OPNsense Forum
English Forums => Zenarmor (Sensei) => Topic started by: n1nja on July 22, 2021, 12:30:03 am
-
Hey all,
I'm new to both opnsense and sensei. I was previously using pfsense and suricata. I just bought a protectli vault (4GB RAM, i3) and installed sensei. Once I turn it on it runs fine for a short while. CPU usage is low, everything looks good. Eventually, like in about 5-10 minutes, my interface completely dies for no apparent reason. If I'm consoled onto the protectli I can ping out my WAN int wihtout issue, I can ping the LAN facing IP (the one assigned to the box) without issue, but I cannot ping anything on my LAN. If I reboot (I turned service start to manual) then everything is fine for hours. Turn on sensei and shortly after same issue.
I'm not sure how further to debug this on my own.
Sensei version:
Engine Information
Engine Version: 1.9.2 Last Update: 07/07/2021 10:46
App & Rules DB Version: 1.9.21070514 Last Update: 07/07/2021 10:46
Opnsense version:
OPNsense 21.1.8_1-amd64
FreeBSD 12.1-RELEASE-p19-HBSD
OpenSSL 1.1.1k 25 Mar 2021
Hardware:
Protectli Vault 6 Port, Firewall Micro Appliance/Mini PC - Intel Dual Core i3-7100U, AES-NI, 4GB RAM, 32GB mSATA SSD
-
Probably you are running out of ram. Whats top say your mem usage is at time of issues?
-
I'm not convinced, even for size of machine 4GB is still recommended. I also checked the memory history and it's not that high throughout the day. I'm starting to think it's the fact I have a LAGG. I'm going to try removing the LAGG and will update
-
At this point I'm convinced it was the LAGG. I haven't had an issue in over 30 minutes. There was a message that would pop up, which I can't recall or have recorded anywhere, whenever I'd start the service while using the LAGG.
One of the times my console was spitting this almost constantly:
freebsd_generic_rx_handler warning rx packet intercepted but no emulated adapter
I tried each of the different drivers. This box has intel NICs.
-
Hi,
You caught the point. Sensei uses netmap that is an Operating System subsystem to grab packets off the wire. Netmap has some issues with LAGG interfaces. Netmap team is working on it and Sensei team helps them as well but it won't be available in a short time period.
-
At this point I'm convinced it was the LAGG. I haven't had an issue in over 30 minutes.
Same for me. Newest update and if I enable LAGG (LACP) OPNsense (or something within) will crash when using Zenarmor.
But it also happened some time before Zenarmor.
So I decided to stop using LAGG as I don't want anything unstable.
-
Hi @dumbo,
The LAGG interface issue is a netmap limitation. The good news, the team is working on it and we will have a beta kernel if you would like to test it.
-
I also have a LAGG interface on my machine and Zenarmor also crashes OPNsense randomly, if I go into Zenarmor dashboard.
-
Hi REH,
A new test kernel is developed to solve the netmap LAGG issue.
https://forum.opnsense.org/index.php?topic=32114.0
Can you try it and provide feedback?
Thanks