Messages

Install htop?

https://forum.opnsense.org/index.php?topic=15011.0

Inloggen via de serial console? Zie documentatie.

https://www.deciso.com/product-catalog/dec600/

https://www.deciso.com/resources-opnsense-a10/

Nu heb je mij weer een beetje ... wat is (een) TS?

Topic Starter

On LAN side 22.1 APU2D4, Gigabit network. All non-functional tunables removed as mentioned by @fireburner, no IDS/IPS.

I recall having measured higher values on 21.x (~800 - 900 MBit/s)

Code Select Expand

--------@DiskStation:/$ iperf3 -c 192.168.1.1 -p 19160 -P 30 -4 -R
Connecting to host 192.168.1.1, port 19160
Reverse mode, remote host 192.168.1.1 is sending
[  5] local 192.168.1.10 port 43300 connected to 192.168.1.1 port 19160
[  7] local 192.168.1.10 port 43302 connected to 192.168.1.1 port 19160
[  9] local 192.168.1.10 port 43304 connected to 192.168.1.1 port 19160
[ 11] local 192.168.1.10 port 43310 connected to 192.168.1.1 port 19160
[ 13] local 192.168.1.10 port 43312 connected to 192.168.1.1 port 19160
[ 15] local 192.168.1.10 port 43314 connected to 192.168.1.1 port 19160
[ 17] local 192.168.1.10 port 43316 connected to 192.168.1.1 port 19160
[ 19] local 192.168.1.10 port 43318 connected to 192.168.1.1 port 19160
[ 21] local 192.168.1.10 port 43320 connected to 192.168.1.1 port 19160
[ 23] local 192.168.1.10 port 43322 connected to 192.168.1.1 port 19160
[ 25] local 192.168.1.10 port 43324 connected to 192.168.1.1 port 19160
[ 27] local 192.168.1.10 port 43326 connected to 192.168.1.1 port 19160
[ 29] local 192.168.1.10 port 43328 connected to 192.168.1.1 port 19160
[ 31] local 192.168.1.10 port 43330 connected to 192.168.1.1 port 19160
[ 33] local 192.168.1.10 port 43332 connected to 192.168.1.1 port 19160
[ 35] local 192.168.1.10 port 43334 connected to 192.168.1.1 port 19160
[ 37] local 192.168.1.10 port 43336 connected to 192.168.1.1 port 19160
[ 39] local 192.168.1.10 port 43338 connected to 192.168.1.1 port 19160
[ 41] local 192.168.1.10 port 43344 connected to 192.168.1.1 port 19160
[ 43] local 192.168.1.10 port 43346 connected to 192.168.1.1 port 19160
[ 45] local 192.168.1.10 port 43352 connected to 192.168.1.1 port 19160
[ 47] local 192.168.1.10 port 43354 connected to 192.168.1.1 port 19160
[ 49] local 192.168.1.10 port 43356 connected to 192.168.1.1 port 19160
[ 51] local 192.168.1.10 port 43358 connected to 192.168.1.1 port 19160
[ 53] local 192.168.1.10 port 43360 connected to 192.168.1.1 port 19160
[ 55] local 192.168.1.10 port 43362 connected to 192.168.1.1 port 19160
[ 57] local 192.168.1.10 port 43364 connected to 192.168.1.1 port 19160
[ 59] local 192.168.1.10 port 43366 connected to 192.168.1.1 port 19160
[ 61] local 192.168.1.10 port 43368 connected to 192.168.1.1 port 19160
[ 63] local 192.168.1.10 port 43370 connected to 192.168.1.1 port 19160

[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.66  sec  19.6 MBytes  15.4 Mbits/sec    0             sender
[  5]   0.00-10.00  sec  18.9 MBytes  15.8 Mbits/sec                  receiver
[  7]   0.00-10.66  sec  18.0 MBytes  14.2 Mbits/sec    0             sender
[  7]   0.00-10.00  sec  17.2 MBytes  14.5 Mbits/sec                  receiver
[  9]   0.00-10.66  sec  21.6 MBytes  17.0 Mbits/sec    0             sender
[  9]   0.00-10.00  sec  20.9 MBytes  17.5 Mbits/sec                  receiver
[ 11]   0.00-10.66  sec  20.1 MBytes  15.8 Mbits/sec    0             sender
[ 11]   0.00-10.00  sec  19.4 MBytes  16.3 Mbits/sec                  receiver
[ 13]   0.00-10.66  sec  20.1 MBytes  15.8 Mbits/sec    0             sender
[ 13]   0.00-10.00  sec  19.4 MBytes  16.3 Mbits/sec                  receiver
[ 15]   0.00-10.66  sec  22.9 MBytes  18.0 Mbits/sec    0             sender
[ 15]   0.00-10.00  sec  22.1 MBytes  18.6 Mbits/sec                  receiver
[ 17]   0.00-10.66  sec  19.4 MBytes  15.2 Mbits/sec    0             sender
[ 17]   0.00-10.00  sec  18.6 MBytes  15.6 Mbits/sec                  receiver
[ 19]   0.00-10.66  sec  20.0 MBytes  15.7 Mbits/sec    0             sender
[ 19]   0.00-10.00  sec  19.1 MBytes  16.1 Mbits/sec                  receiver
[ 21]   0.00-10.66  sec  22.8 MBytes  17.9 Mbits/sec    0             sender
[ 21]   0.00-10.00  sec  21.9 MBytes  18.3 Mbits/sec                  receiver
[ 23]   0.00-10.66  sec  20.8 MBytes  16.3 Mbits/sec    0             sender
[ 23]   0.00-10.00  sec  19.9 MBytes  16.7 Mbits/sec                  receiver
[ 25]   0.00-10.66  sec  20.0 MBytes  15.7 Mbits/sec    0             sender
[ 25]   0.00-10.00  sec  19.1 MBytes  16.0 Mbits/sec                  receiver
[ 27]   0.00-10.66  sec  18.5 MBytes  14.6 Mbits/sec    0             sender
[ 27]   0.00-10.00  sec  17.6 MBytes  14.8 Mbits/sec                  receiver
[ 29]   0.00-10.66  sec  18.8 MBytes  14.8 Mbits/sec    0             sender
[ 29]   0.00-10.00  sec  17.9 MBytes  15.0 Mbits/sec                  receiver
[ 31]   0.00-10.66  sec  16.6 MBytes  13.1 Mbits/sec    0             sender
[ 31]   0.00-10.00  sec  15.8 MBytes  13.2 Mbits/sec                  receiver
[ 33]   0.00-10.66  sec  17.0 MBytes  13.4 Mbits/sec    0             sender
[ 33]   0.00-10.00  sec  16.1 MBytes  13.5 Mbits/sec                  receiver
[ 35]   0.00-10.66  sec  17.6 MBytes  13.9 Mbits/sec    0             sender
[ 35]   0.00-10.00  sec  16.8 MBytes  14.1 Mbits/sec                  receiver
[ 37]   0.00-10.66  sec  18.9 MBytes  14.9 Mbits/sec    0             sender
[ 37]   0.00-10.00  sec  18.0 MBytes  15.1 Mbits/sec                  receiver
[ 39]   0.00-10.66  sec  17.8 MBytes  14.0 Mbits/sec    0             sender
[ 39]   0.00-10.00  sec  16.9 MBytes  14.2 Mbits/sec                  receiver
[ 41]   0.00-10.66  sec  20.0 MBytes  15.7 Mbits/sec    0             sender
[ 41]   0.00-10.00  sec  19.1 MBytes  16.0 Mbits/sec                  receiver
[ 43]   0.00-10.66  sec  21.9 MBytes  17.2 Mbits/sec    0             sender
[ 43]   0.00-10.00  sec  21.0 MBytes  17.6 Mbits/sec                  receiver
[ 45]   0.00-10.66  sec  20.8 MBytes  16.3 Mbits/sec    0             sender
[ 45]   0.00-10.00  sec  19.9 MBytes  16.7 Mbits/sec                  receiver
[ 47]   0.00-10.66  sec  16.2 MBytes  12.8 Mbits/sec    0             sender
[ 47]   0.00-10.00  sec  15.4 MBytes  12.9 Mbits/sec                  receiver
[ 49]   0.00-10.66  sec  19.0 MBytes  15.0 Mbits/sec    0             sender
[ 49]   0.00-10.00  sec  18.1 MBytes  15.2 Mbits/sec                  receiver
[ 51]   0.00-10.66  sec  21.5 MBytes  16.9 Mbits/sec    0             sender
[ 51]   0.00-10.00  sec  20.6 MBytes  17.3 Mbits/sec                  receiver
[ 53]   0.00-10.66  sec  16.8 MBytes  13.2 Mbits/sec    0             sender
[ 53]   0.00-10.00  sec  15.9 MBytes  13.3 Mbits/sec                  receiver
[ 55]   0.00-10.66  sec  15.6 MBytes  12.3 Mbits/sec    0             sender
[ 55]   0.00-10.00  sec  14.8 MBytes  12.4 Mbits/sec                  receiver
[ 57]   0.00-10.66  sec  17.6 MBytes  13.9 Mbits/sec    0             sender
[ 57]   0.00-10.00  sec  16.8 MBytes  14.1 Mbits/sec                  receiver
[ 59]   0.00-10.66  sec  16.1 MBytes  12.7 Mbits/sec    0             sender
[ 59]   0.00-10.00  sec  15.2 MBytes  12.8 Mbits/sec                  receiver
[ 61]   0.00-10.66  sec  15.0 MBytes  11.8 Mbits/sec    1             sender
[ 61]   0.00-10.00  sec  14.1 MBytes  11.8 Mbits/sec                  receiver
[ 63]   0.00-10.66  sec  13.5 MBytes  10.6 Mbits/sec    0             sender
[ 63]   0.00-10.00  sec  12.6 MBytes  10.6 Mbits/sec                  receiver
[SUM]   0.00-10.66  sec   564 MBytes   444 Mbits/sec    1             sender
[SUM]   0.00-10.00  sec   539 MBytes   452 Mbits/sec                  receiver

iperf Done.
--------@DiskStation:/$ iperf3 -c 192.168.1.1 -p 3958 -P 30 -4
Connecting to host 192.168.1.1, port 3958
[  5] local 192.168.1.10 port 50816 connected to 192.168.1.1 port 3958
[  7] local 192.168.1.10 port 50818 connected to 192.168.1.1 port 3958
[  9] local 192.168.1.10 port 50820 connected to 192.168.1.1 port 3958
[ 11] local 192.168.1.10 port 50822 connected to 192.168.1.1 port 3958
[ 13] local 192.168.1.10 port 50824 connected to 192.168.1.1 port 3958
[ 15] local 192.168.1.10 port 50826 connected to 192.168.1.1 port 3958
[ 17] local 192.168.1.10 port 50828 connected to 192.168.1.1 port 3958
[ 19] local 192.168.1.10 port 50830 connected to 192.168.1.1 port 3958
[ 21] local 192.168.1.10 port 50836 connected to 192.168.1.1 port 3958
[ 23] local 192.168.1.10 port 50838 connected to 192.168.1.1 port 3958
[ 25] local 192.168.1.10 port 50840 connected to 192.168.1.1 port 3958
[ 27] local 192.168.1.10 port 50842 connected to 192.168.1.1 port 3958
[ 29] local 192.168.1.10 port 50844 connected to 192.168.1.1 port 3958
[ 31] local 192.168.1.10 port 50846 connected to 192.168.1.1 port 3958
[ 33] local 192.168.1.10 port 50848 connected to 192.168.1.1 port 3958
[ 35] local 192.168.1.10 port 50850 connected to 192.168.1.1 port 3958
[ 37] local 192.168.1.10 port 50852 connected to 192.168.1.1 port 3958
[ 39] local 192.168.1.10 port 50854 connected to 192.168.1.1 port 3958
[ 41] local 192.168.1.10 port 50856 connected to 192.168.1.1 port 3958
[ 43] local 192.168.1.10 port 50858 connected to 192.168.1.1 port 3958
[ 45] local 192.168.1.10 port 50860 connected to 192.168.1.1 port 3958
[ 47] local 192.168.1.10 port 50862 connected to 192.168.1.1 port 3958
[ 49] local 192.168.1.10 port 50864 connected to 192.168.1.1 port 3958
[ 51] local 192.168.1.10 port 50866 connected to 192.168.1.1 port 3958
[ 53] local 192.168.1.10 port 50868 connected to 192.168.1.1 port 3958
[ 55] local 192.168.1.10 port 50870 connected to 192.168.1.1 port 3958
[ 57] local 192.168.1.10 port 50872 connected to 192.168.1.1 port 3958
[ 59] local 192.168.1.10 port 50874 connected to 192.168.1.1 port 3958
[ 61] local 192.168.1.10 port 50876 connected to 192.168.1.1 port 3958
[ 63] local 192.168.1.10 port 50878 connected to 192.168.1.1 port 3958

[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  15.3 MBytes  12.8 Mbits/sec    0             sender
[  5]   0.00-10.11  sec  15.2 MBytes  12.6 Mbits/sec                  receiver
[  7]   0.00-10.00  sec  15.4 MBytes  12.9 Mbits/sec    0             sender
[  7]   0.00-10.11  sec  15.3 MBytes  12.7 Mbits/sec                  receiver
[  9]   0.00-10.00  sec  22.7 MBytes  19.0 Mbits/sec    0             sender
[  9]   0.00-10.11  sec  22.5 MBytes  18.6 Mbits/sec                  receiver
[ 11]   0.00-10.00  sec  15.2 MBytes  12.7 Mbits/sec    0             sender
[ 11]   0.00-10.11  sec  15.1 MBytes  12.5 Mbits/sec                  receiver
[ 13]   0.00-10.00  sec  15.4 MBytes  12.9 Mbits/sec    0             sender
[ 13]   0.00-10.11  sec  15.3 MBytes  12.7 Mbits/sec                  receiver
[ 15]   0.00-10.00  sec  15.3 MBytes  12.8 Mbits/sec    0             sender
[ 15]   0.00-10.11  sec  15.2 MBytes  12.6 Mbits/sec                  receiver
[ 17]   0.00-10.00  sec  15.5 MBytes  13.0 Mbits/sec    0             sender
[ 17]   0.00-10.11  sec  15.4 MBytes  12.8 Mbits/sec                  receiver
[ 19]   0.00-10.00  sec  15.7 MBytes  13.2 Mbits/sec    0             sender
[ 19]   0.00-10.11  sec  15.6 MBytes  13.0 Mbits/sec                  receiver
[ 21]   0.00-10.00  sec  15.5 MBytes  13.0 Mbits/sec    0             sender
[ 21]   0.00-10.11  sec  15.4 MBytes  12.8 Mbits/sec                  receiver
[ 23]   0.00-10.00  sec  15.0 MBytes  12.6 Mbits/sec    1             sender
[ 23]   0.00-10.11  sec  14.9 MBytes  12.4 Mbits/sec                  receiver
[ 25]   0.00-10.00  sec  15.4 MBytes  12.9 Mbits/sec    0             sender
[ 25]   0.00-10.11  sec  15.3 MBytes  12.7 Mbits/sec                  receiver
[ 27]   0.00-10.00  sec  15.2 MBytes  12.7 Mbits/sec    0             sender
[ 27]   0.00-10.11  sec  15.1 MBytes  12.5 Mbits/sec                  receiver
[ 29]   0.00-10.00  sec  15.4 MBytes  12.9 Mbits/sec    0             sender
[ 29]   0.00-10.11  sec  15.3 MBytes  12.7 Mbits/sec                  receiver
[ 31]   0.00-10.00  sec  22.7 MBytes  19.0 Mbits/sec    1             sender
[ 31]   0.00-10.11  sec  22.6 MBytes  18.7 Mbits/sec                  receiver
[ 33]   0.00-10.00  sec  34.2 MBytes  28.7 Mbits/sec    0             sender
[ 33]   0.00-10.11  sec  33.9 MBytes  28.1 Mbits/sec                  receiver
[ 35]   0.00-10.00  sec  15.2 MBytes  12.8 Mbits/sec    0             sender
[ 35]   0.00-10.11  sec  15.2 MBytes  12.6 Mbits/sec                  receiver
[ 37]   0.00-10.00  sec  23.2 MBytes  19.4 Mbits/sec    0             sender
[ 37]   0.00-10.11  sec  23.0 MBytes  19.1 Mbits/sec                  receiver
[ 39]   0.00-10.00  sec  15.3 MBytes  12.8 Mbits/sec    0             sender
[ 39]   0.00-10.11  sec  15.1 MBytes  12.6 Mbits/sec                  receiver
[ 41]   0.00-10.00  sec  15.5 MBytes  13.0 Mbits/sec    0             sender
[ 41]   0.00-10.11  sec  15.4 MBytes  12.8 Mbits/sec                  receiver
[ 43]   0.00-10.00  sec  17.3 MBytes  14.5 Mbits/sec    0             sender
[ 43]   0.00-10.11  sec  17.0 MBytes  14.1 Mbits/sec                  receiver
[ 45]   0.00-10.00  sec  15.1 MBytes  12.7 Mbits/sec    0             sender
[ 45]   0.00-10.11  sec  15.0 MBytes  12.5 Mbits/sec                  receiver
[ 47]   0.00-10.00  sec  15.2 MBytes  12.8 Mbits/sec    0             sender
[ 47]   0.00-10.11  sec  15.1 MBytes  12.6 Mbits/sec                  receiver
[ 49]   0.00-10.00  sec  15.3 MBytes  12.8 Mbits/sec    0             sender
[ 49]   0.00-10.11  sec  15.1 MBytes  12.6 Mbits/sec                  receiver
[ 51]   0.00-10.00  sec  15.1 MBytes  12.7 Mbits/sec    0             sender
[ 51]   0.00-10.11  sec  15.0 MBytes  12.5 Mbits/sec                  receiver
[ 53]   0.00-10.00  sec  15.4 MBytes  12.9 Mbits/sec    0             sender
[ 53]   0.00-10.11  sec  15.3 MBytes  12.7 Mbits/sec                  receiver
[ 55]   0.00-10.00  sec  15.4 MBytes  12.9 Mbits/sec    0             sender
[ 55]   0.00-10.11  sec  15.3 MBytes  12.7 Mbits/sec                  receiver
[ 57]   0.00-10.00  sec  15.1 MBytes  12.7 Mbits/sec    0             sender
[ 57]   0.00-10.11  sec  15.0 MBytes  12.5 Mbits/sec                  receiver
[ 59]   0.00-10.00  sec  23.0 MBytes  19.3 Mbits/sec    0             sender
[ 59]   0.00-10.11  sec  22.9 MBytes  19.0 Mbits/sec                  receiver
[ 61]   0.00-10.00  sec  22.2 MBytes  18.6 Mbits/sec    0             sender
[ 61]   0.00-10.11  sec  21.8 MBytes  18.1 Mbits/sec                  receiver
[ 63]   0.00-10.00  sec  22.5 MBytes  18.9 Mbits/sec    0             sender
[ 63]   0.00-10.11  sec  22.4 MBytes  18.6 Mbits/sec                  receiver
[SUM]   0.00-10.00  sec   525 MBytes   440 Mbits/sec    2             sender
[SUM]   0.00-10.11  sec   521 MBytes   432 Mbits/sec                  receiver

iperf Done.


Ik weet niet of ik je helemaal goed begrijp, maar zo lang je niet meer dan 254 verschillende devices laat aanmelden, zal het IP bij je Mac adres blijven 'plakken', zelfs als de lease verlopen is. Zie de dhcp leases table. Pas als alle 254 een keer uitgedeeld zijn, zal een verlopen lease weer vrijgegeven worden aan een nieuw device.

I fail to see why you should see such traffic if you do not use IPv6 and have IPv6 disabled on all interfaces

What is in your rule? BLOCK or REJECT? If it is REJECT, change it to BLOCK.

https://docs.opnsense.org/manual/firewall.html

Are you using IPv6? If not, disable IPv6 altogether (on the interface)

Don't have a solution, but don't trust your figures either. I am on a 300/30 connection and can obtain full speed with a 2D4. Within LAN iPerf can almost max out my gigabit nic. Maybe recheck cables or perform a reinstall? Also check latest APU firmware

So, if you managed to fix it, can you elaborate on what you managed to fix (to learn for others)?

Use revert via CLI

https://docs.opnsense.org/manual/opnsense_tools.html

Ik snap je verhaal niet helemaal, maar een connectie testen kan je door bij system>gateways een monitor IP aan te zetten. Standaard staat deze optie uit en toont je gateway altijd 'online', ondanks dat dat niet het geval hoeft te zijn.

Zie ook https://docs.opnsense.org/manual/gateways.html

It has been silent in this thread....

Meanwhile v4.14.0.6 has been released.

https://pcengines.github.io/firmware/2021/11/05/PC-Engines-Firmware-v4-14-0-6.html

https://pcengines.github.io/#mr-52

Thanks Chemlud for the links and understand why .to domain is a can of worms!

I did find more info (see attached) and seems like NAS is making this request.

Its a Synology NAS and I do not recall adding anything on it that would require it to reach out to .to domain.

Does this sound like a problem on NAS or am I overthinking this alert?

Synology is using http://quickconnect.to for remote access. See their knowledgebase for more info. https://kb.synology.com/nl-nl/DSM/help/DSM/AdminCenter/connection_quickconnect?version=6

@chbmb What is the objective with the NAT rule? I have enabled only the uPNP (in the same way you did) to achieve Type 2 NAT.

It wont get fixed anytime soon as the pcapy lib is the root cause for it.

If it is pcapy that is offending, you are right. it seems unmaintained (last release 02 Jul 2019). Although Stamparm himself has forked pcapy and is maintaining pcapy-ng. I would assume that this was done to implement improvements in maltrail?