NICs to be used as an x86 router / firewall.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |