Messages

I removed: `dev.netmap.generic_ringsize: 4096`, then updated `dev.netmap.ring_size=36864`, and updated `dev.netmap.priv_ring_size=20480`

After rebooting my firewall, the adjustments above resolved the issue.

the answer is in the output

Code Select Expand

[589] 040.632011 [1363] netmap_config_obj_allocator requested objtotal 2048 out of range [2, 1024]

maybe stop setting sysctls you don't understand?

Instead of ridiculing me and making assumptions, why not just help by providing a solution. Just a thought...
Sometimes misconfigurations occur for various reasons...

I do not see a tunable for 'netmap_config_obj_allocator', can someone actually provide some helpful guidance please?

Packet engine unexpectedly stopping again:

"netmap_register_if: igc2: NIOCREGIF ioctl failed for the interface: Cannot allocate memory"


sysctl -a | grep netmap
<6>[1] igc0: netmap queues/slots: TX 4/1024, RX 4/1024
<6>[1] igc1: netmap queues/slots: TX 4/1024, RX 4/1024
<6>[1] igc2: netmap queues/slots: TX 4/1024, RX 4/1024
<6>[1] igc3: netmap queues/slots: TX 4/1024, RX 4/1024
[589] 040.632011 [1363] netmap_config_obj_allocator requested objtotal 2048 out of range [2, 1024]
[589] 040.736991 [1167] generic_netmap_attach     Emulated adapter for wg1 created (prev was NULL)
[589] 040.746149 [1072] generic_netmap_dtor       Emulated netmap adapter for wg1 destroyed
[4282] 733.380066 [1167] generic_netmap_attach     Emulated adapter for igc2 created (prev was igc2)
[4282] 733.388577 [1068] generic_netmap_dtor       Native netmap adapter for igc2 restored
[4282] 733.396065 [1072] generic_netmap_dtor       Emulated netmap adapter for igc2 destroyed
[4283] 734.450093 [1167] generic_netmap_attach     Emulated adapter for wg1 created (prev was NULL)
[4283] 734.458409 [1072] generic_netmap_dtor       Emulated netmap adapter for wg1 destroyed
[612457] 909.096900 [1167] generic_netmap_attach     Emulated adapter for wg1 created (prev was NULL)
[612457] 909.105824 [1072] generic_netmap_dtor       Emulated netmap adapter for wg1 destroyed
[612457] 909.115040 [1167] generic_netmap_attach     Emulated adapter for wg1 created (prev was NULL)
[612460] 911.336512 [1032] netmap_obj_malloc         netmap_ring request size 65792 too large
[612460] 911.344542 [2017] netmap_mem2_rings_create  Cannot allocate RX_ring
[612460] 911.358322 [1072] generic_netmap_dtor       Emulated netmap adapter for wg1 destroyed
[612460] 911.369441 [ 853] iflib_netmap_config       txr 4 rxr 4 txd 1024 rxd 1024 rbufsz 2048
[612460] 911.381402 [ 853] iflib_netmap_config       txr 4 rxr 4 txd 1024 rxd 1024 rbufsz 2048
[612460] 911.390313 [1032] netmap_obj_malloc         netmap_ring request size 16640 too large
[612460] 911.397998 [2017] netmap_mem2_rings_create  Cannot allocate RX_ring
[619551] 003.041224 [ 853] iflib_netmap_config       txr 4 rxr 4 txd 1024 rxd 1024 rbufsz 2048
[619551] 003.060934 [ 853] iflib_netmap_config       txr 4 rxr 4 txd 1024 rxd 1024 rbufsz 2048
[619551] 003.069113 [1032] netmap_obj_malloc         netmap_ring request size 16640 too large
[619551] 003.077824 [2017] netmap_mem2_rings_create  Cannot allocate RX_ring
[619551] 003.094391 [1167] generic_netmap_attach     Emulated adapter for wg1 created (prev was NULL)
[619551] 003.102632 [1072] generic_netmap_dtor       Emulated netmap adapter for wg1 destroyed
[619551] 003.110504 [1167] generic_netmap_attach     Emulated adapter for wg1 created (prev was NULL)
[619551] 003.119470 [1032] netmap_obj_malloc         netmap_ring request size 65792 too large
[619551] 003.130807 [2017] netmap_mem2_rings_create  Cannot allocate RX_ring
[619551] 003.141617 [1072] generic_netmap_dtor       Emulated netmap adapter for wg1 destroyed
device netmap
dev.netmap.iflib_rx_miss_bufs: 0
dev.netmap.iflib_rx_miss: 0
dev.netmap.iflib_crcstrip: 1
dev.netmap.max_bridges: 8
dev.netmap.bridge_batch: 1024
dev.netmap.default_pipes: 0
dev.netmap.port_numa_affinity: 0
dev.netmap.priv_buf_num: 4098
dev.netmap.priv_buf_size: 2048
dev.netmap.buf_curr_num: 1000000
dev.netmap.buf_num: 1000000
dev.netmap.buf_curr_size: 2048
dev.netmap.buf_size: 2048
dev.netmap.priv_ring_num: 4
dev.netmap.priv_ring_size: 20480
dev.netmap.ring_curr_num: 1024
dev.netmap.ring_num: 1024
dev.netmap.ring_curr_size: 4096
dev.netmap.ring_size: 4096
dev.netmap.priv_if_num: 2
dev.netmap.priv_if_size: 1024
dev.netmap.if_curr_num: 100
dev.netmap.if_num: 100
dev.netmap.if_curr_size: 1024
dev.netmap.if_size: 1024
dev.netmap.ptnet_vnet_hdr: 1
dev.netmap.generic_rings: 1
dev.netmap.generic_ringsize: 4096
dev.netmap.generic_mit: 100000
dev.netmap.generic_hwcsum: 0
dev.netmap.admode: 0
dev.netmap.fwd: 0
dev.netmap.txsync_retry: 2
dev.netmap.no_pendintr: 1
dev.netmap.no_timestamp: 0
dev.netmap.verbose: 0

Hi,

"dev.netmap.ring_size" could be maximum 1024. Please chance it.

I changed this tunable value and it appears to have resolved the issue:

`dev.netmap.ring_num: 1024`

Thank you!

Greetings y'all. I searched back to June in this forum area and couldn't find any related posts, so here goes my issue:

I can no longer start the Zenarmor packet engine and I get these errors in notifications area:

* Error parsing lan interface configuration, bailing out

* Failed initializing network interfaces
netmap_register_if: igc2: NIOCREGIF ioctl failed for the interface: Cannot allocate memory

This issue started occurring after I set the following tunables on my Opnsense firewall:

dev.netmap.buf_num : 1000000
dev.netmap.ring_size : 4096
dev.netmap.generic_ringsize : 4096
dev.igc.0.fc : 0
dev.igc.1.fc : 0
dev.igc.2.fc : 0
hw.igc.max_interrupt_rate : 12000

My firewall was also restarted after making the above changes as well.

Current version and mode:
OPNsense 25.7.7_4-amd64
FreeBSD 14.3-RELEASE-p4
Zenarmor netmap is in emulated mode

Thank you! Nicest theme I've used so far.

I am in the same situation and per Zenarmor I need move aware of soon to be deprecated MongoDB and over to Elasticsearch. I too use both repos due to integrations with Home-Assistant.
I will try the Elasticsearch plugin on Opnsense instead of a remote Elasticsearch instance.

Yes, I'm also experiencing the same era every day. I have a support case open with Zen armor and provided them logs recently. No resolution yet on my side.
They recommended I switched to elasticsearch database as they are deprecating Mongo.

RESOLUTION:
Increasing the MTU size from 1492 (longtime setting) to 1500 on my WAN interface and changing the Docker VLAN interface from empty MTU to 1500 as well, resolved the issue for remote clients. They are now able to connect to Plex and the other web apps.
This appears to be related to kernel updates on Opnsense version 25 for FreeBSD 14 compatible.

Related: https://github.com/opnsense/src/issues/235

This looks like it might be related to an MTU size on my WAN and Docker vlan interfaces since upgrading to 25.x.
After some testing, I lowered the MTU from 1492 to 1472 on both interfaces and as a result, one of my remote clients can now connect to Plex via web client.

More Troubleshooting needed...

Thank you all who responded with Enrichening info.!
Whats odd is, remote access to my Plex and my other web apps via ngnix is successful from these ISP's:

✅ Verizon
✅ Comporium
✅ TMobile
✅ Cyber Assets Fzco
✅ Cogent
✅ Palo Alto Networks

However,
For the other users that cannot reach my web-apps via Swag NGNIX behind Opnsense, I see the rdr nat and Wan rule logs reflect their connecting src IP being allowed in live logs...

* I don't see any IP bans in Fail2Ban either for latest tests
* Frontier, AT&T, and FiOS ISP users: get ERR_TIMED_OUT and cannot get to any of my web-apps.
* Disabling fail2ban does not resolve issue.
* Disabling crowdsec does not resolve issue.

For the remote users who cannot access my exposed apps over 443, they get this when doing a 'curl - v' against my URL:

Schannel: failed to receive handshake (35)

I'm left scratching my head.  Any ideas?

UPDATE:

As a test, I switched from Plex remote access manual port forward using 32400 to Swag docker (ngnix) over port 443. Therefore, I properly disabled the remote-access settings on the Plex server and entered my URL under network settings as required.

***It works for me locally, from my cellular phone carrier off WIFI, and also from a work device that's on a full-tunnel VPN out of a Chicago location.
***Also, my other web apps using Swag (ngnix) are fine and remotely accessible as well for me over from all the same remote connections...

HOWEVER, my remote users continue to NOT be able to connect to Plex or my other web-apps via Swag (ngnix) from certain not all, ISP's, it hangs and eventually they get error in browser:

ERR_TIMED_OUT

I see the traffic in the firewall logs WAN interface with rdr rule label and its allowed.
I ruled out fail2ban, crowdsec, and zenarmor as being causes. Issue persists with those services uninstalled and disabled...

Any other ideas?

I tried with NAT reflection enabled and disabled, no resolution.

Toggled these settings:
NAT Rule:
NAT Reflection: Enable / Disabled
Filter Rule Association: Pass / none

Firewall-> Settings -> Advanced
Reflection for port forwards: checked / unchecked
Reflection for 1:1: checked / unchecked
Automatic outbound NAT for Reflection: checked / unchecked
Firewall Optimization: normal

=====
I'm stumped on what broke this after years of no issue...

All seems to point to the Plex side of things, as all looks well and good on the Opnsense side.
But just very much a coincidence this issue started happening right after the upgrade to 25.1 and persists after incremental updates to 25.1.3.

This is my Opnsense settings for Plex NAT and Port Forward, can some validate this for me?
=================
Firewall -> Nat -> Port Forward
From this page click + (add)
No RDR: unchecked
Interface: WAN
TCP/IP Version: IPv4
Protocol: TCP
Source: Any
Source Port Range: any/any
Destination: WAN Address
Destination port range: (other) 32400/32400
Redirect target IP: Plex server internal IP
Redirect target port: (other) 32400
Pool Options: Default
Description: Plex Media Server
NAT Reflection: Enable
Filter Rule Association: Pass

Firewall-> Settings -> Advanced
Reflection for port forwards: checked
Reflection for 1:1: checked
Automatic outbound NAT for Reflection: checked
Firewall Optimization: normal
=================
I posted my issue as well on the Plex forums here:
https://forums.plex.tv/t/plex-remote-access-repeatedly-enabled-disabled-bouncing/910647

Did you set the outside port manually via advanced options to the same port you used for the port forward in Plex?

Yes, I stated this the setup in my earlier post in this thread.