Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - tophattwaffle

Pages1
#1
23.1 Legacy Series / Re: Gateway Group Not Going Back to Tier 1 Gateway
May 31, 2023, 08:20:43 PM
Thanks for that!

Good to know that there already seems to be a fix and this isn't related to my configuration. I'll give development a try and see what happens.
#2
23.1 Legacy Series / Gateway Group Not Going Back to Tier 1 Gateway
May 30, 2023, 11:10:32 PM
Hello!

OPNSense 23.1.8

I have a subnet on my network that should have all traffic sent out a specific IPSec gateway to a remote site. If the IPSec goes down, traffic should be routed out my WAN_DHCP default gateway. A gateway group setup with my IPSec gateway as the Tier 1, my WAN_DHCP gateway as Tier 2. A firewall rule exists to send the traffic from this subnet out this gateway group. The gateway's trigger level is "Member Down".




From a "blank slate" traffic is flowing as expected - out the Tier 1 IPSec gateway. If the IPSec goes down causing the Tier 1 gateway to go down, traffic is routed out my WAN_DHCP gateway as expected. The issue is that when the IPSec comes back, traffic is never routed back over the IPSec - it says on my WAN_DHCP Tier 2 gateway.

The only way I can get it to switch back to my Tier 1 gateway (IPSec) is to go into the Gateway group and click save - no changes - just click save and apply. Traffic then goes back to how it should be.

Clearing states has no impact. I tried enabling/disabling "Sticky connections" with no luck. Any ideas?
#3
23.1 Legacy Series / Re: Shaper works at low bandwidth, but breaks at higher bandwidth
March 01, 2023, 09:34:27 AM
Alright, thanks for the information. I'll have to just give up on this in my situation.
#4
23.1 Legacy Series / Re: Shaper works at low bandwidth, but breaks at higher bandwidth
March 01, 2023, 08:56:35 AM
Quote from: franco on March 01, 2023, 08:32:43 AM
The shaper code in the OS was built in a time where 100 mbit was fast and for all speeds past 100 mbit the timekeeping will be off and increasingly unreliable. You can't even shape over 5 gbps because the variable being held is not able to store this value anymore because it doesn't have enough bits.

I haven't heard that someone wanted to change that.


Cheers,
Franco

If I understand you correctly, this feature is basically not usable for faster links?
#5
23.1 Legacy Series / Shaper works at low bandwidth, but breaks at higher bandwidth
March 01, 2023, 06:34:06 AM
I'm trying to setup upload traffic shaping in OPNsense, but am hitting a strange issue. The goal is to de-prioritize a network compared to another. I've setup the pipe, queues, and rules. I've setup an iperf3 server on a 3rd network to act as a test upload target.

When I have the pipe bandwidth at 50mbps, shaping works as expected. The low priority network gets ~8mbps and the high priority network gets ~40mbps as determined by the 2 queues I have with a weight of 1 for low, and 5 for high. When I set the bandwidth to 100mbps, my actual upload speed, the shaping dies and each host gets ~50mbps.

Bandwidth of 100mbps results in each host getting ~50mbps


Changing the bandwidth from 100 -> 50mbps and hitting apply, the rules start working immediately.



Pipe


Queues



Rules

Pages1