Messages

oh snap, one client had jumbo frames enabled among other things. After a driver reset all is well.

Still no luck on this...  Copying a large file locks up the firewall.  I'm looking into a potential problem with SMB as everything else seems to work great.  I was previously able to copy large files to the NAS before I started using  Opensense and a new NIC.

Thanks,

It looks like that wasn't actually helpful.

It seems to point to a Multicast issue, caused by a Mikrotek switch.  Disabling "Flood Unknown Multicast" except on the ingress port, and turning off "Mikrotik Discovery Protocol" seems to have solved the problem.  I'll know for sure by the end of today.

This is on dedicated hardware.

I've enabled "Use PowerD" in "adaptive" mode, and so far so good!

Well, this is a somewhat interesting.  It only happens when I copy a file of more than 800MB in size.

When copying a file to my TrueNAS system, Opensense 23.7.4 drops internet and LAN connectivity and I can't reach the firewall at all except on an isolated connection I have set up for admin.  Rebooting solves the problem as long as I don't try and copy a file to the NAS.  The NAS is on a 10G fiber connection own it's own subnet, and the machine trying to the copy is on the LAN subnet and has a 10G connection as well.  The file I'm trying to copy is 800mb, and reaches about 75% before it hangs and causes this issue.  I can stream movies from the NAS just fine on the LAN.

I've looked around in Opensense at all logs I can find and see no indication of a problem, as well as in TrueNAS.  I know it's a long-shot without any data, but I'm stumped.  Any clues or tips much appreciated!

So ultimately, this is negatively impacting use of Opnsense.  I'm not sure why the entry field for alias "content" is using a "label" type field but it's not working well at all for managing alias entries, and is hard to read when there are many IPs.

As a workaround, I can see possibly using Ansible to manage my aliases, as I could at least know what the IPs are for that I'm adding.  I could also set up a URL IP list served by a web server.  Not a great set of options really for something that should be really simple.

Sadly, this will require far too many clicks in the UI.

Thanks! It's messier, but that looks like the best option. 

This alias is of type "Hosts" and will have about 50 or so IPs in it...

For example, I could create the alias "FRIENDS_IPS", to contain the IP addresses of 50 of my friend's Minecraft servers.  How would I know which friend owned which IP when looking at the list?  In the past in other systems, I've used a format like;

for alias FRIENDS_IPS

x.x.x.x#John
x.x.x.x#George
x.x.x.x#Paul

In other firewall software, when creating a list of IPs in an alias, I could use a comment to note what the IP was, by entering data in to a simple text field like this;

103.10.5.131#asus
35.241.133.48#dtube

There seems to be no way to comment each IP in Opnsense? Without an ability to comment each alias IP, I'm left with large lists of IPs and no idea where IP is referencing without doing a lookup or keeping a separate list.  Am I missing something? 
No to mention that the UI control for adding IPs to a alias is really awkward for anything more than a few entries... 

Thanks!