Messages

1

18.7 Legacy Series / Upgrade Path question

« on: May 06, 2018, 07:20:56 am »

I'm preparing to put together a configuration to be shipped to a remote site. Is there going to be a "headless" upgrade path from 18.1 to 18.7, or should I just wait until 18.7 becomes the production series. I have options and would rather wait if I'll be unable to upgrade remotely.

2

18.1 Legacy Series / Re: Is something wrong with the update mirror? [RESOLVED]

« on: May 04, 2018, 06:37:28 pm »

Looks good! Thanks

3

18.1 Legacy Series / Is something wrong with the update mirror? [RESOLVED]

« on: May 04, 2018, 05:25:36 pm »

Code: [Select]

root@opnsense:~ # pkg upgrade -n
Updating OPNsense repository catalogue...
pkg: Repository OPNsense load error: access repo file(/var/db/pkg/repo-OPNsense.sqlite) failed: No such file or directory
pkg: http://pkg.opnsense.org/FreeBSD:11:i386/18.1/latest/meta.txz: Not Found
repository OPNsense has no meta file, using default settings
pkg: http://pkg.opnsense.org/FreeBSD:11:i386/18.1/latest/packagesite.txz: Not Found
Unable to update repository OPNsense
Error updating repositories!
root@opnsense:~ # curl http://pkg.opnsense.org/FreeBSD:11:i386/18.1/latest/packagesite.txz
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /FreeBSD:11:i386/18.1/latest/packagesite.txz was not found on this server.</p>
</body></html>

4

18.1 Legacy Series / Re: Multi Wan works, but with poor performance

« on: April 30, 2018, 10:45:23 pm »

Turning off sticky fixes the problem.

5

18.1 Legacy Series / Re: Multi Wan works, but with poor performance

« on: April 25, 2018, 04:40:31 am »

I do - without sticky in the old OpenBSD configuration bank sites and the like blew up.

6

18.1 Legacy Series / Re: New install, no DHCP server in GUI under Services?

« on: April 25, 2018, 04:37:41 am »

I ran into something similar, because my interface configuration is highly customized, namely I have a zoo of VLANs where the DHCP servers live.

You have to go into the interface assignment bit and get some interfaces assigned (use the + sign), and I think additionally they probably have to have IP addresses on them after you get them created.

That at least was the problem I was having when there were no interfaces listed in the DHCP part.

7

18.1 Legacy Series / Re: Multi Wan works, but with poor performance

« on: April 22, 2018, 07:33:06 pm »

Sorry for the delayed reply...

DNS really I don't think is the problem. Resolution for any domain is consistent and very fast from client PCs, even in the MultiWan setup. I understand the need for the local route, and I did indeed follow the instructions in the wiki, see attachment.

"internalIF" is a firewall group consisting of all my internal "VLAN" layer 3 interfaces.


Thanks again for your attention to the issue.

8

18.1 Legacy Series / Re: Multi Wan works, but with poor performance

« on: April 12, 2018, 06:19:30 am »

Code: [Select]

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : steese.local
   Link-local IPv6 Address . . . . . : fe80::849f:c9a1:ce72:b847%13
   IPv4 Address. . . . . . . . . . . : 172.40.30.76
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 172.40.30.1

Sorry if I wasn't clear in my original posting - the unbound forwarder service is running, I think that's the default right? In any case, DNS resolution is instant even when I am using the multiwan gateway. I don't think the problem is at all DNS related.

9

18.1 Legacy Series / Re: Multi Wan works, but with poor performance

« on: April 11, 2018, 05:21:18 am »

"system default" - see attachment.

I don't feel like this is a DNS issue. It's very slow to either load, and/or fail. DNS issues in my experience return name resolution errors pretty darn quick.

10

18.1 Legacy Series / Re: Multi Wan works, but with poor performance

« on: April 10, 2018, 11:03:12 am »

No, I don't think that's the problem. This is what I have:

11

18.1 Legacy Series / Multi Wan works, but with poor performance

« on: April 09, 2018, 11:29:00 pm »

I'm setting up a Soekris Net6501 with 18.1 to replace an identical piece of hardware running OpenBSD 6.0 or thereabouts. Installation and basic configuration went fine. The device sits on a network with 3 VLANs (plus the unused native VLAN 1 - designated "LAN" on this box) and 3 "WAN" connections. The WAN connections are consumer grade DSL and use a routing modem, so on the OPNSense router I have interfaces as such:

Code: [Select]

em0:
        inet 172.40.1.1 netmask 0xffffff00 broadcast 172.40.1.255
em1:
        inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
em2:
        inet 192.168.2.2 netmask 0xffffff00 broadcast 192.168.2.255
em3:
        inet 192.168.3.2 netmask 0xffffff00 broadcast 192.168.3.255
em0_vlan10:
        inet 172.40.10.1 netmask 0xffffff00 broadcast 172.40.10.255
        vlan: 10 vlanpcp: 0 parent interface: em0
em0_vlan20:
        inet 172.40.20.1 netmask 0xffffff00 broadcast 172.40.20.255
        vlan: 20 vlanpcp: 0 parent interface: em0
em0_vlan30:
        inet 172.40.30.1 netmask 0xffffff00 broadcast 172.40.30.255
        vlan: 30 vlanpcp: 0 parent interface: em0
Hopefully self explanatory.

The situation is that I followed the multi-wan instructions:

Docs » User Manual » How to’s » Setup Multi WAN

And the setup all seemed to be very straightforward, everything is working as advertised, but performance is abysmal. Often connections fail entirely and when they don't fail they react VERY VERY slowly. It feels a lot like an MTU issue on a PPPoE connection, however there is no PPPoE and the MTU was 1500 on all interfaces on the router this one is replacing with no MSS clamping or other such configs in place.

If I modify my PBRs on the individual VLAN firewall allow rules to use a specific default gateway instead of using the gateway group traffic immediately flows normally. In my mind this eliminates the thought that the problem could be:

NAT related
MTU related
DNS related (actually this seems to be working fine since it's proxied)
Uplink related (tested all 3)

At this point there is no VPN configured, no IPS/IDS, nothing else fancy. I'm not sure what else to look at to troubleshoot this further.

Love the product and look forward to making it work for me in this configuration. Thanks in advance.