OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: hightechrdn on January 13, 2018, 06:56:05 am

Title: OPNsense (VM running on KVM) interface stops accepting packets from WAN
Post by: hightechrdn on January 13, 2018, 06:56:05 am

I have the stable release of OPNsense running in a VM on a KVM host. I am using the e1000 NIC driver with HW offloading disabled in the OPNsense UI. I have a typical two interface setup and have Suricata running in IDS/IPS mode. The internet connection is 200Mbps/20Mbps cable from the cable company.

* Ever 1-2 days, the WAN interface has problems. tcpdump on the interface shows only outbound packets and not a single inbound.
* I have found that running ifconfig em1 down followed ifconfig em1 up restores normal operation (em1 is the WAN interface).
* I have examined every guest and host log file that I can find and haven't found a single error message which lines up with these outages.
* This internet connection is used heavily during the day for normal home office tasks and the interface has yet to have problems during the day.
* When this outage occurs, we are typically watching 1x streaming show (Hulu, Netflix, etc).
* Load on the VM looks low when the outages happen. Plenty of free ram and a low # of connections.
* After bouncing the interface, the VM/OPNsense does fine the rest of the night and the next days. We typically watch hours of streaming after the outage without any further issues.

Any ideas for the cause or how to troubleshoot further? If I can't solve this issue, I will have to switch firewall solutions as troubleshooting network issues in the middle of the night almost every night isn't much fun.

Title: Re: OPNsense (VM running on KVM) interface stops accepting packets from WAN
Post by: slickdakine on March 21, 2018, 08:43:38 am

Hi,

I've been having similar problems, only mine are on the LAN. You can see my post here:
https://forum.opnsense.org/index.php?topic=7277.msg34964#msg34964

Franco suggested turning off sticky connections on my default firewall rule. That seemed to solve my problem.
In the live log view I would see default denies before, even though the rule allows. He said it had something to do with state tracking.
Thinking there maybe something with it being virtualized. Been playing with different drivers, etc. to see if I can get stateful working again.