Messages

1

General Discussion / Re: LAGGs and Load

« on: March 07, 2021, 10:19:41 pm »

Yes, both switch ports are full duplex and 1000Mb/s.

I also verified LACP seems to be working properly setting up the LAGG. When I add a second physical interface to the LACP LAGG interface in OPNSense, it drops pings until I add the corresponding interface to the LACP LAG group on the switch. If I drop one of the interfaces on the switch, pings timeout, too. While this isn't proof that there isn't a broadcast storm, I think it it does prove that LACP needs to be happy on both sides.

2

General Discussion / LAGGs and Load

« on: March 07, 2021, 02:01:07 am »

I'm hoping someone can help me understand what's going on.  When there is more than 1 interface member of the LAG, and start to put even a little bit of traffic through the firewall (around 40Mb/s), ping times skyrocket, and then eventually all pings to the firewall timeout (around 60Mb/s) and the web interface is unreachable.  As soon as the traffic stops (<1Mb/s), ping times drop to a reasonable 1.5ms, and I can access the web interface again.

My LAN interface is set up as a LAG.  The above behavior only happens if is more than one member of the LAG.  I've tried both LACP and loadbalancing configs, and get the same behavior with both.
The switch is a Netgear GS324TP (I know, Netgear, no jokes, please), but it does support both LACP and static LAG configs.

I tested single interface LACP and Loadbalancing LAG settings for each of the physical interfaces individually, and can push +800Mb/s through without any issue.  It's only when I have multiple members of the LAG that issues arise with even the smallest amount of traffic.

Setup:

• OPNSesne: Qotom i5-7200U, 16GB RAM, 250GB SSD - all latest patches
• Switch: Netgear GS724TP with the latest firmware
• The LAG is a member of 2 VLANS (1, and 30).  All test traffic is using VLAN 1.

I've Fluke tested the CAT6 network cables, all good.
Any ideas?

3

Web Proxy Filtering and Caching / Re: C-ICAP not installing correctly

« on: February 13, 2021, 04:29:07 pm »

Resolved.  Stupidity on my part  .  The service list was being truncated in my browser view.  Once I changed views, I was able to see C-ICAP and configure and start it.

4

Web Proxy Filtering and Caching / C-ICAP not installing correctly

« on: February 13, 2021, 04:01:15 pm »

Hi All,
I'm trying to get the webproxy configured with C-ICAP, but C-ICAP isn't installing correctly.  When I add the plugin, the install looks like everything is ok, but the service doesn't start and I don't see C-ICAP in the list of services.  I've uninstalled and reinstalled a bunch of times with reboots in between.  I've gone into the shell and removed all the ICAP dirs I could find, including clearing the package cache.  Still no luck.

Here's the output from the plugin install:

Code: [Select]

***GOT REQUEST TO INSTALL: os-c-icap***
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
c-icap: 0.5.7,2
c-icap-modules: 0.5.4
os-c-icap: 1.7

Number of packages to be installed: 3

The process will require 1 MiB more space.
317 KiB to be downloaded.
[1/3] Fetching os-c-icap-1.7.txz: .. done
[2/3] Fetching c-icap-modules-0.5.4.txz: .......... done
[3/3] Fetching c-icap-0.5.7,2.txz: .......... done
Checking integrity... done (0 conflicting)
[1/3] Installing c-icap-0.5.7,2...
===> Creating groups.
Creating group 'c_icap' with gid '959'.
===> Creating users
Creating user 'c_icap' with uid '959'.
[1/3] Extracting c-icap-0.5.7,2: .......... done
[2/3] Installing c-icap-modules-0.5.4...
[2/3] Extracting c-icap-modules-0.5.4: .......... done
[3/3] Installing os-c-icap-1.7...
[3/3] Extracting os-c-icap-1.7: .......... done
Stopping configd...done
Starting configd.
Keep version OPNsense\CICAP\General (1.0.1)
Keep version OPNsense\CICAP\Antivirus (1.0.0)
Reloading plugin configuration
Configuring system logging...done.
Reloading template OPNsense/CICAP: OK
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***

Looking at /etc/rc.conf.d/c_icap shows

Code: [Select]

c_icap_enable="NO"
I'm new to OPNSense.  Any ideas where to start?