Messages

Thanks. I will give that a try.  :)

[set the IP addresses at OpenDNS]

I am failing to set the IP addresses at OpenDNS for my two WAN interfaces using the new Dynamic DNS service of OPNsense. With the legacy Dynamic DNS service this worked without any problems.

OpenDNS Background: You can set the IP addresses of your WAN addresses in OpenDNS so that you can see which DNS requests were received via which WAN interface.

You can set the IPs using the following http GET call via the respective WAN interface:

Code Select Expand

https://updates.opendns.com/nic/update?hostname=Your_OpenDNS_network_label


I have tried to configure a custom GET request, but this does not work and leads to error entries in the log. Details in the attached screenshots. The cropped "Server" field is set to "https://updates.opendns.com/nic/update?hostname=MyWAN1"

Does anybody have an idea how to configure my scenario? Or should I implement curl based script as a cron job as an alternative?

[POST]

I should also be able to make a GET-request to a custom URL with the new DynDNS plugin to be able to set the NIC addresses of the WAN interfaces at OpenDNS:
https://updates.opendns.com/nic/update?hostname=WAN1-Provider1

and

https://updates.opendns.com/nic/update?hostname=WAN2-Provider2

In the old DynDNS plugin this was easy. As soon as this works with the new DynDNS plugin, I can update the OPNsense. Before that it does not work. Unless I make a cron job that sends the GET request... But I would prefer the DynDNS plugin, because it is more explicit and better integrated in config backups, etc.

Edit:
Wait: I just realized that this Merge request is about a custom POST-request. So does this mean, that a custom GET-request is already configurable?

Postscript:

The raw data seems to arrive correctly in Grafana - so not a problem of OPNsense. The value is only displayed incorrectly if the data range is set to 1h. If I select 5 minutes in the dashboard, the same value is also displayed as the raw data shows.

I do not know why. But I assume that after an hour of waiting, the range of 1h will also be displayed without an impossible negative value.

I.e. the problem (in Grafana) should be solved with time. Maybe someone can even explain why this must be so....

After updating to OPNsense 23.1.11-amd64, the values for the current network rates are displayed incorrectly and with a minus sign in my Grafana OPNsense Dashboard for all network interfaces: Ex: -206Mb/s instead of approx. 1.2Mb/s.

I export the values with Telegraf and then display them in a Grafana Dashboard. I haven't touched Influx/Grafana for several years and before updating to the latest version of OPNsense, the values were still correct.

I'm a bit lost and don't quite know where to start troubleshooting. Any ideas are welcome.

Thanks & greetings
Tom

Perfect, thanks for the hint!

Thanks a lot!  :)

So I'll reinstall the tool in a few days and see if it is working again. Or maybe I'll find another way to determine the current CPU clock.

[turbostat]

For testing the current CPU clock, I have been running turbostat for many years. This has worked over many versions of FreeBSD. Since version 13 the tool stops after startup with "Floating exception (core dumped)".

Here's what I do to install and run turbostat (worked so well before FreeBSD):

Code Select Expand


pkg add https://pkg.freebsd.org/FreeBSD:13:amd64/latest/All/turbostat-4.17_2.pkg
rehash
kldload cpuctl
turbostat --interval 3



Since FreeBSD 13 I now have the following output:

Code Select Expand


# turbostat --interval 3
turbostat version 17.06.23 - Len Brown <lenb@kernel.org>
CPUID(0): AuthenticAMD 13 CPUID levels; family:model:stepping 0xf:30:1 (15:48:1)
CPUID(1): SSE3 MONITOR - - - TSC MSR - -
CPUID(6): APERF, No-TURBO, No-DTS, No-PTM, No-HWP, No-HWPnotify, No-HWPwindow, No-HWPepp, No-HWPpkg, No-EPB
CPUID(7): No-SGX
NSFOD /sys/devices/system/cpu/cpu0/cpufreq/scaling_driver
Floating exception (core dumped)


My questions:

• Is there any reason that turbostat should no longer run with FreeBSD 13? (When installing I get a message that the package is no longer maintained.)
• Are there alternative similar tools that show the current CPU clock?

Thanks for any hints.

Originally it effectively looked like the problem was solved for quite some time.

To be sure, I just logged into the firewall again and looked.

Unfortunately, I find that despite new firmware, the problem is still there.

The BIOS developers have been informed. In the meantime better turn off Powerd or set it to maximum.

Thanks for the update!  8)

If you wish, you could add [SOLVED] to the title then.

[Since BIOS version v4.14.0.1 (June 2021) the problem seems to be fixed:]

Update:

Since BIOS version v4.14.0.1 (June 2021) the problem seems to be fixed:

with the recent v4.14.0.1 we have fixed some issues related to CPU boost and C-states which may help with the problem of idling CPUs and stuck frequencies. It should also improve the stability of the BSD systems.

coreboot didn't include the core C6 (CC6) save state memory in the memory map. OS could accidentally access this memory and overwrite core states. CC6 is required for CPU boost to work and is a lower power state for a core.

I can confirm that with the current version v4.14.0.6 I don't see the problem anymore. I.e. with the current BIOS you can turn on the powerd under OPNsense on an APU2 and leave it on highadaptive. The CPU adapts well to the load and always goes back to maximum frequency if necessary.

If you don't need gigabit internet, the APU2 is still an extremely proven and stable base for OPNsense. I have two of them.

I have opened the ticket with the maintainers of Coreboot for the PC Engines boards. So far, however, there has been nothing further.

I was able to solve the problem by keeping PowerD enabled but setting the mode to maximum. Since then I didn't have the problem anymore.

And if the CPU was limited to 600MHz it cost a lot of performance. In my setup I just got away with it - but had zero headroom. When the CPU is running normally the utilization is rarely more than 50%.

Something you can check: configure powerd to use "Maximum" instead of "Hiadaptive".

As discussed here: https://forum.opnsense.org/index.php?topic=21194.msg99228#msg99228

Just to be sure:
- You test with iperf THROUGH the firewall. I.e. iperf is not running on the firewall but on separate hosts "on both sides" of the firewall?
- You have only set pf rules but no other services like IDS, IDP, Sensei etc.

Thank you for the final good news. All's well that ends well.

This shows again that it becomes difficult to find problems when too many parts are changeable at the same time. Then you don't really know where problems come from.  :D

Have fun and success with OPNsense! If the problem is solved, I'm happy about some karma and you can prefix the title with [SOLVED].