OPNsense Forum

I'm having stability issues with my setup and the itnernet keeps getting disconnected without recovery and the only option is to restart the open sense vm.

The setup:

I've got a proxmox server running virtualized OPNSENSE.

VM specs:

CPU: host mode <core I5-4670> x1
RAM: 4GB <phys ; 1866 MHz DDR3 CL 11>
My LAN interface is a linux bridge (VIRT IO) and OPNSense provides internet access through the proxmox linux bridge to the physical lan and different vms.
My WAN interface is a USB 3.0 gigabit tp-link dongle (which IK it's a bad idea just bear with me, there's more to the story).

So. Currently I've set up a cronjob in OPNSense to reset the interfaces every 4 hours and that seemed to do the trick for about a week but I know this is no permanent solution.
Today I just got another failure that required a restart of the VM.

I get the full speed of my contract which is 400Mbps down/30Mbps up no problem.
I know if I get much more speed I will require a CPU upgrade in the future since I read this is a single threaded load but that's not the issue here.

The issue is the packet loss and the failures that don't recover themselves.

A little bit of info about the ISP and my previous setup which was a little unstable but nothing concerning like this:

I had the ISP's router in bridge mode, it's one of those fiber in a box type of deal and it connects to their GPON network directly.
My router was TP-LINK Archer C1200 which would get hanged and I found this to be an issue due to the hihgh traffic to its own public IP caused by my nextcloud instance.

Packet loss was ok dropping about 1% or less when pinging google.
Now it's up to 8% in the same time frame (30 mins) + the total failure that ends up happening randomly.

I am no expert in networking and I wouldn't know how to diagnose this.
But given the problem is unstability and I've experienced this before with this exact ethernet dongle, and I've expressed my suspicion of it before I blame it on shoddy hardware.
Now my questions are the following:

• What NICs do you recommend for connecting to a PPPoE network at symetric gigabit speeds? (try not to make me break the bank please  :P)
• Does the brand of the NIC matter at all? or should I just focus on getting one with a specific ethernet chip?
• Do you have an any other suggestions as to what can be causing this unstability? (but please do answer my hardware question)

If you could rank me a few ethernet cards it's much appreciated <3.

Thank you all in advace! <3

EDIT:

My usb dongle now works just fine connected to the ISP's router.
It turns out that if you do USB passthrogh to a VM there's some kind of issue that causes packet loss when it comes to ethernet dongles (or at the very least my TP-LINK UE330).
A few days later after making this post I thought "Why not just pass through the entire PCI-E USB controller" and so I did and all the issues disappeared, I've been monitoring the stability of the connection and it's rock solid! Even better than it's ever been!
All it took to resolve the issue is doing PCI-E passthrough to the OPNSense VM instead of just the specific USB port.
Of course this solution only good for me because I don't have a need to plug anything into the USBs of the server's motherboard.
Because of this I will still be looking into a good ethernet adapter.
Thank you all for the info and replies it's very useful!
Sorry I took a while to answer I've been busy plus I wanted to make sure at least a week had gone by before I confirmed this solution to ya'll so if anyone else tries it they know how I solved it and are not lead astray!
Angain thank ya'll!

EDIT 2:

TL;DR
Don't use network dongles, dongles bad.
OPNsense donesn't seem to support the chipsets RTL8111 and RTL8125.
If you have this hardware and your OPNsense is on a vm you can use virtio interfaces and connect them to the physical network over linux birdges.
This works with PPPoE and it's been my working setup without any issues since 17/09/2024 (currently 31/10/2024)

Just look at this table from the I210 datasheet and the ranks are:

• I350
• I210
• I211
• 82574

Did you ever get problems resolved?  For a 400mbps connection.  Tried router on a stick. And if you use the onboard Realtek nic. Then use opnsense driver instead of the driver that come with the install.

Quote from: vpx on July 09, 2024, 03:58:14 PM
Just look at this table from the I210 datasheet and the ranks are:

• I350
• I210
• I211
• 82574

Where does i225 and i226 fit in that chart, prices between i350 and i225/226 are not that different, especially used. Yes I know i225/226 are 2.5gbps, but they handle gigabit just fine too.

Those should be closer to I210 I think. They have same number of queues.

Just keep in mind that against I210, those NICs depending on the CHIP to CHIP may have weird behaviour

Regards,
S.

My usb dongle now works just fine connected to the ISP's router.
It turns out that if you do USB passthrogh to a VM there's some kind of issue that causes packet loss when it comes to ethernet dongles (or at the very least my TP-LINK UE330).
A few days later after making this post I thought "Why not just pass through the entire PCI-E USB controller" and so I did and all the issues disappeared, I've been monitoring the stability of the connection and it's rock solid! Even better than it's ever been!
All it took to resolve the issue is doing PCI-E passthrough to the OPNSense VM instead of just the specific USB port.
Of course this solution only good for me because I don't have a need to plug anything into the USBs of the server's motherboard.
Because of this I will still be looking into a good ethernet adapter.
Thank you all for the info and replies it's very useful!
Sorry I took a while to answer I've been busy plus I wanted to make sure at least a week had gone by before I confirmed this solution to ya'll so if anyone else tries it they know how I solved it and are not lead astray!
Angain thank ya'll!

Some further updates for anyone who might find it useful!

I found a better configuration that seems to work just fine!
I don't know why I didn't think of this earlier I am an idiot.
Anyway the deets:

I've finally bought a network card though it's not any of the ones you guys mentioned.
I will be looking into those in the future it's just I'm from South America and having a homelab is an expensive hobby and my broke ass can't afford these things yet.

Anyway the card in question is a TP-Link tx201 (the chipset is an RTL8125) which OPNsense doesn't seem to support.
Bad decision on my part buying a card without research for an OS that seems to be so picky about drivers.
Anyway I ended up passing some virtio network interfaces to the OPNsense vm and it picked them up rightaway.
Connected those to linux bridges, one bridging with the sever's on board which is an RTL8111 (which alsoe doesn't seem to be supported by OPNsense) that goes to the ISP over PPPoE.
The tx201 is on a diffrent bridge and that provides my physical lan with a switch and AP separately.
Its been set up like this since 17/09/2024 and there hasn't been any more hardware issues since.
So this seems to be a totally valid configuration!

Thank ya'll for your advice <3
It's very very nice being recieved with friendly advice when you're a novice :3
Cheers!

The RTL8111 is supported by both the standard and vendor driver:

https://man.freebsd.org/cgi/man.cgi?query=re
https://www.freshports.org/net/realtek-re-kmod/

The RTL8125 seeems only to be supported by the latter.

You can install the vendor driver as a plugin (os-realtek-re) in OPNsense:

https://docs.opnsense.org/support.html#list-of-available-community-plugins

i have an intel i226 dual port got it new from amazon for $50 my 1200 mb comcast hits full speed with it.i hit around 1300 to 1400mb on that card with no problem. i went with i226 because some people reported problems with the intel i225.
i dropped that card into my system as a wan card and i have not had any problems what so ever. worked right out of the box with all default settings on the network card.

i already had applied all of these settings https://binaryimpulse.com/2022/11/opnsense-performance-tuning-for-multi-gigabit-internet/ prior to getting this card for my 10gb lan side

With the i226 card, what version of OPNsense are you running? I see a thread about different kernels up in the general 24.7 section and it helping to work with these multigig interfaces.

OPNsense 24.7.7-amd64

this is the card i got intel i226 chipset

https://www.amazon.com/dp/B0CZ94FWV6?ref=ppx_yo2ov_dt_b_fed_asin_title (https://www.amazon.com/dp/B0CZ94FWV6?ref=ppx_yo2ov_dt_b_fed_asin_title)

for my larger 10gbe lan side i use hpe 562sfp+

https://www.ebay.com/itm/375768000195?_skw=hpe+562sfp%2B&itmmeta=01JC2DKVXSKNFTWW3CZZX8204D&hash=item577d84a6c3:g:Zy0AAOSwXv1nKm9i&itmprp=enc%3AAQAJAAAA0HoV3kP08IDx%2BKZ9MfhVJKnVJUX5lzyiafN3f4QF3c6Fskcm0CSqVyBEJRyeYyWsxXpy04MCv5TyfT%2F%2Bn1cSI99IkOvd3jI%2FVEgU6lpeTGDvZIT11mrbDbM0l2mlvLxEmG15ojm8f9KxrHEoaCW4%2FKrDNz2zwKkpDXTblHEGjEndwj1s%2FOR3gz6pBBiLO5rG75MyMI2%2FjWzPMgffcBvThcJvMQiZG34vxkJwPSRkT0kDwC07LQT13TF%2FrO3lpyvdGS%2FVganZS4l4%2BuZyN18bH2s%3D%7Ctkp%3ABk9SR_6-z83gZA (https://www.ebay.com/itm/375768000195?_skw=hpe+562sfp%2B&itmmeta=01JC2DKVXSKNFTWW3CZZX8204D&hash=item577d84a6c3:g:Zy0AAOSwXv1nKm9i&itmprp=enc%3AAQAJAAAA0HoV3kP08IDx%2BKZ9MfhVJKnVJUX5lzyiafN3f4QF3c6Fskcm0CSqVyBEJRyeYyWsxXpy04MCv5TyfT%2F%2Bn1cSI99IkOvd3jI%2FVEgU6lpeTGDvZIT11mrbDbM0l2mlvLxEmG15ojm8f9KxrHEoaCW4%2FKrDNz2zwKkpDXTblHEGjEndwj1s%2FOR3gz6pBBiLO5rG75MyMI2%2FjWzPMgffcBvThcJvMQiZG34vxkJwPSRkT0kDwC07LQT13TF%2FrO3lpyvdGS%2FVganZS4l4%2BuZyN18bH2s%3D%7Ctkp%3ABk9SR_6-z83gZA)

for my smaller 10/100/100 i use Silicom PE2G6I35-CX 6. the only downfall for this card it is for a server so i couldn't get it to mount. so i more or less floats a little in the slot.

https://www.ebay.com/itm/304637501161?_skw=Silicom+PE2G6I35-CX+6&epid=7003391261&itmmeta=01JC2DTKF3CQ3B44DCJGJ4J079&hash=item46edcf5ee9:g:MAgAAOSwJAxmoZPa&itmprp=enc%3AAQAJAAAA8HoV3kP08IDx%2BKZ9MfhVJKkVxVXCIWMn6CPLjmfBZb0%2FalBjsaLF8Da1MB%2FDgsNmeSKVSN3K2YeEc5SJR28Jh4%2B5D6BRLVqi7lo2w8AqadhW%2FYE4u4EGDI0oteKze%2BaHE0v72pJu2V451cLC5pDYDmGRUOnVFRa3Yyi%2BWHdzR4TgD9OEUTvoa3mGYDbfH7q1v4AiUyDML1Eh9Mu4eGOs3nRFta0mMfnTb9dSXZMPWF13fu54ywbmNdn0blRACPR55hYVIFKONZPxWot53HixLkl9hrjY0iWWanaZw9u7YTvzW6g%2BiSw8eN8PhX3U1ZsUZg%3D%3D%7Ctkp%3ABk9SR9636s3gZA (https://www.ebay.com/itm/304637501161?_skw=Silicom+PE2G6I35-CX+6&epid=7003391261&itmmeta=01JC2DTKF3CQ3B44DCJGJ4J079&hash=item46edcf5ee9:g:MAgAAOSwJAxmoZPa&itmprp=enc%3AAQAJAAAA8HoV3kP08IDx%2BKZ9MfhVJKkVxVXCIWMn6CPLjmfBZb0%2FalBjsaLF8Da1MB%2FDgsNmeSKVSN3K2YeEc5SJR28Jh4%2B5D6BRLVqi7lo2w8AqadhW%2FYE4u4EGDI0oteKze%2BaHE0v72pJu2V451cLC5pDYDmGRUOnVFRa3Yyi%2BWHdzR4TgD9OEUTvoa3mGYDbfH7q1v4AiUyDML1Eh9Mu4eGOs3nRFta0mMfnTb9dSXZMPWF13fu54ywbmNdn0blRACPR55hYVIFKONZPxWot53HixLkl9hrjY0iWWanaZw9u7YTvzW6g%2BiSw8eN8PhX3U1ZsUZg%3D%3D%7Ctkp%3ABk9SR9636s3gZA)