Messages

Are you using PPPoE to establish the connection? Linux has a far better implementation of PPPoE than BSD from my understanding. There are some threads about people complaining about slow uploads on PPPoE.

The CPU in the LattePanda Sigma should have no issues doing 1Gbit PPPoE. Even a N5105 does 2.5Gbit PPPoE without an issue. Given that there were no issues with older 24.7.x versions, it's most likely caused by the recent Intel NIC driver updates. Maybe it's worth testing 24.7.7, the last version before these changes.

Hardware is a VP4630 Protecli Vault w/ 16GB RAM.

Since most Protectli boxes have a serial console port, maybe it's worth connecting to the serial console to see if there is a kernel panic or some other error on the console prior to reboot?

Could be this issue: https://github.com/opnsense/plugins/issues/4342

(Downthread there is also a patch to try.)

Might be useful to report in this topic as well?

https://forum.opnsense.org/index.php?topic=43372.0

Figured out the issue. I was testing with macOS' VLAN support. Turns out it is just very broken, I think it was something in the TLS connection that caused the failure (maybe related MTU size?). There were also other ways the connection would get dropped. For instance, when SSHing into OpenWrt and then running top would often also break the connection. Tested now with a switch with VLAN tagging and it works as expected.

Setup:

• OPNsense 24.10_7
• Created a VLAN 100
• Created an assignment called LANVLAN, IP address 192.168.43.1.
• Added firewall rules for LANVLAN from the LANVLAN net to anywhere.
• Set up the DHCP server for LANVLAN.

Also important: the Web GUI is set to listen on all interfaces.

A client on the VLAN gets an IP address. The firewall rules also work - I can access external hosts through the WAN. I can also SSH into the OPNsense router, etc. I cannot access the Web UI through a web browser, nothing happens until it times out. Now the fun part:

Code Select Expand


~ % curl -v http://192.168.43.1/
*   Trying 192.168.43.1:80...
* Connected to 192.168.43.1 (192.168.43.1) port 80
> GET / HTTP/1.1
> Host: 192.168.43.1
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 301 Moved Permanently
< Location: https://192.168.43.1/
< Content-Length: 0
< Date: Sun, 03 Nov 2024 10:54:48 GMT
< Server: OPNsense
<
* Connection #0 to host 192.168.43.1 left intact


As you can see, connections to the HTTP port work and as expected, the client is redirected to HTTPS. But then:

Code Select Expand


~ % curl -v https://192.168.43.1/
*   Trying 192.168.43.1:443...
* Connected to 192.168.43.1 (192.168.43.1) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* Recv failure: Connection reset by peer
* LibreSSL/3.3.6: error:02FFF036:system library:func(4095):Connection reset by peer
* Closing connection
curl: (35) Recv failure: Connection reset by peer


Just hangs until it times out. So the connection is dropped. There is no firewall rule blocking it, it seems that the WebUI itself is dropping the connection. This can be confirmed by changing the WebGUI to use HTTP rather than HTTPS in the Administration settings (remember that HTTP works, see above). So, rather than getting a redirect, we now expect to get the login page. However:

Code Select Expand


~ % curl -v http://192.168.43.1/
*   Trying 192.168.43.1:80...
* Connected to 192.168.43.1 (192.168.43.1) port 80
> GET / HTTP/1.1
> Host: 192.168.43.1
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
* Recv failure: Connection reset by peer
* Closing connection
curl: (56) Recv failure: Connection reset by peer


Given that HTTP worked before setting the Web UI to HTTP, it seems like the Web UI itself is dropping connections coming from the VLAN?

The second part about the business edition is the business plugins which may be overkill for non-business users. Most notably the ability to manage multiple firewalls using a central management GUI.

I have purchased the business edition today (for home use) because I'd like to support the project and like the idea of slightly slower updates. But I agree that the price is a bit steep for home use and I'd also love a home edition. Maybe it's worth having a home version that besides the stipulation that it's not for business use doesn't have the ability to manage multiple firewalls (which is uncommon for home users) or the GeoIP database.

(Though I understand that having even more editions complicates releases.)

See: https://forum.opnsense.org/index.php?topic=43641.0 and https://github.com/opnsense/core/issues/8023

Yes, and it does work correctly on the dashboard, just not in Reports.

I installed from scratch (still in the tinkering phase, not using the device in production yet). With 24.7.0 temperature reporting works. Then after upgrading to 24.7.7 the reporting gets stuck. After reset RRD data, the other graphs start working again, but the CPU temperature simply disappears from the System tab.

Since the update to 27.7.7 yesterday, I can't seem to get the Reporting -> Health -> System -> CPU temperature report anymore. I searched the logs, but cannot find any relevant errors.

Edit: the CPU temperature widget on the dashboard still works and I can get the CPU temperatures with sysctl, so it seems to be an issue with the reporting specifically.