IPv4 and IPv6 stops working after three days. Anything short of a reboot doesn't resolve it. I reboot, it comes back up. Is anyone else having this issue?
This virtualized? What make/model of dedicated NICs?
Yes virtualized. Both NIC's are (using lshw -C network):
product: RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
vendor: Realtek Semiconductor Co., Ltd.
Are you running Zenarmor? That could well be a reason for this as there's some netmap issues being worked on.
I am in fact, yes. Ok, now that's making more sense now that you say that. I'm hoping that's all it is.
Check out this thread, in particular this post from Franco: https://forum.opnsense.org/index.php?topic=32114.msg161656#msg161656
You can install the netmap testing kernel on the Opnsense command line with the command outlined in the post and then make sure your Zenarmor is configured to run in "Routed Mode (L3 Mode, Reporting + Blocking) with emulated netmap driver", to see if that fixes your issue.
I had the same issue with connection stalls after 2-3 days on all Zenarmor protected interfaces and am currently trying it out as well.
Gotchya, really appreciate the help. Installed update and restarted. We'll see how it goes! Thanks!
Well that lasted less than a day before LAN dropped after applying the patch for netmap. :/ I realized I forgot to set Zenarmor with the emulated vs native driver, so we'll see what happens from here.
Especially watch out for your "MBUF Usage" on the Opnsense Dashboard. If you notice it increasing very quickly (like several thousands over the span of an hour), you might suffer from another MBUF leak - which should however actually be fixed in the latest build from Franco.
Yeah so far that's pretty low. But I didn't pay attention to it before, so not sure what it looked like before these changes.
So far it's ok, I think (attached).
Well darn it, it dropped again early this morning, even with all of that in place.
Realistically I wouldn't virtual your firewall as you end up chasing these edge issues. Combined with realtek nics which have known issues with BSD this is just a recipe for constant troubleshooting.
I had a similar issue some days ago. The bare metal LAN interface (intel) of my VoIP network lost the carrier and dropped its IPv4 address. A reboot solved the issue. But I don't know if this issue is related to yours.
We have the exact same issue running 23.1 with an Watchguard M370 appliance.
Lan port appears up but the connectivity is lost and it is not visible from the lat network even with arp -a.
The problem happens infrequently every 7-14 days and is very difficult to track down. VPN and WAN interface work and the firewall management is acccessible when this happens (Through VPN). Zenarmor is activated, but it is not really doing much besides reporting: Routed Mode (L3 Mode, Reporting + Blocking) with native netmap driver.
Will try with the emulated driver if that will fix the issue. The logs have nothing noteworthy from the time of the issue happening.
Just installed the latest 23.1.6 patches but not feeling optimistic since this has happened multiple times already.
Any ideas on tracking down the issue?
Quote from: mtchetch on April 25, 2023, 04:44:46 PM
We have the exact same issue running 23.1 with an Watchguard M370 appliance.
Lan port appears up but the connectivity is lost and it is not visible from the lat network even with arp -a.
The problem happens infrequently every 7-14 days and is very difficult to track down. VPN and WAN interface work and the firewall management is acccessible when this happens (Through VPN). Zenarmor is activated, but it is not really doing much besides reporting: Routed Mode (L3 Mode, Reporting + Blocking) with native netmap driver.
Will try with the emulated driver if that will fix the issue. The logs have nothing noteworthy from the time of the issue happening.
Just installed the latest 23.1.6 patches but not feeling optimistic since this has happened multiple times already.
Any ideas on tracking down the issue?
This issue will be fixed in 23.1.7 coming out in a couple of weeks, re: netmap/ZenArmor issue. Here is a thread on it. https://forum.opnsense.org/index.php?topic=32114.75 (https://forum.opnsense.org/index.php?topic=32114.75). In the thread there were patches you can apply in the interim. I just have my ZenArmor set to monitoring only for now.
23.1.7 sounds wrong to me. Not sure which fix you reference.
Cheers,
Franco
Quote from: schnipp on April 14, 2023, 03:20:33 PM
I had a similar issue some days ago. The bare metal LAN interface (intel) of my VoIP network lost the carrier and dropped its IPv4 address. A reboot solved the issue. But I don't know if this issue is related to yours.
Today again, my Fritzbox updated its firmware and took a reboot. Within this time the physical network interface permanently lost the carrier. Even a reboot and short poweroff did not solve the problem. So, it can also happen that the Fritzbox is the issue. When it happens again, I'll try to investigate further.
I did some investigations since my Fritzbox 7490 offered a new labor firmware. After the update has been completed with a reboot the physical network of the box permanently lost the carrier again. Tests revealed that it is a bug in the labor firmware. In client mode the network interface LAN1 often does not come up, all the other interfaces work well.
I'll report to AVM.