Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - jmboettger

Pages1
#1
20.1 Legacy Series / Network Performance Issues with Intel X550 NIC
April 23, 2020, 09:14:58 PM
I have a 600/60 Internet Connection. My OPNsense consists of a quad core Atom with 2.2 GHz and 16GB RAM.
Speedtest from a PC on LAN side have 60/60 whereas speedtest_cli shows about 300/60 on WAN side of the OPNsense. I have no IPS or VPN configured or active. I tested setting MSS on LAN side to 1300 which did not change anything. Hardware Checksum offloading is deactivated. CPU load is no more than 0.4.
I tried various settings within loader.conf.local which is like the following at the moment. But it does not change anything.
Code Select

net.inet.tcp.tso=0
net.inet.tcp.sendbuf_max=16777216
net.inet.tcp.recvbuf_max=16777216
net.inet.tcp.sendbuf_incr=16384
net.inet.tcp.recvbuf_incr=524288
hw.pci.enable_msix=1
hw.pci.enable_msi=1
hw.ix.enable.aim=1
hw.ix.num_queues=1
hw.ix.rxd=4096
hw.ix.txd=4096
hw.ix.0.fc=0
hw.ix.1.fc=0
hw.ix.2.fc=0
hw.ix.3.fc=0
kern.ipc.nmbclusters="1000000"
kern.ipc.nmbjumbop="524288"


Any ideas why the routing is that poor?
#2
19.7 Legacy Series / Issue with slow Internet on LAN side thus its fast per speedtest from OPNsense
October 11, 2019, 09:25:26 PM
I have a fresh install of
OPNsense 19.7.5-amd64, FreeBSD 11.2-RELEASE-p14-HBSD, OpenSSL 1.0.2t 10 Sep 2019 on a Atom C3558 @8GB RAM, 120 GB SSD and 4 Intel 10GbE NIC (ix).

On WAN side i have 600 Mbit / 60 Mbit, which i could verify on the System via speedtest-cli.
On LAN side (Windows 10) i get no more than 80Mbit/60Mbit thus a iperf from LAN side to the OPNSense comes with 876Mbit.


  • Antivirus is switched off
  • hardware checksum offloading is dissabled
  • I do have no shaper, QOS, IDS active / installed
  • I added kern.ipc.nmbclusters="1000000", kern.ipc.nmbjumbop="524288" to /boot/loader.conf.local
  • as well as hw.intr_storm_threshold=10000 to the tunables
  • I added dev.ix.0.fc=0 for every nic on board (dev.ix.1.fc=0, dev.ix.2.fc=0 etc).
  • I changed every cable.
None of the mentioned measures changed something.
CPU load is no more than 0.32 at maximum and there are no collisions or or errors shown on the interface.
I even changed the MSS on lan side to 1400.
No change at all. Does anybody has an idea what the reason could be?
Best regards and thanks in advance.


#3
German - Deutsch / [ERLEDIGT] Portunity /29 Subnet auf LAN und Routing
August 26, 2018, 06:37:25 PM
Hallo
Plan ist es ein /29 Subnetz von Portunity über das VPN mit DHCP auf Clients hinter einer LAN Schnittstelle zu verteilen. Ausgehender Traffic dieser Clients muss dann entsprechend wieder über das VPN zurück ins www.

Also /29 -> VPN -> opnsense -> LAN (DHCP) -> Client

Ich habe folgendes Versucht:

  • VPN auf der opnsense einrichten und als Interface zuweisen
  • Das statische Subnet aus dem VPN  der entsprechenden LAN Schnittstelle zuweisen und einen DHCP konfigurieren
  • In den Firewall Regel eine Regel erstellt, dass aller Traffic, welcher nicht zur opnsense oder anderen localen Subnetzen in meiner Konfig soll, über den VPN Gateway laufen soll.
  • Ein- und Ausgehende Regeln zur Erlaubnis von ICMP und TCP 443 erstellen.

Nun kommt eingehende Traffic zu dem Client, ausgehender hingegen wird nicht transportiert. NAT benötigt es nach meinem Verständnis in diesem Fall keines. Hat jemand einen Tipp oder kennt ein Howto um ein solches Szenario abzubilden?

Besten Dank

Pages1