Hi everyone!
I recently installed 22.7.10_2-amd64.
However, when IPS is enabled, the network dies.
What causes this and is there any other way to enable IPS?
I hope for a good reply.
Do you use vlans?
No VLANs are used.
It needs a NIC with drivers in freebsd that play nice with the network stack. Also consumes more cpu cycles.
What nic is in use, which interface you are enabling it on (LAN, WAN, etc.) and what network driver is being used?
Please provide more information, technical.
I used pciconf -lv | grep -A1 -B3 network command and got the following output.
root@OPNsense:~ # pciconf -lv | grep -A1 -B3 network
em0@pci0:0:25:0: class=0x020000 rev=0x04 hdr=0x00 vendor=0x8086 device=0x153a subvendor=0x1028 subdevice=0x05a4
vendor = 'Intel Corporation'
device = 'Ethernet Connection I217-LM'
class = network
subclass = ethernet
--
re0@pci0:4:2:0: class=0x020000 rev=0x10 hdr=0x00 vendor=0x10ec device=0x8169 subvendor=0x10ec subdevice=0x8169
vendor = 'Realtek Semiconductor Co., Ltd.'
device = 'RTL8169 PCI Gigabit Ethernet Controller'
class = network
subclass = ethernet
em0 is LAN and re0 is WAN.
I am enabling IPS on WAN.
When IPS is enabled, after a while, the ping command hangs up.
If IPS is disabled, the ping command will be issued again.
I would venture a guess that it's the realtek driver not playing nice. It hasn't played well in freebsd for ages. Infamous for the "watchdog error".
You could try using the vendor driver (module) instead of the one inculded in base. I'm away so can't check but I think it might be available as a plugin.