Messages

1

19.7 Legacy Series / Re: after upgrade not rebooting

« on: July 24, 2019, 02:31:02 am »

I had the same issue where after the update to 19.7, Opnsense GUI shows Rebooting.

After going through CLI and logs, restart process was stuck trying to kill snmpd process. I killed this process forcefully and tried the reboot again, then opnsense rebooted right away.

2

19.1 Legacy Series / Re: OPNsense 19.1.1 Alias problem

« on: February 09, 2019, 02:30:25 pm »

I've been using OPNSense for last couple of years and it has been pretty stable for me.

OPNsense 19.1 is little different in some of the settings, just type or paste the ip address or hostname in Content field and hit space after. On this new release, it enabled us to add multiple ip addresses or multiple hostnames at once.

For ex: so lets say you have txt file which contains few or a lot of hostnames, you can literally paste it in content field. Which is much easier than before.

3

18.7 Legacy Series / Re: more complex setup

« on: September 27, 2018, 04:56:07 am »

@mahescho   your network config should be achievable with OpnSense.

4

18.7 Legacy Series / Re: Internet Bandwidth can't reach 1Gbps and CPU AES-NI crypto missing on OpenVPN

« on: September 15, 2018, 08:43:56 pm »

@mimugmail
all test was done without vpn and yes source speedtest supported upto 10G. My WAN cap is 1G. But overall I manage to resolve the issue.

@elfrom
you brought up good point which chipset is WAN and LAN. BCM5716 is being used for WAN and X540 for LAN.
WAN speed was getting upto 500-600Mbps but not more than that.

[Resolved Internet bandwidth issue]
After investigating with FreeBSD system and nic tunning settings, I had to add following items to OPNSENSE Tunables page.
hw.bce.tso_enable = 0   
hw.pci.enable_msix = 0

Added following to /etc/sysctl.conf
kern.ipc.nmbclusters=262144
kern.ipc.nmbjumbop=262144

5

18.7 Legacy Series / Re: Internet Bandwidth can't reach 1Gbps and CPU AES-NI crypto missing on OpenVPN

« on: September 15, 2018, 08:00:58 am »

I understand it will decrease the network performance but I even tried turning suricata off and NAT is pretty basic. I believe OPNSense needs either kernel or nic tunning for ixgbe drivers and igb drivers. Not sure what tunning settings to apply yet.

I'm currently testing various tunning setings to see if that helps.

6

18.7 Legacy Series / Re: Unbound stopped working with error "Could not set up local zones"

« on: September 15, 2018, 04:45:28 am »

can you please provide more detail lines of log related to errors from
/var/log/resolver.log

#be careful if you're going to modify below file.
unbound config located @ /var/unbound/unbound.conf

7

18.7 Legacy Series / Internet Bandwidth can't reach 1Gbps and CPU AES-NI crypto missing on OpenVPN

« on: September 15, 2018, 04:09:35 am »

Can anyone @OPNSENSE or anyone from forum knows how to resolve issue that I'm having will be great appreciated. Advance thanks.

Issue:
1. any of my wired LAN devices can't reach no where near to 1Gpbs down/up speed to/from internet.
2. OpenVPN server config can't detect CPU AES-NI cryto chip which is enabled by default.

Note:
suricata is not heavily configured.

Current firewall setup:
WAN bandwidth speed is 1Gbps In/Out
LAN 1Gpbs for all devices connected through 24port switch
NO VLANs configured or exists.
NAT firewall rules: 2
Services Running:
acme, clamd, configd, dhcpd, dyndns, flowd_aggregate, freshclam, iperf, login, ntpd, openssh, openvpn, pf, samplicate, suricata, syslog, unbound

Interfaces: Settings:
Hardware CRC: Checked    #Disable hardware checksum offload
Hardware TSO: Checked    #Disable hardware TCP segmentation offload
Hardware LRO: Checked    #Disable hardware large receive offload

Currently Running OpnSense Info:
Versions: OPNsense 18.7.2-amd64
FreeBSD: 11.1-RELEASE-p13
OpenSSL: 1.0.2p 14 Aug 2018

Current CPU hardware info:
hw.model: Intel(R) Xeon(R) CPU E31260L @ 2.40GHz
hw.machine: amd64
hw.ncpu: 8

Current NIC hardware info:
Intel Ethernet 10-Gigabit X540-AT2 (2 Ports)
Intel NetXtreme II BCM5716 Gigabit (2 Ports)

IF ANY INFORMATION IS REQUIRED TO INVESTIGATE FURTHER, WILLING TO PROVIDE IT .

Thank you,
Mahesh