OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of eminent »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - eminent

Pages: [1]
1
General Discussion / Re: IPv6 Made some weird VLAN Changes
« on: May 09, 2023, 04:41:19 am »
Thank you.  And you are correct, it shouldn't change it.  I have resolved the issue, windows by default doesnt accept ICMP so I do not know why that linux box could ping it.  However, I updated my Linux Box and it updated Remmina, which broke my RDP.

2
General Discussion / Re: IPv6 Made some weird VLAN Changes
« on: May 08, 2023, 08:50:45 pm »
Stood up a Windows VM,  on that VM.  Same Issue.  Appears to only be Windows Devices

3
General Discussion / SOLVED: IPv6 Made some weird VLAN Changes
« on: May 08, 2023, 06:40:42 pm »
Good afternoon,

Thank you in advance, I enabled IPv6, however my ISP does not provide IPv6.   Once I realized it, I disabled it.  However I have 4 VLANS.

LAN VLAN1
MANG VLAN3
SERV VLAN5
WORK VLAN7

Since disabling IPv6. I cannot RDP or ping any of my Windows Devices on VLAN7. I attached a Linux Device to VLAN7, I can ping the device, ssh to the device, but cannot ping the any of the windows machines.  But when I attach a VM to VLAN7, I can ping the Windows Devices.  All my Windows devices have access to the internet and after removing all Rules for segmentation, they can ping any device on the network.

In Example 1, I performed a Layer 4 Traceroute with lft to 3389, it shows that the port is open.
In Example 2, I performed NC to 3389, it shows that the port is open as well.
In Example 3, is the Packet Capture on LAN to 172.18.7.23, it shows the packet going out.
In Example 4, this is where I think its weird is it is showing the LAN Address of the Firewall which is 172.18.1.1, I did check this with a server on my management VLAN, and it doesn't do this it shows the respected IPs of 172.18.1.21 and 172.18.3.11
In Example 5, It shows my Ping to the VM successful.
In Example 6, shows I can ping the Windows Devices from the Linux VM
Example 1
Code: [Select]
╰─ lft -VV 172.18.7.23:3389                                                                                                                                           ─╯
Layer Four Traceroute (LFT) version 3.91 ... (verbosity level 2)
Receiving on enp0s20f0u2u3c2, type 1 (EN10MB), transmitting on enp0s20f0u2u3c2 as eminent.localdomain (172.18.1.21):53
Receive link type is EN10MB (1), skipping 14 bytes
Transmit Initial Sequence Number (ISN) will be 1921528470
SENT TCP  TTL=1 SEQ=1921528470 FLAGS=0x2 ( SYN )
RCVD ICMP SEQ=1921528470 SRC=172.18.1.1 PTTL=1 PSEQ=1921528470
SENT TCP  TTL=2 SEQ=1921528471 FLAGS=0x2 ( SYN )
SENT TCP  TTL=3 SEQ=1921528472 FLAGS=0x2 ( SYN )
RCVD TCP  FLAGS=0x12 ( SYN ACK ) SEQ=894040146 ACK=1921528472 SRC=172.18.7.23 PTTL=2 PSEQ=1921528471
Port 3389/tcp open; target attempted handshake.
RCVD TCP  FLAGS=0x12 ( SYN ACK ) SEQ=894057261 ACK=1921528473 SRC=172.18.7.23 PTTL=3 PSEQ=1921528472
TTL LFT trace to DESKTOP-7HBT260.localdomain (172.18.7.23):3389/tcp
 1  OPNsense.localdomain (172.18.1.1) 1.4ms
 2  [target open] DESKTOP-7HBT260.localdomain (172.18.7.23):3389 2.7ms

Example 2
Code: [Select]
╰─ nc -vz 172.18.7.23 3389                                                                                                                                            ─╯
Connection to 172.18.7.23 3389 port [tcp/ms-wbt-server] succeeded!

Example 3
Code: [Select]
LAN
lagg0 2023-05-08
11:59:58.949452 60:be:b4:05:23:ef 50:a0:30:07:b4:ab
***
ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 127, id 59658, offset 0, flags [none], proto ICMP (1), length 60)
    172.18.7.23 > 172.18.1.21: ICMP echo request, id 1, seq 9, length 40
LAN
lagg0 2023-05-08
11:59:58.951171 50:a0:30:07:b4:ab 60:be:b4:05:23:ef ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 60151, offset 0, flags [none], proto ICMP (1), length 60)
    172.18.1.21 > 172.18.7.23: ICMP echo reply, id 1, seq 9, length 40
LAN
lagg0 2023-05-08
11:59:59.962160 60:be:b4:05:23:ef 50:a0:30:07:b4:ab ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 127, id 59659, offset 0, flags [none], proto ICMP (1), length 60)
    172.18.7.23 > 172.18.1.21: ICMP echo request, id 1, seq 10, length 40
LAN
lagg0 2023-05-08
11:59:59.963772 50:a0:30:07:b4:ab 60:be:b4:05:23:ef ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 60160, offset 0, flags [none], proto ICMP (1), length 60)
    172.18.1.21 > 172.18.7.23: ICMP echo reply, id 1, seq 10, length 40
LAN
lagg0 2023-05-08
12:00:00.972129 60:be:b4:05:23:ef 50:a0:30:07:b4:ab ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 127, id 59660, offset 0, flags [none], proto ICMP (1), length 60)
    172.18.7.23 > 172.18.1.21: ICMP echo request, id 1, seq 11, length 40

Example 4

Code: [Select]
lagg0_vlan7 2023-05-08
11:59:29.475533 60:be:b4:05:23:ef b0:5c:da:2c:07:3c ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 27667, offset 0, flags [none], proto ICMP (1), length 84)
    172.18.1.1 > 172.18.7.23: ICMP echo request, id 4953, seq 6782, length 64
WORK
lagg0_vlan7 2023-05-08
11:59:30.476676 60:be:b4:05:23:ef b0:5c:da:2c:07:3c ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 47712, offset 0, flags [none], proto ICMP (1), length 84)
    172.18.1.1 > 172.18.7.23: ICMP echo request, id 4953, seq 6783, length 64
WORK
lagg0_vlan7 2023-05-08
11:59:31.487238 60:be:b4:05:23:ef b0:5c:da:2c:07:3c
HP Inc.
ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 7795, offset 0, flags [none], proto ICMP (1), length 84)
    172.18.1.1 > 172.18.7.23: ICMP echo request, id 4953, seq 6784, length 64
WORK
lagg0_vlan7 2023-05-08
11:59:32.487569 60:be:b4:05:23:ef b0:5c:da:2c:07:3c ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 35971, offset 0, flags [none], proto ICMP (1), length 84)
    172.18.1.1 > 172.18.7.23: ICMP echo request, id 4953, seq 6785, length 64
WORK
lagg0_vlan7 2023-05-08
11:59:33.499053 60:be:b4:05:23:ef b0:5c:da:2c:07:3c ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 33168, offset 0, flags [none], proto ICMP (1), length 84)
    172.18.1.1 > 172.18.7.23: ICMP echo request, id 4953, seq 6786, length 64
Example 5
Code: [Select]
╰─ ping 172.18.7.20                                                                                                                                                   ─╯
PING 172.18.7.20 (172.18.7.20) 56(84) bytes of data.
64 bytes from 172.18.7.20: icmp_seq=1 ttl=63 time=2.09 ms
64 bytes from 172.18.7.20: icmp_seq=2 ttl=63 time=1.98 ms
64 bytes from 172.18.7.20: icmp_seq=3 ttl=63 time=1.74 ms
64 bytes from 172.18.7.20: icmp_seq=4 ttl=63 time=1.74 ms
64 bytes from 172.18.7.20: icmp_seq=5 ttl=63 time=1.76 ms

Example 6
Code: [Select]
root@handy-boxer ~ # ping 172.18.7.23
PING 172.18.7.23 (172.18.7.23) 56(84) bytes of data.
64 bytes from 172.18.7.23: icmp_seq=1 ttl=128 time=1.50 ms
64 bytes from 172.18.7.23: icmp_seq=2 ttl=128 time=0.762 ms
64 bytes from 172.18.7.23: icmp_seq=3 ttl=128 time=1.13 ms
64 bytes from 172.18.7.23: icmp_seq=4 ttl=128 time=0.754 ms
^C
--- 172.18.7.23 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3021ms
rtt min/avg/max/mdev = 0.754/1.037/1.502/0.308 ms

4
General Discussion / Re: Unbound Crash with Interface Timeout.
« on: January 10, 2023, 03:40:53 am »
Have been running Unbound with Register Static Leases as disabled, I have zero unbound crashes.

Thank you for everyone that took the time to read this, and hopefully this helps if someone else comes across the same issue.

5
General Discussion / Re: Unbound Crash with Interface Timeout.
« on: January 09, 2023, 07:26:02 pm »
I found a few more logs.  Listed at the bottom.  The only thing I can think is the ddclient breaking it or registering static dhcp leases.  I disabled registering static dhcp leases to see if that resolves the issue.

I have found this two postings somewhat related to it, but it appears to be fixed a couple of versions back.
https://forum.opnsense.org/index.php?topic=30126.0
https://github.com/opnsense/core/issues/5752

Code: [Select]
2023-01-09T18:12:58 Error configd.py [40fc8cfb-0bbb-45fd-a556-3fe14992b6d6] Script action stderr returned "b'pgrep: Cannot get process list (kvm_getprocs: No such process)'"
2023-01-09T18:12:58 Error configd.py [92c7b090-f886-4a35-953d-b154977b0932] Script action stderr returned "b'pgrep: Cannot get process list (kvm_getprocs: No such process)'"
2023-01-09T18:12:57 Error configd.py [7a6067c5-b543-4ae1-b2b7-f4e23ec007b0] Script action stderr returned "b'pgrep: Cannot get process list (kvm_getprocs: No such process)'"
2023-01-09T18:12:56 Error configd.py [66968367-8745-4fe7-b14a-3c69cb6d79b8] Script action stderr returned "b'pgrep: Cannot get process list (kvm_getprocs: No such process)'"
2023-01-09T18:12:47 Error configd.py [cf36ff3e-2fc1-440f-904e-70eab8fcbffb] Script action stderr returned "b'pgrep: Cannot get process list (kvm_getprocs: No such process)'"
2023-01-09T18:12:47 Error configd.py [d42e416f-e234-454c-9529-a641b23224e2] Script action stderr returned "b'pgrep: Cannot get process list (kvm_getprocs: No such process)'"
2023-01-09T18:11:36 Error configd.py [23eaa643-69ed-45b5-8d86-e829c8fe5634] Script action stderr returned "b'pgrep: Cannot get process list (kvm_getprocs: No such process)'"
2023-01-09T18:11:35 Error configd.py [c8328e8c-e1ef-41ca-98da-d2494c01642e] Script action stderr returned "b'pgrep: Cannot get process list (kvm_getprocs: No such process)'"
2023-01-09T18:07:49 Error configd.py [2015a2e3-6249-4ce8-a4e6-e5817f6c8170] Script action stderr returned "b'pgrep: Cannot get process list (kvm_getprocs: No such process)'"
2023-01-09T15:19:34 Error configd.py [2651ca00-d554-4a89-b907-96c737fff1a2] Script action stderr returned "b"pgrep: Cannot open pidfile `/var/run/ddclient.pid': No such file or directory""
2023-01-09T15:19:00 Error configd.py [19ece738-671d-4e76-b797-5064e5cae75e] Script action stderr returned "b"pgrep: Cannot open pidfile `/var/run/ddclient.pid': No such file or directory""
2023-01-09T15:18:49 Error configd.py [5a19540f-a906-4184-b9e5-fc6aba8f643d] Script action stderr returned "b"pgrep: Cannot open pidfile `/var/run/ddclient.pid': No such file or directory""
2023-01-09T15:12:46 Error configd.py [552c01d6-886c-4241-a95e-393d3f6698d6] Script action stderr returned "b'pgrep: Cannot get process list (kvm_getprocs: No such process)'"

Code: [Select]
2023-01-09T18:18:55 Debug configd.py OPNsense/Unbound/* generated //var/unbound/advanced.conf
2023-01-09T18:18:55 Notice configd.py generate template container OPNsense/Unbound/core
2023-01-09T18:18:55 Notice configd.py [9da7a348-15ae-4a93-b76f-ec120cc09743] generate template OPNsense/Unbound/*
2023-01-09T18:18:54 Notice configd.py [332b29fc-e1a7-47bc-8d91-4af0ee0166da] list gateway status
2023-01-09T18:18:54 Notice configd.py [f9edc566-1586-4e6d-ac4a-030a6252e950] Unbound cache dump
2023-01-09T18:18:54 Notice configd.py [09deb65d-0be9-438b-a50c-693be826500f] get ddclient statistics
2023-01-09T18:18:50 Notice configd.py [1bcd8ff5-67cf-4837-bb43-779df4c27239] system status
2023-01-09T18:18:49 Notice configd.py [75f5410a-6cfb-46f1-be33-39ed943e0347] Retrieve firmware product info
2023-01-09T18:18:49 Notice configd.py [52b55c0f-2703-49c0-80c3-e6388543976e] list gateway status
2023-01-09T18:18:49 Notice configd.py [63c79221-4f0d-4c4a-a01e-25726cff0ad2] get ddclient statistics
2023-01-09T18:13:19 Notice configd.py [22dcd6fe-0e51-42ff-87d4-7658192ab1aa] system status
2023-01-09T18:13:18 Notice configd.py [5941fdc0-d3d6-47b5-9dd8-a211e0c1e227] list gateways
2023-01-09T18:13:18 Notice configd.py [935b8104-2647-42ce-9961-8f89e7f4a0c0] request pf current overall table record count and table-entries limit
2023-01-09T18:13:02 Notice configd.py [3bdbf39d-9613-435d-b832-6249c69d0e70] system status
2023-01-09T18:13:01 Notice configd.py [77c68634-0081-416d-b64c-7fa7450bda32] request Unbound status
2023-01-09T18:12:58 Error configd.py [40fc8cfb-0bbb-45fd-a556-3fe14992b6d6] Script action stderr returned "b'pgrep: Cannot get process list (kvm_getprocs: No such process)'"
2023-01-09T18:12:58 Notice configd.py [40fc8cfb-0bbb-45fd-a556-3fe14992b6d6] request Unbound status
2023-01-09T18:12:58 Error configd.py [92c7b090-f886-4a35-953d-b154977b0932] Script action stderr returned "b'pgrep: Cannot get process list (kvm_getprocs: No such process)'"
2023-01-09T18:12:58 Notice configd.py [92c7b090-f886-4a35-953d-b154977b0932] request Unbound status
2023-01-09T18:12:58 Debug configd.py OPNsense/Unbound/* generated //var/unbound/dnsbl_module.py

6
General Discussion / Unbound Crash with Interface Timeout.
« on: January 09, 2023, 01:51:10 am »
Good evening,

I have been struggling with an issue, where my internet goes out randomly through out the day.  I would fix it by restarting my OpnSense itself. Then narrowed it down to Unbound.  I have found these logs every time the Unbound Service has crashed.

I do not have Unbound Block Lists Enabled, however I do have DOT and some custom Overrides enabled.  Outside of that I followed the guide for performance Tuning for NIDs from this forum and os-ddclient. It is only affecting Unbound, as soon as I restart Unbound it will work for a random time.

I have even set up a Cron Job to restart Unbound every 3 hours to try and prevent it from Locking up Unbound but it is still happening regardless.

Thank you in advance.

Code: [Select]
2023-01-08T15:57:01-05:00 Error configd.py Timeout (120) executing : interface newip 'vlan05'
2023-01-08T15:54:53-05:00 Error configd.py Timeout (120) executing : interface newip 'vlan02'
2023-01-08T15:52:53-05:00 Error configd.py Timeout (120) executing : interface newip 'lagg0'
2023-01-08T15:43:46-05:00 Error configd.py Timeout (120) executing : interface newip 'vlan01'
2023-01-08T15:30:08-05:00 Error configd.py Timeout (120) executing : interface newip 'vlan05'
2023-01-08T15:28:07-05:00 Error configd.py Timeout (120) executing : interface newip 'vlan03'
2023-01-08T15:16:35-05:00 Error configd.py Timeout (120) executing : interface newip 'vlan04'
2023-01-08T15:14:24-05:00 Error configd.py Timeout (120) executing : interface newip 'lagg0'
2023-01-08T14:28:30-05:00 Error configd.py Timeout (120) executing : interface newip 'vlan04'
2023-01-08T14:26:29-05:00 Error configd.py Timeout (120) executing : interface newip 'vlan02'
2023-01-08T03:14:49-05:00 Error configd.py Timeout (120) executing : interface newip 'vlan02'
2023-01-08T03:12:49-05:00 Error configd.py Timeout (120) executing : interface newip 'lagg0'6

7
General Discussion / Intel NICs randomly loose Connection
« on: February 05, 2022, 05:22:43 am »
Good evening,

Every few hours I would stay connected to wifi, but would loose internet access to the internet. I used to think it was my Asus ZenWifi.  But during this time, I can access the switch, Asus Nodes, and other devices. But I wouldn't be able to SSH or access the Web Interface.

Sometimes it's a few hours, sometimes it's 30 minutes it does this. I have checked dmesg, but I can't find anything that points to anything. Is there anywhere I should check besides dmesg?

I also already attempted this, which is turning off power saving mode.
https://forum.opnsense.org/index.php?topic=5511.msg23591#msg23591





I

8
General Discussion / DNS Unbound and DNSMasq Turning off Randomly
« on: October 16, 2021, 02:56:13 pm »
Good morning,

I am currently on  Version: 21.7.r_228,  I moved to Development because of this issue but its happening on both Stable and Development. Currently running Unbound every morning at 4 AM Eastern, my DNS just stops working.  As far as I can tell there is no crashes in logs, just at 4 AM everything stops resolving. The only way I can get it back up and running is 

I thought I would be able to resolve this by scheduling via a Cron Job to reboot the system at 4:01 AM Eastern.  But that still did not fix the issue.  So I tested utilizing DNS Masq instead of Unbound, and I have the same issue.

In order to get everything back up and running I have to disable the DNS Service I am running, allow upstream to overwrite DNS, reboot then enable my DNS Service of choice then disable upstream.

Anyone have advice of where I could look either in logs or anyone experience this before?

Thank you.

9
General Discussion / Re: Setup Questions
« on: January 16, 2021, 09:00:14 pm »
Just wanted to update,

Discovered a guide to find MTU, which tested and messed round still wasn't working.  But ended up stumbling across this guide for peplink, which explains getting the ping method in addition to setting MSS. I am now getting near full speed on OpnSense.  I posted the Peplink link below if anyone is facing the same issue.

https://forum.peplink.com/t/how-to-determine-the-optimal-mtu-and-mss-size/7895

10
General Discussion / Re: Setup Questions
« on: January 16, 2021, 06:12:19 am »
Got TDS to come out to my location, they were able to get the TDS DSL Action Tech set up to use the fiber with near speeds as if the laptop.  The only difference was they put (null) for host, and they put tds for the domain.  All the other settings I have dug thru and cannot find a thing different.  The Null option does not work with OpnSense so i am going to test on other platforms.

Thank you everyone that read. And thank you Bart for responding.

11
General Discussion / Re: Setup Questions
« on: January 15, 2021, 11:39:05 am »
Thank you for the response Bart,

First install, I followed that guide and had IPS enabled and was getting 330 Mbps to 400 Mbps.

I reinstalled to have a clean slate and try again.
First sets of speed tests ranged between 390 Mbps to 425. I then tuned to the following guide.

https://teklager.se/en/knowledge-base/opnsense-performance-optimization/

Which raised my speed tests ranged to 410 to 440.

12
General Discussion / Setup Questions
« on: January 15, 2021, 04:40:01 am »
Good evening,

I currently have TDS 1000 Mbps Down and 400 Mbps, no PPPOE.  Plugging the computer directly into the Fiber Box directly I get 900 to 970 Mbps consistently.  But when utilizing a router, really any router it slows to 300 to 350 Mbps. I have tried Asus RT-AX88U, Linksys Velop, and Netgear Orbi.  Which lead me to try Opnsense, after making the switch I love the features but I still cannot reach speeds past 400 Mbps down with speedtest straight from the CLI.

My current setup is a Qotom Intel i5-7200u, 6 Intel I211-AT, 8GB of RAM

I followed this guide here:
https://forum.opnsense.org/index.php?PHPSESSID=do37lppp3v4gidtdjsdl0do4bp&topic=6590.0

My current config settings for loader.conf.local is below.  But I still range 350 Mbps to 400 Mbps. Any advice would be appreciated, or just a point in the right direction.  Thank you.

Code: [Select]
#Agree with Intel license terms
legal.intel_ipw.license_ack=1
legal.intel_iwi.license_ack=1
#Check for interface specific settings and add accordingly.
# These ae tunables to improve network performance on Intel igb driver NICs

# Flow Control (FC) 0=Disabled 1=Rx Pause 2=Tx Pause 3=Full FC
# This tunable must be set according to your configuration. VERY IMPORTANT!
# Set FC to 0 (<x>) on all interfaces
hw.igb.0.fc=0 #Also put this in System Tunables hw.igb.<x>.fc: value=0
hw.igb.1.fc=0
hw.igb.2.fc=0
hw.igb.3.fc=0
hw.igb.4.fc=0
hw.igb.5.fc=0
hw.igb.6.fc=0
# Set number of queues to number of cores divided by number of ports. 0 lets FreeBSD decide
hw.igb.num_queues=0

# Increase packet descriptors (set as 1024,2048, or 4096) ONLY!
# Allows a larger number of packets to be processed.
# Use "netstat -ihw 1" in the shell and make sure the idrops are zero
# If the NIC has constant disconnects, lower this value
# if not zero then lower this value.
hw.igb.rxd="4096" # For i340/i350 use 2048
hw.igb.txd="4096" # For i340/i350 use 2048
net.link.ifqmaxlen="8192" # value here equal sum of above values. For i340/i350 use 4096

# Increase Network efficiency
hw.igb.enable_aim=1

# Increase interuppt rate
hw.igb.max_interrupt_rate="64000"

# Network memory buffers
# run "netstat -m" in the shell and if the 'mbufs denied' and 'mbufs delayed' are 0/0/0 then this is not needed
# if not zero then keep adding 400000 until mbufs are zero
kern.ipc.nmbclusters="1000000"

# Fast interrupt handling
# Normally set by default. Use these settings to insure it is on.
# Allows NIC to process packets as fast as they are received
hw.igb.enable_msix=1
hw.pci.enable_msix=1

# Unlimited packet processing
# Use this only if you are sure that the NICs have dedicated IRQs
# View the IRQ assignments by executing this in the shell "vmstat -i"
# A value of "-1" means unlimited packet processing
hw.igb.rx_process_limit="-1"
hw.igb.tx_process_limit="-1"

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2