Messages

[sysctl dev.cpu.0]

Dear all,

I'm trying to enable powerD functionality, but it seems powerD is not working:

from BIOS: CPU frequency 800-2100 MHz possible
P-states: enabled
C-states: enabled
HWP-states: enabled

Mainboard: Supermicro X11SSH-LN4F
CPU: Intel XEON E3-1240L v5

Is there anything I need to enable too?

sysctl dev.cpu.0 show following output:

Code Select Expand

dev.cpu.0.temperature: 45.0C
dev.cpu.0.coretemp.throttle_log: 0
dev.cpu.0.coretemp.tjmax: 100.0C
dev.cpu.0.coretemp.resolution: 1
dev.cpu.0.coretemp.delta: 55
dev.cpu.0.cx_method: C1/mwait/hwc C2/mwait/hwc C3/mwait/hwc
dev.cpu.0.cx_usage_counters: 313694 0 0
dev.cpu.0.cx_usage: 100.00% 0.00% 0.00% last 335us
dev.cpu.0.cx_lowest: C1
dev.cpu.0.cx_supported: C1/1/1 C2/2/151 C3/3/256
dev.cpu.0.freq_levels: 2100/-1
dev.cpu.0.freq: 2914
dev.cpu.0.%parent: acpi0
dev.cpu.0.%pnpinfo: _HID=none _UID=0 _CID=none
dev.cpu.0.%location: handle=\_PR_.CPU0
dev.cpu.0.%driver: cpu
dev.cpu.0.%desc: ACPI CPU

result: there is only one CPU level. Is there anything wrong in configuration or do I have to enable something different?

[sysctl dev.cpu.0]

Hallo zusammen,

ich versuche gerade powerD zu aktivieren, aber es scheint irgendwie nicht zu funktionieren.

lt BIOS: CPU-Tak von 800-2100 MHz möglich
P-States: aktiviert
C-States: aktiviert
HWP-States: aktiviert

Mainboard: Supermicro X11SSH-LN4F
CPU: Intel XEON E3-1240L v5

Ich wüsste nicht, was ich noch einstellen könnte.

sysctl dev.cpu.0 wirft folgendes aus:

Code Select Expand

dev.cpu.0.temperature: 45.0C
dev.cpu.0.coretemp.throttle_log: 0
dev.cpu.0.coretemp.tjmax: 100.0C
dev.cpu.0.coretemp.resolution: 1
dev.cpu.0.coretemp.delta: 55
dev.cpu.0.cx_method: C1/mwait/hwc C2/mwait/hwc C3/mwait/hwc
dev.cpu.0.cx_usage_counters: 313694 0 0
dev.cpu.0.cx_usage: 100.00% 0.00% 0.00% last 335us
dev.cpu.0.cx_lowest: C1
dev.cpu.0.cx_supported: C1/1/1 C2/2/151 C3/3/256
dev.cpu.0.freq_levels: 2100/-1
dev.cpu.0.freq: 2914
dev.cpu.0.%parent: acpi0
dev.cpu.0.%pnpinfo: _HID=none _UID=0 _CID=none
dev.cpu.0.%location: handle=\_PR_.CPU0
dev.cpu.0.%driver: cpu
dev.cpu.0.%desc: ACPI CPU


Lt. der Ausgabe kann die CPU nicht takten, lt. BIOS aber sehr wohl. Hat jemand eine Idee, an was das liegen könnte?

Even with "netflow off" the CPU usage is still higher than 19.1! I summarized my different trials with the different OPNsense version and I can also confirm with "netflow off" the GUI is reacting faster.

Summary see attachment.

[AndyX90]

update: now also working for my installation -> I did stop the web proxy, did a reset in GUI as decribed by AndyX90 but then followed this code

https://github.com/opnsense/core/commit/981a718da087b37e4a505b0323967a24bc1d40bc

and what I had to do was to reboot OPNsense. Without reboot squid never came up. After reboot start web proxy without any issues... No idea, what the reboot did exactly changed, but it seems now working stable.

[not]

I'm sorry, but also with this explaination it's still not working.

No, no custom directories. Only standard values. It's also no matter of update or fresh install, tried this already. But I did backup the settings, maybe it is related to the settings?

I also see the same issue, increased work load and also in combination with a very slow WebUI... any ideas?

It also seems traffic is abnormally high too.

after upgrade also not working:
- reset by reset button not working
- manual instruction not working

tried with and without reboot, always the same result -> squid not possible to restart.

Hi all,

I installed a well working transparent SSL proxy. It is all working, but I get some errors calling some websites. I think, the CA authority is missing.

Please find attached example if the error coming up in the web browser trying to call the website. Is there any possibiltiy to install the CA authority or is it another failure?

Tanks all for the support!

Mittlerweile konnte ich das Problem weiter eingrenzen. OPNsense lässt den Port 8089 ohne Probleme durch, es scheint eher so zu sein, dass das VPN-Netzwerk bei Win10 als internet-Verbindung interpretiert wird und nicht als LAN-Verbindung.

Kurzum möchte ich folgendes realisieren:
VM mit Win10 und einer laufenden DVBviewer-Server-Installation im Netzwerk 192.169.1.x/24. Zugriff erfolgt über den Port 8089.

Fall 1) Notebook (DVBviewer-Client) im WLAN -> Notebook erhält IP-Adresse aus dem Adressraum 192.168.1.x/24 -> Zugriff erfolgt ohne Probleme.

Fall 2) Notebook (DVBviewer-Client) im VPN -> Notebook erhält IP-Adresse aus dem Adressraum 10.10.0.x/24 -> Zugriff nicht möglich, da der DVBviewer-Server die Verbindung des VPN-Netzwerkes als Internet-Verbindung und nicht als LAN-Verbindung interpretiert.

Nun zu meiner Frage: besteht bei OPNsense die Möglichkeit, auch für den "virtual Adress pool" auch Adressen aus dem Adressraum 192.168.1.x/24 zu vergeben?

Hier das log, so wie ich das sehe wird port 8089 von OPNsense durchgelassen.

Hallo zusammen,

ich habe aktuell ein IPsec VPN für mobile clients erstellt, das funktioniert auch soweit ohne Probleme. Bei IPsec lasse ich zu Testzwecken gerade jeglichen Datenverkehr vom VPN ins LAN zu. Bei den Tests stellt sich jedoch heraus, dass ich bestimmt ports im LAN über VPN nicht erreichen kann, ich kann z.B. die ports 80 und 443 erreichen, auch den port für die OPNsense (wurde weg von 443 verlegt) funktioniert. Was leider nicht funktioniert ist z.B. Port 8089. Kann mir jemand weiterhelfen, warum der Port nicht erreichbar ist über VPN.

Ich dachte über eine Regel

IPsec IPv4* * * * * *

sollte alles im LAN erreichbar sein.

Danke schon mal für die Unterstützung!

[By the way: it is the same behaviour using 18.7 or 19.1]

By the way: it is the same behaviour using 18.7 or 19.1

In the meanwhile I found the solution, unfortunately only be combining several different posts along the internet.

1) manual IPsec-LAN rule set on outbound NAT

• outbound NAT rule with selection "IPsec net" as source -> no difference, IPsec net (defined as 10.0.0.0/24 for mobile clients) seems not to connected to IPsec net as defined
• second try with outbound NAT rule with selection "10.0.0.0/24" as source -> working perfect
• all additional rules for EPS / Port 500 / Port 4500 and IPsec net are defined as mentioned in the wiki

overall it seems that automatic outbound NAT rule generation is not working properly and IPsec net is not combined with the virtual address pool as defined in the IPsec application.

2) definition of DNS for mobile clients



• use OPNsense-IP for DNS for mobile clients
• other DNS services would work as well but then not all the internet queries are going through the VPN connection I think

3) unbound DNS



• put IPsec net manually to access list for network 10.0.0.0/24

4) adjust firewall advanced settings



• enable "Reflection for port forwards"
• enable "Reflection for 1:1"
• enable "Automatic outbound NAT for Reflection"

5) it is now possible for me to use IPsec with a "road warrior for mobile clients" and a "IP site-to-site" tunnel in parallel



• access to internet from mobile device via Cisco IPsec client is now possible
• access to local LAN is now possible via Cisco IPsec client

Maybe there is an easier way, but I found no other working solution for IPsec. OpenVPN was tested as well and is much more easier, but OpenVPN is not possible for all my clients.

Dear all,

I trying to setup an IPsec VPN connection, the channel is working, access of local network is possible but I can't connect to the internet, means if VPN connection is enabled, browsing to the internet is not possible.

Is it any topic of rule definition or is this a matter of DNS / network configuration?