How to install and run Tailscale client on OpenWrt

2024-12-21 Guestbook

Install Tailscale package iptables-nft and tailscale from OpenWrt console:

OpenWrt - Tailscale iptables-nft

OpenWrt - Tailscale

Enable and connect Tailscale service in OpenWrt:

$ ssh -l root SenseWrt
root@SenseWrt's password: 

BusyBox v1.36.1 (2024-12-03 11:41:08 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 24.10.0-rc2, r28161-ea17e958b9
 -----------------------------------------------------
 
root@SenseWrt:~# tailscale up --netfilter-mode=off --advertise-routes=192.168.88.0/24 --accept-routes
Warning: netfilter=off; configure iptables yourself.
Warning: UDP GRO forwarding is suboptimally configured on eth1, UDP forwarding throughput capability will increase with a configuration change.
See https://tailscale.com/s/ethtool-config-udp-gro

To authenticate, visit:

	https://login.tailscale.com/a/98c452901c4ba

Success.

NOTE: 192.168.88.0/24 is the ip range of local network setup in OpenWrt.

Disable key expiry for OpenWrt machine in Tailscale console, then enable all OpenWrt clients access Tailscale network:

OpenWrt - Tailscale Machines

Now add Tailscale virtual network as a new interface in OpenWrt:

OpenWrt - Tailscale Network Interface

Create firewall for Tailscale virtual network interface in OpenWrt:

OpenWrt - Tailscale Firewall

Configure firewall for Tailscale virtual network interface in OpenWrt:

OpenWrt - Tailscale Firewall General Settings

NOTE: opt network is for the downstream DHCP clients.

References

韩风 Talk - Tailscale 玩法之内网穿透、异地组网、全隧道模式、纯 IP 的双栈 DERP 搭建、Headscale 协调服务器搭建，用一期搞定，看一看不亏吧？https://www.youtube.com/watch?v=mgDpJX3oNvI

How to install and run ZeroTier client on OpenWrt

2024-12-21 Guestbook

Install ZeroTier package zerotier from OpenWrt console:

OpenWrt - ZeroTier

Enable ZeroTier service in OpenWrt:

$ ssh -l root SenseWrt
root@SenseWrt's password: 

BusyBox v1.36.1 (2024-12-03 11:41:08 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 24.10.0-rc2, r28161-ea17e958b9
 -----------------------------------------------------

root@SenseWrt:~# cat /etc/config/zerotier 

config zerotier 'global'
	# Sets whether ZeroTier is enabled or not
	option enabled 1
	# Sets the ZeroTier listening port (default 9993; set to 0 for random)
	#option port '9993'
	# Client secret (leave blank to generate a secret on first run)
	option secret ''
	# Path of the optional file local.conf (see documentation at
	# https://docs.zerotier.com/config#local-configuration-options)
	#option local_conf_path '/etc/zerotier.conf'
	# Persistent configuration directory (to perform other configurations such
	# as controller mode or moons, etc.)
	#option config_path '/etc/zerotier'
	# Copy the contents of the persistent configuration directory to memory
	# instead of linking it, this avoids writing to flash
	#option copy_config_path '1'

# Network configuration, you can have as many configurations as networks you
# want to join (the network name is optional)
config network 'earth'
	# Identifier of the network you wish to join
	option id '8ca917257083e297'
	# Network configuration parameters (all are optional, if not indicated the
	# default values are set, see documentation at
	# https://docs.zerotier.com/config/#network-specific-configuration)
	option allow_managed '1'
	option allow_global '0'
	option allow_default '0'
	option allow_dns '0'

# Example of a second network (unnamed as it is optional)
#config network
#	option id '1234567890123456'
#	option allow_managed '1'
#	option allow_global '0'
#	option allow_default '0'
#	option allow_dns '0'

Restart ZeroTier service:

1 2	$ root@SenseWrt:~# /etc/init.d/zerotier restart Generating secret - please wait... done.

Verify ZeroTier client status, which ztks555nye is the virtual network interface created on OpenWrt:

1
2
3

root@SenseWrt:~# zerotier-cli listnetworks
200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips>
200 listnetworks 8ca917257083e297 igloo.studio 9a:09:7b:41:3d:26 OK PRIVATE ztks555nye 192.168.196.176/24

Enable and authorise the new ZeroTier client OpenWrt in https://my.zerotier.com/.

Now add ZeroTier virtual network as a new interface in OpenWrt:

OpenWrt - ZeroTier Network Interface

Create firewall for ZeroTier virtual network interface in OpenWrt:

OpenWrt - ZeroTier Firewall

Configure firewall for ZeroTier virtual network interface in OpenWrt:

OpenWrt - ZeroTier Firewall General Settings

NOTE: opt network is for the downstream DHCP clients.

Add Allow-ZeroTier firewall rule:

OpenWrt - ZeroTier Firewall Rule

Restart ZeroTier service again:

1 2	$ root@SenseWrt:~# /etc/init.d/zerotier restart Generating secret - please wait... done.

Then all OpenWrt clients can access ZeroTier network now.

References

韩风 Talk - 内网穿透工具 ZeroTier，从简单到复杂的玩法，无保留，一期全放送 https://www.youtube.com/watch?v=pa0tkch3lss
ZeroTier Terminology - Planet server, Moon server and client node (LEAF) https://www.wlink-tech.com/art/about-zerotier

Connecting OpenWRT to internet

2024-12-05 Guestbook

OpenWRT is running on Proxmox. Now setting up it to connect internet.

Add new network interface OPT on eth2 adapter:

OpenWRT - OPT Interface

OpenWRT - OPT Advanced Settings

OpenWRT - OPT Firewall Settings

OpenWRT - OPT DHCP Server General Setup

OpenWRT - OPT DHCP Server Advanced Settings

OpenWRT - OPT DHCP Server IPv6 Settings

OpenWRT - OPT DHCP Server IPv6 RA Settings

OpenWRT - OPT

Add a new Firewall Zone, from network opt to wan:

OpenWRT - Firewall Zone General Settings

OpenWRT - Firewall Zone Advanced Settings

OpenWRT - Firewall Zone Conntrack Settings

OpenWRT - Firewall Zone

Add a new Firewall Traffic Rule for network opt:

OpenWRT - Firewall Traffic Rule General Settings

OpenWRT - Firewall Traffic Rule Advanced Settings

OpenWRT - Firewall Traffic Rule Time Restrictions

OpenWRT - Firewall Traffic Rule

Setup DHCP clients’ static IP addresses:

$ ssh -l root 192.168.2.1
root@192.168.2.1's password:

BusyBox v1.36.1 (2024-09-23 12:34:46 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 23.05.5, r24106-10cc5fcd00
 -----------------------------------------------------

root@OpenWRT:~# cat /etc/config/dhcp
config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/local/'
	option domain 'local'
	option expandhosts '1'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
...
config host
	option name 'TL-SX3016F'
	option ip '192.168.2.100'
	option mac '3C:52:A1:47:23:5D'

config host
	option name 'MikroTik'
	option ip '192.168.2.110'
	option mac '78:9A:18:D0:20:ED'

config domain
	option name 'TL-SX3016F'
	option ip '192.168.2.100'

config domain
	option name 'MikroTik'
	option ip '192.168.2.110'

OpenWRT - DHCP and DNS

Running OpenWRT on Proxmox

2024-12-03 Guestbook

Create OpenWRT VM in Proxmox

OpenWRT - VM General

OpenWRT - VM OS

OpenWRT - VM System

OpenWRT - VM Disks

OpenWRT - VM CPU

OpenWRT - VM Memory

OpenWRT - VM Network

This is the LAN, and Firewall is DISABLED.

OpenWRT - VM Confirm

Add WAN into VM, and Firewall is DISABLED.

Detach and delete current Hard Disk.

From Proxmox Console, download the latest OpenWRT image:

root@sense:~# wget https://downloads.openwrt.org/releases/23.05.5/targets/x86/64/openwrt-23.05.5-x86-64-generic-ext4-combined.img.gz
--2024-12-03 12:20:33--  https://downloads.openwrt.org/releases/23.05.5/targets/x86/64/openwrt-23.05.5-x86-64-generic-ext4-combined.img.gz
Resolving downloads.openwrt.org (downloads.openwrt.org)... 2a04:4e42:13::644, 151.101.82.132
Connecting to downloads.openwrt.org (downloads.openwrt.org)|2a04:4e42:13::644|:443... failed: No route to host.
Connecting to downloads.openwrt.org (downloads.openwrt.org)|151.101.82.132|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 11352149 (11M) [application/octet-stream]
Saving to: ‘openwrt-23.05.5-x86-64-generic-ext4-combined.img.gz’

openwrt-23.05.5-x86-64-generic-ext4-combined.img.gz  100%[===================================================>]  10.83M  --.-KB/s  in 0.1s

Create disk image for VM:

root@sense:~# gunzip openwrt-23.05.5-x86-64-generic-ext4-combined.img.gz

root@sense:~# mv openwrt-23.05.5-x86-64-generic-ext4-combined.img openwrt.raw

# increase the raw disk
root@sense:~# qemu-img resize -f raw ./openwrt.raw 1024M
Image resized.

Convert OpenWRT image to VM disk:

# import the raw disk to OpenWRT VM
root@sense:~# qm importdisk 104 openwrt.raw local-lvm
Use of uninitialized value $dev in hash element at /usr/share/perl5/PVE/QemuServer/Drive.pm line 555.
importing disk 'openwrt.raw' to VM 104 ...
  Logical volume "vm-104-disk-0" created.
transferred 0.0 B of 1.0 GiB (0.00%)
...
transferred 1.0 GiB of 1.0 GiB (100.00%)
unused0: successfully imported disk 'local-lvm:vm-104-disk-0'

Double click the Unused Disk, then click the Add button:

OpenWRT - VM Unused Disk

OpenWRT - VM Hardware

OpenWRT - VM Boot Order

Configure OpenWRT

Start up VM; change the user root password; set LAN ip address temporarily to 192.168.2.3 (Default: 192.168.1.1):

OpenWRT - Console

OpenWRT - Login

OpenWRT - Dashboard

Themes

SSH login:

$ ssh -l root 192.168.2.3
The authenticity of host '192.168.2.3 (192.168.2.3)' can't be established.
ED25519 key fingerprint is SHA256:AggWAL1oU8+r1f84KoqpvcsYUylZOTfN0sXwHSby3b0.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.2.3' (ED25519) to the list of known hosts.
root@192.168.2.3's password: 
  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 23.05.5, r24106-10cc5fcd00
 -----------------------------------------------------

BusyBox v1.36.1 (2024-09-23 12:34:46 UTC) built-in shell (ash)

OpenWRT packages configuration:

root@OpenWrt:~# ls -al /etc/opkg
drwxr-xr-x    3 root     root          4096 Dec  6 02:46 .
drwxr-xr-x   23 root     root          4096 Dec  6 02:41 ..
-rw-r--r--    1 root     root           103 Sep 23 12:34 customfeeds.conf
-rw-r--r--    1 root     root           555 Dec  6 02:46 distfeeds.conf
drwxr-xr-x    2 root     root          4096 Sep 23 12:34 keys

root@OpenWrt:~# ls -al /var/opkg-lists/
drwxr-xr-x    2 root     root           320 Dec  6 03:15 .
drwxrwxrwt   17 root     root           440 Dec  6 03:15 ..
-rw-r--r--    1 root     root         72705 Dec  6 03:15 openwrt_base
-rw-r--r--    1 root     root           142 Dec  6 03:15 openwrt_base.sig
-rw-r--r--    1 root     root         10039 Dec  6 03:15 openwrt_core
-rw-r--r--    1 root     root           142 Dec  6 03:15 openwrt_core.sig
-rw-r--r--    1 root     root        100416 Dec  6 03:15 openwrt_kmods
-rw-r--r--    1 root     root           142 Dec  6 03:15 openwrt_kmods.sig
-rw-r--r--    1 root     root        197242 Dec  6 03:15 openwrt_luci
-rw-r--r--    1 root     root           142 Dec  6 03:15 openwrt_luci.sig
-rw-r--r--    1 root     root        516243 Dec  6 03:15 openwrt_packages
-rw-r--r--    1 root     root           142 Dec  6 03:15 openwrt_packages.sig
-rw-r--r--    1 root     root          9918 Dec  6 03:15 openwrt_routing
-rw-r--r--    1 root     root           142 Dec  6 03:15 openwrt_routing.sig
-rw-r--r--    1 root     root         58240 Dec  6 03:15 openwrt_telephony
-rw-r--r--    1 root     root           142 Dec  6 03:15 openwrt_telephony.sig

There is some issue with IPv6 support in OpenWRT when download update. Errors thrown when wan connected to a IPv6 router:

root@OpenWrt:~# opkg update
Downloading https://downloads.openwrt.org/releases/23.05.5/targets/x86/64/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/23.05.5/targets/x86/64/packages/Packages.gz
...
Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/telephony/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/telephony/Packages.gz

Collected errors:
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/23.05.5/targets/x86/64/packages/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.
...
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/telephony/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

Turn off IPv6 on router to workaround.

root@OpenWRT:~# opkg update
Downloading https://downloads.openwrt.org/releases/23.05.5/targets/x86/64/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading https://downloads.openwrt.org/releases/23.05.5/targets/x86/64/packages/Packages.sig
Signature check passed.
...
Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_telephony
Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/telephony/Packages.sig
Signature check passed.

Install OpenWRT2020 Theme https://openwrt.org/docs/guide-user/luci/luci.themes:

root@OpenWRT:~# opkg install luci-theme-openwrt-2020
Installing luci-theme-openwrt-2020 (git-24.332.79522-a493155) to root...
Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/luci/luci-theme-openwrt-2020_git-24.332.79522-a493155_all.ipk
Configuring luci-theme-openwrt-2020.

Install Argon Theme https://github.com/jerrykuku/luci-theme-argon:

root@OpenWRT:~# opkg install luci-compat
Installing luci-compat (git-24.332.79522-a493155) to root...
Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/luci/luci-compat_git-24.332.79522-a493155_all.ipk
Installing liblua5.1.5 (5.1.5-11) to root...
Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/base/liblua5.1.5_5.1.5-11_x86_64.ipk
Installing lua (5.1.5-11) to root...
Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/base/lua_5.1.5-11_x86_64.ipk
Installing luci-lib-nixio (git-24.332.79522-a493155) to root...
Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/luci/luci-lib-nixio_git-24.332.79522-a493155_x86_64.ipk
Installing luci-lib-ip (git-24.332.79522-a493155) to root...
Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/luci/luci-lib-ip_git-24.332.79522-a493155_x86_64.ipk
Installing luci-lib-jsonc (git-24.332.79522-a493155) to root...
Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/luci/luci-lib-jsonc_git-24.332.79522-a493155_x86_64.ipk
Installing liblucihttp-lua (2023-03-15-9b5b683f-1) to root...
Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/luci/liblucihttp-lua_2023-03-15-9b5b683f-1_x86_64.ipk
Installing luci-lib-base (git-24.332.79522-a493155) to root...
Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/luci/luci-lib-base_git-24.332.79522-a493155_all.ipk
Installing libubus-lua (2023-06-05-f787c97b-1) to root...
Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/base/libubus-lua_2023-06-05-f787c97b-1_x86_64.ipk
Installing ucode-mod-lua (1) to root...
Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/luci/ucode-mod-lua_1_x86_64.ipk
Installing luci-lua-runtime (git-24.332.79522-a493155) to root...
Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/luci/luci-lua-runtime_git-24.332.79522-a493155_x86_64.ipk
Configuring liblua5.1.5.
Configuring lua.
Configuring luci-lib-nixio.
Configuring luci-lib-ip.
Configuring luci-lib-jsonc.
Configuring liblucihttp-lua.
Configuring luci-lib-base.
Configuring libubus-lua.
Configuring ucode-mod-lua.
Configuring luci-lua-runtime.
Configuring luci-compat.

root@OpenWRT:~# opkg install luci-lib-ipkg
Installing luci-lib-ipkg (git-24.332.79522-a493155) to root...
Downloading https://downloads.openwrt.org/releases/23.05.5/packages/x86_64/luci/luci-lib-ipkg_git-24.332.79522-a493155_all.ipk
Configuring luci-lib-ipkg.

root@OpenWRT:~# wget --no-check-certificate -O luci-theme-argon.ipk https://github.com/jerrykuku/luci-theme-argon/releases/download/v2.3.1/luci-theme-argon_2.3.1_all.ipk
root@OpenWRT:~# wget --no-check-certificate -O luci-app-argon-config.ipk https://github.com/jerrykuku/luci-app-argon-config/releases/download/v0.9/luci-app-argon-config_0.9_all.ipk

There are ERRORS:

//usr/lib/opkg/info/luci-theme-argon.postinst: .: line 2: can’t open ‘/etc/uci-defaults/30_luci-theme-argon’: No such file or directory
//usr/lib/opkg/info/luci-app-argon-config.postinst: .: line 2: can’t open ‘/etc/uci-defaults/luci-argon-config’: No such file or directory

thrown when try to install these packages.

A workaround solution is modify /lib/functions.sh file, replace line: 282:

1	( [ -f "$i" ] && cd "$(dirname $i)" && . "$i" ) && rm -f "$i"

with:

1	( [ -f "$i" ] && cd "$(dirname $i)" && . "$i" ) && echo

temporarily. Then run installation:

root@OpenWRT:~# opkg install luci-theme-argon.ipk 
Installing luci-theme-argon (2.3.1) to root...
Configuring luci-theme-argon.

root@OpenWRT:~# opkg install luci-app-argon-config.ipk 
Installing luci-app-argon-config (0.9) to root...
Configuring luci-app-argon-config.

Upgrade

To upgrade all of the OpenWRT packages:

1	root@OpenWRT:~# opkg list-upgradable \| cut -f 1 -d ' ' \| xargs -r opkg upgrade

References

Run an OpenWRT VM on Proxmox VE, https://i12bretro.github.io/tutorials/0405.html
My Mobile HomeLab! (Travel Router with Proxmox, Docker, and OpenWRT), https://technotim.live/posts/mobile-homelab/

Fixing Multimedia Audio Controller driver missing issue in Windows 11

2024-11-25 Guestbook

Error thrown while missing Multimedia Audio Driver driver in Device Manager in Windows 11:

Windows - Multimedia Audio Controller

when runs on an Intel i3 N305 Mini PC https://www.aliexpress.com/item/1005007278560105.html

Intel Network - Mini PC

Need this handy tool to find all the missing parts:

Windows - Driver Identifier

Driver Identifier, a digital assistant for your system’s hardware, can scan the device, identifies outdated or missing drivers, and provides a customized list of updates for your specific hardware:

Windows - Drivers

References

DriverIdentifier is a powerful tool that takes the hassle out of managing and updating drivers on your computer, https://www.driveridentifier.com/

Setting up DNS Server in OPNsense

2024-11-21 Guestbook

Want to access Homelab network switches’ web based administrator interface in a user friendly way, i.e., access via http://TL-SX3016F.local/, http://TL-SX3008F.local/ and http://MikroTik.local/.

In TP-Link Deco, which is the main Homelab network backbone, also provides DHCP service, firstly is to reserve IP addresses for these switches:

DNS - TP-Link Deco Reservation

Then setup entries in OPNsense Unbound DNS server:

DNS - Host Overrides

Then lookup a host on local network:

$ cat /etc/resolv.conf
#
# macOS Notice
#
# This file is not consulted for DNS hostname resolution, address
# resolution, or the DNS query routing mechanism used by most
# processes on this system.
#
# To view the DNS configuration used by this system, use:
#   scutil --dns
#
# SEE ALSO
#   dns-sd(1), scutil(8)
#
# This file is automatically generated.
#
search local
nameserver 2403:5802:8c44:3:be24:11ff:fe21:3ce0
nameserver 192.168.68.1

$ nslookup MikroTik.local
Server:		2403:5802:8c44:3:be24:11ff:fe21:3ce0
Address:	2403:5802:8c44:3:be24:11ff:fe21:3ce0#53

Name:	MikroTik.local
Address: 192.168.68.54

Enable SR-IOV in Intel 82599ES 10Gbps Ethernet Controller

2024-11-08 Guestbook

Intel® 82599ES 10Gbps Ethernet Controller https://ark.intel.com/content/www/us/en/ark/products/41282/intel-82599es-10-gigabit-ethernet-controller.html supports SR-IOV, which is Intel® Virtualization Technology for Connectivity (VT-c) solution.

NOTE: Intel VT Virtualization Features

VT-x, Intel Virtualization Technology for IA-32 and Intel 64 Processors
VT-d, Intel Virtualization Technology for Directed I/O
VT-c, Intel Virtualization Technology for Connectivity

The following step by step instructions is made in Proxmox.

Intel i3 N305 Mini PC https://www.aliexpress.com/item/1005007278560105.html

Intel Network - Mini PC

equips with two 10G SFP+ (Intel 82599ES) and two 2.5G (Intel i226-V) network cards:

root@sense:~# lspci -v 
...
01:00.0 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01)
        Flags: bus master, fast devsel, latency 0, IRQ 16, IOMMU group 12
        Memory at 80a20000 (64-bit, non-prefetchable) [size=128K]
        I/O ports at 3020 [disabled] [size=32]
        Memory at 80a44000 (64-bit, non-prefetchable) [size=16K]
        Capabilities: [40] Power Management version 3
        Capabilities: [50] MSI: Enable- Count=1/1 Maskable+ 64bit+
        Capabilities: [70] MSI-X: Enable+ Count=64 Masked-
        Capabilities: [a0] Express Endpoint, MSI 00
        Capabilities: [e0] Vital Product Data
        Capabilities: [100] Advanced Error Reporting
        Capabilities: [140] Device Serial Number a8-b8-e0-ff-ff-05-96-4d
        Capabilities: [150] Alternative Routing-ID Interpretation (ARI)
        Capabilities: [160] Single Root I/O Virtualization (SR-IOV)
        Kernel driver in use: ixgbe
        Kernel modules: ixgbe

01:00.1 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01)
        Flags: bus master, fast devsel, latency 0, IRQ 17, IOMMU group 13
        Memory at 80a00000 (64-bit, non-prefetchable) [size=128K]
        I/O ports at 3000 [disabled] [size=32]
        Memory at 80a40000 (64-bit, non-prefetchable) [size=16K]
        Capabilities: [40] Power Management version 3
        Capabilities: [50] MSI: Enable- Count=1/1 Maskable+ 64bit+
        Capabilities: [70] MSI-X: Enable+ Count=64 Masked-
        Capabilities: [a0] Express Endpoint, MSI 00
        Capabilities: [e0] Vital Product Data
        Capabilities: [100] Advanced Error Reporting
        Capabilities: [140] Device Serial Number a8-b8-e0-ff-ff-05-96-4d
        Capabilities: [150] Alternative Routing-ID Interpretation (ARI)
        Capabilities: [160] Single Root I/O Virtualization (SR-IOV)
        Kernel driver in use: ixgbe
        Kernel modules: ixgbe

01:10.0 Ethernet controller: Intel Corporation 82599 Ethernet Controller Virtual Function (rev 01)
        Flags: bus master, fast devsel, latency 0, IOMMU group 18
        Memory at 4017000000 (64-bit, prefetchable) [virtual] [size=16K]
        Memory at 4017100000 (64-bit, prefetchable) [virtual] [size=16K]
        Capabilities: [70] MSI-X: Enable+ Count=3 Masked-
        Capabilities: [a0] Express Endpoint, MSI 00
        Capabilities: [100] Advanced Error Reporting
        Capabilities: [150] Alternative Routing-ID Interpretation (ARI)
        Kernel driver in use: vfio-pci
        Kernel modules: ixgbevf

...

02:00.0 Ethernet controller: Intel Corporation Ethernet Controller I226-V (rev 04)
        Subsystem: Intel Corporation Ethernet Controller I226-V
        Flags: bus master, fast devsel, latency 0, IRQ 18, IOMMU group 14
        Memory at 80600000 (32-bit, non-prefetchable) [size=1M]
        Memory at 80700000 (32-bit, non-prefetchable) [size=16K]
        Capabilities: [40] Power Management version 3
        Capabilities: [50] MSI: Enable- Count=1/1 Maskable+ 64bit+
        Capabilities: [70] MSI-X: Enable+ Count=5 Masked-
        Capabilities: [a0] Express Endpoint, MSI 00
        Capabilities: [100] Advanced Error Reporting
        Capabilities: [140] Device Serial Number a8-b8-e0-ff-ff-05-96-4f
        Capabilities: [1c0] Latency Tolerance Reporting
        Capabilities: [1f0] Precision Time Measurement
        Capabilities: [1e0] L1 PM Substates
        Kernel driver in use: igc
        Kernel modules: igc

03:00.0 Ethernet controller: Intel Corporation Ethernet Controller I226-V (rev 04)
        Subsystem: Intel Corporation Ethernet Controller I226-V
        Flags: bus master, fast devsel, latency 0, IRQ 16, IOMMU group 15
        Memory at 80400000 (32-bit, non-prefetchable) [size=1M]
        Memory at 80500000 (32-bit, non-prefetchable) [size=16K]
        Capabilities: [40] Power Management version 3
        Capabilities: [50] MSI: Enable- Count=1/1 Maskable+ 64bit+
        Capabilities: [70] MSI-X: Enable+ Count=5 Masked-
        Capabilities: [a0] Express Endpoint, MSI 00
        Capabilities: [100] Advanced Error Reporting
        Capabilities: [140] Device Serial Number a8-b8-e0-ff-ff-05-96-50
        Capabilities: [1c0] Latency Tolerance Reporting
        Capabilities: [1f0] Precision Time Measurement
        Capabilities: [1e0] L1 PM Substates
        Kernel driver in use: igc
        Kernel modules: igc

04:00.0 Network controller: Intel Corporation Wi-Fi 7(802.11be) AX1775*/AX1790*/BE20*/BE401/BE1750* 2x2 (rev 1a)
        Subsystem: Intel Corporation Wi-Fi 7(802.11be) AX1775*/AX1790*/BE20*/BE401/BE1750* 2x2 (BE200 320MHz [Gale Peak])
        Flags: bus master, fast devsel, latency 0, IRQ 17, IOMMU group 16
        Memory at 80900000 (64-bit, non-prefetchable) [size=16K]
        Capabilities: [40] Power Management version 3
        Capabilities: [50] MSI: Enable- Count=1/1 Maskable- 64bit+
        Capabilities: [70] Express Endpoint, MSI 00
        Capabilities: [b0] MSI-X: Enable+ Count=32 Masked-
        Capabilities: [100] Advanced Error Reporting
        Capabilities: [148] Secondary PCI Express
        Capabilities: [158] Physical Layer 16.0 GT/s <?>
        Capabilities: [17c] Lane Margining at the Receiver <?>
        Capabilities: [188] Latency Tolerance Reporting
        Capabilities: [190] L1 PM Substates
        Capabilities: [1a0] Vendor Specific Information: ID=0002 Rev=4 Len=100 <?>
        Capabilities: [2a0] Data Link Feature <?>
        Capabilities: [2ac] Precision Time Measurement
        Capabilities: [2b8] Vendor Specific Information: ID=0003 Rev=1 Len=054 <?>
        Capabilities: [500] Vendor Specific Information: ID=0023 Rev=1 Len=010 <?>
        Kernel driver in use: iwlwifi
        Kernel modules: iwlwifi
...

root@sense:~# ip a
...
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr2 state UP group default qlen 1000
    link/ether a8:b8:e0:05:96:4f brd ff:ff:ff:ff:ff:ff
3: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr3 state UP group default qlen 1000
    link/ether a8:b8:e0:05:96:50 brd ff:ff:ff:ff:ff:ff
4: enp1s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
    link/ether a8:b8:e0:05:96:4d brd ff:ff:ff:ff:ff:ff
5: enp1s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq master vmbr1 state DOWN group default qlen 1000
    link/ether a8:b8:e0:05:96:4e brd ff:ff:ff:ff:ff:ff
7: enp1s0f0v1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 7a:de:19:c7:c2:ce brd ff:ff:ff:ff:ff:ff    
...
22: wlp4s0f0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether e0:8f:4c:b2:58:95 brd ff:ff:ff:ff:ff:ff

Verify Intel 82599ES network card status:

root@sense:~# ethtool enp1s0f0
Settings for enp1s0f0:
        Supported ports: [ FIBRE ]
        Supported link modes:   10000baseT/Full
        Supported pause frame use: Symmetric
        Supports auto-negotiation: No
        Supported FEC modes: Not reported
        Advertised link modes:  10000baseT/Full
        Advertised pause frame use: Symmetric
        Advertised auto-negotiation: No
        Advertised FEC modes: Not reported
        Speed: 10000Mb/s
        Duplex: Full
        Auto-negotiation: off
        Port: FIBRE
        PHYAD: 0
        Transceiver: internal
        Supports Wake-on: d
        Wake-on: d
        Current message level: 0x00000007 (7)
                               drv probe link
        Link detected: yes

root@sense:~# ethtool -i enp1s0f0
driver: ixgbe
version: 6.8.12-2-pve
firmware-version: 0x800003de
expansion-rom-version: 
bus-info: 0000:01:00.0
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes
supports-priv-flags: yes

Enable IOMMU in Proxmox:

1 2	root@sense:~# cat /etc/default/grub \| grep GRUB_CMDLINE_LINUX_DEFAULT GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on iommu=pt"

IOMMU PT mode improves the performance of other PCIe devices in the system when passthrough is being used.

Update GRUB:

root@sense:~# update-grub
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-6.8.12-2-pve
Found initrd image: /boot/initrd.img-6.8.12-2-pve
Found linux image: /boot/vmlinuz-6.8.4-2-pve
Found initrd image: /boot/initrd.img-6.8.4-2-pve
Found memtest86+ 64bit EFI image: /boot/memtest86+x64.efi
Adding boot menu entry for UEFI Firmware Settings ...
done

Reboot Proxmox and verify IOMMU is enabled:

root@sense:~# dmesg | grep -i IOMMU
[    0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-6.8.12-2-pve root=/dev/mapper/pve-root ro quiet intel_iommu=on iommu=pt
[    0.053988] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-6.8.12-2-pve root=/dev/mapper/pve-root ro quiet intel_iommu=on iommu=pt
[    0.054043] DMAR: IOMMU enabled
[    0.145258] DMAR-IR: IOAPIC id 2 under DRHD base  0xfed91000 IOMMU 1
[    0.403235] pci 0000:00:02.0: DMAR: Skip IOMMU disabling for graphics
[    0.440538] iommu: Default domain type: Translated
[    0.440538] iommu: DMA domain TLB invalidation policy: lazy mode
[    0.483908] DMAR: IOMMU feature fl1gp_support inconsistent
[    0.483909] DMAR: IOMMU feature pgsel_inv inconsistent
[    0.483910] DMAR: IOMMU feature nwfs inconsistent
[    0.483911] DMAR: IOMMU feature dit inconsistent
[    0.483912] DMAR: IOMMU feature sc_support inconsistent
[    0.483912] DMAR: IOMMU feature dev_iotlb_support inconsistent
[    0.493686] pci 0000:00:02.0: Adding to iommu group 0
[    0.493726] pci 0000:00:00.0: Adding to iommu group 1
[    0.493739] pci 0000:00:0d.0: Adding to iommu group 2
[    0.493764] pci 0000:00:14.0: Adding to iommu group 3
[    0.493774] pci 0000:00:14.2: Adding to iommu group 3
[    0.493786] pci 0000:00:16.0: Adding to iommu group 4
[    0.493793] pci 0000:00:17.0: Adding to iommu group 5
[    0.493806] pci 0000:00:1c.0: Adding to iommu group 6
[    0.493820] pci 0000:00:1c.6: Adding to iommu group 7
[    0.493831] pci 0000:00:1d.0: Adding to iommu group 8
[    0.493842] pci 0000:00:1d.1: Adding to iommu group 9
[    0.493859] pci 0000:00:1d.3: Adding to iommu group 10
[    0.493878] pci 0000:00:1f.0: Adding to iommu group 11
[    0.493886] pci 0000:00:1f.3: Adding to iommu group 11
[    0.493895] pci 0000:00:1f.4: Adding to iommu group 11
[    0.493903] pci 0000:00:1f.5: Adding to iommu group 11
[    0.493918] pci 0000:01:00.0: Adding to iommu group 12
[    0.493934] pci 0000:01:00.1: Adding to iommu group 13
[    0.493945] pci 0000:02:00.0: Adding to iommu group 14
[    0.493956] pci 0000:03:00.0: Adding to iommu group 15
[    0.493982] pci 0000:04:00.0: Adding to iommu group 16
[    0.493993] pci 0000:05:00.0: Adding to iommu group 17
[    3.684070] pci 0000:01:10.1: Adding to iommu group 18
[    3.684303] pci 0000:01:10.3: Adding to iommu group 19
[    3.684501] pci 0000:01:10.5: Adding to iommu group 20
[    3.684685] pci 0000:01:10.7: Adding to iommu group 21
[    3.684885] pci 0000:01:11.1: Adding to iommu group 22
[    3.685096] pci 0000:01:11.3: Adding to iommu group 23
[    3.685296] pci 0000:01:11.5: Adding to iommu group 24
[    3.685473] pci 0000:01:11.7: Adding to iommu group 25
[    3.755233] pci 0000:01:10.0: Adding to iommu group 26
[    3.755462] pci 0000:01:10.2: Adding to iommu group 27
[    3.755761] pci 0000:01:10.4: Adding to iommu group 28
[    3.755939] pci 0000:01:10.6: Adding to iommu group 29
[    3.756107] pci 0000:01:11.0: Adding to iommu group 30
[    3.756276] pci 0000:01:11.2: Adding to iommu group 31
[    3.756444] pci 0000:01:11.4: Adding to iommu group 32
[    3.756628] pci 0000:01:11.6: Adding to iommu group 33

ATTENTION: IOMMU Group not order by PCI BUS IDs

This is an ISSUE CAN’T setup PCI Device Resource Mappings, because of errors, e.g., “Configuration for iommugroup not correct (‘21’ != ‘’27)” thrown, sometime, after Proxmox reboot!

Work around solution is go to Resource Mappings in Proxmox, edit, make no change and save:

Intel Network - Resource Mappings

Filter out network card udev information, e.g., enp1s0f1:

root@sense:~# udevadm info -e 
...
P: /devices/pci0000:00/0000:00:1c.0/0000:01:00.1/net/enp1s0f1
M: enp1s0f1
R: 1
U: net
I: 5
E: DEVPATH=/devices/pci0000:00/0000:00:1c.0/0000:01:00.1/net/enp1s0f1
E: SUBSYSTEM=net
E: INTERFACE=enp1s0f1
E: IFINDEX=5
E: USEC_INITIALIZED=2364228
E: ID_NET_NAMING_SCHEME=v252
E: ID_NET_NAME_MAC=enxa8b8e005964e
E: ID_OUI_FROM_DATABASE=Changwang Technology inc.
E: ID_NET_NAME_PATH=enp1s0f1
E: ID_BUS=pci
E: ID_VENDOR_ID=0x8086
E: ID_MODEL_ID=0x10fb
E: ID_PCI_CLASS_FROM_DATABASE=Network controller
E: ID_PCI_SUBCLASS_FROM_DATABASE=Ethernet controller
E: ID_VENDOR_FROM_DATABASE=Intel Corporation
E: ID_MODEL_FROM_DATABASE=82599ES 10-Gigabit SFI/SFP+ Network Connection
E: ID_PATH=pci-0000:01:00.1
E: ID_PATH_TAG=pci-0000_01_00_1
E: ID_NET_DRIVER=ixgbe
E: ID_NET_LINK_FILE=/usr/lib/systemd/network/99-default.link
E: ID_NET_NAME=enp1s0f1
E: SYSTEMD_ALIAS=/sys/subsystem/net/devices/enp1s0f1
E: TAGS=:systemd:
E: CURRENT_TAGS=:systemd:

P: /devices/pci0000:00/0000:00:1c.0/0000:01:00.1/net/enp1s0f1/ixgbe-mdio-0000:01:00.1
M: ixgbe-mdio-0000:01:00.1
R: 1
U: mdio_bus
E: DEVPATH=/devices/pci0000:00/0000:00:1c.0/0000:01:00.1/net/enp1s0f1/ixgbe-mdio-0000:01:00.1
E: SUBSYSTEM=mdio_bus
...

Important information like: SUBSYSTEM=net, INTERFACE=enp1s0f1, ID_NET_DRIVER=ixgbe, ID_NET_NAME=enp1s0f1 …

Assign 8 Virtual Network Cards:

1 2	root@sense:~# echo 8 > /sys/class/net/enp1s0f0/device/sriov_numvfs root@sense:~# echo 8 > /sys/class/net/enp1s0f1/device/sriov_numvfs

Verify network cards again:

root@sense:~# lspci | grep Ethernet
01:00.0 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01)
01:00.1 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01)
01:10.0 Ethernet controller: Intel Corporation 82599 Ethernet Controller Virtual Function (rev 01)
...
01:10.7 Ethernet controller: Intel Corporation 82599 Ethernet Controller Virtual Function (rev 01)
01:11.0 Ethernet controller: Intel Corporation 82599 Ethernet Controller Virtual Function (rev 01)
...
01:11.7 Ethernet controller: Intel Corporation 82599 Ethernet Controller Virtual Function (rev 01)
02:00.0 Ethernet controller: Intel Corporation Ethernet Controller I226-V (rev 04)
03:00.0 Ethernet controller: Intel Corporation Ethernet Controller I226-V (rev 04)

Persist number of SR_IOV Virtual Functions after Proxmox reboot:

1
2
3

root@sense:~# cat /etc/udev/rules.d/enp.rules 
ACTION=="add", SUBSYSTEM=="net", ENV{INTERFACE}=="enp1s0f0", ATTR{device/sriov_numvfs}="8"
ACTION=="add", SUBSYSTEM=="net", ENV{INTERFACE}=="enp1s0f1", ATTR{device/sriov_numvfs}="8"

Add Mapped PCI Devices into Virtual Machine in Proxmox:

Intel Network - Mapped PCI Devices

Virtual Network Cards can be set up as Network Cards, with hardware direct access, from a Network Cards pool (shared by other Virtual Machines), when the first Network Card is available.

Intel Network - Virtual Network Cards

Virtual Machine’s Proxmox configuration file:

root@sense:/etc/pve/qemu-server# cat 101.conf
agent: 1
bios: ovmf
boot: order=scsi0;ide2;net0
cores: 8
cpu: x86-64-v2-AES,flags=+aes
efidisk0: local-lvm:vm-101-disk-0,efitype=4m,size=4M
hostpci0: mapping=enp0_vf
hostpci1: mapping=enp1_vf
ide2: local:iso/OPNsense-24.7-dvd-amd64.iso,media=cdrom,size=2131548K
machine: q35
memory: 8192
meta: creation-qemu=9.0.2,ctime=1731054484
name: LINKsense
net0: virtio=BC:24:11:0C:52:4B,bridge=vmbr2,firewall=1,queues=4
net1: virtio=BC:24:11:21:3C:E0,bridge=vmbr3,firewall=1,queues=4
numa: 0
ostype: l26
scsi0: local-lvm:vm-101-disk-1,discard=on,iothread=1,size=128G,ssd=1
scsihw: virtio-scsi-single
smbios1: uuid=3e913d90-c284-47d7-881a-599013fa21a4
sockets: 1
vmgenid: aab228d8-bccc-46c1-b627-927271ad20b6

References

Overview of the Intel VT Virtualization Features, https://www.thomas-krenn.com/en/wiki/Overview_of_the_Intel_VT_Virtualization_Features
How to Pass-through PCIe NICs with Proxmox VE on Intel and AMD, https://www.servethehome.com/how-to-pass-through-pcie-nics-with-proxmox-ve-on-intel-and-amd/
Persisting SR-IOV virtual functions after reboot, https://www.reddit.com/r/homelab/comments/hf12mv/persisting_sriov_virtual_functions_after_reboot/
Chapter 11. Managing virtual devices, https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/configuring_and_managing_virtualization/managing-virtual-devices_configuring-and-managing-virtualization

Homelab Router OPNsense and IPv6

2024-11-01 Guestbook

Current IPv6 setting on TP-Link Router, connecting to Buddy Telco / Aussie Broadband ISP.

OPNsense - TP-Link IPv6

Setup OPNsense VM

Create a new VM for OPNsense in Proxmox:

OPNsense - VM General

OPNsense - VM OS

OPNsense - VM System

OPNsense - VM Disks

OPNsense - VM CPU

OPNsense - VM Memory

OPNsense - VM Network WAN

OPNsense - VM Network LAN

OPNsense - VM Network OPT1

OPNsense - VM In Proxmox

OPNsense - Proxmox Network

Setup IPv6

Step by step to enable IPv6 with Buddy Telco / Aussie Broadband ISP.

OPNsense - Interfaces Settings

OPNsense - WAN

Enable DHCP/DHCPv6 for IPv4/IPv6 Configuration Type
Set ISP’s Prefix delegation size to 48
Enable Send prefix hint

OPNsense - Router Advertisements

Set Router Advertisements to Unmanaged
Set Router Priority to Normal

Setup OPNsense Optional Port

For example, setup OPT1 interface after OPNsense installed in Proxmox.

Enable OPT1 Interface
Select Static IPv4 for IPv4 Configuration Type
Select Track Interface for IPv6 Configuration Type
IPv4 address set to 192.168.2.1/24
IPv6 parent interface set to WAN
IPv6 prefix ID set to 0x1. 0x0 has been assigned to LAN
Enable Allow manual adjustment of DHCPv6 and Router Advertisements

OPNsense - OPT1 Interface

Enable DHCP server on the OPT1 interface
Set IP range from 192.168.2.10 to 192.168.2.245

OPNsense - OPT1 DHCP

Add Firewall Rule
Set TCP/IP version
Select OPT1 net from dropdown menu as Source

OPNsense - OPT1 Firewall Rule

Setup Firewall Rule for IPv4 on OPT1 interface, then
Setup Firewall Rule for IPv6 on OPT1 interface

OPNsense - OPT1 Firewall

VLAN

Setup Trusted and Untrusted VLAN.

OPNsense - VLAN

OPNsense - VLAN Interfaces

OPNsense - Trusted VLAN

OPNsense - Untrusted VLAN

Then,

Set Router Advertisements to Unmanaged
Set Router Priority to Normal

for both VLANs.

Running

After all the change made above, reboot OPNsense instance.

OPNsense - Run In Proxmox

OPNsense - Interfaces Overview

OPNsense - Dashboard

IPv6 Test

https://test-ipv6.com/

OPNsense - Test IPv6

https://ipv6-test.com/

OPNsense - IPv6 Test

References

Virtualize OPNsense on Proxmox as Your Primary Router, https://homenetworkguy.com/how-to/virtualize-opnsense-on-proxmox-as-your-primary-router/
How to Configure IPv6 in Your Home Network with ISP such as Comcast Xfinity, https://homenetworkguy.com/how-to/configure-ipv6-opnsense-with-isp-such-as-comcast-xfinity/
Beginner’s Guide to Set Up a Home Network Using OPNsense, https://homenetworkguy.com/how-to/beginners-guide-to-set-up-home-network-using-opnsense/
OPNsense Optional Port Configuration, https://kb.protectli.com/kb/opnsense-optional-port-configuration/
IPv6 setup, https://docs.opnsense.org/manual/ipv6.html
Anyone have IPv6 working with OPNSense? https://www.reddit.com/r/AussieBroadband/comments/10qldin/anyone_have_ipv6_working_with_opnsense/, https://f001.backblazeb2.com/b2api/v1/b2_download_file_by_id?fileId=4_zd344e4de4b297a128d680f16_f1019c6ea32f55c8f_d20240526_m042719_c001_v0001101_t0001_u01716697639553
Common Router Settings (Part of the Aussie Broadband article), https://whirlpool.net.au/wiki/aussie_broadband_ipv6_router_settings
Aussie Broadband IPv6 deployment journey, https://2022.apricot.net/assets/files/APNT374/aussie-broadband-ipv6-deployment-journey.pdf
IPv6 Chart / IPv4 CIDR Chart, https://www.ripe.net/media/documents/IPv6_Chart_2015.pdf

OPNsense - IPv6 Chart

OPNsense - IPv4 CIDR Chart

Turn On and Turn Off Recall in Windows 11

2024-10-26 Guestbook

Turn On Recall feature in Windows 11 24H2, by running Widnows Power Shell as Administrator:

PS C:\> DISM /Online /Get-FeatureInfo /FeatureName:Recall

Deployment Image Servicing and Management tool
Version: 10.0.26100.1150

Image Version: 10.0.26100.2033

Feature Information:

Feature Name : Recall
Display Name : Recall
Description : Recall application.
Restart Required : Possible
State : Enabled

Custom Properties:

(No custom properties found)

The operation completed successfully.

Turn Off Recall in Windows 11 24H2:

PS C:\> DISM /Online /Disable-Feature /FeatureName:Recall

Deployment Image Servicing and Management tool
Version: 10.0.26100.1150

Image Version: 10.0.26100.2033

Disabling feature(s)
[==========================100.0%==========================]
The operation completed successfully.

Running latest MacOS Sequoia in VMware on Windows 11

2024-10-16 Guestbook

This is the step by step guide, the fastest and easiest way install and run latest MacOS Sequoia 15.0.1 in VMware Workstation Pro on Windows 11.

Due to MacOS Sequoia has added detection whether OS is running in Virtual Machine, so it’s better install MacOS Sonoma at first, then upgrade to latest version MacOS Sequoia.

VMware - Apple ID

Build a bootable MacOS ISO image

Do it on a Mac.

Clone gibmasOS repo https://github.com/corpnewt/gibMacOS and run:

$ ./gibMacOS.command
#######################################################
#                      gibMacOS                       #
#######################################################

Available Products:

1. macOS Sequoia 15.0.1 (24A348)
   - 072-01382 - Added 2024-10-03 21:26:40 - 14.48 GB
2. macOS Ventura 13.7 (22H123)
   - 062-78643 - Added 2024-09-16 17:44:05 - 12.22 GB
3. macOS Sonoma 14.7 (23H124)
   - 062-78824 - Added 2024-09-16 17:42:25 - 13.68 GB
4. macOS Sequoia 15.0 (24A335)
   - 062-78429 - Added 2024-09-16 17:30:21 - 14.48 GB
5. macOS Monterey 12.7.6 (21H1320)
   - 062-40406 - Added 2024-08-14 20:45:56 - 12.42 GB

...

24. macOS High Sierra 10.13.6 (17G66)
   - 041-91758 - Added 2019-10-19 18:19:55 - 5.71 GB
25. macOS Mojave 10.14.6 (18G103)
   - 061-26589 - Added 2019-10-14 20:51:08 - 6.52 GB
26. macOS Mojave 10.14.5 (18F2059)
   - 061-26578 - Added 2019-10-14 20:38:26 - 6.52 GB

M. Change Max-OS Version (Currently 12)
C. Change Catalog (Currently publicrelease)
I. Only Print URLs (Currently Off)
S. Set Current Catalog to SoftwareUpdate Catalog
L. Clear SoftwareUpdate Catalog
R. Toggle Recovery-Only (Currently Off)
U. Show Catalog URL
Q. Quit

Please select an option: 3

Downloading InstallAssistant.pkg for 062-78824 - 14.7 macOS Sonoma (23H124)...

1.35 GB/14.48 GB | =                    9.34% | 101.7 MB/s | 00:02:10 left

Succeeded:
  InstallAssistant.pkg
  MajorOSInfo.pkg
  com_apple_MobileAsset_MacSoftwareUpdate.plist
  InstallInfo.plist
  UpdateBrain.zip

Failed:
  None

Files saved to:
  /Users/terrence/Projects/gibMacOS/macOS Downloads/publicrelease/062-78824 - 14.7 macOS Sonoma (23H124)

Run InstallAssistant.pkg from above MacOS download directory. It will be using to build ISO image.

Create a disk image with size 16GB:

1 2	$ hdiutil create -o /tmp/MacOS -size 16000m -volname MacOS -layout SPUD -fs HFS+J created: /tmp/MacOS.dmg

Mount the disk image created above:

 $ hdiutil attach /tmp/MacOS.dmg -noverify -mountpoint /Volumes/MacOSISO
/dev/disk6          	Apple_partition_scheme         	
/dev/disk6s1        	Apple_partition_map            	
/dev/disk6s2        	Apple_HFS                      	/Volumes/MacOSISO

Create ISO image from Install masOS app:

$ sudo /Applications/Install\ macOS\ Sonoma.app/Contents/Resources/createinstallmedia --volume /Volumes/MacOSISO --nointeraction
Erasing disk: 0%... 10%... 20%... 30%... 100%
Copying essential files...
Copying the macOS RecoveryOS...
Making disk bootable...
Copying to disk: 0%... 10%... 20%... 30%... 40%... 50%... 60%... 100%
Install media now available at "/Volumes/Install macOS Sonoma"

Unmount disk image and convert to an ISO image:

$ hdiutil detach -force /Volumes/Install\ macOS\ Sonoma
"disk6" ejected.

$ ls -al /tmp/MacOS.dmg
-rw-r--r--@ 1 terrence  wheel  16777216000 15 Oct 21:54 /tmp/MacOS.dmg

$ hdiutil convert /tmp/MacOS.dmg -format UDTO -o /tmp/MacOS-Sonoma-14.7.cdr
Reading Driver Descriptor Map (DDM : 0)…
Reading Apple (Apple_partition_map : 1)…
Reading  (Apple_Free : 2)…
Reading disk image (Apple_HFS : 3)…
........................................
Elapsed Time: 19.139s
Speed: 835.9MB/s
Savings: 0.0%
created: /tmp/MacOS-Sonoma-14.7.cdr

$ mv /tmp/MacOS-Sonoma-14.7.cdr /tmp/MacOS-Sonoma-14.7.iso

$ rm /tmp/MacOS.dmg

Install VMware Workstation Pro

Download VMware Workstation Pro from e.g. https://softwareupdate.vmware.com/cds/vmw-desktop/ws/17.6.1/24319023/windows/core/VMware-workstation-17.6.1-24319023.exe.tar

Patch VMware Workstation Pro

Clone unlocker https://github.com/paolo-projects/unlocker repo on Windows and enable Apple macOS option in VMware Workstation Pro:

PS C:\Projects\unlocker> .\win-install.cmd

Unlocker 3.0.2 for VMware Workstation
=====================================
(c) Dave Parsons 2011-18

Set encoding parameters...
Active code page: 850

VMware is installed at: C:\Program Files (x86)\VMware\VMware Workstation\
VMware product version: 17.6.1.24319023

Stopping VMware services...

...

Starting VMware services...

Finished!

VMware - Apple macOS

Add VMware Tools

Copy darwin.iso and darwinPre15.iso files extracted from VMware Fusion e.g. _https://softwareupdate.vmware.com/cds/vmw-desktop/fusion/12.2.5/20904517/x86/core/com.vmware.fusion.zip.tar _ into VMware Workstation Pro directory:

1
2

C:\Projects\unlocker\tools\darwin.iso -> C:\Program Files (x86)\VMware\VMware Workstation\darwin.iso
C:\Projects\unlocker\tools\darwinPre15.iso -> C:\Program Files (x86)\VMware\VMware Workstation\darwinPre15.iso

Create Virtual Machine for MacOS 14 Sonoma and update the settings

Add:

1	smc.version = "0"

into MacOS Sonoma.vmx file.

Clone GenSMBIOS repo https://github.com/corpnewt/GenSMBIOS and generate serial number on Windows:

$ ./GenSMBIOS.bat
#######################################################
#                     GenSMBIOS                       #
#######################################################

MacSerial not found!
Remote Version v2.1.8
Current plist: None
Plist type:    Unknown

1. Install/Update MacSerial
2. Select config.plist
3. Generate SMBIOS
4. Generate UUID
5. Generate ROM
6. List Current SMBIOS
7. Generate ROM With SMBIOS (Currently Enabled)

Q. Quit

Please select an option:  3

Please type the SMBIOS to gen and the number
of times to generate [max 20] (i.e. iMac18,3 5): MacBookPro16,4

Type:         MacBookPro16,4
Serial:       C..........T
Board Serial: C0.............FB
SmUUID:       A0D50403-F256-4E17-A2EC-29964D889A1D
Apple ROM:    6..........7

Copy Serial, Board Serial and Apple ROM number, apply to:

board-id = "Mac-A61BADE1FDAD7B05"
hw.model.reflectHost = "FALSE"
hw.model = "MacBookPro16,4"
serialNumber.reflectHost = "FALSE"
serialNumber = "C..........T"
smbios.reflectHost = "FALSE"
efi.nvram.var.ROM.reflectHost = "FALSE"
efi.nvram.var.MLB.reflectHost = "FALSE"
efi.nvram.var.ROM = "6..........7"
efi.nvram.var.MLB = "C0.............FB"

then add above block into MacOS Sonoma.vmx file.

Based on Apple Ethernet MAC Address range https://hwaddress.com/company/apple-inc/, change and add network settings from:

1	ethernet0.addressType = "generated"

to:

1
2
3

ethernet0.addressType = "static"
ethernet0.address = "00:21:E9:c0:92:76"
ethernet0.checkMacAddress = "FALSE"

in MacOS Sonoma.vmx file.

VMware - MacOS Sonoma

Mount MacOS ISO image and install

VMware - MacOS Sonoma settings

DON’T enable Location Service during the installation! Otherwise, you can’t setup Time Zone, Date Time based on your area. You can login with your Apple ID during the installation.

VMware - Apple ID login

Install VMware Tools

After MacOS installed and VM restarted, mount darwin.iso and install VMware Tools. Then Display Memory in MacOS becomes 128 MB, and support the Full Screen mode.

Upgrade MacOS

After MacOS Sonoma installed, make sure everything is OK, then copy the whole MacOS Sonoma directory to a new directory MacOS Sequoia (Upgraded). Open the new directory in VMware, and select I copied it, then you can upgrade MacOS to latest verion in System Settings -> Software Update.

Run MacOS in VMware Player:

VMware - Player

VMware - In Action

References

How to Install macOS Sequoia on VMware on Windows PC, https://www.youtube.com/watch?v=0ohUXE0Pj_U
The Definitive Guide to Running MacOS in Proxmox, https://klabsdev.com/definitive-guide-to-running-macos-in-proxmox/
List of Mac BoardID, DeviceID, Model Identifiers & Machine Models, https://mrmacintosh.com/list-of-mac-boardid-deviceid-model-identifiers-machine-models/

Terrence Miao's Adventures

A journey of a thousand miles begins with a single step

How to install and run Tailscale client on OpenWrt

References

How to install and run ZeroTier client on OpenWrt

References

Connecting OpenWRT to internet

Running OpenWRT on Proxmox

References

Fixing Multimedia Audio Controller driver missing issue in Windows 11

References

Setting up DNS Server in OPNsense

Enable SR-IOV in Intel 82599ES 10Gbps Ethernet Controller

References

Homelab Router OPNsense and IPv6

Setup OPNsense VM

Setup IPv6

Setup OPNsense Optional Port

VLAN

Running

IPv6 Test

References

Turn On and Turn Off Recall in Windows 11

Running latest MacOS Sequoia in VMware on Windows 11

References