Messages

I have CrowdSec up and running on my OpnSense instance. My understanding is that CrowdSec is protecting my WebGUi service from Brute Force Attacks.

I had heard CrowdSec was going to release an IP blocklist of their own that OpnSense users could build an Alias for (ie Spamhaus). Ran into this on the CrowdSec website:

sudo apt install crowdsec-blocklist-mirror

Was wondering if I could Somehow build an alias? Any suggestions? It appears CrowdSec is maintaining a blocklist.

Hello

https://github.com/crowdsecurity/opnsense-plugin-crowdsec

v0.0.6

crowdsec update 1.3.1.r1
bouncer update to 0.0.23.r1
automated creation of Alias and Rule objects

They already have alias.

Hello,
I'm on a DECISO Appliance (    AMD GX-420MC SOC (4 cores, 4 threads))
OPNsense 22.4_2-amd64
FreeBSD 13.0-STABLE
OpenSSL 1.1.1o 3 May 2022

Since the FreeBSD 13, each day, my internet connection is lost and i found on the log "unknown dhcp option error"
I just need to reboot to fix it.
I'm using my OPNsense to replace my ISP Box.

Any idea?

Hello,

i'm on 21.10.3 with a Deciso Appliance with AMD GX-420MC SOC
I order a ONT GPON-ONU-34-20BI https://www.fs.com/fr/products/133619.html
But it is not working.
My SPF+ are
vendor     = 'Intel Corporation'
    device     = '82599ES 10-Gigabit SFI/SFP+ Network Connection'

How can i make it work? :)

Thank you!

Hi Franco,

Thank you to answer me.

For the basic test i'm doing just a ping 8.8.8.8  for around 100 request.
Not during speedtest, no load.

This is my interface connect to the internet
igb1@pci0:3:0:0:        class=0x020000 card=0x00008086 chip=0x157b8086 rev=0x03 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I210 Gigabit Network Connection'
    class      = network
    subclass   = ethernet

My deciso is in RJ45 cat6a into brocade CAT6A into RJ45 into https://www.fs.com/fr/products/101477.html into the ISP ONT and fiber.
I think i upgrade 2 or 3 versions. Maybe i can found this in the logs?
I can't test directly now, maybe the problem is the brocade. I will test tonight or this weekend. (I have rebuild all my Server Rack, sounds like a match with the start of the drop)
I will answer once i test it. Thank you for the tips.

Just test it now and no drop for 200 requests.

Hello,

This is my DECISO Appliance

Versions    OPNsense 21.10.2-amd64
FreeBSD 12.1-RELEASE-p21-HBSD
OpenSSL 1.1.1l 24 Aug 2021
Updates    Click to check for updates.
CPU type    AMD GX-420MC SOC (4 cores)
I got 8Go RAM.

Since the 21.10.2 i got some strange issue.
Some packet drop. This is random.
I test using my old ISP box and no drop.
When testing speedtest i found something strange. During download no problem. But since i go to upload mode, sometimes i got the test block for secs, a pic of Opnsense CPU and then the test continue sometime increase sometime reduce do 0 Mega and error.
Exemple using the speedtest cli on the Appliance :

   Speedtest by Ookla

     Server: ISP
        ISP: ISP
    Latency:     1.70 ms   (0.32 ms jitter)
   Download: FAILED
[error] Cannot open socket: Timeout occurred in connect.

And other test is

   Speedtest by Ookla

     Server: ISP
        ISP: ISP
    Latency:     1.70 ms   (0.07 ms jitter)
   Download:   935.26 Mbps (data used: 422.5 MB)
     Upload:   601.08 Mbps (data used: 271.5 MB)
Packet Loss:     0.0%

I test from the speedtest on my Computer, same behavior.

Is anyone got this lost packet and drop issue?

I didn't activate IDS and Zenarmor for the test.

Thank you for your time :)

I have done the test with ipfire i got 750Mbps/s and opnsense 350 Mbps/s

same Esxi 6.7
ram 8go
vCPU 4
NVMe

Hello, i've done new test.
esxi 6.7
firewall on nvme
4 vcpu 8go ram.
E1000 network
passing throught ipfire i got 750 Mbps/s and OPNsense 21.10.2 ... 350 Mbps/s
Any idea how to improve this?

Thank you :)

I try with pfsense around 120Mbps/s
I try IpFire i got 300-400 0.0... compare to 30-50Mbps/s for OpnSense... it's huge.

Same vCPU 4 and 8Go RAM on the Same SSD. :/ Strange...

I switch all the network adapter from vmxnet3 to e1000, i got on speed test only around 50 Mbps... :'(...
I really don't get it...
I test 1vCPU and 4 vCPU... same...

Ok thank you.

Yes but i got more problem with the Firewall VM i got.

i rename the post because i think this is more a problem on the VM.

In addition

Speedtest through FirewallVM -> Appliance -> Internet   around 50 Mbps
Speedtest through Appliance 940Mbps

So i can accept a little bit less, no problem... but not this difference 0.0. So i need to found why.

Thank you for your help.

My FirewallVM also run the business version.

Hello,

Yes like this :

server : iperf3 -s
client : iperf3 -c ServerIPAddress -i 1 -t 20
Windows = Physical PC
Firewall to Windows = 922Mbits/sec  (so it's good)
Windows to Firewall = 765Mbits/sec  (not so bad but still)

Before i test iperf3 from a VM on my esxi and my PC and i get 933Mbits/sec
And the same with my VM OPNsense
FirewallVM to Windows = 208Mbits/sec 
Windows to FirewallVM = Mbits/sec  (cannot make it work)

and last
Firewall to FirewallVM = bits/sec  (cannot make it work)
FirewallVM to Firewall = 284Mbits/sec  (not so bad but still)

So the problem is more on the VM but i they are something with the last update where i lost speed on the Appliance and even more on the VM.

The VM is on NVMe 4vCPUs 12GB RAM

Hello,

This is my DECISO Appliance

Versions    OPNsense 21.10.2-amd64
FreeBSD 12.1-RELEASE-p21-HBSD
OpenSSL 1.1.1l 24 Aug 2021
Updates    Click to check for updates.
CPU type    AMD GX-420MC SOC (4 cores)
I got 8Go RAM.

When i'm doing a iperf3 between my computer i get only around 750 Mbits/sec.
When i test it between 2 computer i got around 930 Mbits/sec.

Does anyone get some issue on the 21.10.2-amd64?
And i have stop all services like zenarmor before doing this test.

I got the same kind of issue on my esxi 6.5 with OPNsense, same version where this is 35.8 Mbits...
Where my test from another VM to my PC is around 442 Mbits/sec.

Hello,

I found some performance issue too.
I'm on OPNsense 21.10.2-amd64

Results with 1 core: 0.365 Gbit's
Results with 4 cores: 0.327 Gbit's

And without the modification

Results with 1 core: 0.142 Gbit's
Results with 4 cores: 0.125 Gbit's