Messages

I solved it, I rebooted the switch and everything magically started working.  :-\

Thanks for the reply.

I will try tcpdump.

I'm wondering if my switch is blocking the ra packages somehow, A while ago I tried to block my Apple TV from sending bogus ipv6 addresses to the whole network. Apparently it does this due to something called Thread.

But If the switch was the issue, I don't think a restart of radvd would solve the problem.

Hi,

I have an issue on all my clients (a Macbook Pro and a HP laptop with Fedora Linux), I don't get a ipv6 address unless I restart radvd in the opnsense interface.

Wifi or wired doesn't matter.

I have tried both managed(dhcpv6) and unmanaged, same problem.
If I reboot the client computer, I have to restart radvd in opnsense again to get a ipv6 ip.

Opnsense is running ion bare metal with a intel x710 nic(latest firmware)
I'm using the standard settings in radvd.

I have a public /64 assigned to the interface/vlan.
Any idea what I can do to solve it? It's super annoying.

Hi,

I have ipv6 pd from my ISP, a /56.
When I select track interface on a lan interface it gets assigned a eui64 address.
I want it to always assign IPv6-subnet::1 instead.

This can be done by adding ifid 1; in dhcp6c.conf under prefix-interface.

Is there an option for doing this in the web ui? I have solved it temporarily by setting static address instead of track interface, but if my ISP ever changes the prefix I have to change all the addresses manually.
Thanks.

# cat /etc/pve/qemu-server/100.conf
agent: 1,fstrim_cloned_disks=1
bios: ovmf
boot: order=virtio0;ide2
cores: 16
cpu: host
efidisk0: encrypted:100/vm-100-disk-0.qcow2,efitype=4m,size=528K
hostpci0: 0000:07:02.2,pcie=1
ide2: none,media=cdrom
machine: q35
memory: 4096
meta: creation-qemu=8.0.2,ctime=1690644423
name: opnsense
numa: 0
ostype: l26
scsihw: virtio-scsi-single
smbios1: uuid=130669cb-f0ca-46bb-9a6d-9a4ce2844dba
sockets: 1
virtio0: encrypted:100/vm-100-disk-1.qcow2,iothread=1,size=32G
vmgenid: 4130066d-8174-46ff-aa74-15ea23a91901

hostpci0 is a intel x710 sr-iov interface.

OPNsense virtualized?
Post the VM-Settings

Yes, I mean between two different hosts on different subnets, and No I don't initiate the transfer from the fw host or hypervisor.
Since I can max out 10 gbit without going trough the fw, i don't think its a measuring issue.

Highly dependend on how you measure: When you refer to "routing performance", I assume you measured from two different machines on seperate networks,

EDIT:
After seeing my own vm config, I changed the cores to 8 instead of 16 (to get rid of the hyperthreading cores) and increased ram to 8GB.
After that, I got about 500MB/s, so I guess that's in line of what one can expect in a virtualised environment.

Hi,

I have very bad 10 Gbit routing performance in my lan,

On a i9900k, 128 gb ram with Proxmox with a Intel x710, running Opensense with sr-iov I get about 150MB/s(1,5 Gbit)
On a dedicated machine, some Supermicro with a Xeon D-1520, 128gb ram and a integrated intel x540 I get about  103mb/s (1gbit)

I don't run any traffic inspection.

The CPU is idling on both machines when trying to transfer files. The PCI express slot on the NIC gets the full bandwidth on both hosts.

I have tried to enable and disable the nic hardware offloading on both hosts, (makes no difference)
Also tried Vyos, but the performance was about the same.

When changing MTU to 9000 on both the FW and client I get about 190mb/s.

If I try to transfer a big file via smb multichannel within the same subnet from my nas I max out the 10 Gbit interface. (The nas is a different host from the fw)

I understand that I might not get the full 10 gbit routed, but I think I should at least get a better speed than 1.5 Gbit
Any ideas of what I can try?

Ah ok, I need to use get/setItem instead of alias_util.

Hello,

I want to list/update a port alias via the API but I just get this response:

Code Select Expand

# curl -s -k -u x:x https://172.21.0.1/api/firewall/alias_util/list/WEB
{"total":0,"rowCount":-1,"current":1,"rows":[]}

It should return port 80 and 443.

If I try to fetch a ip alias, it works fine:

Code Select Expand

# curl -s -k -u x:x https://172.21.0.1/api/firewall/alias_util/list/WAN_OUTGOING
{"total":8,"rowCount":-1,"current":1,"rows":[{"ip":"10.43.0.0\/24"},{"ip":"10.96.0.0\/24"},{"ip":"172.16.0.0\/16"},{"ip":"172.21.0.0\/23"},{"ip":"172.21.7.0\/24"},{"ip":"172.21.8.0\/24"},{"ip":"172.21.9.0\/24"},{"ip":"172.21.50.0\/23"}]}

Any ideas?

Oh I see, I'll try it! Thanks!

Hello,

Is it possible to add both IPV4 and IPV6 gateways on the same tunnel?
I can add both ipv4 and ipv6 under Tunnel address, but under gateway(have disabled routing) I can only add either the ipv4 gw or the ipv6 gw, not both?

Can this be fixed so its possible to add both gateway addresses? I'm talking about the gateway box in the attached image.

I have solved this by adding 2 tunnels but that's not great because the port forward get different ports on ipv4 and ipv6 from Mullvad if using multiple tunnels.