Messages

Do you use PPPoE or plain DHCP?

Just plain DHCP. Sorry, probably an important detail.

I have a similar Protectli, the FW4B, Intel J3160; Quad Core 1.6GHz with 4 network ports. From my cable provider I get 1 Gb down and 120 Mb up. And in practice I get 940 Mb down and 120 up. Maybe the quad core and the extra memory helps. But I also don't run stuff like suricata or zenarmor. Just plain firewall with some extra rules and Unbound dns.

Is this fix already part of the 22.7 release? Or do I need to run the patch there also?

As there is still no definite cause for this issue, let alone a solution, I'm still running on 21.7.

Are there any security issues in the 21.7 release I should be aware off? I run a basic setup, but with a WireGuard VPN running.

@tracerrx It is a bit above my "nerd-level", but I will give it a go. And I presume that every time there is an OPNSense update, I have to do it again. It probably depends, but just to be on the safe side.

@tracerrx Again, thank for taking the time to dive into this issue. I'm a bit confused. You suggested two possible routes to update the driver.

• The simple "pkg install intel-em-kmod"
• The large set of commando's in your last ost

I presume it is the extended command line steps I have to do?

And @franco There drivers in the release you use. Why can't you update them?

@edwin70 Don't tell my wife but I was wrong.. Just looked it up.. em drivers do support i211 and i210 in freebsd 13...

Don't worry, I won't tell. Thank you for looking into it. It gives me hope this issue might be resolved with the drivers. Although there might be more to it.

@tracerrx Thanks for the info. I did not know that. In that case I wait for other solutions to come. Hopefully soon, as I'm back on the 21.x version. :(

For me anyway no IPS or Zenarmor.

If the OS is the problem, it is probably a driver issue which was introduced in OPNSense 22 with the introduction of FreeBSD 13. In 21 series I also had no problem. This driver issue has been mentioned before.
Any news on a new release with updated drivers?

Just to keep this issue under attention a small update from my side. Checkup on losing WAN connection for the last couple of days:

Code Select Expand

2022-04-29T02:35:36 Notice configd.py [9a0eae11-df9a-417b-b714-eb723d44fd0a] Linkup stopping igb0
2022-04-27T09:05:55 Notice configd.py [64f504d3-3e5d-4b62-9976-f2316296d9d9] Linkup stopping igb0
2022-04-25T01:19:10 Notice configd.py [e164f86e-bc77-426c-886c-d01f40b3da50] Linkup stopping igb0
So still every couple of days, for no reason, the WAN connection is lost. MAC spoofing is off and no IPS. Current OPSense version: 22.1.6 (amd64) on Protectli FW4B with Intel NICs.

Hi Opnsense folks. Any progress on this one? Will it be addressed in a future release?

Thank you!

+1  :)

It is a single WAN (to a bridged ZIGGO cable modem), IPv6 config type is none and no VLAN. The filters are indeed standard; in generic configuration for the WAN interface the block private and bogon networks is enabled. So that  generated the filters.
MTU is blank.
The only odd thing I have in the WAN config is a DHCP option modifier: "supersede dhcp-server-identifier 255.255.255.255" which I added due to a different problem I had in the past.

Edit: I also have entered MAC-address in the config. And I see two other subjects talking about WAN flapping with MAC-spoofing in combination with intrusion detection. Although I don't have intrusion detection enabled, this MAC spoofing seems to have a bad effect on the WAN connection. So I will experiment with that.

I will disable netflow and see what happens.

As for Aliases: I haven't added my own, only the defaults (bogons, bogonsv6, sshlockout and virusprot) are there. Or am I looking in the wrong place?

The router (and thus the internet connection) is totally unworkable. I saw a different post about unbound being a CPU issue (https://forum.opnsense.org/index.php?topic=27372.0), so I turned off unbound but without a result.

So, I dug a little deeper. First I ran the top command in a shell. The top command shows the following anomaly: 3 or 4 python3 processes are running at around 100%, at that point the OPNSense web client is unresponsive. Is this normal?
I also checked the Systems:Diagnostics:Activity and I often see the next process at around 100%.
/usr/local/bin/python3 /usr/local/opnsense/scripts/net-flow/flowd_aggregate.py (python3.8)

Next thing, I went into the logging. First the general log. The dreaded detached event. Repeated over en over again (about every 15 seconds):

Code Select Expand

2022-03-13T16:00:14 Error opnsense /usr/local/etc/rc.linkup: DEVD: Ethernet attached event for dynamic wan(igb0)
2022-03-13T16:00:12 Error opnsense /usr/local/etc/rc.linkup: DEVD: Ethernet detached event for dynamic wan(igb0)

Then, in the backend logging I see this group of messages starting with "Linkup stopping ibg0" and it also repeats every 15 seconds.:

Code Select Expand

2022-03-13T16:00:14 Notice configd.py [2fe1a6bf-9de6-4587-94bd-1167389692e1] Linkup starting igb0
2022-03-13T16:00:14 Notice configd.py [fabf8c49-b168-4ed7-b42d-f1b2647aaa35] refresh url table aliases
2022-03-13T16:00:14 Debug configd.py OPNsense/Filter generated //usr/local/etc/filter_geoip.conf
2022-03-13T16:00:14 Debug configd.py OPNsense/Filter generated //usr/local/etc/filter_tables.conf
2022-03-13T16:00:14 Notice configd.py generate template container OPNsense/Filter
2022-03-13T16:00:14 Notice configd.py [57ceaac2-7276-4ebb-a33c-7c8a9e60f4f6] generate template OPNsense/Filter
2022-03-13T16:00:12 Info configd.py message bca4da3d-f319-410f-b859-6bdb7e39b8af [filter.refresh_aliases] returned {"status": "ok"}
2022-03-13T16:00:12 Notice configd.py [c818074e-e5e8-409c-af59-fbdc38e355e2] request pf current overall table record count and table-entries limit
2022-03-13T16:00:12 Notice configd.py [216f9585-e577-4763-8111-8bf13be4fc78] Reloading filter
2022-03-13T16:00:11 Notice configd.py [ad5a48da-7168-4194-a278-3793fe655f20] Linkup stopping igb0

What is cause and what is effect? Is it the detached event that starts the steps in the backend log? Or is there a process running that stops the WAN interface which leads to the detached event? The words "Linkup stopping igb0" suggest it is done on purpose and the timestamps also indicate this: stopping at 16:00:11 and detached event at 16:00:12.

Anybody any ideas?

For now I want to go back to a previous version of OPNSense, but where can I find the previous version 22.1.1_3? The mirrors only show the latest. I went back to a 21.7.1 release I still had on a USB stick and then to 21.7.8. And now it runs without problems.
I was lucky to get a second identical machine back from a friend, so I still have the problem machine if anyone has any solutions I can try.

I wasn't able to look into it further because I'm on a short holiday. But this does explain it. Thanks for the update.
My synology backup to an external cloud provider also fails daily. Probably also caused by this issue.

Unfortunately, I don't have backup hardware available. So I hope a solution will be available soon. I wonder if the people from Protectli have looked into this issue.
Edit: I submitted a support ticket at Protectli.