Messages

Hi,

Recently upgraded my opnsense hardware to 10Gb (X550-T2) so that my inter-vlan traffic doesn't impact my 1Gbps WAN speed. However, I'm finding that periodically my 1Gbps connection to my fibre ONT (opnsense WAN PPPoE interface) is reverting to 100Mbps. I have tried "default", "autoselect" and "1000baseT". All seem to connect fine at 1Gbps but demote to 100Mbps after varying periods of time, sometimes days. A reboot of opnsense usually solves it until the next time.

How best can I troubleshoot this?

Thanks
S

Hello,

I was wondering if anyone knew if this was possible and whether it'd be easy to implement in OPNsense?

I'm based in the UK. My ISP have 4 gateways for PPPOE customers that are (I believe) randomly assigned at connection. Sometimes I've been moved between gateways in the middle of the night or something too.

Anyway the gateways are like this.

xx.xx.xx.21
xx.xx.xx.22
xx.xx.xx.23
xx.xx.xx.24

What I've been able to discover is that .21 and .22 are in the north of the country (let's say 200-300 miles away) and .23 and .24 are in the south where I am (~30/40 miles away).

If I am assigned a gateway in the north, my latency to the first outside hop can be 18-55ms. If I'm assigned a gateway in the south, my latency is 3-8ms. Additionally, my speedtests are about 40% slower when on the "north" gateways as opposed to "south".

Any way to run a cron job/script every morning (2AM) to pull the gateway, if on .21 or .22 restart PPPOE until on a .23 or .24 gateway?

I found the issue here https://forum.opnsense.org/index.php?topic=17656.0. The issue was caused by IDS and specifically the VLAN hardware filtering setting in Interfaces->Settings->VLAN Hardware Filtering=Disable VLAN Hardware Filtering. If I disabled the VLAN HW filtering, vl40 starts working again (inc DHCP). If I re-enable it, and disable IDS, again works. If both are enabled, everything falls over.

I note some changes in Suricata in 21.1.4, so likely this has caused the issue on my particular hardware.

Interesting. Although in answer to your question on reddit, VLANs aren't broken - all normal here (on 4 VLANs)

Thanks.

I'm going to revert back to 21.1.3. How best to preserve logs for if someone wants to review/replicate issue?

Updated to 21.1.4 last night and now none of my devices on an IoT VLAN (vl40) are working. Were working fine on 21.1.3. None of the devices can get an IP address from opnsense on the IoT vlan.

Checked the logs and opnsense is sending DHCPOFFERs from the "Trusted" vlan (vl30) IP address pool to these devices and of course, this is failing

Also reddit thread.
https://www.reddit.com/r/OPNsenseFirewall/comments/mifa74/upgraded_to_2114_last_night_dhcp_woes/

For the UPS, make sure that all the other drivers are not enabled. I use the SNMP driver, but for some reason, my usbhid driver was also enabled. It might not be the case with you, but still might be worthwhile double checking.

Well, I'll be dammed. I had USBHID and APCSMART enabled simultaneously. Disabling APCSMART resolved it. Can only imagine first time I enabled USBHID, I probably needed to reboot OPNsense (I didn't do it) and immediately moved on to APCSMART without disabling USBHID. Thanks!

Still trying to get Suricata blocking instead of just alerting.

Hi!

RE: Nut

https://forum.opnsense.org/index.php?topic=16105.0

maybe? :-)

Thanks. I've rebooted the OPNsense device countless times, no luck.

Logs show

Code Select Expand

2021-03-24T14:11:21 root[92642] /usr/local/etc/rc.d/nut: WARNING: failed precmd routine for nut
2021-03-24T14:11:21 upsmon[7994] upsmon parent: read
2021-03-24T14:11:21 upsmon[12422] Signal 15: exiting
2021-03-24T14:11:18 configctl[27774] event @ 1616595077.60 exec: system event config_changed
2021-03-24T14:11:18 configctl[27774] event @ 1616595077.60 msg: Mar 24 14:11:17 OPNsense.obscuredomain.net config[91606]: config-event: new_config /conf/backup/config-1616595077.6027.xml
2021-03-24T14:11:17 upsmon[12422] UPS APCBackupsCS500 is unavailable
2021-03-24T14:11:17 upsmon[12422] UPS [APCBackupsCS500]: connect failed: Connection failure: Operation already in progress
2021-03-24T14:10:11 upsmon[12422] Communications with UPS APCBackupsCS500 lost
2021-03-24T14:10:11 upsmon[12422] UPS [APCBackupsCS500]: connect failed: Connection failure: Operation timed out
2021-03-24T14:09:50 root[63060] /usr/local/etc/rc.d/nut: WARNING: failed precmd routine for nut
2021-03-24T14:08:56 upsmon[7994] Startup successful
2021-03-24T14:08:56 configctl[27774] event @ 1616594935.80 exec: system event config_changed
2021-03-24T14:08:56 configctl[27774] event @ 1616594935.80 msg: Mar 24 14:08:55 OPNsense.obscuredomain.net config[77203]: config-event: new_config /conf/backup/config-1616594935.8029.xml
2021-03-24T14:08:56 root[19237] /usr/local/etc/rc.d/nut: WARNING: failed precmd routine for nut
2021-03-24T14:08:55 upsmon[56962] upsmon parent: read
2021-03-24T14:08:55 upsmon[94389] Signal 15: exiting
2021-03-24T14:08:51 upsmon[94389] UPS [APCBackupsCS500]: connect failed: Connection failure: Operation already in progress
2021-03-24T14:08:51 root[82563] /usr/local/etc/rc.d/nut: WARNING: failed precmd routine for nut

In terms of Suricata. I have a single policy set with 0 priority. Settings attached but basically all rulesets selected and a new action of drop.

nut issues.

Hi All,

After 5+ using pfsense, I decided to give opnsense a shot.

Few issues i'm having.

• I can't for the life of me get NUT to see my USB connected APC BACK-UPS CS500. On pfsense it would find it fine using USBHID driver, on OPNsense no such luck. If I disconnect the USB cable, the console shows the UPS model/make as disconnected. And reconnected when I plug back in. I have tried USBHID and APCSMART. Any ideas? Also, the NUT configuration page seems to lock up OPNsense gui for 30-45 seconds at a time. nut_upsmon is started but nut_daemon will not start.
• Suricata is a whole other beast on OPNsense. I just can't seem to get suricata to drop packets that match rules. It will send an alert fine. When I set a ruleset to action > drop, the gui still shows Alert? Also, in the alerts tab it shows allowed next to any traffic that matches rules. IPS and Promiscuous mode is ON. Maybe I'm misunderstanding things?

Appreciate any help on this matter. I don't want to cave in and restore that pfsense config!