Messages

If possible please move this post to General Discussion, I just realised I used wrong one. Thanks

[OLD]

I found my virtualised OPNsense has higher ping response time then my Mikrotik hardware, 20ms vs 26ms (tested from Hetzner VPS). So I deployed another virtualised OPNsense with same config and same Proxmox machine as first one (except few virtual intefaces and less RAM), WAN interface with own public IP and one local LAN.

And results are:

OLD
20 packets transmitted, 20 received, 0% packet loss, time 33ms
rtt min/avg/max/mdev = 24.705/26.418/32.959/2.252 ms

NEW
20 packets transmitted, 20 received, 0% packet loss, time 45ms
rtt min/avg/max/mdev = 18.805/19.683/26.816/1.707 ms

Configuration is same, offloading disabled, ICPM echo reply allowed as 1st rule on WAN interface. No traffic shaping queues. Tried disable firewall on OLD one, same results.

Version: OPNsense 20.1.6

I've no idea what can cause this 5-6ms delay. It's not causing any issues, but I'm curious why.
Some idea?

I'm experiencing really slow speed with HAProxy plugin.

Server is on 1Gb line, my home download speed is 300Mb. With Port forwarding I'm hitting my download speed, with HAProxy is maximum around 150Mb (same speed for HTTP or HTTPS offloading). With HTTP/2 enabled on HAProxy it's much lower, around 50Mb.
OPNsense and machine behind HAProxy are KVM on Proxmox. All HW offloading are disabled.

Proxmox: 2* E5-2450L v1 ( 1.80GHz base clock)
OPNsense config: 2 socket * 4 cores with numa=1, 2GB RAM
HAProxy:

• nbproc=1
• nbthread=4
• cpu-map auto:1/1-4 0-3 (tried also different cpu-map, no luck)
• 12 ACLs

Thanks a lot for any hint.

Hey guys,
I found strange issue when configuring new OPNsense VM. No idea why, but WAN rules (allow) doesn't work, but floating rules assigned to WAN works.
For WAN rules with "log" enabled I see it's allowed in log = matched, but doesn't work (tested ICMP & Web management to WAN).

HW: KVM on Proxmox proxmox-ve: 6.0-2 (running kernel: 5.0.21-5-pve)
OPNsense: 19.7.7-amd64 OpenSSL
WAN: private IP with private networks allowed in interface configuration, Proxmox linux bridge with bond0 4-ports LACP
LAN: private IP, Proxmox linux bridge without interface
All HW offloading is disabled.

There is no plugin installed, it's totally clean installation with minimal required setup.
Some idea where to have a look?
Thanks

P.S.: I tried pfSense with same setup, it's working without problem. I'm also running long time 2 different KVM OPNsense on another machines without this issue.

Thanks Frank, this is I think best way.

Marek

Hi Franco,

thanks for reply.
I'm using acme certs for web GUI and also HAproxy. Certificates are stored in pfSense certificate "storage". Then for service I'll just add cert from this storage.
I'm just thinking if I need to use some proper naming to import certs to have acme on OPNsense working with those existing certs.

Marek

Hi,
I would like to migrate to OPNsense (because past mistake = pfSense).
Anyway, almost everything should be simple, but I've no idea how to migrate existing acme certificates.
If you have some experience, hints are welcome ;-)
Thanks

Marek