1
20.1 Legacy Series / Re: Higher ping response time
« on: May 20, 2020, 05:35:01 pm »
If possible please move this post to General Discussion, I just realised I used wrong one. Thanks
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
20.1 Legacy Series / Higher ping response time
« on: May 20, 2020, 05:31:34 pm »
I found my virtualised OPNsense has higher ping response time then my Mikrotik hardware, 20ms vs 26ms (tested from Hetzner VPS). So I deployed another virtualised OPNsense with same config and same Proxmox machine as first one (except few virtual intefaces and less RAM), WAN interface with own public IP and one local LAN.
And results are:
OLD
20 packets transmitted, 20 received, 0% packet loss, time 33ms
rtt min/avg/max/mdev = 24.705/26.418/32.959/2.252 ms
NEW
20 packets transmitted, 20 received, 0% packet loss, time 45ms
rtt min/avg/max/mdev = 18.805/19.683/26.816/1.707 ms
Configuration is same, offloading disabled, ICPM echo reply allowed as 1st rule on WAN interface. No traffic shaping queues. Tried disable firewall on OLD one, same results.
Version: OPNsense 20.1.6
I've no idea what can cause this 5-6ms delay. It's not causing any issues, but I'm curious why.
Some idea?
And results are:
OLD
20 packets transmitted, 20 received, 0% packet loss, time 33ms
rtt min/avg/max/mdev = 24.705/26.418/32.959/2.252 ms
NEW
20 packets transmitted, 20 received, 0% packet loss, time 45ms
rtt min/avg/max/mdev = 18.805/19.683/26.816/1.707 ms
Configuration is same, offloading disabled, ICPM echo reply allowed as 1st rule on WAN interface. No traffic shaping queues. Tried disable firewall on OLD one, same results.
Version: OPNsense 20.1.6
I've no idea what can cause this 5-6ms delay. It's not causing any issues, but I'm curious why.
Some idea?
3
General Discussion / HAProxy slow speed
« on: December 16, 2019, 11:42:09 am »
I'm experiencing really slow speed with HAProxy plugin.
Server is on 1Gb line, my home download speed is 300Mb. With Port forwarding I'm hitting my download speed, with HAProxy is maximum around 150Mb (same speed for HTTP or HTTPS offloading). With HTTP/2 enabled on HAProxy it's much lower, around 50Mb.
OPNsense and machine behind HAProxy are KVM on Proxmox. All HW offloading are disabled.
Proxmox: 2* E5-2450L v1 ( 1.80GHz base clock)
OPNsense config: 2 socket * 4 cores with numa=1, 2GB RAM
HAProxy:
Thanks a lot for any hint.
Server is on 1Gb line, my home download speed is 300Mb. With Port forwarding I'm hitting my download speed, with HAProxy is maximum around 150Mb (same speed for HTTP or HTTPS offloading). With HTTP/2 enabled on HAProxy it's much lower, around 50Mb.
OPNsense and machine behind HAProxy are KVM on Proxmox. All HW offloading are disabled.
Proxmox: 2* E5-2450L v1 ( 1.80GHz base clock)
OPNsense config: 2 socket * 4 cores with numa=1, 2GB RAM
HAProxy:
- nbproc=1
- nbthread=4
- cpu-map auto:1/1-4 0-3 (tried also different cpu-map, no luck)
- 12 ACLs
Thanks a lot for any hint.
4
General Discussion / Help: Firewall WAN rules "doesn't" work
« on: November 22, 2019, 06:47:42 pm »
Hey guys,
I found strange issue when configuring new OPNsense VM. No idea why, but WAN rules (allow) doesn't work, but floating rules assigned to WAN works.
For WAN rules with "log" enabled I see it's allowed in log = matched, but doesn't work (tested ICMP & Web management to WAN).
HW: KVM on Proxmox proxmox-ve: 6.0-2 (running kernel: 5.0.21-5-pve)
OPNsense: 19.7.7-amd64 OpenSSL
WAN: private IP with private networks allowed in interface configuration, Proxmox linux bridge with bond0 4-ports LACP
LAN: private IP, Proxmox linux bridge without interface
All HW offloading is disabled.
There is no plugin installed, it's totally clean installation with minimal required setup.
Some idea where to have a look?
Thanks
P.S.: I tried pfSense with same setup, it's working without problem. I'm also running long time 2 different KVM OPNsense on another machines without this issue.
I found strange issue when configuring new OPNsense VM. No idea why, but WAN rules (allow) doesn't work, but floating rules assigned to WAN works.
For WAN rules with "log" enabled I see it's allowed in log = matched, but doesn't work (tested ICMP & Web management to WAN).
HW: KVM on Proxmox proxmox-ve: 6.0-2 (running kernel: 5.0.21-5-pve)
OPNsense: 19.7.7-amd64 OpenSSL
WAN: private IP with private networks allowed in interface configuration, Proxmox linux bridge with bond0 4-ports LACP
LAN: private IP, Proxmox linux bridge without interface
All HW offloading is disabled.
There is no plugin installed, it's totally clean installation with minimal required setup.
Some idea where to have a look?
Thanks
P.S.: I tried pfSense with same setup, it's working without problem. I'm also running long time 2 different KVM OPNsense on another machines without this issue.
5
General Discussion / Re: Migrate acme certs and accounts from pfSense to OPNsense
« on: August 14, 2018, 05:00:48 pm »
Thanks Frank, this is I think best way.
Marek
Marek
6
General Discussion / Re: Migrate acme certs and accounts from pfSense to OPNsense
« on: August 07, 2018, 02:03:46 pm »
Hi Franco,
thanks for reply.
I'm using acme certs for web GUI and also HAproxy. Certificates are stored in pfSense certificate "storage". Then for service I'll just add cert from this storage.
I'm just thinking if I need to use some proper naming to import certs to have acme on OPNsense working with those existing certs.
Marek
thanks for reply.
I'm using acme certs for web GUI and also HAproxy. Certificates are stored in pfSense certificate "storage". Then for service I'll just add cert from this storage.
I'm just thinking if I need to use some proper naming to import certs to have acme on OPNsense working with those existing certs.
Marek
7
General Discussion / Migrate acme certs and accounts from pfSense to OPNsense
« on: August 06, 2018, 06:17:55 pm »
Hi,
I would like to migrate to OPNsense (because past mistake = pfSense).
Anyway, almost everything should be simple, but I've no idea how to migrate existing acme certificates.
If you have some experience, hints are welcome ;-)
Thanks
Marek
I would like to migrate to OPNsense (because past mistake = pfSense).
Anyway, almost everything should be simple, but I've no idea how to migrate existing acme certificates.
If you have some experience, hints are welcome ;-)
Thanks
Marek
Pages: [1]