Messages

1

23.1 Legacy Series / Re: Gateway Group Not Going Back to Tier 1 Gateway

« on: May 31, 2023, 08:20:43 pm »

Thanks for that!

Good to know that there already seems to be a fix and this isn't related to my configuration. I'll give development a try and see what happens.

2

23.1 Legacy Series / Gateway Group Not Going Back to Tier 1 Gateway

« on: May 30, 2023, 11:10:32 pm »

Hello!

OPNSense 23.1.8

I have a subnet on my network that should have all traffic sent out a specific IPSec gateway to a remote site. If the IPSec goes down, traffic should be routed out my WAN_DHCP default gateway. A gateway group setup with my IPSec gateway as the Tier 1, my WAN_DHCP gateway as Tier 2. A firewall rule exists to send the traffic from this subnet out this gateway group. The gateway's trigger level is "Member Down".




From a "blank slate" traffic is flowing as expected - out the Tier 1 IPSec gateway. If the IPSec goes down causing the Tier 1 gateway to go down, traffic is routed out my WAN_DHCP gateway as expected. The issue is that when the IPSec comes back, traffic is never routed back over the IPSec - it says on my WAN_DHCP Tier 2 gateway.

The only way I can get it to switch back to my Tier 1 gateway (IPSec) is to go into the Gateway group and click save - no changes - just click save and apply. Traffic then goes back to how it should be.

Clearing states has no impact. I tried enabling/disabling "Sticky connections" with no luck. Any ideas?

3

23.1 Legacy Series / Re: Shaper works at low bandwidth, but breaks at higher bandwidth

« on: March 01, 2023, 09:34:27 am »

Alright, thanks for the information. I'll have to just give up on this in my situation.

4

23.1 Legacy Series / Re: Shaper works at low bandwidth, but breaks at higher bandwidth

« on: March 01, 2023, 08:56:35 am »

The shaper code in the OS was built in a time where 100 mbit was fast and for all speeds past 100 mbit the timekeeping will be off and increasingly unreliable. You can't even shape over 5 gbps because the variable being held is not able to store this value anymore because it doesn't have enough bits.

I haven't heard that someone wanted to change that.


Cheers,
Franco

If I understand you correctly, this feature is basically not usable for faster links?

5

23.1 Legacy Series / Shaper works at low bandwidth, but breaks at higher bandwidth

« on: March 01, 2023, 06:34:06 am »

I'm trying to setup upload traffic shaping in OPNsense, but am hitting a strange issue. The goal is to de-prioritize a network compared to another. I've setup the pipe, queues, and rules. I've setup an iperf3 server on a 3rd network to act as a test upload target.

When I have the pipe bandwidth at 50mbps, shaping works as expected. The low priority network gets ~8mbps and the high priority network gets ~40mbps as determined by the 2 queues I have with a weight of 1 for low, and 5 for high. When I set the bandwidth to 100mbps, my actual upload speed, the shaping dies and each host gets ~50mbps.

Bandwidth of 100mbps results in each host getting ~50mbps


Changing the bandwidth from 100 -> 50mbps and hitting apply, the rules start working immediately.



Pipe


Queues



Rules