Messages

For me test environment is a big question here.  Why run iperf at router host itself and measure some throughput? Iperf itself is a load for CPU. I think you should use at least 3 physical hosts, to run such performance tests, not just ping-pong among 2 hosts.

Did you resolve this issue?

I suppose your issue is connected to your switch configuration.
I don't know your goals with such network design - ip address on the switch and interconnection between router and switch via network 172.31.255.254 (btw, pay attention 172.31.0.0 is not RFC 1918 and IS REAL address in the internet and assigning it to LAN is a flaw). Perhaps you want to route between VLANs at a L3 switch instead router "for cheaper and faster".

At my point it is more rationale to create 3 VLANs at router and route everything on the router but not the switch.

May be I get you wrong, but at least provide switch configuration as I don't see any possible way to transfer packets from VLAN networks into the router LAN network via switch 1/0/1 port. Switch (depends on model and license) not doing NAT and not intended for this.

I just upgraded to 23.7.7
I was asked to unlock  opnsense package and I did with ssh.

After reboot my root password not working anymore!
I can not login nor via ssh nor via local console.

UPDATE. I could workaround issue by changing root password via Web GUI from another admin account which I have at this system. After changing password I can login with root credentials. This was nice update)

Hi!
My setup:
Opnsense router 23.7.5
Host has multiple Openvpn clients
Mutliple ovpn network interfaces

Having trouble with assignment Openvpn clients to certain network interfaces.
For routing purposes I'd like to assign OpenVPN client Ovpn_cl1 to Network interface vpnNet1 (ovpnc1), but this not working for me.

Maybe anybody has suggestions or is there any "best practice" for such a case?

Hi!
What is your current Opnsense router  configuration?
Did you setup VLANs interfaces, with addressess?
Did you setup firewall rules for VLAN-to-WAN connectivity?
Can you troubleshoot your setup via SSH with tools like tcpdump, traceroute, ping?

What is your planned network load? Is this a Soho setup with NAT\DHCP\DNS only or any other heavy services?

Virtualbox is for sure slow - this is virtualizaion on top of OS, to become fast you need some native "bare metal" hypervisor like Proxmox or KVM on top of some Linux system. You can run some other VMs then.

The problem is not dpinger. Dpinger is a tool that helps you see that your GW goes down. The problem lays somewhere else.

That is why I asked you to try to play with address and interval.
Because for me (I stiil have no idea what is dpinger, since I never dig into it) first problem is with system design where some important automation relies on ping of some foreign single host somewhere in internet.

Hi!
I have no ideas about dping, but did you try change monitoring IP to something else like gateway or remove it completely? Also you can try to increase default probe interval.

This is what I got from ConnectX-3 and FreeBSD-12. 3.2Gbit\sec and no more. And it could hang up Mellanox NIC and only power reset could help. My issues were IB drivers and I could not resolve it, so went for CentOS. On Linux I'v got about 20+ Gbit\sec on the same hardware. It was not NAT , but direct NIC-to-NIC tests. So I see that even today FreeBSD with Mellanox is not a good mix.

Hi!
May be someone can help me to clear details of Bind zone management via GUI.
I'm trying to add secondary zone to Bind DNS with GUI.
There is <Primary IP> form field and it is intended for IP addresses of master DNS server, ok that's good. It manages this variable

Code Select Expand

primaries { 1.2.3.4; };
in file /usr/local/etc/namedb/named.conf

While I'm adding just an IP address into this field everything works great. But when I want to add port it does not work. According to Bind man <primaries> can be list of address with port numbers and other attributes https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-primaries
If I manually change config file its ok, named works with non standard ports, but until I change something via GUI. Then GUI rewrites <primaries> to its values without port number and this breaks things.

So is this ok behavior or should I file bugreport somewhere?