Messages

Thank you for reaching back will try this tonight and see what is says.

Im not 100% but all the research i have found shows configctl template reload OPNsense.Unbound as a valid command but every time i run it i get ERR. Can someone verify if this is the correct command and if not point me in the right direction.

The command configctl unbound check shows no errors. Wanted to add this just incase it helps.

I use a broadcom nic because it is built into my dell r630. as far as i can tell there is no plugin related to the driver i have which is bge. I think it must be included in freebsd by default.

Are you using hyperscan in intrusion detection?

Also are these packets bypassing intrusion detection when buffer is full? what is the actual reason they are happening? Slow hardware? Bad Settings?

I use Intrusion detection both ids/ips on my lan interface bge0.

Under heavy load i get error netmap_transmit bge0 full hwcur 358 hwtail 24 qlen 333.

The three numbers change and usually occur in a sequence of 2.


Is this a bad thing or normal? Also is there certain tunables i can adjust to fix these errors.
I already have tried the dev.netmap.admode and haved tried all options 0 1 2 none seem to have effect other then 1 not allowing intrusion detection to start.
I also did dev.netmap.buf_size and upped it to 8192 instead of 2048 still get error.

This is an 8 core system that is running in a vm on proxmox. I use CPU affinity to dedicate 8 cores to opnsense and i also have vm.numa.disabled set to 0 so it can see the numa nodes since the cores 0-7 span across 2 numa nodes on the host. The network card is passed through and it is a broadcom netextreme.

Just want to know what tunables people are running to fix the issue and allow maximum throughput for opnsense.

I also used net.isr.maxthreads and set it to 8
net.isr.bindthreads and set it to 1
net.inet.rss.enabled and set it to 1
dev.bge.1.msi set to 1
dev.bge.0.msi set to 1
kern.ipc.soacceptqueue and set to 256 over the 128

Nothing is enabled in those options. https://gitea.awptechnologies.co/awptechnologies/OPNsense-Dev/src/branch/main/OPNsense-ramdisk.png

This link is a screenshot.

I agree after doing df -h i saw the percentage used matches so now I'm wondering why logs and plugins that use data base are showing errors about storage when the system had 40% of space left. Is there some kind of limit set in the OS?

Posted this in issues on github but no response figured i would see if anyone on here has had the same issues!

So it seems that my insight aggregator and ntopng plugins were failing because the system was out of hard drive space. Once i looked into logs i could see that they were telling me that very blatantly. I wanted to make sure so i disabled my ntopng deleted the data directory in /var/db. I also reset netflow data and rrd data. After doing this everything is running again. The part that confuses me is the disk usage on the GUI dashboard showed i was only using 60% of my hard drive. Why would it show this if the hard drive was that full?

To Reproduce

Steps to reproduce the behavior:

    Go to GUI dashboard and look at disk usage.

Expected behavior

I would expect the GUI to show the correct disk space usage.

Describe alternatives you considered

Maybe the GUI is not pulling from the right data.

Screenshots

If applicable, add screenshots to help explain your problem.

Relevant log files

If applicable, information from log files supporting your claim.

Additional context

Add any other context about the problem here.

Environment

Software version used and hardware type if relevant, e.g.:

OPNsense 23.7.10_2 (amd64).
FreeBSD 14.1-RELEASE-p6
OpenSSL 3.0.15
Intel(R) Xeon(R) CPU E5-2667 v4 @ 3.20GHz

What do you mean state the gateway below? Below where?

Is it normal that automatic outbound nat rule is not created for a gateway that i configure with a static ip?

I use a hotspot for backup wan and when setting it up with a static ip and static gateway address the automatic nat rules are not created.

As soon as i switch back to dhcp on the interface with a dynamic address on the gateway the outbound nat rules are automatically created.

Is this normal operation?

Kernel 24.7.8 still has issues with live logging. Nat rules still aren't showing. I reverted back to 24.7.5 until fix.

Thank you

How do i go about pinning the kernel so it doesn't get upgraded? Since the issues with the firewall logs still persist i would like to pin the kernel to 24.7.5 until a new one is released. This way i can do other upgrades without worrying about my firewall logs being broken.

Just saw this post i also have this issue. I posted it as well.

Is this normal? I have rules set on the vlan that uses the vpn but no rules set on the actuall nordvpn interface. This is through opnvpn. Screen shot attached.