Messages

Is the speedtest-cli not able to max out the connection, is it single-stream only?
Personally I use speedtest-go (https://github.com/showwin/speedtest-go) and I get about 9.1Gbit out of 10Gbit.

Have your OPNsense web gui open on the Lobby Dashboard

That shows that your OPNsense has resources to spare. The Dashboard does use quite a bit of resources, on a weaker system I wouldn't keep it open while running the test. Or run a test with and without the Dashboard open to see how it compares. Of course it also depends what widgets you have on the Dashboard.

Do you install this on your opnsense box, or run it from another machine on your network?

[netmap]

You have quite some special setup there - for starters, you use netmap (Zenarmor?). Try disabling that.

Also, when you compare the speeds and you could swap re0 and ixl0, your SFP+ cages could do 10 Gbit/s, but may have transceivers that only use or support 1 Gbit/s. There is a speed mismatch and currently your ixl seems to be configured to do pause frames (rxpause, txpause).

A third point that comes to mind are the jumbo frames which may or may not be supported by your transceivers and/or counterparts.

Sometimes, it also helps to select the media explicitely (10Gbase-SR, 10Gbase-Twinax).

Thanks, I like my little setup. Opsense has been awesome for the past two years.

I already tried with Zenarmor disabled; I also tried the speeds after immediately reinstalling opnsense to make sure it wasnt some weird config/plugin I had added.

I know the transceivers for the two desktops are fine (connected to the Omada switch) because they give correct speeds when I use re0 as LAN. I wish I had another SFP+ DAC cable to test if this thing somehow has deteriorated after two years. Are the pause frames something I would have explicitly configured somewhere? I don't recall setting those up.

On the Omada switch I have the default value of 1518 under Jumbo Frames (the field allows even values between the range 1518-9216). I haven't changed the MTU fields under Interfaces in opnsense.

I'll try forcing the speed in opnsense later tonight after everyone else doesn't need the internet.

[ixl0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500]

(please let me know what other info I can provide to help diagnose this issue)

Hardware
Computer: Lenovo M75s Gen 2 Desktop (ThinkCentre) - Type 11R8
Network card: 10Gtek X710-10G-2S-X8
Switch: Omada SG3428X v1.30
Connection between opnsense and modem: CAT8 with transceiver
Connection between opnsense and switch: Active SFP+ DAC, ACC Cable with CDR

Previously posted on Reddit: https://www.reddit.com/r/opnsense/comments/1h14vx0/lan_speeds_are_slower_on_card_sfp_port_compared/

I have a 10gtek card with 2 SFP+ ports (X710-10G-2S-X8). I have been using one port for WAN (CAT 8 with transceiver connected to modem) and the other for LAN (Active SFP+ DAC, ACC Cable with CDR to Omada managed switch). Speedtests have normally been close to my actual connection (1200Mbps/35Mbps) for two years now, no issues.

I noticed in the last month that my speeds were terrible compared to usual, usually ~120/~30. I changed nothing in my opnsense system other than regular opnsense, BIOS and NVM updates. I actually reinstalled opnsense from scratch to test this, but had the same issue. What fixed it: I switched my LAN interface to the regular ethernet interface on the motherboard (named re0) via the opensense command line, rebooted, and my old fast speeds came back.

Any idea on how I can figure out why the old LAN SFP+ port is being slow? Below is my ifconfig -a output.

ixl0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: WAN (wan)
options=4800028<VLAN_MTU,JUMBO_MTU,HWSTATS,MEXTPG>
ether 80:61:5f:14:f7:cf
inet 67.188.154.177 netmask 0xfffff800 broadcast 255.255.255.255
inet6 fe80::8261:5fff:fe14:f7cf%ixl0 prefixlen 64 scopeid 0x1
inet6 2001:558:6045:1f:b861:31fd:dda6:f10f prefixlen 128 pltime 301639 vltime 301639
media: Ethernet autoselect (10Gbase-SR <full-duplex,rxpause,txpause>)
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

ixl1: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: OPT1 (opt1)
options=4900028<VLAN_MTU,JUMBO_MTU,NETMAP,HWSTATS,MEXTPG>
ether 80:61:5f:14:f7:d0
inet 10.1.0.1 netmask 0xffff0000 broadcast 10.1.255.255
inet6 fe80::8261:5fff:fe14:f7d0%ixl1 prefixlen 64 scopeid 0x2
inet6 2601:640:cc00:f321:8261:5fff:fe14:f7d0 prefixlen 64
groups: CommonDNS
media: Ethernet autoselect (10Gbase-Twinax <full-duplex,rxpause,txpause>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

re0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
description: LAN (lan)
options=102008<VLAN_MTU,WOL_MAGIC,NETMAP>
ether 88:ae:dd:12:b4:cd
inet 10.0.0.1 netmask 0xffff0000 broadcast 10.0.255.255
inet6 fe80::8aae:ddff:fe12:b4cd%re0 prefixlen 64 scopeid 0x3
inet6 2601:640:cc00:f320:8aae:ddff:fe12:b4cd prefixlen 64
groups: CommonDNS
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

The solution for B550 chipset and above system is to disable HDA audio in the BIOS to avoid the Kernel panic.

Thanks for this. I got the same advice on reddit. I'm assuming this is a bug FreeBSD needs to fix, and not opnsense?

Hi all,

I have a Lenovo ThinkCentre M75s Small Form Factor Gen 2 Desktop (https://www.lenovo.com/us/en/p/desktops/thinkcentre/m-series-sff/thinkcentre-m75s-gen-2/11tc1mdm75s). After installing opnsense 22.1.2, I'm noticing kernel panics/crashes that happen as follows:
- I boot the system
- Log in
- Choose the prompt to shutdown (5)
- Turn system back on
- Notice the system has hung as a kernel panic/crash and never auto-reboots. Keyboard is also unresponsive at this time.

Here is a picture taken via my phone of the last screen: https://imgur.com/a/0UGkRta. Reboots never cause this issue (option 6). Even after updating the OS, the issue still happens.

For the sake of testing purposes, I installed FreeBSD 13.1 on the same machine, and noticed that a similar weird issue happens. After I invoke "shutdown -p now", when I turn the system back on the OS boots up, then auto-reboots before showing me the login prompt; after this reboot I see the login prompt. This never happens if I invoke the reboot command. There are never any crash logs in the FreeBSD OS location /var/crash.

Any ideas? Let me know if you need more info, and how I can get it for you.

Thanks

Hi,

First of all, I'm really sorry if there is an answer for this somewhere. I've been googling this for an hour, and I am lost between what I think are contradictory answers, and not-so-obvious answers.

I just installed opnsense for the first time, and I want to use Cloudflare's 1.1.1.1/1.0.0.1 DNS servers. This is what I have done, and I'm not sure if this is right:
- Unbound is enabled by default, at Services->Unbound DNS->General
- In the above page, I enabled DNSSEC, register leases, and register static mappings
- I set the desired DNS servers at System->Settings->General->DNS Servers (both for ipv4 and ipv6, Cloudflare)
- I unchecked "Allow DNS server list to be overridden by DHCP/PPP on WAN" in the same page as above

My devices now show my opnsense local IP as their DNS server. I am assuming that Unbound is looking at the Cloudflare DNS settings I made earlier, and using those as its "dns root servers". Am I wrong? How does Unbound decide on which DNS servers to use, especially since I disabled "Allow DNS server list to be overridden by DHCP/PPP on WAN"?

If I am 100% wrong above with my desired outcome, what is the correct way to use Unbound, and also use any custom DNS? In the following post, franco states the term "dns root servers". I really want to understand the priority/how Unbound "knows" what the current root DNS servers are: https://forum.opnsense.org/index.php?topic=6332.msg26951#msg26951.