Messages

[Update:]

I turned SMTEN on in the bios for the Dec850. Seems like it might be improving performance of Suricata. Hope we get support for that driver update soon. Some speed tests have been coming in 200 Mb/s faster since I've turned it on. I also have various tuneables turned on. But, the issue started showing up after turning on multithreading. I know this cpu only has 8 threads, and not 16 with multi-threading. But, does that setting still do something for Epyc 302s?

I have to manually assign my ip, and either reboot the firewall or restart Kea to get dhcp up. Networking works out of the router, but my devices are not getting assigned after every reboot. Could this be a bug?

Update: Looks like it was from setting dev.igb.<x>.fc=0. I'd assume other settings from here would have a similar impact. Either that or disabling powerd did it. I was able to get higher speeds intermittently, but those settings were not stable. Gateways kept going down, and download speeds would be 600 Mb/s for awhile, before suddenly dropping to 150 Mb/s. Still have SMT turned on and have not noticed any issues.

I tried your solution, but get the error message "This Gateway IP address already exists."

So, my network is starting to get more complex requiring multiple switches to hook all of my devices up. I'm starting to move away from having devices connected directly into my Dec850. For subnets I don't want leaking would I just toss them all on one switch, and configure the firewall rules for that switch to use external DNS servers?

To make sure nothing leaks, while still using a local resolver it sounds like my network could get quite complicated. Eventually, I'm probably going to move away from a VPN, and rent a VPS to run my wireguard servers. The only problem is if i need to change the country I come out of it could get quite expensive.

It's the gateway I setup for Wireguard on the Wireguard interface for my instance of Wireguard.

I believe I'm being impacted by the bug mentioned here. Trying to figure out if there is a workaround.

Solutions are mentioned here for DNS leaks from a local Unbound instance. I'm trying solution #1. Shouldn't setting Unbound's Outgoing Network Interface to the Wireguard interface accomplish that?

Got OpenVPN working, and the same behavior persists. There's really no way to setup a VPN tunnel (Maybe, using the ip address of the remote server) and have unbound go out through it for all of the DNS records?

Unbound has been leaking my DNS and think it is causing some reliability issues with which Gateway I go out on too. There's also the added concern of potential censorship on social media.

What I basically setup was for my firewall to use Unbound for most DNS queries, and for Unbound to forward a few queries to DNSMasq for the few sites I want going out over another Gateway. Redirecting all queries to Unbound is what's causing my DNS to leak. It did not leak, prior to redirecting all DNS queries to my local resolver.

If I bind the Outgoing Network Interface to only listen to WAN_Wireguard the internet completely breaks for me. If I bind it to WAN only everything works fine. I tried setting up a static route that connects to my VPN endpoint address and that did not work. How can I get this working?

I've tried setting up a URL Table in JSON format for Spamhaus's blocklist using Path expressions. However, I cannot find any expression that can successfully parse it. The JSON validators I've checked claim it is invalid JSON. However, jq can still successfully parse the list. Is this a situation that's kind of like YAML, where it's possible to write valid YAML no parser can interpret? Is this a valid JSON file?

I have a wireguard gateway, which I use as the default route for my traffic. I also have a second gateway I send traffic through that does not play nice with VPNs. This setup works perfectly fine. The problem is my gigabit internet gets cut in half. It definitely has more to do with IPS / IDS than my VPN. However, I'm trying to see if I can gain some performance back by sending my traffic out over multiple endpoints. Maybe, 100 Mbps max.

I have two endpoints setup currently, and they connect to the internet fine. However, the second one does not show an IP address, and I do not believe any traffic is getting sent out. In the widget, The first shows 44.71 MB down, and 7.93 MB up, while second shows 552 B down and 1.94 KB up. I have 0.0.0.0/0 set as the ip. Do I just need to assign random ips to both of the endpoints for this to work?

Would this even work with a gateway? I can't enable routes on this Wireguard instance. In otherwords how would I balance loads across both Wireguard endpoints?

I think this might be a bug in OPNsense on the older DEC850. I reset to factory defaults, copied my settings to a VM, manually entered them, shut down the VM, and restarted the DEC850. Over time my performance degrades from 250 MB to 950 MB down to 30 MB, and stays there unless I factory reset, and power cycle the modem and firewall. I'm going to venture a guess it has something to do with a setting being left over from an older version release.

I'm going to pick up a cheap laptop to confirm it's not my modem doing this.

I was installing an old image. The latest version works fine.

I'm trying to figure out why my firewall's performance degrades with the latest version. So, I'm setting up a virtualbox VM to manually transfer settings. I have a feeling my old config had some rogue setting that's not playing well with the newest version. But, I can't get the installer to load successfully in a VBox environment.

I keep getting an ld-elf invalid file format error. I'm using the dvd installer. Anyone know what might be going on?

https://imgur.com/a/opnsense-vbox-1P7bWFw

Yeah, I'm looking into it from a factory reset. Factory reset brought me back to 800 Mbps out of 1 gigabit.

I know the system since I've been running it for awhile. I probably had some configuration that was not applied properly during an update.

-------

Saving config, factory reset, restore config, and then reboot fixed the issue. I'm able to get 250 Mbps to 500 Mbps immediately.

--------

I tried another fresh install and it looks like the problem is caused by turning Surricata on. I probably need to remove some rules. I have a ET open/bottcc.portgrouped and all of the ET telemetry rules installed. Happen to know which I should get rid of?

Does Zenarmor have better performance as an IPS?

I know which features typically cause slowdown so I disabled them. I think this is a bug in OPNSense. The connection will be fine if I connect directly through the modem.

I already made sure the issue is not my modem by getting my ISP to reset from their end. I also shut off the modem and firewall, and then restarted them. I tried turning off IPS and IDS, and turning off my VPN. Even though, I've taken out those potential bottenecks I'm still getting download speeds of only 20 Mbps, when I should have gigabit. I do have a bunch of tunables turned on that increased my throughput back on 24.1. I'm on  24.7.10_2.

Have any idea what might be causing my issues? Anyone experiencing slow speeds even after a reset?

Yeah, I have to work on filtering alerts from Monit. I'm getting spammed by security researchers checking for vulnerabilities.

Currently, I just have

Code Select Expand

content = "blocked" for my Surricata service tests. Is it possible to drop a file path in the Monit Service Tests Settings. I'm probably going to have to filter out a ton of junk.

Would

Code Select Expand

content = "blocked" && ((content = "<test signature>" && content != "<ip address>") || /* more false positives */ ) be the right way to filter?

My intrusion detection keeps picking up a security company spamming my ports to check for vulnerable VOIP ports. I do not use VOIP, and monit keeps spamming my email with alerts over it. To silence it do I want to reject or block connections on that port? What's the difference between the two?