Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - gafrol

Pages1

24.7, 24.10 Production Series / Re: Duplicate Echo Reply Received

October 07, 2024, 10:44:07 PM

I am seeing the same messages from my dual WAN setup.

2024-10-07T22:36:00   Warning   dpinger   WAN2_DHCP 8.8.4.4: duplicate echo reply received
2024-10-07T21:16:09   Warning   dpinger   WAN2_DHCP 8.8.4.4: duplicate echo reply received
2024-10-07T21:02:47   Warning   dpinger   WAN2_DHCP 8.8.4.4: duplicate echo reply received
2024-10-07T18:33:54   Warning   dpinger   WAN2_DHCP 8.8.4.4: duplicate echo reply received

General Discussion / High latency pinging the Opnsense LAN interface

November 08, 2023, 09:52:10 PM

Still observing random high latency pinging the Opnsense LAN interface 192.168.1.1 From the same PC I am pinging two other internal IP's 192.168.1.2 and 192.168.1.192 with no latency issues.
This is really annoying because my latency-sensitive voice applications (internet-based) don't like it.

General Discussion / Re: High Latency - every 8 hours

November 08, 2023, 08:05:35 AM

When switching off REPORTING: NETFLOW the observed high-latency disappears.

General Discussion / Re: High Latency - every 8 hours

November 07, 2023, 03:15:39 PM

in /var/log/system/latest.log I see these log entries every time this happens.

<13>1 2023-11-07T04:01:09+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum dst_port_000300.sqlite
<13>1 2023-11-07T04:01:09+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum dst_port_003600.sqlite
<13>1 2023-11-07T04:01:09+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum dst_port_086400.sqlite
<13>1 2023-11-07T04:05:20+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum src_addr_details_086400.sqlite
<13>1 2023-11-07T04:08:13+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum src_addr_000300.sqlite
<13>1 2023-11-07T04:08:13+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum src_addr_003600.sqlite
<13>1 2023-11-07T04:08:13+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum src_addr_086400.sqlite
<13>1 2023-11-07T04:09:29+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum interface_000030.sqlite
<13>1 2023-11-07T04:09:30+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum interface_000300.sqlite
<13>1 2023-11-07T04:09:31+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum interface_003600.sqlite
<13>1 2023-11-07T04:09:31+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="4"] vacuum interface_086400.sqlite
<13>1 2023-11-07T04:09:31+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="5"] vacuum done

<13>1 2023-11-07T12:01:48+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum dst_port_000300.sqlite
<13>1 2023-11-07T12:01:48+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum dst_port_003600.sqlite
<13>1 2023-11-07T12:01:48+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum dst_port_086400.sqlite
<13>1 2023-11-07T12:05:56+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum src_addr_details_086400.sqlite
<13>1 2023-11-07T12:08:17+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum src_addr_000300.sqlite
<13>1 2023-11-07T12:08:17+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum src_addr_003600.sqlite
<13>1 2023-11-07T12:08:17+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum src_addr_086400.sqlite
<13>1 2023-11-07T12:09:24+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum interface_000030.sqlite
<13>1 2023-11-07T12:09:25+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum interface_000300.sqlite
<13>1 2023-11-07T12:09:26+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum interface_003600.sqlite
<13>1 2023-11-07T12:09:26+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="4"] vacuum interface_086400.sqlite
<13>1 2023-11-07T12:09:26+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="5"] vacuum done

Has this something to do with reporting?

General Discussion / High Latency - every 8 hours

November 07, 2023, 03:01:07 PM

I am observing high-latency pings to the local wired Interface of the Opnsense firewall from the LAN. Starting at 4 am (CET) latency climbs to 2500 for about 2-3 minutes, repeating every 8 hours.

I can replicate the issue on every interface. For troubleshooting purposes, I have configured a new interface put a Windows machine in the newly configured Network, and connected it with an ethernet cable directly to the Opnsense firewall, with no switch in between. Just the Win PC -- ethernet cable - Opnsense. I don't see any interface errors or collisions in the statistics.

Again the issue repeats every 8 hours, starting at 4am. Trying to understand what is causing this behavior.

General Discussion / Re: DNS weirdness - Unbound DNS

October 31, 2023, 04:55:40 PM

Nope, wrong direction. Zenarmor was the problem. Zenarmor -> servers.rmnoise.com -> parked domain, returns 100.64.3.4. Now fixed

General Discussion / Re: DNS weirdness - Unbound DNS

October 31, 2023, 04:27:25 PM

The FW gets the correct IP's

16:23:46.614491 IP 84-73-XXX-XXX.dclient.hispeed.ch.48804 > dns.google.domain: 61194+ [1au] A? servers.rmnoise.com. (48)
16:23:46.633358 IP dns.google.domain > 84-73-XXX-XXX.dclient.hispeed.ch.48804: 61194 2/0/1 A 174.170.161.132, A 184.80.221.105 (80)

General Discussion / Re: DNS weirdness - Unbound DNS

October 31, 2023, 03:56:42 PM

No overrides configured

General Discussion / DNS weirdness - Unbound DNS

October 31, 2023, 03:13:04 PM

I am puzzled. A DNS request for servers.rmnoise.com returns IP address 100.64.3.4 while the real IP addresses are 184.80.221.105 AND 174.170.161.132. 192.168.1.1 is my Opnsense FW. Here is a Wireshark capture.

I don't have any DNS issues at all besides the one with servers.rmnoise.com.
Any ideas?

#10

Web Proxy Filtering and Caching / Re: Prevent download of password protected ZIP

December 04, 2022, 01:18:29 AM

Apparently this is not possible which is a bit concerning as this attack vector is quite common.

#11

Web Proxy Filtering and Caching / Prevent download of password protected ZIP

November 24, 2022, 03:06:43 PM

Is this somehow possible ?

Thanks

Pages1