OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: bruch05 on January 14, 2019, 09:40:08 pm
-
Hello,
I'm Christophe from Paris. We use OpnSense 18.7.10 for a Charity Association.
I need your help.
Configuration 1 :
Provider GW <- FO-> PON <-Eth-> WAN If - OpnSense - LAN IF <-Eth-> SW Gb <-Eth-> NAS, Laptop
83.243.124.254 83.243.124.66/32 (DHCP) 192.168.1.1 192.168.1.x/24
The Far Gateway is activated on WAN If due to /32.
Every 9 mn the Provider GW is unavailable. Just a SAVE and an APPLY on WAN interface parameters panel (or physical disconnect/reconnect) restore the data flow. No event in system.log relative to this failure.
To confirm that issue is under OpnSense, I've tested directly with a laptop connected to the FO PON and i haven't issue. (Down : 890Mb/s, Up : 950Mb/s)
All the parameters like LRO, TSO, EEE are correctly set. I've performed a test with another NIC, and i got the behavior.
Following some researchs :
- opnsense-revert -r 18.7.9 suricata' and reboot. Despite this, the bad behavior still remains. The Service Intrusion Detection is not enabled.
- opnsense-revert -r 18.7.7 unbound. The issue is always present.
Configuration 2 :
Provider GW <-FO-> PON <-Eth-> WAN If - BOX - LAN If <-Eth-> ==>
83.243.124.254 83.243.124.66/32 192.168.0.1
DHCP
==> WAN If - OpnSense - LAN IF <-Eth-> Switch Gb <-Eth-> NAS, Laptop
192.168.0.254/24 192.168.1.1 192.168.1.x/24
BOX DMZ to this address
I've an issue with Configuration 1 and not with Configuration 2. From my point of view, the /32 on OpnSense Wan Interface could be the root cause !?. Any idea to debug the WAN If activity ?
I would like to implement the configuration 1 to avoid to pay the Box rental.
Best regards and thank you by advance for your advises
Christophe
-
Hello,
No idea ?
Thx
-
Hi, the only thing I see at first glance:
==> WAN If - OpnSense - LAN IF <-Eth-> Switch Gb <-Eth-> NAS, Laptop
192.168.0.254/24 192.168.1.1 192.168.1.x/24
BOX DMZ to this address
192.168.0.254/24 and 192.168.1.x/24 overlap?!?
-
Hello,
Thank you for your reply. :)
You speak about an potential issue on configuration 2, but this configuration works without trouble.
I've the issue with the configuration 1 with /32 on wan if.
Any idea ?
Thx
Christophe
-
What modem hardware are you using? I'm running an Arris DG1670A cable modem and I'm seeing some weird behavior (disconnects, choking, etc.) as well and I'm wondering if there is a correlation.
-
Hello,
Thx for your reply.
This is a PON huawey Fiber to Ethernet.
Connected to a laptop directly, the connection is reliable.
Connected to OpnSense, the connection is unstable...
I've post a question to my internet provider. I let you know if i've found a solution.
Regards
Christophe
-
Hello,
This behavior is due to ARP table not refreshed enough time.
The solution is to set this tunable parameter "net.link.ether.inet.max_age" to 300 seconds to avoid the ARP problem.
regards
Tof
-
Great! Were you able to modify your system and have the problems go away? How did you find out this was the problem? Is there a log file somewhere that is spitting out errors?
You say to set the tuneable parameter "net.link.ether.inet.max_age" but I'm not able to find that in the OPNSense GUI anywhere. I looked in the System:Settings:Tunables but there is nothing like that in my list. Is this something you have to edit on the OS itself? If so, what file should be edited?
Thanx!
Richard
-
You can add it as a custom a tunable in the GUI. The list provided is just a list of frequently needed ones.
Cheers,
Franco
-
Ah, yes, I see it now. Thank you for the information.
How were you able to determine that this was the cause of the problem? Was it something in the log files?