Messages

Unfortunatly, the issue reappeared after some minutes / hours. A shutdown and boot does not help.

So only Backup, factory reset and restore does help to get 500 mbit instead of 50 for some time.

Does anyone have an idea what I could check? Else I think only a clean install and reconfiguring from scratch to get the same setup again helps (since it has run for a long time with that amount of vlans and wireguard vpns without issues).

Issue is solved.

I've checked that the bandwidth issue is still there (still max. 50 mbit). I've done a configuration backup.

Via SSH set back to defaults. For some reason the box didn't reboot but turn off. After I've started it again it was on defaults and the bandwidth issue was fixed.

So I did a restore of the just backupped configuration. Bandwidth is still fixed.

I don't know what fixed it, maybe because I did a lot of changes during the last years and something was bad. Or because of a full shutdown instead of only reboots.

I had a similar problem some month ago and as you said there are confusing posts and solutions out there from bugs which were already solved to very mystical things.

For me it started to happen with a new Modem from my ISP so I'm not able to tell for sure if the modem or my opnsense nic was causing it. However, what helped was to put an unmanaged switch in between both devices. After that I had connections hanging sometimes (as you said, 2, 3 times a day) for about 2-3 seconds but it didn't drop the connection thanks to the switch.

Since I switched again to another modem, the issue disappeared and I was able to remove the intermediate switch.

My guess is those two NICs where just somehow disliking each other.

Since networking is just a hobby for me and not my job, I haven't traced it down further but maybe it is worth to test this workaround since I read it also several times on reddit with people succeeding by putting a switch in the connection.

About 2 weeks ago my bandwidth dropped to about 20-50 mbit downstream.

Unfortunatly I cannot tell when this started to happen. The problem is that I also have bandwith issues with my isp since weeks or even month so I thought the ISP just got worse again. I also had several complete downtimes from my ISP like once every week so I was sure it is the ISP.

But if I skip opnsense and connect a device to my ISPs modem/router directly, I get a lot more (eg. today about 300 mbit).

If I use curl directly on the opnsense box via ssh, it is also limited to those 20-50 mbit so it doesn't seem like a NAT issue. The CPU usage sometimes jumps to 50% or 70% but goes down again during download so it doesn't seem to be a cpu bottleneck either.

The only changes I've done in the last weeks is updating and I've enabled vnstat. So I tried stopping vnstatd but it didn't change anything. I also did the latest update today and restarted several times.

I don't use IPS or anything and was able to achieve 550 mbit before my ISP started to go crap. But the "crap speed" from my ISP are a lot better than what opnsense is able to achieve now.

My setup is currently a double-NAT since I have to call the ISP frequently when the connection is completly down and it is easier to talk to them if their device is just in normal setup and not in bridge mode. But in this double-NAT i had those 550 mbit before.

Do you have ideas whatelse I could test to find the root issue or do I have to reinstall opnsense (without knowing if this does fix anything)?

When I connect my phone to the ssid it gets an ipaddress from the dhcp-range configured for vlan 30, but it cannot access anything local. Internet works fine.
My phone's ipaddress appears in the firewall logging as a client of vlan 20.
[...]
What can cause this and how to resolve this?

I've had exactly the same issue. But I'm using an Asus Router (with Merlin firmware) as the wifi access point and opnsense on an APUBoard. I've enabled a packet monitoring feature to investigate and suddenly the problem was gone. The issue was caused by "NAT acceleration" on the APs side so maybe it is the same for your OpenWRT based device. I've noticed, that after rebooting, the first device, that connected to a wifi, was working while all further devices on other vlans were just getting the correct IP-adress and using the vlan from the first connected device. I'm not a network expert so I'm not 100% certain but I think that this NAT acceleration optimizes the packets in a way that it just looks in the very first packet and caches some "header information" that it then applys to all further packets. So whatever is sent via the trunk port, it will get the vlan the same vlan tag instead of the individual one for the specific ssid. Disabling this feature resolved the issue for me.