I’ve begun testing OPNSense as a possible replacement for my production cyberoam/sophos routers. I purchased a QOTOM (read: aliexpress seller) router with 6 NIC ports. All the ethernet ports are Intel. This version comes with a Core i5, 8 GB of RAM and a 64 GB SSD. It also has a toggle for wifi/LTE modem. Adding a modem/sim card will be the last thing I test. It is needed but not a priority. I have found some modems that should work with it but I’ll wait to order it.
Instead of writing “reviews” of the hardware and software I will need to do blog posts of bits and pieces. I expect this process to take a few months. I need to be comfortable with both the software and hardware. Many of these devices are going to be remote. Obviously you always want rock-solid uptime but I also need to be able to troubleshoot them almost exclusively remotely.
While the software is obviously separate from the hardware I will have to write about both at the same time. This is my first time working with QOTOM hardware. If this works I will be using much lower strength hardware due to power requirements.
I have worked with many different routers including PFSense. OPNSense was a fork of PFSense but has gradually become it’s own animal. Now with PFsense changing some of their rules I wonder if OPNSense will take of.
I have several cyberoam and sophos routers in production. I am very experienced with dd-wrt and Asus-wrt (merlin). I also work with Sonicwall everyday with a variety of models. While my Cisco experience (and now Meraki) isn’t all smart hands I wouldn’t consider myself an expert.
Lastly, it pisses me off that the latest security issues with Sonicwall and Sophos could have been prevented. Sophos was doing something stupid with their logins while Sonicwall says to just stop using their SSL VPN software. How is one supposed to use the VPN then?! Such craziness.
I couldn’t get several Yealink phones to provision with 3CX V16. Actually, some of the issues started with V15.5. I finally revisited the issue with our recent upgrade to V16 and have finally figured it out.
These are Yealink T46S and T46G phones. The provisioning link was always to port 5000. If you change it from HTTP to HTTPS and the port 5000 to port 5001 then it works!
This was my first time seeing this error on one of my wordpress sites. Before I got this error I was seeing a NGINX error and didn’t understand why because all the other sites on this server was still up. I logged in and edited my NGINX file to use php8.0-fpm instead of php7.4-fpm. I reloaded and then went back to refresh the site. That is when I saw the error message:
There has been a critical error on this website. Please check your site admin email inbox for instructions.
I turned on debug by editing the wp-content file and turning debug to “true”. I saved it and refreshed the web page to get a message about a specific plugin. The directory was called anti-spam but I think it was Titan Security. I deleted the plugin directory and then refreshed again. That allowed me to login.
I should also mention that when you are switching PHP you also have to install the newer versions of cURL and ZIP. At least everyone should be using them in their wordpress installs. sudo apt install php8.0-curl and sudo apt install php8.0-zip.
I think this was the first time I came across this error. The error message happened when a user was trying to send a PDF attachment. Apparently Outlook locked the .ost file from some other process. The message was The email username.ost is in use and cannot be accessed.
Easily enough just go into task manager and End Task on anything that says Microsoft Outlook. Simple enough yet dumb enough error message.
I am having some Wireguard(WG) and opnsense issues. Specifically, I can make the WG connection but for whatever reason I can’t seem to do anything with the connection. That usually means that I don’t have the right firewall rules. I also think this is my issue. However, I am just not having luck. I have followed some tutorials and have tried what makes logical sense to me.
For a solution, I do not have anything productive to add. I can connect to the OPNSense with Wireguard every time but unable to connect to WAN or LAN addresses.
This was a first for me. I installed the latest UltraVNC 1.3.2 to do some testing on my desktop. I go to play a Steam game today and all it did was freeze and crash my computer. Thankfully it rebooted itself each time because the power button is basically shot but nevertheless it was disappointing to continually restart my game. Took me 3 crashes before I decided to remove what I had installed the week prior. That was the only new application.
I normally use Splashtop for my remote needs with UltraVNC only being used internally. However, I needed it to do some testing with my raspberry pi plus my internet was so awful I couldn’t even use Splashtop!
This is the first time in all the years that I have used UltraVNC that I ever had any issues. Event Viewer does list just one critical event with absolutely no useful information. I do have a few other errors but they are related to VirtualBox. Not sure why because I didn’t have VB running at the time.
In any event, apparently this version of UltraVNC server needs some more love.
I have some simple suggestions for your Qotom router. I assure you they sound obvious but that doesn’t mean they were obvious for me. One must keep in mind that you are buying a computer that you are going to turn into a router. Things like power on after power loss or just making sure you hit hit the power button to turn it on are things that are automatic on practically every router.
I admit that I wasted a lot of time with the power button. I would think the router was on because of the network link lights were flashing but nope! The router was off. A lot of time means more than once and more than an hour. This is my first suggestion. Head into the BIOS and turn on the “turn on after power loss”. I have lots of power outages where I am so it needs to be automatic for me. It would have been a deal breaker otherwise.
The serial port is standard on all business class routers. Whether it is a RS232 port or a console port like Cisco uses it is all the same. I tried using a null modem cable between my serial/console cable but that didn’t work. My console cable had a male end to it. My other serial cable also was male to male. Daisy changing them together just didn’t work.
I think its important to always have access to that serial port. You do need to enable it in OPNsense but when it comes to troubleshooting I have found it a godsend.
These suggestions are very simple and will make your router management easier.
My Amazon SES DKIM Verification was stuck in pending for far too long. I know realize that Network Solutions does things a little differently. Well, I knew they did and I hate using them but each issue is a bit different.
I was trying to get DKIM setup for Amazon SES. I copied in the CNAME records as requested. The problem is Network Solutions adds the domain name automatically to the end of the host name. I tried to do a dig but it returned nothing. By adding the domain name to the end of the host name it duplicates a part of the host name. That is maddening.
After fixing the error the DKIM finally verified. It resolved my instant spam test emails and I had a very successful campaign.