Messages

1

21.1 Legacy Series / Re: Stalling HTTP downloads after upgrade to 21

« on: February 06, 2021, 07:52:38 pm »

@aimdev thanks, I've got Xen integration already running.

There seems to be a problem with a Xen patch to fix the issue xsa-332 (https://xenbits.xen.org/xsa/advisory-332.html) and BSD systems, like opnsense. The xcp-ng guys provided a kernel without this patch, which fixed my issue for now. I' have to wait for a final fix.

2

21.1 Legacy Series / Re: Stalling HTTP downloads after upgrade to 21

« on: February 06, 2021, 04:13:49 pm »

Hi again,

as I also upgraded my xcp-ng installation, I found an issue which may be related:
https://xcp-ng.org/forum/topic/3774/poor-pfsense-wan-speeds-after-xcp-ng-updates/151

Maybe it's a Xen issue and not a opnsense problem.

floek

3

21.1 Legacy Series / Stalling HTTP downloads after upgrade to 21

« on: February 06, 2021, 03:40:24 pm »

Hi folks,

I'm using opnsense in a virtual environment (xcp-ng / xenserver) with static ip addresses. I recently upgraded to v21 and now I see stalling downloads on my vms. The download rate is falling to zero after some megabytes. After some debugging, I can reproduce this even via curl on the ssh shell of opnsense. The Firewall VM is bridged to an interface (simple 1G Ethernet), which is connected with rfc1918 ips to a router with public ips. On the router the curl is working.

If have no special filtering of IDS running. Just simple packet filters and nat.
When I capture the packets with Wireshark I get many TCP retransmissions and TCP out of order messages.

TCP Offload Engines are turned off.

Can you help me?

Thanks,
floek