Messages

[For clarification I have now 1.29 Gigabits of routed traffic on the LAN interfaces without only rulesets applied.]

I guess we can resolve this case.

The answer is simple.

"I was an idiots for messing up binary calculations and having 1.29 Gigabits throughput means 10.35 Gigabytes on the LAN interface"

For clarification I have now 1.29 Gigabits of routed traffic on the LAN interfaces without only rulesets applied.

It's very explicit. 8 * 1,2 Gbyte/s = 9,6 Gbit/s

Now your job is to clear up which unit you meant.


Cheers,
Franco

I get 1,2 GByte/s but I don't understand why I shouldn't expect more from a 10Gbit Interface whit no DPI/IPS on that interface.

I am aware of the difference of Gbyte (1000) & Gibyte (1024).

Could you please be more specific?

when I do a iperf3 on the dec750 the cpu is around 20% with 1,8gb of 8gb ram used.
So I don't understand why I don't get more than 1,2GB throughput.

I have 10gb LAN interface with all the trunks and a WAN interface with 1gb.

Can you share more details about your configuration and test procedure? With dpi you mean IDS/IPS? The threat protection throughput is listed at about 1 Gbit/s for the DEC740/750.

Hi, yes I mean IDS/IPS.
But I just configured IDS/IPS only on WAN interface and want to use opnsense as a router with network rules on all LAN interfaces.

So this way I would have 10GB routing speed on LAN interfaces an one on WAN right?

Just bought a DEC750 https://shop.opnsense.com/product/dec750-opnsense-desktop-security-appliance/?attribute_powercord=EU from OPNsenseShop because IT said 10GB Firewalling, I Tried iPerf3 to my firewall and just got 1,2GB trouput despite my server being directly connected to the firewall via fibre optics multimode om4.

Maybe I got some config wrong or is this firewall only handling 10gb without dpi and if so how can I configure it that I have just my ruleset applied to my internal networks and dpi just for outgoing traffic through wan interface?

Thank you in advance!

Hi Franco,

thanks for your answer, but after 1 week away I just got back and could update my opnsense like a charm.

The only thing that's bothering me is that I can't use my business licence since I am now on Version 22.1.1_3.

But I think the newest business version is 21.10.2 so I guess I just have to wait for it.

Have a good one

Connectivity audit please?

I would love to do that but I can't, if I I want to run an audit,  opnsense gets me to the update page and tries to update

If I run an update via cli that's the output:

Code Select Expand

$ sudo pkg update
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:12:amd64/21.7/latest/meta.txz: No route to host
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:12:amd64/21.7/latest/packagesite.txz: No route to host
Unable to update repository OPNsense
Error updating repositories!
Cheers,
Franco

I would love to do that but I can't, if I I want to run an audit,  opnsense gets me to the update page and tries to update

If I run an update via cli that's the output:

Code Select Expand

$ sudo pkg update
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:12:amd64/21.7/latest/meta.txz: No route to host
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:12:amd64/21.7/latest/packagesite.txz: No route to host
Unable to update repository OPNsense
Error updating repositories!

I've been using opnsense for 2 years now, just bought a new DEC750.
I backuped my old OPNsense and applied the config file to the new OPNsense, everything worked fine, some hiccups here and there nothing special, BUT I can't update my OPNsense DEC750.

Code Select Expand

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 21.7.1 (amd64/OpenSSL) at Thu Feb 10 22:53:34 CET 2022Fetching changelog information, please wait... fetch:[color=red][size=14pt] transfer timed out[/size][/color]
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:12:amd64/21.7/latest/meta.txz: No route to host
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:12:amd64/21.7/latest/packagesite.txz: No route to host
Unable to update repository OPNsense
Error updating repositories!
pkg: Repository OPNsense cannot be opened. 'pkg update' required
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***

I disabled the local DNS for the firewall and even inserted "name server 1.1.1.1" to the /etc/resolv.conf
I also have disabled ipv6 on the wan interface.
I can also ping pkg.opnsense.org via ipv4
I am in a bit of a truble because I have to fix this issue before Friday 4pm :(