Messages

1

24.7 Production Series / Re: IGMP proxy not releasing streams after upgrading to 24.7

« on: July 28, 2024, 12:22:32 am »

Interesting. Im using IGMP to watch tv too.

So I tried to replicate issue (to know how Im affected), but it is not happening to me - cant replicated described behavior.

Can you please help me diagnose, how do you noticed that issue is happening?

2

24.7 Production Series / Re: Failing widgets after upgrade to 24.7

« on: July 25, 2024, 09:07:54 pm »

Its clear from browser dev console:
On first there is 1sec timeout on UI enforced.
On second there is real load time of response. Response is ok, JSON is ok, return code 200-ok.

3

24.7 Production Series / Re: Failing widgets after upgrade to 24.7

« on: July 25, 2024, 08:21:02 pm »

Yes, I have same problem on several platforms in multiple cloud environments.
VM is running on small cheap VPS, but doing doing good job for money.
Tested, that each API request takes 2-8sec to load.
UI has some timeout set to 1 sec, therefore everything failing.

4

Web Proxy Filtering and Caching / Re: 24.1 breaks HAProxy Let's Encrypt setup

« on: January 30, 2024, 09:32:47 pm »

After study of source code, even more elegant solution is Settings->Global parameters->Automatic OSCP updates -> OFF
APPLY
STILL TEMPORARY FIX - oscp certificates not working in firefox, but better than nothing

5

Web Proxy Filtering and Caching / Re: 24.1 breaks HAProxy Let's Encrypt setup

« on: January 30, 2024, 09:06:39 pm »

I have same problem.

For those who wants back running HaProxy before fix will be issued:

1)locate in /tmp/haproxy/ssl file *.certlist
2)in that file remove all oscp suffix, leave just file on each row, save
3)SSH
killall haproxy
/usr/local/sbin/haproxy -q -f /usr/local/etc/haproxy.conf -p /var/run/haproxy.pid

HAProxy should be running fine.

This is not final solution, and any restart or save via GUI will overwrite that.
Just emergency solution to keep HAProxy running.

6

22.7 Legacy Series / Re: No clean shutdown for OPNsense as guest in Hyper-V Server 2022

« on: January 18, 2023, 04:50:09 pm »

Hi, Im running several OPNsenses on 2022 Hyper-V, all have clean shutdowns.

Year ago, they were UFS, now ZFS. In Hyper-V no issues, on physical HW I had some SSD corruption with UFS, thats why I switched to ZFS.

Did you saw shutdown sequence in Hyper-V console?

7

Virtual private networks / wireguard slow download

« on: January 01, 2023, 02:55:25 pm »

Hi,

I have following setup:
Public VM(Server1), Opnsense last version, 400/400 internet connection, Wireguard kmod, NAT from wireguard to WAN.

To Server1 I have connected client (Server2-public VM-Ubuntu) via Wireguard to access internet only via wireguard tunnel (0.0.0.0/0). Server 2 connectivity is 400/400 too.

Both servers are Xeon based (enough performance to encrypt/decrypt), when active on full speed 40% of one core is used.

On both servers running iperf 3 or download from test server "wget https://speed.hetzner.de/10GB.bin" I have full internet connectivity.

When wireguard is active Server2 upload is near full speed(5-10% drop) but download drop is to 2-3MBytes/sec = 16-24MBit/sec.

I start tunning everything to narrow problem for 5days and now Im lost.

I think problem is MTU. Both server WAN is 1500. On both WG 1412 is set as MTU.

Playing with MSS on Server1 on WAN or WG interface - no impact.

Attached is packet capture. My public ip is redacted, 88.198.248.254=speed.hetzner.de, 192.168.4.14=ip wg server2 as described in attached diagram.

diagram


capture_vtnet0-server1-wan


capture_wg0-server1-wg



Packet capture shows that size of TCP packet from test server is 1426, but on first line MSS is sent 1372 (which is correct 1412-40).

After while 662 packets later speed decreases and some black lines appeared, later speed stabilize around 16-24Mbit/sec, which is far too low that upload around 360-380Mbit with WG and 400Mbit download without WG.

Interesting point, that download is ok for UDP (iperf3), but low for TCP (iperf3).

Now Im really out of options what to try next to get download speed back.

Thanks

8

22.7 Legacy Series / Re: OPNSense VLAN and Unifi Switch/AP

« on: December 06, 2022, 04:30:40 pm »

It works for me. There is no settings for that in GUI, experiment with powershell command (in my case):
Set-VMNetworkAdapterVlan -VMName vmname -Trunk -AllowedVlanIdList "30,40" -NativeVlanId 0
Put correct numbers for allowed and native VLANs.

9

Web Proxy Filtering and Caching / Re: HAproxy - Home Assistant - Refresh

« on: December 06, 2022, 04:19:33 pm »

I have home assistant behing HAproxy too. But what you are describing is happening to me even if go directly in LAN to home assistant server bypassing HAproxy.

Probably issue with home assistant based on:
https://community.home-assistant.io/t/home-assistant-portal-keeps-logging-me-out/430427
https://community.home-assistant.io/t/login-page-over-and-over/83522
https://community.home-assistant.io/t/logged-out-on-each-refresh/112801/5

10

General Discussion / Re: acme.sh www.mydomain.com is not an issued domain, skip

« on: October 07, 2022, 06:19:12 pm »

Reported same https://github.com/opnsense/plugins/issues/3154

11

General Discussion / Re: UDP Broadcast Relay

« on: May 21, 2022, 12:50:58 pm »

I found out, that unlike osudpbroadcastrelay udp-proxy-2020 cant forward multicast traffic, so its useless for some of my devices :/ https://github.com/synfinatic/udp-proxy-2020/issues/98

This upnp,ssdp are so crappy protocols...

12

General Discussion / Re: UDP Broadcast Relay

« on: May 21, 2022, 08:50:21 am »

If you copy all files to folders as in archive udp_proxy_2020 will start in 2 instance after reboot, you can check using ps aux | grep udp-proxy-2020 

I have another problem, process probably start before interfaces and in my case VLANs are initialized, need to postpone it little bit or setup service dependency.

13

General Discussion / Re: UDP Broadcast Relay

« on: May 20, 2022, 09:48:43 pm »

https://file.io/jZtYnHbJkNCI

I have 2 services (UDP ports 1900 and 5353) so files are duplicated. Binary in sbin is from github repo (better not to trust and replace )

Its not perfect, but its ok, running as service even after reboot.

14

General Discussion / Re: UDP Broadcast Relay

« on: May 20, 2022, 08:25:46 pm »

I have to admin, that https://github.com/synfinatic/udp-proxy-2020 is more stable for my tv.

15

General Discussion / Re: UDP Broadcast Relay

« on: May 20, 2022, 08:03:18 pm »

Yes, https://github.com/marjohn56/udpbroadcastrelay/pull/7

Is there a pull requests against the official repo?