1
General Discussion / Re: Reoccuring Packetloss and Offline status with WAN gateway via Vodafone cable
« on: June 26, 2021, 04:03:28 pm »
I do have the same problem, any solutions?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
2
21.1 Legacy Series / Re: Suddenly high packet loss rate between OPNsense and Fritzbox
« on: April 17, 2021, 08:51:03 am »
Problem is solved, it was an NAT issue with the multi WAN configuration.
3
German - Deutsch / Re: Plötzlich jede Menge Packet Loss zwischen OPNsense und Fritzboxen
« on: April 16, 2021, 08:16:45 pm »
Problem gelöst - es war eine NAT Regel in der Multi-WAN Config nicht sauber gesetzt, daher sind einige Pakete fehlgeleitet worden.
4
21.1 Legacy Series / Suddenly high packet loss rate between OPNsense and Fritzbox
« on: April 14, 2021, 10:39:09 pm »
Hallo Community,
since 3 days I do have massive issues with the combination of my OPNSense Cluster and two attached Fritzboxes.
I see massive packet loss rates up to 50% on the connection of the different cluster nodes and the attached Fritzboxes. The Fritzboxen are direkt connected vie Lan cables, no switch involved. I already checked the cables, they are fine. Pings to OPNSense nodes from inside the LAN are getting top rates. When I log into the OPNSense nodes and start pings to the Fritzboxes I get these results:
A complet inconsistent result. The RTTd values are therefor in 3 digits.
The adapter configs:
Is it possible that the last updates of OPNSense delivered Ethernet driver updates or new adapter configs that results in these problems with Fritzboxes, maybe also with other devices?
Recently installed:
Am I the only one with that issue?
I am thankful for every helpful hint.
-Micha
since 3 days I do have massive issues with the combination of my OPNSense Cluster and two attached Fritzboxes.
I see massive packet loss rates up to 50% on the connection of the different cluster nodes and the attached Fritzboxes. The Fritzboxen are direkt connected vie Lan cables, no switch involved. I already checked the cables, they are fine. Pings to OPNSense nodes from inside the LAN are getting top rates. When I log into the OPNSense nodes and start pings to the Fritzboxes I get these results:
Code: [Select]
root@fw-master:~ # ping 192.168.188.1
PING 192.168.188.1 (192.168.188.1): 56 data bytes
64 bytes from 192.168.188.1: icmp_seq=0 ttl=64 time=78.418 ms
64 bytes from 192.168.188.1: icmp_seq=1 ttl=64 time=4.887 ms
64 bytes from 192.168.188.1: icmp_seq=2 ttl=64 time=0.585 ms
64 bytes from 192.168.188.1: icmp_seq=3 ttl=64 time=30.765 ms
64 bytes from 192.168.188.1: icmp_seq=4 ttl=64 time=99.968 ms
64 bytes from 192.168.188.1: icmp_seq=5 ttl=64 time=285.366 ms
64 bytes from 192.168.188.1: icmp_seq=6 ttl=64 time=0.715 ms
64 bytes from 192.168.188.1: icmp_seq=8 ttl=64 time=0.585 ms
64 bytes from 192.168.188.1: icmp_seq=9 ttl=64 time=227.395 ms
64 bytes from 192.168.188.1: icmp_seq=10 ttl=64 time=0.746 ms
64 bytes from 192.168.188.1: icmp_seq=11 ttl=64 time=3.116 ms
64 bytes from 192.168.188.1: icmp_seq=12 ttl=64 time=0.603 ms
64 bytes from 192.168.188.1: icmp_seq=13 ttl=64 time=0.787 ms
64 bytes from 192.168.188.1: icmp_seq=14 ttl=64 time=0.543 msA complet inconsistent result. The RTTd values are therefor in 3 digits.
The adapter configs:
Code: [Select]
root@fw-master:~ # ifconfig em1
em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=852098<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO>
ether 00:e0:67:09:5d:05
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>Code: [Select]
root@fw-master:~ # ifconfig lagg0
lagg0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=852098<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO>
ether 00:e0:67:09:5d:04
inet6 fe80::2e0:67ff:fe09:5d04%lagg0 prefixlen 64 scopeid 0x9
inet 10.x.x.101 netmask 0xffffff00 broadcast 10.x.x.255
inet 10.x.x.1 netmask 0xffffff00 broadcast 10.x.x.255 vhid 1
laggproto failover lagghash l2,l3,l4
laggport: em0 flags=5<MASTER,ACTIVE>
groups: lagg
carp: MASTER vhid 1 advbase 1 advskew 0
media: Ethernet autoselect
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>Is it possible that the last updates of OPNSense delivered Ethernet driver updates or new adapter configs that results in these problems with Fritzboxes, maybe also with other devices?
Recently installed:
Code: [Select]
OPNsense 21.1.4-amd64
FreeBSD 12.1-RELEASE-p15-HBSD
OpenSSL 1.1.1k 25 Mar 2021Am I the only one with that issue?
I am thankful for every helpful hint.
-Micha
5
German - Deutsch / Re: Plötzlich jede Menge Packet Loss zwischen OPNsense und Fritzboxen
« on: April 14, 2021, 10:25:43 pm »Was hängt auf der anderen Seite des lagg0? Die Fritzbox kann kein Port-Bundling/LCAP ...
Ja eine Fritzbox, aber die Config hat bis vor 5 Tagen problemlos funktioniert.
Ich habe auch keine Ports gebundelt. Das lagg ist nur zur virtualisierung der physischen Ports configuriert, da die Clusterknoten unterschiedliche Server sind und somit sonst unterschiedliche Device Names hätten.
6
German - Deutsch / Plötzlich jede Menge Packet Loss zwischen OPNsense und Fritzboxen
« on: April 14, 2021, 07:32:26 pm »
Hallo Community,
seit 3 Tagen habe ich massive Probleme im Zusammenspiel zwischen meinem OPNSense Cluster und den zwei dahinter liegenden Fritzboxen.
Ich habe massive Packet Loss Raten bis zu 50% in der Verbindung zwischen den einzelnen Clusterknoten und den Fritzboxen. Die Fritzboxen sind direkt über Kabel angebunden, kein Switch dazwischen. Die Kabel sind ok, habe auch schon getauscht kein Unterschied. Wenn ich die OPNSense Knoten aus dem LAN anpinge sind die Ping raten Top. Logge ich mich auf den OPNSense Knoten ein und pinge die Fritzboxen an sieht das so aus:
Ein total inkonsistentes Ping-Bild. Die RTTd Werte sind entsprechend hoch im 3 stelligen Bereich.
Die Adaptereinstellungen sind wie folgt:
Kann es sein, dass mit den Updates sich etwas an den Ethernet Treibern oder Einstellungen geändert hat, das zu Problemen mit Fritzboxen führt?
Aktuell installiert:
Bin ich der Einzige mit diesem Phänomen?
Für jeden hilfreichen Tip dankbar.
-Micha
seit 3 Tagen habe ich massive Probleme im Zusammenspiel zwischen meinem OPNSense Cluster und den zwei dahinter liegenden Fritzboxen.
Ich habe massive Packet Loss Raten bis zu 50% in der Verbindung zwischen den einzelnen Clusterknoten und den Fritzboxen. Die Fritzboxen sind direkt über Kabel angebunden, kein Switch dazwischen. Die Kabel sind ok, habe auch schon getauscht kein Unterschied. Wenn ich die OPNSense Knoten aus dem LAN anpinge sind die Ping raten Top. Logge ich mich auf den OPNSense Knoten ein und pinge die Fritzboxen an sieht das so aus:
Code: [Select]
root@fw-master:~ # ping 192.168.188.1
PING 192.168.188.1 (192.168.188.1): 56 data bytes
64 bytes from 192.168.188.1: icmp_seq=0 ttl=64 time=78.418 ms
64 bytes from 192.168.188.1: icmp_seq=1 ttl=64 time=4.887 ms
64 bytes from 192.168.188.1: icmp_seq=2 ttl=64 time=0.585 ms
64 bytes from 192.168.188.1: icmp_seq=3 ttl=64 time=30.765 ms
64 bytes from 192.168.188.1: icmp_seq=4 ttl=64 time=99.968 ms
64 bytes from 192.168.188.1: icmp_seq=5 ttl=64 time=285.366 ms
64 bytes from 192.168.188.1: icmp_seq=6 ttl=64 time=0.715 ms
64 bytes from 192.168.188.1: icmp_seq=8 ttl=64 time=0.585 ms
64 bytes from 192.168.188.1: icmp_seq=9 ttl=64 time=227.395 ms
64 bytes from 192.168.188.1: icmp_seq=10 ttl=64 time=0.746 ms
64 bytes from 192.168.188.1: icmp_seq=11 ttl=64 time=3.116 ms
64 bytes from 192.168.188.1: icmp_seq=12 ttl=64 time=0.603 ms
64 bytes from 192.168.188.1: icmp_seq=13 ttl=64 time=0.787 ms
64 bytes from 192.168.188.1: icmp_seq=14 ttl=64 time=0.543 msEin total inkonsistentes Ping-Bild. Die RTTd Werte sind entsprechend hoch im 3 stelligen Bereich.
Die Adaptereinstellungen sind wie folgt:
Code: [Select]
root@fw-master:~ # ifconfig em1
em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=852098<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO>
ether 00:e0:67:09:5d:05
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>Code: [Select]
root@fw-master:~ # ifconfig lagg0
lagg0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=852098<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO>
ether 00:e0:67:09:5d:04
inet6 fe80::2e0:67ff:fe09:5d04%lagg0 prefixlen 64 scopeid 0x9
inet 10.x.x.101 netmask 0xffffff00 broadcast 10.x.x.255
inet 10.x.x.1 netmask 0xffffff00 broadcast 10.x.x.255 vhid 1
laggproto failover lagghash l2,l3,l4
laggport: em0 flags=5<MASTER,ACTIVE>
groups: lagg
carp: MASTER vhid 1 advbase 1 advskew 0
media: Ethernet autoselect
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>Kann es sein, dass mit den Updates sich etwas an den Ethernet Treibern oder Einstellungen geändert hat, das zu Problemen mit Fritzboxen führt?
Aktuell installiert:
Code: [Select]
OPNsense 21.1.4-amd64
FreeBSD 12.1-RELEASE-p15-HBSD
OpenSSL 1.1.1k 25 Mar 2021Bin ich der Einzige mit diesem Phänomen?
Für jeden hilfreichen Tip dankbar.
-Micha
7
19.7 Legacy Series / Help needed: LAGG to homogenize interfaces
« on: November 23, 2019, 11:55:06 am »
Hi all,
I have the challenge, that I want to build a HA Cluster of two OPNSense Firewalls that are similar but not equal. On one system is the naming schema of the interface emX on the other igbX. To make pfsync work I need two systems with equal interface names. In the doumentation is a hint to workaround via using LAGG on the interfaces:
"When using different network drivers on both machines, like running a HA setup with one physical machine as master and a virtual machine as slave, states can not be synced as interface names differ. The only workaround would be to set up a LAGG."
Now my concrete questions: How do I setup the Interfaces that it will work.
Which type of LAGG do I have to choose, due to the fact that I do not want any LAG features I only want homogenous interface names on both machines. Chosing "none" seems not be an option, because the interface will not deliver any traffic.
Which mode shall I use?
And how to configure it, if addtional settings are necessary?
Thanks in advance for help
Micha
I have the challenge, that I want to build a HA Cluster of two OPNSense Firewalls that are similar but not equal. On one system is the naming schema of the interface emX on the other igbX. To make pfsync work I need two systems with equal interface names. In the doumentation is a hint to workaround via using LAGG on the interfaces:
"When using different network drivers on both machines, like running a HA setup with one physical machine as master and a virtual machine as slave, states can not be synced as interface names differ. The only workaround would be to set up a LAGG."
Now my concrete questions: How do I setup the Interfaces that it will work.
Which type of LAGG do I have to choose, due to the fact that I do not want any LAG features I only want homogenous interface names on both machines. Chosing "none" seems not be an option, because the interface will not deliver any traffic.
Which mode shall I use?
- NONE
LACP
FAILOVER
FEC
LOADBALANCE
ROUNDROBIN
And how to configure it, if addtional settings are necessary?
Thanks in advance for help
Micha
8
18.7 Legacy Series / Re: Can not ping OPNSense LAN Interface
« on: November 30, 2018, 12:00:42 am »
No rule on WAN Side
9
18.7 Legacy Series / Re: Can not ping OPNSense LAN Interface
« on: November 29, 2018, 10:09:44 pm »
yes I blocked Bogon Networks. Unchecked all blocks.
But no change in behavior, still not able to ping Lan interface
But no change in behavior, still not able to ping Lan interface
10
18.7 Legacy Series / Re: Can not ping OPNSense LAN Interface
« on: November 29, 2018, 09:50:36 pm »
One thing is conspicuous in the routes overview
why is 10.1.1.1/32 mapped to Interface lo0 and not to the physikal interface em0 like 10.1.1.0/24
why is 10.1.1.1/32 mapped to Interface lo0 and not to the physikal interface em0 like 10.1.1.0/24
11
18.7 Legacy Series / Re: Can not ping OPNSense LAN Interface
« on: November 29, 2018, 09:02:45 pm »
Nope no Rules for ICMP in general
12
18.7 Legacy Series / Re: Can not ping OPNSense LAN Interface
« on: November 29, 2018, 05:47:07 pm »
Subnetmask of the clients is always /24
13
18.7 Legacy Series / Re: Can not ping OPNSense LAN Interface
« on: November 29, 2018, 05:16:48 pm »
find attached the screenshot of the recent routing table
14
18.7 Legacy Series / Re: Can not ping OPNSense LAN Interface
« on: November 29, 2018, 05:11:25 pm »
find attached the screenshot of the LAN interface config
15
18.7 Legacy Series / Re: Can not ping OPNSense LAN Interface
« on: November 29, 2018, 04:44:36 pm »
Yes my Provider seems also to you use 10.x.x.x Network.
10.255.7.97 is an IP of my provider.
How can I stop routing of 10.x.x.x target adresses out of my internal Network.
10.255.7.97 is an IP of my provider.
How can I stop routing of 10.x.x.x target adresses out of my internal Network.
Pages: [1] 2