What's new

Converting a Cisco Ironport C170 to Opnsense router

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Q9 was just noticeably slower for me.
The option Serve Expired on Unbound will give you a significant speed bust, as it will always answer the DNS query from cache and then ask Quad9 for a data refresh.

I also use Quad9 together with pfblockerNG of ad blocking.
 
I have the back end of Opensense working with my Cisco layer3 switch and I have upgraded it to the latest Opensense. Tomorrow I will plug in the WAN interface and change the default route on my Cisco L3 switch. I may try the dual port 10 gig Broadcom NIC card tomorrow as well.

Does anybody know if the Opensense will reload different NIC drivers with a reboot? Does it require a re-install?
 
Last edited:
I have the back end of Opensense working with my Cisco layer3 switch and I have upgraded it to the latest Opensense. Tomorrow I will plug in the WAN interface and change the default route on my Cisco L3 switch. I may try the dual port 10 gig Broadcom NIC card tomorrow as well.

Does anybody know if the Opensense will reload different NIC drivers with a reboot? Does it require a re-install?
Shouldn’t require a reinstall, just install the card and boot up as long as the drivers for it are there within OpnSense. However if the card is not supported you may need to compile its driver in the version of FreeBSD that your OpnSense is based on. Even then just insert the driver and reference it in the bootloader config file and restart. At least that’s what I used to do for my Intel X710-T2L Dual Port 10Gbe card in pfsense till it was supported.
 
Last edited:
The option Serve Expired on Unbound will give you a significant speed bust, as it will always answer the DNS query from cache and then ask Quad9 for a data refresh.

I also use Quad9 together with pfblockerNG of ad blocking.
I use the standard 1.1.1.1 but Cloudflare also has a malware blocking DNS variant. Pasted from their site:

Malware Blocking Only
Primary DNS: 1.1.1.2
Secondary DNS: 1.0.0.2

Malware and Adult Content
Primary DNS: 1.1.1.3
Secondary DNS: 1.0.0.3

For IPv6 use:

Malware Blocking Only
Primary DNS: 2606:4700:4700::1112
Secondary DNS: 2606:4700:4700::1002

Malware and Adult Content
Primary DNS: 2606:4700:4700::1113
Secondary DNS: 2606:4700:4700::1003
 
I have the back end of Opensense working with my Cisco layer3 switch and I have upgraded it to the latest Opensense. Tomorrow I will plug in the WAN interface and change the default route on my Cisco L3 switch. I may try the dual port 10 gig Broadcom NIC card tomorrow as well.

Does anybody know if the Opensense will reload different NIC drivers with a reboot? Does it require a re-install?
Assuming Opnsense is similar to pfsense running on FreeBSD and the drivers are in the driver package, a simple reboot should do the trick. That is what i did when installing the X550-T2 in my router. Just a reboot and the NIC ports where available in pfsense. I did find it a bit tricky changing the WAN and LAN from the GUI. Eventually, i did that via the options screen instead of the GUI.
 
Last edited:
Assuming Opnsense is similar to pfsense running on FreeBSD and the drivers are in the driver package, a simple reboot should do the trick. That is what i did when installing the X550-T2 in my router. Just a reboot and the NIC ports where available in pfsense. I did find it a bit tricky changing the WAN and LAN from the GUI. Eventually, i did that via the options screen instead of the GUI.
Yea, I use the command line so I can see what is really happening. I set IP with 30-bit mask for LAN and leave WAN at DHCP. I also set https as it is one of the items asked when you set IP addresses. As far as the command line in Opensense it looks and works the exact same as pfsense as far as I remember, you select option 2 and it sets the interfaces on the command line. I never use the GUI. I also don't use DHCP on Opensense as I use my Cisco L3 switch for DHCP and it is turned off under option 2 above. And yes, I know it doesn't make sense to turn on DHCP using a 30-bit mask. I was just throwing it out there.

I have both my RV340 router and my Opensense router online with only the RV340 router running WAN and they are in separate networks. I would think if I had a routing protocol running it would be as simple as moving the WAN link and the routing protocol would make the change automatically. I may work on it sometime in the future. I saw Opensense had this feature. I hope it works well nowadays as back in the old days when I ran pfsense people were having issues with it.

I am thinking since Opensense is on kernel 13.1 there may be drivers for my dual port Broadcom 5781 NIC. pfsense is still in the older 12 kernel with less driver support.
 
Last edited:
I am thinking since Opensense is on kernel 13.1 there may be drivers for my dual port Broadcom 5781 NIC. pfsense is still in the older 12 kernel with less driver support.
Not for long anymore. Pfsense is moving directly to 14-CURRENT soon as written HERE
 
Not for long anymore. Pfsense is moving directly to 14-CURRENT soon as written HERE
Yes, that will be a good thing. I still think it is a ways off maybe next summer. I posted it above in this thread as to it will be a reason to have 2 firewalls.

So, I am going to turn on secure boot before I go online. I have never run UEFI before on a firewall. Should I turn it off when I switch NICs? Will it matter? I could not install with it on, so I turned it off.
 
Last edited:
I am not 100% certain but i think i also have my firewall running on BIOS instead of UEFI.
 
Pretty sure I have mine in UEFI, can’t recall if I have secure boot enabled though most likely not. I’d just leave it if since it didn’t let you boot. Even if it did work, switching nics should have no effect, I would think, if the drivers are already in the OS though.
 
I am now thinking you need to have secure boot running when you install. I guess that means a UEFI install which I did not do. I am going to explore this. If anybody knows that would help.
It turns out I did not do a good job on the firewall rules as I could not get out in Opensense. I will do a standard install and study the rules better. So I have some more installs in my future and maybe I can get secure boot to work. I don't really want to run unbound so unchecked it when I installed. I just want to be able to setup regular DNS with a forwarder to QUAD9. I did not see that option. So, I think my DNS was screwed up also. I need more homework.

My biggest problem was my L3 switch corrupted. I even tried a console cable which took a while as I had to find a PC with a serial port. I don't have any of the new Cisco console USB cables and my laptop only has USB3 and lightening. I just thought I would start with a fresh reboot. So now I am trying a reset. It has 5 years of programing on it. I have to get the switch running if it will otherwise my wireless is down. What a time for this to happen.

Once you hit FreeBSD 13 you have to use UEFI so it is in your future. I am not positive about which version.
 
I am now thinking you need to have secure boot running when you install. I guess that means a UEFI install which I did not do. I am going to explore this. If anybody knows that would help.

UEFI - yes
SecureBoot - no
BIOS CSM - no

This should work for any modern Intel or AMD processor (IvyBridge or later on intel or Zen on AMD) for any of the BSD's

(good guidance for Linux as well).

SecureBoot is a windows thing...
 
I am not 100% certain but i think i also have my firewall running on BIOS instead of UEFI.

As noted above - UEFI is really recommended for newer processors - BIOS/CSM mode really limits things there - these chipsets were really built around UEFI at a hardware level...
 
As noted above - UEFI is really recommended for newer processors - BIOS/CSM mode really limits things there - these chipsets were really built around UEFI at a hardware level...

Is there any way to verify this without rebooting the server and going into the BIOS settings?
 
Is there any way to verify this without rebooting the server and going into the BIOS settings?
Nevermind. Found it: sysctl machdep.bootmethod

1670399639891.png

Seems i am still on BIOS. Might change that at the next reboot when i update from CE to plus. Can there be any harm to the installation when changing this at the next reboot?

EDIT: found out that the Supermicro X9SCM-F and the X9SCL+-F do not support UEFI so case closed for me :)
 
Last edited:
I am not 100% certain but i think i also have my firewall running on BIOS instead of UEFI.

If the disk is partitioned as GPT, it's likely UEFI...

If MBR, it's legacy bios

Could also just reach out to SuperMicro I suppose and ask them...
 
If you are MBR and want to change to GPT you need to reinstall. I have already been there.

When pfsense jumps to kernel 14 of FreeBSD you will need UEFI to install. At lease when I installed Opensense GPT and ZFS?, RAID was the only options for me. I don't remember the RAID option as I was not going to do it. So, I am thinking MBR will be gone. I am also thinking to run 10 gig most of the cards are built for UEFI.
 
Last edited:
If you are MBR and want to change to GPT you need to reinstall. I have already been there.

When pfsense jumps to kernel 14 of FreeBSD you will need UEFI to install. At lease when I installed Opensense GPT and ZFS?, RAID was the only options for me. I don't remember the RAID option as I was not going to do it. So, I am thinking MBR will be gone. I am also thinking to run 10 gig most of the cards are built for UEFI.
We will have to wait and see. My X550-T2 works fine in the current boot environment.
 
We will have to wait and see. My X550-T2 works fine in the current boot environment.
It will work fine (had one), it’s not that old of a chipset.
 
Similar threads

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top