OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: Heathkit2 on November 29, 2017, 11:18:44 am
-
Hello we are brand new to OPNsense but initially like the performance.
The hardware we are using is a Dell 380 with 4 megs of Ram.
After a power cycle the OPNsense takes less than 60 seconds to load and we can acess the web admin from another PC.
We are then experiencing approx 10 - 15 minutes of delay before any traffic can pass from the lan to the wan port.
If we perform wan diagnostics we can ping the internet OK.
It is almost like the NAT or firewall has a timed feature that we are not aware of.
Please can you assist us in speeding up the time it takes for the device to come fully online as the long wait after a power cycle is a little disconcerting.
OPNsense 17.7.5-amd64
FreeBSD 11.0-RELEASE-p12
OpenSSL 1.0.2l 25 May 2017
Thanks
Stewart
-
I trust you mean 4 GB of RAM ;D
Try and pare your configuration back to just NAT and test again. If that is not faster, you may be looking at a hardware driver issue. FreeBSD lags a bit behind other OS in that respect.
If it does speed up in a bare minimum configuration, add your services back in one by one until you find the one that is causing the slowdown. You can then troubleshoot further in that service or consider if it is worth having in the first place.
Bart...
-
Opps sorry yes 4 gigs.
This is our first installation it is on deafults so would need some help as to what we should pare off.
With respect to the Free BSD we can see that load relatively quickly.
We can then login to OPNsense immediately after that.
We can go to the Wan diagnostics and Ping the internet without problem.
The issue we are facing is we need to wait over 15 minutes for any of the workstations on the lan to have access to the internet. Then suddenly everything is back to normal.
Are there any logs that may assist in identifying what event causes the connection to be re established as that may point us to the cause of the delay?
Thanks for any help.
Stewart
-
Start with a continuous ping to 8.8.8.8 from a workstation. That will show the point when NAT is up.
Bart...
-
Hi Bart,
Yes that is what I was doing, I am not trying to find out when it is up but rather why it is not up for at least 10 minutes after the software is responsive and I can do a Wan ping test immediately from the wan diagnostics.
It is like the NAT function has a delay and i need to ascertain why and how to decrease the delay.
Regards
Stewart
-
From what I've read in your comments (correct me if I'm wrong) you have a WAN connection that's active when you connect to the OPNsense UI and you can ping the internet but nobody on the LAN can get out, is that correct? What happens if you try to ping one of your LAN PCs from OPNsense? What happens if you ping the OPNsense LAN IP from one of the LAN PCs. Do you have one subnet on your LAN? Are all the IPs fixed or allocated by DHCP, are they all IPv4? Have you looked in the log files to see if there's any problem shown with your LAN NIC? I assume this is a bare metal install? have you checked the NIC itself for problems or tried another NIC?
-
Worth checking IPv6 as well, since it doesn't need NAT
Bart...
-
Maybe unrelated, but worth mentioning.
Beginning during boot and continued on while operating I was seeing huge filterlog dumps being presented to the VGA console screen. It took a while to sort it out. All of them were routing the loopback to itself; hundreds of times a second (127.0.0.1,127.0.01 in every post). And the system was at a crawl.
So I checked "Do not use the DNS Forwarder/Resolver as a DNS server for the firewall" in: System: Settings: General and that stopped and the system runs well now.
-
I would start with a static client and ping a server on the Internet (IP) to see if that holds up. Try the same with IPv6 if that works, then work your way up to DNS. Make sure you don't have a proxy or intrusion detection that could delay bootup for longer than you expect and try to upgrade to the latest version although I'm fairly sure this won't change much it will help us confirm.
Cheers,
Franco