"
I use a broadcom nic because it is built into my dell r630. as far as i can tell there is no plugin related to the driver i have which is bge. I think it must be included in freebsd by default.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
25.1, 25.4 Series / Re: netmap_transmit error
February 24, 2025, 01:29:19 AM
Are you using hyperscan in intrusion detection?
Also are these packets bypassing intrusion detection when buffer is full? what is the actual reason they are happening? Slow hardware? Bad Settings?
Also are these packets bypassing intrusion detection when buffer is full? what is the actual reason they are happening? Slow hardware? Bad Settings?
#3
25.1, 25.4 Series / netmap_transmit error
February 23, 2025, 03:39:16 AM
I use Intrusion detection both ids/ips on my lan interface bge0.
Under heavy load i get error netmap_transmit bge0 full hwcur 358 hwtail 24 qlen 333.
The three numbers change and usually occur in a sequence of 2.
Is this a bad thing or normal? Also is there certain tunables i can adjust to fix these errors.
I already have tried the dev.netmap.admode and haved tried all options 0 1 2 none seem to have effect other then 1 not allowing intrusion detection to start.
I also did dev.netmap.buf_size and upped it to 8192 instead of 2048 still get error.
This is an 8 core system that is running in a vm on proxmox. I use CPU affinity to dedicate 8 cores to opnsense and i also have vm.numa.disabled set to 0 so it can see the numa nodes since the cores 0-7 span across 2 numa nodes on the host. The network card is passed through and it is a broadcom netextreme.
Just want to know what tunables people are running to fix the issue and allow maximum throughput for opnsense.
I also used net.isr.maxthreads and set it to 8
net.isr.bindthreads and set it to 1
net.inet.rss.enabled and set it to 1
dev.bge.1.msi set to 1
dev.bge.0.msi set to 1
kern.ipc.soacceptqueue and set to 256 over the 128
Under heavy load i get error netmap_transmit bge0 full hwcur 358 hwtail 24 qlen 333.
The three numbers change and usually occur in a sequence of 2.
Is this a bad thing or normal? Also is there certain tunables i can adjust to fix these errors.
I already have tried the dev.netmap.admode and haved tried all options 0 1 2 none seem to have effect other then 1 not allowing intrusion detection to start.
I also did dev.netmap.buf_size and upped it to 8192 instead of 2048 still get error.
This is an 8 core system that is running in a vm on proxmox. I use CPU affinity to dedicate 8 cores to opnsense and i also have vm.numa.disabled set to 0 so it can see the numa nodes since the cores 0-7 span across 2 numa nodes on the host. The network card is passed through and it is a broadcom netextreme.
Just want to know what tunables people are running to fix the issue and allow maximum throughput for opnsense.
I also used net.isr.maxthreads and set it to 8
net.isr.bindthreads and set it to 1
net.inet.rss.enabled and set it to 1
dev.bge.1.msi set to 1
dev.bge.0.msi set to 1
kern.ipc.soacceptqueue and set to 256 over the 128
#4
24.7, 24.10 Series / Re: GUI shows Low Hard drive usage but Plugins failing because there is no space
December 17, 2024, 04:50:46 AM
Nothing is enabled in those options. https://gitea.awptechnologies.co/awptechnologies/OPNsense-Dev/src/branch/main/OPNsense-ramdisk.png
This link is a screenshot.
This link is a screenshot.
#5
24.7, 24.10 Series / Re: GUI shows Low Hard drive usage but Plugins failing because there is no space
December 16, 2024, 06:49:40 PM
I agree after doing df -h i saw the percentage used matches so now I'm wondering why logs and plugins that use data base are showing errors about storage when the system had 40% of space left. Is there some kind of limit set in the OS?
#6
24.7, 24.10 Series / GUI shows Low Hard drive usage but Plugins failing because there is no space
December 16, 2024, 06:44:05 AM
Posted this in issues on github but no response figured i would see if anyone on here has had the same issues!
So it seems that my insight aggregator and ntopng plugins were failing because the system was out of hard drive space. Once i looked into logs i could see that they were telling me that very blatantly. I wanted to make sure so i disabled my ntopng deleted the data directory in /var/db. I also reset netflow data and rrd data. After doing this everything is running again. The part that confuses me is the disk usage on the GUI dashboard showed i was only using 60% of my hard drive. Why would it show this if the hard drive was that full?
To Reproduce
Steps to reproduce the behavior:
Go to GUI dashboard and look at disk usage.
Expected behavior
I would expect the GUI to show the correct disk space usage.
Describe alternatives you considered
Maybe the GUI is not pulling from the right data.
Screenshots
If applicable, add screenshots to help explain your problem.
Relevant log files
If applicable, information from log files supporting your claim.
Additional context
Add any other context about the problem here.
Environment
Software version used and hardware type if relevant, e.g.:
OPNsense 23.7.10_2 (amd64).
FreeBSD 14.1-RELEASE-p6
OpenSSL 3.0.15
Intel(R) Xeon(R) CPU E5-2667 v4 @ 3.20GHz
So it seems that my insight aggregator and ntopng plugins were failing because the system was out of hard drive space. Once i looked into logs i could see that they were telling me that very blatantly. I wanted to make sure so i disabled my ntopng deleted the data directory in /var/db. I also reset netflow data and rrd data. After doing this everything is running again. The part that confuses me is the disk usage on the GUI dashboard showed i was only using 60% of my hard drive. Why would it show this if the hard drive was that full?
To Reproduce
Steps to reproduce the behavior:
Go to GUI dashboard and look at disk usage.
Expected behavior
I would expect the GUI to show the correct disk space usage.
Describe alternatives you considered
Maybe the GUI is not pulling from the right data.
Screenshots
If applicable, add screenshots to help explain your problem.
Relevant log files
If applicable, information from log files supporting your claim.
Additional context
Add any other context about the problem here.
Environment
Software version used and hardware type if relevant, e.g.:
OPNsense 23.7.10_2 (amd64).
FreeBSD 14.1-RELEASE-p6
OpenSSL 3.0.15
Intel(R) Xeon(R) CPU E5-2667 v4 @ 3.20GHz
#7
24.7, 24.10 Series / Re: Automatic Outbound NAT
November 27, 2024, 09:33:30 PM
What do you mean state the gateway below? Below where?
#8
24.7, 24.10 Series / Automatic Outbound NAT
November 27, 2024, 12:39:15 PM
Is it normal that automatic outbound nat rule is not created for a gateway that i configure with a static ip?
I use a hotspot for backup wan and when setting it up with a static ip and static gateway address the automatic nat rules are not created.
As soon as i switch back to dhcp on the interface with a dynamic address on the gateway the outbound nat rules are automatically created.
Is this normal operation?
I use a hotspot for backup wan and when setting it up with a static ip and static gateway address the automatic nat rules are not created.
As soon as i switch back to dhcp on the interface with a dynamic address on the gateway the outbound nat rules are automatically created.
Is this normal operation?
#9
24.7, 24.10 Series / Kernel 24.7.8 Issues
November 11, 2024, 08:13:00 PM
Kernel 24.7.8 still has issues with live logging. Nat rules still aren't showing. I reverted back to 24.7.5 until fix.
#11
24.7, 24.10 Series / Pinning the Kernel
October 27, 2024, 04:16:16 AM
How do i go about pinning the kernel so it doesn't get upgraded? Since the issues with the firewall logs still persist i would like to pin the kernel to 24.7.5 until a new one is released. This way i can do other upgrades without worrying about my firewall logs being broken.
#12
24.7, 24.10 Series / Re: firewall live view borked since update to 24.7.6
October 12, 2024, 05:21:27 AM
Just saw this post i also have this issue. I posted it as well.
#13
24.7, 24.10 Series / In firewall Live View i have a entry that is blank?
October 12, 2024, 05:20:37 AM
Is this normal? I have rules set on the vlan that uses the vpn but no rules set on the actuall nordvpn interface. This is through opnvpn. Screen shot attached.
#14
24.7, 24.10 Series / Re: Wan Switching
October 08, 2024, 05:18:33 AM
I added this script to /usr/local/etc/rc.syshook.d/start
#!/bin/sh
#Config
primary_wan_if="igc0"
backup_wan_if="igc1"
#check if an instance is already running
otherInstance=`ps auxf | grep autoStateKill.sh | grep -v 'grep' | wc -l | tr -d ' '`
if [ ${otherInstance} -gt 2 ]; then exit 0; fi
#Do a sleep of 30 seconds at the beginning, in case script autostarts with the system
sleep 30
#Setup variables
primary_wan_gw_ip=""
backup_wan_gw_ip=""
#Get default gateway
default_gw_if=`netstat -rn | grep default | awk '{print $4}'`
default_gw_if_old=${default_gw_if}
#Inform the logging system
logger "AutoStateKill-Script: Started, default gateway is ${default_gw_if}"
#Main loop
while true; do
#get current default gateway
default_gw_if=`netstat -rn | grep default | awk '{print $4}'`
default_gw_ip=`netstat -rn | grep default | awk '{print $2}'`
case ${default_gw_if} in
"${primary_wan_if}") #primary wan interface is default gateway
primary_wan_gw_ip=${default_gw_ip};
if [ "${default_gw_if_old}" == "${backup_wan_if}" ] && [ "${backup_wan_gw_ip}" != "" ]; then #primary is up again, kill the states of the backup wan
killedStates=`/sbin/pfctl -k gateway -k ${backup_wan_gw_ip} 2> /dev/stdout`
logger "AutoStateKill-Script: ${default_gw_if} is now the default gateway, killing states of old gateway ip ${backup_wan_gw_ip}... ${killedStates}"
fi
default_gw_if_old=${default_gw_if}
;;
"${backup_wan_if}") #backup wan interface is default gateway
backup_wan_gw_ip=${default_gw_ip};
if [ "${default_gw_if_old}" == "${primary_wan_if}" ] && [ "${primary_wan_gw_ip}" != "" ]; then #backup is up again, kill the states of the primary wan
killedStates=`/sbin/pfctl -k gateway -k ${primary_wan_gw_ip} 2> /dev/stdout`
logger "AutoStateKill-Script: ${default_gw_if} is now the default gateway, killing states of old gateway ip ${primary_wan_gw_ip}... ${killedStates}"
fi
default_gw_if_old=${default_gw_if}
;;
esac
#Sleep for 1minute and check again
sleep 60
done
What do you think about this method. It seems to work good as soon as i switch back to my main wan all states are wipped off the backup.
I use ntopng so i can see it happen in real time.
#!/bin/sh
#Config
primary_wan_if="igc0"
backup_wan_if="igc1"
#check if an instance is already running
otherInstance=`ps auxf | grep autoStateKill.sh | grep -v 'grep' | wc -l | tr -d ' '`
if [ ${otherInstance} -gt 2 ]; then exit 0; fi
#Do a sleep of 30 seconds at the beginning, in case script autostarts with the system
sleep 30
#Setup variables
primary_wan_gw_ip=""
backup_wan_gw_ip=""
#Get default gateway
default_gw_if=`netstat -rn | grep default | awk '{print $4}'`
default_gw_if_old=${default_gw_if}
#Inform the logging system
logger "AutoStateKill-Script: Started, default gateway is ${default_gw_if}"
#Main loop
while true; do
#get current default gateway
default_gw_if=`netstat -rn | grep default | awk '{print $4}'`
default_gw_ip=`netstat -rn | grep default | awk '{print $2}'`
case ${default_gw_if} in
"${primary_wan_if}") #primary wan interface is default gateway
primary_wan_gw_ip=${default_gw_ip};
if [ "${default_gw_if_old}" == "${backup_wan_if}" ] && [ "${backup_wan_gw_ip}" != "" ]; then #primary is up again, kill the states of the backup wan
killedStates=`/sbin/pfctl -k gateway -k ${backup_wan_gw_ip} 2> /dev/stdout`
logger "AutoStateKill-Script: ${default_gw_if} is now the default gateway, killing states of old gateway ip ${backup_wan_gw_ip}... ${killedStates}"
fi
default_gw_if_old=${default_gw_if}
;;
"${backup_wan_if}") #backup wan interface is default gateway
backup_wan_gw_ip=${default_gw_ip};
if [ "${default_gw_if_old}" == "${primary_wan_if}" ] && [ "${primary_wan_gw_ip}" != "" ]; then #backup is up again, kill the states of the primary wan
killedStates=`/sbin/pfctl -k gateway -k ${primary_wan_gw_ip} 2> /dev/stdout`
logger "AutoStateKill-Script: ${default_gw_if} is now the default gateway, killing states of old gateway ip ${primary_wan_gw_ip}... ${killedStates}"
fi
default_gw_if_old=${default_gw_if}
;;
esac
#Sleep for 1minute and check again
sleep 60
done
What do you think about this method. It seems to work good as soon as i switch back to my main wan all states are wipped off the backup.
I use ntopng so i can see it happen in real time.
#15
24.7, 24.10 Series / Wan Switching
October 07, 2024, 08:25:38 AM
Right now when my main wan goes down the backup kicks in. This works great. I was wondering how to ensure all connections close on backup wan and move back to main wan. Right now some connections still stay active on backup wan. This normally wouldn't be an issue but since my backup wan is a cellular hotspot with a limited amount of data it is. I need all connections on backup to close as soon as the main wan comes back up so i dont waste data.
