Messages

1

24.7 Production Series / Re: Protectli FW2B Upload Speeds Slow

« on: November 11, 2024, 07:58:00 pm »

How are you connecting to the service provider?

Do you have FTTH which terminates in an ONT?

2

24.7 Production Series / Re: Protectli FW2B Upload Speeds Slow

« on: November 11, 2024, 03:37:45 pm »

No, the vendor did not give a reason why switching the ports should help.

I'm happy to report though that after going through the upgrade iterations to 24.7.8 I am fully updated and still testing 930 Mbps UP/DOWN for WAN now.

It is definitely not an OPNSense or FreeBSD issue as the same occurs with Linux firewall variants.

Very strange indeed, just happy that I'm in a good configuration now.

The FW2B has been a workhorse through the years and has served my home gateway needs superbly.

May consider a modest upgrade to their V1210 now which is at a sweet price point of $199.

3

24.7 Production Series / Re: Few Rookie Questions

« on: November 11, 2024, 01:54:48 am »

So I can help with the first two questions, the others are beyond the scope of my current knowledge.

For question #1:

Did you add the new user login account to the admins group? If so, you should have all the permissions that root did.

When you say you have no available logins to the device I assume you mean SSH logins.

For SSH logins to work you need to activate a shell under the user preferences (change the setting from /sbin/nologin to /bin/csh).

Also, for SSH to work, you need to go to System --> Settings --> Administration and put a check in "Enable Secure Shell". The login groups I choose are "wheel, admins" and then you need to check "Permit password login" if you're not going to place a public certificate in the user settings.

Lastly under Sudo I select "Ask password" so that I can sudo su if need be for full root privileges.

With all that done you should have SSH access to the box with the new user (and keeping root disabled).

For question #2:

If you are having consistent BIOS updates then I presume you are running a newer processor and/or motherboard chipset. With this in mind, I would recommend that you do run the Intel microcode plugin as the BIOS updates may not incorporate all the enhancements that the plugin does.

I do not have a HA setup and while I understand VLANS I am barely literate with firewall rules so I'll let others chime in there.

4

24.7 Production Series / Re: Protectli FW2B Upload Speeds Slow

« on: November 11, 2024, 12:00:14 am »

So my connection is not PPPoE (I connect DHCP to the ISP ONT).

I did go down a rabbit hole last night by installing VyOS on the FW2B.

The issue persists even with that Debian-based firewall (and what a nightmare to setup!)

So I now have OPNSense 23.7 installed with the interfaces swapped (so igb0 is LAN & igb1 is WAN) and the speeds are both 930 Mbps.

Tonight once the family goes to bed I will begin the upgrade iterations and see if it stays good with the interfaces swapped.

What does that tell us if swapping the interfaces fixes the issue?

Why would that even be a thing?

5

24.7 Production Series / Re: Protectli FW2B Upload Speeds Slow

« on: November 09, 2024, 07:14:50 pm »

I also heard back from Protectli support which suggested I swap the interfaces in the OPNsense console (Option #1).

This sounds encouraging as that is the configuration it lands on by default using Sohos Home Firewall.

6

24.7 Production Series / Re: Protectli FW2B Upload Speeds Slow

« on: November 09, 2024, 07:09:28 pm »

Thanks for the info...looks like 24.7.8 included the intel4 kernel but there is now an intel6 which I may try:

Code: [Select]

# opnsense-update -zkr 24.7.8-intel6

7

24.7 Production Series / Re: Protectli FW2B Upload Speeds Slow

« on: November 09, 2024, 03:43:13 am »

So I loaded an old version of OPNSense on the LattePanda Sigma and then started updating and testing between updates with interesting results:

23.7 - UP/DOWN > 900 Mbps
23.7.12_5 - UP/DOWN > 900 Mbps
24.1.5_3 - UP/DOWN > 900 Mbps
24.1.10_8 - UP/DOWN > 900 Mbps
24.7.1 - UP/DOWN > 900 Mbps
24.7.8 - UP/DOWN ~ 600 Mbps

So there is definitely some regression going on with the 24.7.8 update in regards to the interface drivers.

I'll keep testing it to see if the upload slows back down on 24.7.8 but so far it has not been capped at 30 Mbps like before yet.

8

24.7 Production Series / Re: Protectli FW2B Upload Speeds Slow

« on: November 08, 2024, 08:38:30 pm »

@Drunkenfetus do you possibly have an Adtran ONT as well?

9

24.7 Production Series / Re: Protectli FW2B Upload Speeds Slow

« on: November 08, 2024, 08:32:54 pm »

I have not tried an older version but may eventually.
Still, I would not consider that a valid fix as I do not like running older versions for security reasons.
I did notice that with Sophos Firewall the interfaces are swapped (igb0 is LAN, igb1 is WAN) so I may reinstall OPNSense and assign the interfaces similar to Sophos.
Not sure why that would make a difference but it's the only thing I haven't tried yet.

10

24.7 Production Series / Re: Protectli FW2B Upload Speeds Slow

« on: November 08, 2024, 08:14:43 pm »

I thought the same thing but when I switched to the LattePanda Sigma hardware I assumed the problem would not follow but it did.

11

24.7 Production Series / Protectli FW2B Upload Speeds Slow

« on: November 08, 2024, 08:05:24 pm »

So I recently got FTTH from Kinetic Windstream and have symmetric 1Gbps service.
The issue I am running into is that the upload appears to be capped at 30Mbps.
Download speeds are fine at 930 Mbps.
The service is terminated in the home with an Adtran SDX 601q GPON ONT with a 2.5 GbE interface which feeds the WAN input on the FW2B.
I can get full 930 Mbps up and down directly connected with a laptop to the ONT.
I re-installed OPNSense from scratch and still slow uploads.
In desperation I installed pfSense and it had the exact same issue.
Finally, I installed Sophos Firewall on the FW2B and it worked as expected (full up and down speeds).
What am I missing here?
There is no special requirement by this ISP for this fiber service that I am aware of.
I also tried both OPNSense and pfSense on my LattePanda Sigma which has 2.5 GbE interfaces to match the ONT but it also has slow upload speed.
The only common thread I can discern is OPNSense/pfSense are based on FreeBSD versus Suse Linux for Sophos Firewall.
Settings for the WAN port are the same in Sophos as well as OPNSense/pfSense.
I've used this setup in my previous home with fiber and never experienced this slow upload.
The ISP will not help because the issue is only there with my equipment.
I really want to get OPNSense back on the box as Sophos just feels dirty.
Thanks in advance for any suggestions.
Wally

12

24.7 Production Series / Re: have you updated your os-cpu-microcode for your select processor?

« on: September 16, 2024, 12:09:18 am »

Yes, working fine on Protectli FW2B with Intel Celeron J3060.

13

24.7 Production Series / Re: Dashboard not showing correct WAN public IP address using PPPOE

« on: August 17, 2024, 01:37:57 am »

So while I figured this was an issue for me as well it turns out it may just be a misunderstanding.

The default widget showing the WAN interface is called Gateways.

What I needed to see my ISP supplied public address was the Interfaces widget.

Once I loaded that widget it showed the proper WAN address on my PPPoE connection.

That raises the question on choice of default widgets...doesn't interfaces seem more appropriate for most users than Gateways?

14

24.7 Production Series / Re: Web access to OPNSense

« on: August 02, 2024, 05:22:53 am »

So doing this if you don't know what you're doing is asking for trouble.

I have access to it via WireGuard and keep my dynamic IP updated with no-ip via os-ddclient (Custom Service: DynDNS 2).

There is currently a bug in OPNSense 24.7 that does not show the PPPOE public WAN IP address properly but Google can help with finding that (and the bug does not affect DDNS which still detects the proper public WAN IP).

Also, I have TOTP setup for login to the web interface.

If you setup WireGuard properly there are no additional firewall rules needed to allow web interface access (besides the single WireGuard port).

And for the love of God please delete the rule you've applied to the firewall to allow port 80 access from the WAN (if you don't know why this is an issue please consider another product - perhaps FireWalla)!

15

24.7 Production Series / Re: Dashboard not showing correct WAN public IP address using PPPOE

« on: August 01, 2024, 07:46:15 pm »

Been using OPNSense for years and can confirm that I too have the same issue which appeared with the upgrade to 24.7.

Thankfully it is only a nuisance and does not appear to break DDNS (the actual public WAN IP is still picked up by os-ddclient).

I will be on the road today and test that my WireGuard connection is not affected (but since DDNS is reporting properly I suspect no issues).

Update: This does not affect my WireGuard road warrior setup thank goodness.