Messages

Update: I've tried another Cisco switch (different model), but still the same issue.

Everything working as expected when I'm using the DEC750 built-in Ethernet port.

Is it possible that the problem is just compatibility between the SFP+ port and the SFP transmitter?...
I've ordered a SFP+ 1G/2.5G/5G/10G transmitter that should arrive today, I'll update tomorrow.

Hi,

It seems like something is not working when I'm using SFP adapters with the DEC750...

The DEC750 (latest software version) is connected with SFP (x0) to a Cisco L2 switch.

The WAN interface is coming up, but I can't send or receive any traffic. The only way to get it working is to change something in the WAN interface settings (like MTU), and then the connection is back to life.

Before the MTU change I can't even see the MAC address entry on the Cisco...

I'm using a standard Cisco RJ45 SFTP (I've tried several). The following is the log on the console when inserting the FSP:

Code Select Expand

ax0: xgbe_phy_sfp_signals: port_sfp_inputs: 0x0
ax0: SFP detected:
ax0:   vendor:   CISCO-AVAGO     
ax0:   part number:    ABCU-5710RZ-CS4
ax0:   revision level: B2 
ax0:   serial number:  AGM165220FH     
miibus0: <MII bus> on ax0
e1000phy0: <Marvell 88E1111 Gigabit PHY> PHY 0 on miibus0
e1000phy0:  none, 1000baseSX, 1000baseSX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
ax0: Link is UP - 1Gbps/Full - flow control off


Any ideas?

[Default deny / state violation rule]

I can't access the internet, everything get blocked on: Default deny / state violation rule

All the NAT/access rules are still in place, but DNS query blocked:

DMZ      2023-03-29T17:11:33   10.10.50.110:39249   10.10.50.1:53   udp   Default deny / state violation rule   
DMZ      2023-03-29T17:11:33   10.10.50.110:39249   10.10.50.1:53   udp   Default deny / state violation rule   
DMZ      2023-03-29T17:11:28   10.10.50.110:39249   10.10.50.1:53   udp   Default deny / state violation rule   
DMZ      2023-03-29T17:11:28   10.10.50.110:39249   10.10.50.1:53   udp   Default deny / state violation rule   
DMZ      2023-03-29T17:11:23   10.10.50.110:50869   10.10.50.1:53   udp   Default deny / state violation rule   
DMZ      2023-03-29T17:11:23   10.10.50.110:50869   10.10.50.1:53   udp   Default deny / state violation rule   
DMZ      2023-03-29T17:11:19   10.10.50.110:50869   10.10.50.1:53   udp   Default deny / state violation rule   
DMZ      2023-03-29T17:11:19   10.10.50.110:50869   10.10.50.1:53   udp   Default deny / state violation rule

Access outside blocked:

DMZ      2023-03-29T17:13:29   10.10.50.110:58044   151.101.0.81:443   tcp   Default deny / state violation rule   
DMZ      2023-03-29T17:13:25   10.10.50.110:58044   151.101.0.81:443   tcp   Default deny / state violation rule   
DMZ      2023-03-29T17:13:23   10.10.50.110:58044   151.101.0.81:443   tcp   Default deny / state violation rule   
DMZ      2023-03-29T17:13:22   10.10.50.110:58044   151.101.0.81:443   tcp   Default deny / state violation rule

[strongswan]

Started after installing the latest version - 23.1.4 (and still happened after 23.1.4_1).

The two IPsec tunnels were rock stable with the previous versions.

The tunnels status is still up on the OPNsense GUI, but I can't ping or SSH to hosts on the other side.
After around 40 minutes I'm getting these entries in the log:

2023-03-27T13:13:02   Informational   charon   05[ENC] <con3|25> generating CREATE_CHILD_SA request 8 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No KE TSi TSr ]   
2023-03-27T13:13:02   Informational   charon   05[IKE] <con3|25> establishing CHILD_SA con3{57} reqid 3   
2023-03-27T13:13:02   Informational   charon   05[KNL] creating rekey job for CHILD_SA ESP/0xec8f744e/167.xxx.xxx.xxx

and then this:

2023-03-27T13:16:11   Informational   charon   11[IKE] <con2|24> rekeying IKE_SA failed, peer not responding   
2023-03-27T13:16:11   Informational   charon   11[IKE] <con2|24> giving up after 5 retransmits   
2023-03-27T13:15:47   Informational   charon   11[KNL] <con3|25> unable to delete SAD entry with SPI c088053f: No such process (3)   
2023-03-27T13:15:47   Informational   charon   11[IKE] <con3|25> giving up after 5 retransmits

Only restarting the strongswan service solves the problem.

Any ideas?

I'd just export the config.xml and reinstall with a fresh 22.7 which comes out next week and then restore config.

You lose logs and such but unavoidable without extra effort when changing from UFS to ZFS.

On 22.1.10 and waiting for version 22.7 next week.

I'm using the official OPNsense DEC850 appliance. Still on UFS, what's the benefits for me if I'll re-install the new version with ZFS (with some downtime)?

Getting only cpu.0, still nothing higher than 1500:

root@opnsense:~ # sysctl -a dev.cpu | grep 'freq_levels\|freq'

dev.cpu.0.freq_levels: 1500/1425 1400/1260 1200/1050
dev.cpu.0.freq: 1500

This should have serious effect on the performance, I would expect that the Deciso guys are monitoring this forum.

Thanks, please post an update when you find something.

[powerd -v]

Hi,

I have the Deciso OPNsense DEC850, with the AMD EPYC 3201 CPU, running OPNsense version 22.1 (was the same with versions 21.7.x).
This CPU should run at 1500MHz to 3100MHz frequency, but when running the shell command powerd -v I can see that it's actually never goes above 1500MHz:

Code Select Expand

load  40%, current freq 1500 MHz ( 0), wanted freq 2643 MHz
load  83%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  30%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  56%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  33%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  15%, current freq 1500 MHz ( 0), wanted freq 2906 MHz
load  68%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  51%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load   0%, current freq 1500 MHz ( 0), wanted freq 2906 MHz
load   0%, current freq 1500 MHz ( 0), wanted freq 2815 MHz
load   0%, current freq 1500 MHz ( 0), wanted freq 2727 MHz
load  82%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 129%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load   0%, current freq 1500 MHz ( 0), wanted freq 2906 MHz
load   0%, current freq 1500 MHz ( 0), wanted freq 1486 MHz
load   0%, current freq 1500 MHz ( 0), wanted freq 1439 MHz
load   4%, current freq 1500 MHz ( 0), wanted freq 1394 MHz
changing clock speed from 1500 MHz to 1400 MHz
load   0%, current freq 1400 MHz ( 1), wanted freq 1350 MHz
load   0%, current freq 1400 MHz ( 1), wanted freq 1307 MHz
load   0%, current freq 1400 MHz ( 1), wanted freq 1266 MHz
load  12%, current freq 1400 MHz ( 1), wanted freq 1226 MHz
load   0%, current freq 1400 MHz ( 1), wanted freq 1200 MHz
changing clock speed from 1400 MHz to 1200 MHz
load   0%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   3%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   0%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   3%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   8%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   4%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   5%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   0%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   0%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   6%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load  15%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load 117%, current freq 1200 MHz ( 2), wanted freq 3000 MHz
changing clock speed from 1200 MHz to 1500 MHz
load  57%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  40%, current freq 1500 MHz ( 0), wanted freq 2402 MHz
load 105%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 122%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 100%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 105%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 100%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 104%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  98%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  91%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 104%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 100%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 100%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 100%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 100%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 100%, current freq 1500 MHz ( 0), wanted freq 3000 MHz


I've already tried (in System: Settings: Miscellaneous) to switch the PowerD off and on, and change the settings to Maximum, Minimum, Adaptive And Hiadaptive, but it makes no difference.

It's quite an expensive box, and one would assume that Deciso will make sure OPNsense support all the features of their own hardware...

Any ideas?

21.7.5_2 for opnsense-update package only. Check the package listing after the release notes.

Thanks Franco :)

Hi,

Is it supposed to say 21.7.5_2? Because I'm checking the default mirror and all I get is 21.7.5:




Thanks,

Gilad

Hi,

I've upgraded to version 21.7.4 yesterday, and didn't have any problems.
However, today I've noticed this error displayed on the dashboard, and it seems like it a PHP error:

[29-Oct-2021 11:39:15 Europe/London] PHP Warning:  Phalcon\Session\Adapter\Stream::read(/var/lib/php/sessions/sess_be911bfde6d67e18ba8a619c4b5cb3cb): failed to open stream: No such file or directory in /usr/local/opnsense/mvc/app/config/services_api.php on line 73

From /usr/local/opnsense/mvc/app/config/services_api.php:

Code Select Expand

62
63 /**
64  * Start the session the first time some component request the session service
65  */
66 $di->setShared('session', function () {
67     $session = new Manager();
68     $files = new Stream([
69         'savePath' => session_save_path(),
70         'prefix'   => 'sess_',
71     ]);
72     $session->setAdapter($files);
73     $session->start()
74     // Set session response cookie, unfortunalty we need to read the config here to determine if secure option is
75     // a valid choice.
76     $cnf = Config::getInstance();
77     if ((string)$cnf->object()->system->webgui->protocol == 'https') {
78         $secure = true;
79     } else {
80         $secure = false;
81     }
82     setcookie(session_name(), session_id(), null, '/', null, $secure, true);
83
84     return $session;
85 });
86

I thought It's a session/cookie issue, but restarting Google Chrome and even using Firefox doesn't help...


Any ideas?

(I've submitted a crash report)

From the changelog you posted on the announcement post you wrote:
"Unbound advanced configuration has been removed.  Local override directory /usr/local/etc/unbound.opnsense.d exists."

From this I took this to mean the page in "Services - Unbound DNS - Advanced" is being removed. However in reading the above comments I believe that the only thing being removed is actually "Services - Unbound DNS - general - Custom options" which is quite different.

Oh, I was also under the impressions that the whole section of Services/Unbound DNS/Advanced is being removed... Thanks for the clarification  :D

I think this should be changed in the OPNsense Roadmap, from "advanced" to "custom"...

Thanks, it worked  :D

Hi,

Running the latest build on OPNsense DEC850, I'm getting several log entries per second of the following:

2021-07-09T15:15:17   getty[9966]   open /dev/ttyU0: No such file or directory   
2021-07-09T15:15:17   getty[9966]   open /dev/ttyU0: No such file or directory   
2021-07-09T15:15:17   getty[55359]   open /dev/ttyU3: No such file or directory   
2021-07-09T15:15:17   getty[55359]   open /dev/ttyU3: No such file or directory   
2021-07-09T15:15:17   getty[41650]   open /dev/ttyU0: No such file or directory   
2021-07-09T15:15:17   getty[41650]   open /dev/ttyU0: No such file or directory   
2021-07-09T15:15:17   getty[80220]   open /dev/ttyU3: No such file or directory   
2021-07-09T15:15:17   getty[80220]   open /dev/ttyU3: No such file or directory   
2021-07-09T15:15:17   getty[13807]   open /dev/ttyU3: No such file or directory   
2021-07-09T15:15:17   getty[13807]   open /dev/ttyU3: No such file or directory   
2021-07-09T15:15:17   getty[99240]   open /dev/ttyU3: No such file or directory

Any ideas?