OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Gilad »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - Gilad

Pages: [1] 2
1
Hardware and Performance / Re: Problem with the OPNsense DEC750 and SFP
« on: February 08, 2024, 12:38:36 pm »
Update: I've tried another Cisco switch (different model), but still the same issue.

Everything working as expected when I'm using the DEC750 built-in Ethernet port.

Is it possible that the problem is just compatibility between the SFP+ port and the SFP transmitter?...
I've ordered a SFP+ 1G/2.5G/5G/10G transmitter that should arrive today, I'll update tomorrow.

2
Hardware and Performance / Problem with the OPNsense DEC750 and SFP
« on: February 07, 2024, 01:49:11 pm »
Hi,

It seems like something is not working when I'm using SFP adapters with the DEC750...

The DEC750 (latest software version) is connected with SFP (x0) to a Cisco L2 switch.

The WAN interface is coming up, but I can't send or receive any traffic. The only way to get it working is to change something in the WAN interface settings (like MTU), and then the connection is back to life.

Before the MTU change I can't even see the MAC address entry on the Cisco...

I'm using a standard Cisco RJ45 SFTP (I've tried several). The following is the log on the console when inserting the FSP:

Code: [Select]
ax0: xgbe_phy_sfp_signals: port_sfp_inputs: 0x0
ax0: SFP detected:
ax0:   vendor:   CISCO-AVAGO     
ax0:   part number:    ABCU-5710RZ-CS4
ax0:   revision level: B2 
ax0:   serial number:  AGM165220FH     
miibus0: <MII bus> on ax0
e1000phy0: <Marvell 88E1111 Gigabit PHY> PHY 0 on miibus0
e1000phy0:  none, 1000baseSX, 1000baseSX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
ax0: Link is UP - 1Gbps/Full - flow control off

Any ideas?

3
24.1 Legacy Series / Re: Google Drive backups no longer function
« on: January 31, 2024, 10:49:08 am »
Same here  :(

4
23.1 Legacy Series / Something is seriously wrong with OPNSense 23.1.5
« on: March 29, 2023, 06:14:39 pm »
I can't access the internet, everything get blocked on: Default deny / state violation rule

All the NAT/access rules are still in place, but DNS query blocked:

DMZ      2023-03-29T17:11:33   10.10.50.110:39249   10.10.50.1:53   udp   Default deny / state violation rule   
DMZ      2023-03-29T17:11:33   10.10.50.110:39249   10.10.50.1:53   udp   Default deny / state violation rule   
DMZ      2023-03-29T17:11:28   10.10.50.110:39249   10.10.50.1:53   udp   Default deny / state violation rule   
DMZ      2023-03-29T17:11:28   10.10.50.110:39249   10.10.50.1:53   udp   Default deny / state violation rule   
DMZ      2023-03-29T17:11:23   10.10.50.110:50869   10.10.50.1:53   udp   Default deny / state violation rule   
DMZ      2023-03-29T17:11:23   10.10.50.110:50869   10.10.50.1:53   udp   Default deny / state violation rule   
DMZ      2023-03-29T17:11:19   10.10.50.110:50869   10.10.50.1:53   udp   Default deny / state violation rule   
DMZ      2023-03-29T17:11:19   10.10.50.110:50869   10.10.50.1:53   udp   Default deny / state violation rule

Access outside blocked:

DMZ      2023-03-29T17:13:29   10.10.50.110:58044   151.101.0.81:443   tcp   Default deny / state violation rule   
DMZ      2023-03-29T17:13:25   10.10.50.110:58044   151.101.0.81:443   tcp   Default deny / state violation rule   
DMZ      2023-03-29T17:13:23   10.10.50.110:58044   151.101.0.81:443   tcp   Default deny / state violation rule   
DMZ      2023-03-29T17:13:22   10.10.50.110:58044   151.101.0.81:443   tcp   Default deny / state violation rule

5
23.1 Legacy Series / IPsec tunnels dies after a few hours, but tunnels status is still up on OPNsense
« on: March 27, 2023, 02:24:33 pm »
Started after installing the latest version - 23.1.4 (and still happened after 23.1.4_1).

The two IPsec tunnels were rock stable with the previous versions.

The tunnels status is still up on the OPNsense GUI, but I can't ping or SSH to hosts on the other side.
After around 40 minutes I'm getting these entries in the log:

2023-03-27T13:13:02   Informational   charon   05[ENC] <con3|25> generating CREATE_CHILD_SA request 8 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No KE TSi TSr ]   
2023-03-27T13:13:02   Informational   charon   05[IKE] <con3|25> establishing CHILD_SA con3{57} reqid 3   
2023-03-27T13:13:02   Informational   charon   05[KNL] creating rekey job for CHILD_SA ESP/0xec8f744e/167.xxx.xxx.xxx

and then this:

2023-03-27T13:16:11   Informational   charon   11[IKE] <con2|24> rekeying IKE_SA failed, peer not responding   
2023-03-27T13:16:11   Informational   charon   11[IKE] <con2|24> giving up after 5 retransmits   
2023-03-27T13:15:47   Informational   charon   11[KNL] <con3|25> unable to delete SAD entry with SPI c088053f: No such process (3)   
2023-03-27T13:15:47   Informational   charon   11[IKE] <con3|25> giving up after 5 retransmits

Only restarting the strongswan service solves the problem.

Any ideas?

6
22.1 Legacy Series / Re: Upgrade Path from old 20.1.9 to current version
« on: July 23, 2022, 01:21:28 pm »
Quote from: franco on July 22, 2022, 01:31:31 pm
I'd just export the config.xml and reinstall with a fresh 22.7 which comes out next week and then restore config.

You lose logs and such but unavoidable without extra effort when changing from UFS to ZFS.

On 22.1.10 and waiting for version 22.7 next week.

I'm using the official OPNsense DEC850 appliance. Still on UFS, what's the benefits for me if I'll re-install the new version with ZFS (with some downtime)?

7
Hardware and Performance / Re: Deciso DEC850 - CPU speed goes up only to 1500MHz instead of 3100MHz?
« on: January 31, 2022, 10:53:33 am »
Getting only cpu.0, still nothing higher than 1500:

root@opnsense:~ # sysctl -a dev.cpu | grep 'freq_levels\|freq'

dev.cpu.0.freq_levels: 1500/1425 1400/1260 1200/1050
dev.cpu.0.freq: 1500

8
Hardware and Performance / Re: Deciso DEC850 - CPU speed goes up only to 1500MHz instead of 3100MHz?
« on: January 30, 2022, 09:15:57 pm »
This should have serious effect on the performance, I would expect that the Deciso guys are monitoring this forum.

9
Hardware and Performance / Re: Deciso DEC850 - CPU speed goes up only to 1500MHz instead of 3100MHz?
« on: January 29, 2022, 03:05:06 pm »
Thanks, please post an update when you find something.

10
Hardware and Performance / Deciso DEC850 - CPU speed goes up only to 1500MHz instead of 3100MHz?
« on: January 29, 2022, 12:20:51 pm »
Hi,

I have the Deciso OPNsense DEC850, with the AMD EPYC 3201 CPU, running OPNsense version 22.1 (was the same with versions 21.7.x).
This CPU should run at 1500MHz to 3100MHz frequency, but when running the shell command powerd -v I can see that it's actually never goes above 1500MHz:

Code: [Select]
load  40%, current freq 1500 MHz ( 0), wanted freq 2643 MHz
load  83%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  30%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  56%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  33%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  15%, current freq 1500 MHz ( 0), wanted freq 2906 MHz
load  68%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  51%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load   0%, current freq 1500 MHz ( 0), wanted freq 2906 MHz
load   0%, current freq 1500 MHz ( 0), wanted freq 2815 MHz
load   0%, current freq 1500 MHz ( 0), wanted freq 2727 MHz
load  82%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 129%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load   0%, current freq 1500 MHz ( 0), wanted freq 2906 MHz
load   0%, current freq 1500 MHz ( 0), wanted freq 1486 MHz
load   0%, current freq 1500 MHz ( 0), wanted freq 1439 MHz
load   4%, current freq 1500 MHz ( 0), wanted freq 1394 MHz
changing clock speed from 1500 MHz to 1400 MHz
load   0%, current freq 1400 MHz ( 1), wanted freq 1350 MHz
load   0%, current freq 1400 MHz ( 1), wanted freq 1307 MHz
load   0%, current freq 1400 MHz ( 1), wanted freq 1266 MHz
load  12%, current freq 1400 MHz ( 1), wanted freq 1226 MHz
load   0%, current freq 1400 MHz ( 1), wanted freq 1200 MHz
changing clock speed from 1400 MHz to 1200 MHz
load   0%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   3%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   0%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   3%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   8%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   4%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   5%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   0%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   0%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   6%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load  15%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load 117%, current freq 1200 MHz ( 2), wanted freq 3000 MHz
changing clock speed from 1200 MHz to 1500 MHz
load  57%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  40%, current freq 1500 MHz ( 0), wanted freq 2402 MHz
load 105%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 122%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 100%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 105%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 100%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 104%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  98%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  91%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 104%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 100%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 100%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 100%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 100%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 100%, current freq 1500 MHz ( 0), wanted freq 3000 MHz

I've already tried (in System: Settings: Miscellaneous) to switch the PowerD off and on, and change the settings to Maximum, Minimum, Adaptive And Hiadaptive, but it makes no difference.

It's quite an expensive box, and one would assume that Deciso will make sure OPNsense support all the features of their own hardware...

Any ideas?

11
21.7 Legacy Series / Re: Upgrade to 21.7.5 did not succed completely
« on: November 12, 2021, 01:58:33 pm »
Quote from: franco on November 12, 2021, 10:59:00 am
21.7.5_2 for opnsense-update package only. Check the package listing after the release notes.

Thanks Franco :)

12
21.7 Legacy Series / Re: Upgrade to 21.7.5 did not succed completely
« on: November 12, 2021, 10:48:08 am »
Hi,

Is it supposed to say 21.7.5_2? Because I'm checking the default mirror and all I get is 21.7.5:




Thanks,

Gilad

13
21.7 Legacy Series / 21.7.4: Dashboard error: A problem was detected. Click here for more information
« on: October 29, 2021, 03:23:31 pm »
Hi,

I've upgraded to version 21.7.4 yesterday, and didn't have any problems.
However, today I've noticed this error displayed on the dashboard, and it seems like it a PHP error:

[29-Oct-2021 11:39:15 Europe/London] PHP Warning:  Phalcon\Session\Adapter\Stream::read(/var/lib/php/sessions/sess_be911bfde6d67e18ba8a619c4b5cb3cb): failed to open stream: No such file or directory in /usr/local/opnsense/mvc/app/config/services_api.php on line 73

From /usr/local/opnsense/mvc/app/config/services_api.php:

Code: [Select]
62
63 /**
64  * Start the session the first time some component request the session service
65  */
66 $di->setShared('session', function () {
67     $session = new Manager();
68     $files = new Stream([
69         'savePath' => session_save_path(),
70         'prefix'   => 'sess_',
71     ]);
72     $session->setAdapter($files);
73     $session->start()
74     // Set session response cookie, unfortunalty we need to read the config here to determine if secure option is
75     // a valid choice.
76     $cnf = Config::getInstance();
77     if ((string)$cnf->object()->system->webgui->protocol == 'https') {
78         $secure = true;
79     } else {
80         $secure = false;
81     }
82     setcookie(session_name(), session_id(), null, '/', null, $secure, true);
83
84     return $session;
85 });
86
I thought It's a session/cookie issue, but restarting Google Chrome and even using Firefox doesn't help...


Any ideas?

(I've submitted a crash report)

14
21.7 Legacy Series / Re: Why is custom options for Unbound removed in 21.7 ?
« on: July 15, 2021, 11:16:32 am »
Quote from: allebone on July 15, 2021, 05:19:45 am
From the changelog you posted on the announcement post you wrote:
"Unbound advanced configuration has been removed.  Local override directory /usr/local/etc/unbound.opnsense.d exists."

From this I took this to mean the page in "Services - Unbound DNS - Advanced" is being removed. However in reading the above comments I believe that the only thing being removed is actually "Services - Unbound DNS - general - Custom options" which is quite different.

Oh, I was also under the impressions that the whole section of Services/Unbound DNS/Advanced is being removed... Thanks for the clarification  :D

I think this should be changed in the OPNsense Roadmap, from "advanced" to "custom"...

15
21.1 Legacy Series / Re: Several log entries of "getty[54705]open /dev/ttyUx: No such file or directory"
« on: July 12, 2021, 12:26:53 pm »
Thanks, it worked  :D

Pages: [1] 2
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2