Messages

1

19.7 Legacy Series / Gateway Latency Thresholds Ignored?

« on: October 01, 2019, 09:06:34 pm »

Hi,

I have a multi-wan configuration, main WAN is relatively low latency ( ~ 30-60 ms) but limited bandwidth, Satellite WAN is high bandwidth high latency, typically in the 600-700 ms range.

I have configured latency thresholds on the Satellite gateway to be 900/1200 ms.

Once I apply the gateway settings, the Satellite connection gets marked as "offline" within a second or two.

Despite getting marked as offline, traffic based on my LAN rules continues to take the Satellite route as if it was in the "online" state.

Two problems I see here:

1. Latency Threshold setting being ignored.
2. Online/Offline status of gateways being ignored.

I have not looked at the packet loss thresholds as I have not customized any of them.

Any ideas on where I would even look to troubleshoot something like this?

2

17.1 Legacy Series / Re: Upgrade 16.7 to 17.1 succes.

« on: February 02, 2017, 09:03:58 pm »

+1

Confirm easy upgrade via SSH of latest 16.7 to 17.1.

Platform is HPE EliteDesk Mini G1 with Haswell Lynx Point chipset.

3

16.7 Legacy Series / Re: [WORKAROUND] can't install opnsense

« on: August 12, 2016, 10:51:47 pm »

OK, after much fiddling, I was able to burn a DVD, install the HDD I needed into a Laptop, then get past the Error 19. The disk has been installed with the base image, now I will move the HDD to the target system for the first boot and configuration.

Workaround has been confirmed.

Many thanks Franco.

4

16.7 Legacy Series / Re: [SOLVED] can't install opnsense

« on: August 04, 2016, 07:59:07 pm »

Oooh, that is fancy! I did not know that is an option.

I will certainly try this weekend. Have a spare drive for it.

I'll post results.

Many thanks Franco.

5

16.7 Legacy Series / Re: [SOLVED] can't install opnsense

« on: August 02, 2016, 04:54:42 pm »

Thanks Franco for the suggestion.

I did try deep and hard to work around.

Even built a USB HDD with Grub boot RAM disk for the ISO image, hoping that would bypass the USB 3.0 / Chipset limitation but no luck. Same error 19.

Because this system is a fancy mini-pc, only interface available for storage besides the USB 3.0 is the M2-8022 PCIe slot that is exclusively PCIe 4-Lane (i.e. cannot boot SATA SSD). Unfortunately, those SSD drives are very expensive right now, so I'll try the i386 image to see if that is less confused with UEFI/USB30 and final option is to run in a hyper-visor.

Many thanks.

6

16.7 Legacy Series / Re: [SOLVED] can't install opnsense

« on: August 01, 2016, 11:13:29 pm »

Just to complete my report on the HPE EliteDesk Mini G1 - Known limitation with FreeBSD + USB3.0 + Haswell Lynx Point chipset.

Details here: https://www.freebsd.org/doc/handbook/usb-disks.html

Official recommendation: "disable xHCI/USB3 in the system BIOS"

Hope that helps folks who see this error.

Unfortunately, for my case there is only USB 3.0 on the system so no way to turn it off.

I verified with FreeBSD 10.3 where the error is same as OpnSense
Worked fine with FreeBSD Beta 3 of release 11

7

16.7 Legacy Series / Re: [SOLVED] can't install opnsense

« on: July 26, 2016, 07:36:45 pm »

Adding data point. Same problem with HP EliteDesk Mini G1.

I'll check to see if there is a BIOS update.

8

16.1 Legacy Series / Re: Multi Wan Problem

« on: July 18, 2016, 11:17:51 pm »

Hi,
is a WAN perhaps a PPPOE Interface?

Take a look
https://github.com/opnsense/core/issues/850

Not in my case. Both WAN interfaces are simple Ethernet devices with static IP addresses.

9

16.1 Legacy Series / Re: Multi Wan Problem

« on: July 13, 2016, 10:44:22 pm »

I have a similar situation.

My T1 gateway operates fine, can reach every IP in that path to the public Internet address. My Satellite gateway works, but cannot ping the gateway of SSH to it until I reach a "far" network past the Satellite modem.

T1 is my primary connection - Low Latency, Low Bandwidth
SAT is my secondary Satellite connection - High Latency, High Bandwidth

Yes, I live in a rural area.

Physical Gateways:
T1GW
SATGW (default)

Gateway Groups:

WANgroup    T1GW;SATGW   Tier 1;Tier 5   T1 Gateway Group
SATgroup            T1GW;SATGW   Tier 5;Tier 1   SAT Gateway Group

Then I have ~ 16 LAN Firewall Rules that exclusively use the Gateway Groups.

Attached a sample config that was stripped of some sections for privacy reasons so likely will not load directly anymore, but captures relevant data, should our RockStar devs wish to take a peek.

10

16.1 Legacy Series / Re: Error Loading Rules: no IP address found for Street: The line in question ...

« on: April 05, 2016, 10:09:15 pm »

Hi Ad, yes, that fixed it.

I created the Alias as "URL(s)" and not "Host(s)".

Once I configured the Alias to use the "Host(s)" the problem was resolved and the rule actually triggers correctly.

The link to the documentation helped.

I'm not sure how to mark [Resolved} but we can close this one.

11

16.1 Legacy Series / Re: Error Loading Rules: no IP address found for Street: The line in question ...

« on: April 05, 2016, 08:05:48 pm »

This Alias may be the culprit.


<aliases>
   <alias>
      <name>WS</name>
      <detail><![CDATA[Entry added Tue, 05 Apr 2016 10:55:36 -0700||Entry added Tue, 05 Apr 2016 10:55:36 -0700||Entry added Tue, 05 Apr 2016 10:55:36 -0700]]></detail>
      <type>url</type>
      <descr><![CDATA[WeatherStreet Alias ]]></descr>
      <aliasurl>www.weatherstreet.com</aliasurl>
      <aliasurl>www.weather.gov</aliasurl>
      <aliasurl>weather.unisys.com</aliasurl>
      <address>Weather Street: ... <snip> ...
   </alias>
</aliases>



In the <address> tag which I truncated, the Alias gets stuffed with large amount of metadata that doesn't resolve to anything.

I have attached the saved Alias configuration.

12

16.1 Legacy Series / [SOLVED] Error Loading Rules: no IP address found for Street: The line in quest.

« on: April 05, 2016, 07:14:16 pm »

Hi folks,

I'm getting an error when loading firewall rules and cannot pin the cause.


There were error(s) loading the rules:no IP address found for street: The line in question reads

• [/i][/font]
  
  Is there some pointer this message can lead to so I don't have to brute-force removal of all the rules one by one?