"
Ive solved the issue, it was a platform specific issue in regards to a physical hardware issue. I reseated my ram and boom, 30 second boot times. Although this is the second time ive reseated I guess once just wasnt enough. Thank you to Newsense and Meyergru for at least attempting to help and please forgive me for thinking this was a software issue.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
25.1, 25.4 Production Series / Re: 25.1 Dog slow on fresh install - solved
February 08, 2025, 09:56:44 PM #2
25.1, 25.4 Production Series / Re: 25.1 Dog slow on fresh install - Need insight
February 08, 2025, 08:01:15 PM
Update, After a hard restart I was able to startup in about 5 minutes but it still took one minute to log into webui.
#3
25.1, 25.4 Production Series / Re: 25.1 Dog slow on fresh install - Need insight
February 08, 2025, 06:46:33 PMQuote from: meyergru on February 08, 2025, 06:36:54 PMMaybe I am pointing out the obvious, but did you disable Spectre and MeltDown mitigations? OpnSense defaults would be one major difference to plain FreeBSD, and probably pfSense, too.
Ahh now with this you may be onto something. I did not. I do know that there was no effect with the implementation used for the mitigations in pfsense with this particular system possibly having to do with the fact that this system was never issued spectre and meltdown mitigations in bios release and maybe the fact that AES-NI acceleration was being used on pfsense. I also dont know if the pti switch effects have changed in implementation in anyway since freebsd 14.1.
This is an easy fix I will try and update.
#4
25.1, 25.4 Production Series / Re: 25.1 Dog slow on fresh install - Need insight
February 08, 2025, 06:32:59 PM
I did replace the bios battery as the machine has been running for many years straight running pfsense and cleared cmos and configured bios from scratch.
I have not tried installing ealier versions or testing with a live boot But I will try that right now to test.
I have not tried installing ealier versions or testing with a live boot But I will try that right now to test.
#5
Hardware and Performance / Opnsense dog slow - Solved - ram was the issue
February 08, 2025, 04:58:41 PM
Intro and problem:
So I recently cut over to 25.1 coming from pFsense latest community and I seem to be running into some sort of compatability issue that the logs dont specifically give any clues to as far as I can tell.
My system is an old cpu but should have no problem running freebsd.
Hardware Configuration:
My system is an i5-650 "Westmere(clarksdale)",Q57 chipset, 8gb ddr3 1333, dual port intel 1000base-T nic and 120gb Samsung 840 EVO in zfs single stipe single drive config (no raid) using onboard intel gfx.
Problem Details and actions taken:
The real issue is the the system is so dogged slow that diagosing the issue is almost impossible with 3 to 4 minute load times on the webgui for a single save proc and 20+ minute reboot times.
Things Ive managed to do is enable and configure PowerD cfg and enable intel CPU on-die temp mon, dumped ram usage, cpu usage times and disk stats and all look fine afaik Its just after cpu and system detection on init during boot every module takes for EVER to load for some reason.
on boot the real slowdown seems to occur when UNBOUND Dns starts. Unbount starts, signals done then loads again and signals done again. I dont believe this should be loading twice.
When viewing diagnostics> activity I can see the process py3././././filter/update_tables.py (python 3.11) utilizing 100.00% of a single thread 100% of the time.
It appears these two issues are unrelated.
There should be no reason for this to be a point of contention and the cpu is not being pinned whatsoever while loading things and it seems to be a bug possibly with thread ordering.
Although the cpu is a q2 2010 release it should be plenty fast for the application and the system meets exactly the recommended spec on opnsense man pages.
Just the loading from page to page seems broken on opnsense and my dashboard homepage errors out on every widget, its all red with exclamation marks and so far I have not seen so much as an error in system logs. Im beginning to think my install may be botched somehow despite verifilying my install media twice against sha256 hash.
Compartitive Experience:
On pfsense the hardware was major overkill and I am an advanced to to expert level user and have been using since m0n0wall dating back to 2006ish, switched to smoothwall with 3.0 and 3.1 and back to pfsense in about 2013 till recent when I decided to try opnsense.
With pfsense 23.1+ was able to run:
~3-12% normal idle with background loads
<50% cpu utilization under moderate load
~70% - 100% with the rare extreme load.
Addons running and configured:
1)squidproxy
2)suricata and or snort
3Unbound dns forward and resolver
4)netflow Plugin
5)ldap and ccdp plugins
6)bgp forwarding
7)iperf
8)rrd graphing and logging (30 days)
9)FreeRadius server
10) TFTP server on opt1
11) speedtest.net plugin and widget with hourly cron job.
12)opnvpn always on vpn
13) kea
14) NTP with remote link to NIST secure NTP servers
15) Service Watchdog
40 inbound and outbound firewall rules with explicit and explicit ranging. 7 vlan's with 2 of them tunneled. GeoIP Blocking. Snort ET and The other guys ET rulesets as well as some botnet rulesets from cisco and a broad gateway ad blocking and spam blocking ruleset.
with this running config I could do:
980mbps sustained on outbound with minimum inspection.
320mbps inbound with all filtering enabled and cloudflare DNS directing inbound traffic via vpn port forwarded to proxy service on pfsense.
To further expand on the expected performance characteristics:
the epyc 3201 used in deciso's opnsense hardware offering between 3k and 5k usd is only 150pts higher in single core single thread performance and about 3.5x multithread mutlicore performance than my cpu and can handle 15 to 21 gbps firewall throughput performance not including tdp rating as this doesnt matter in my case. Furthermore my cpu beats the Intel xeon D offerings in every bench again just with a higher tdp.
Why am I testing opnsense over pFsense?
I am planning to expand the wan profile to a higher speed tier and due to opnsense's ability to reach higher throughput than pfsense while maintaining service stability and having a more mature freebsd base I am exploring opnsense deployment. My internal network is all fiber 40g running cumulus and HPE and gigamon equipment directing selective flows to and from multi-wan's.
This is my production homelab btw.
Question 1)
Could you tell me if there is a post-install logfile that logs initial installation? It may bear clues as to what is going on. Could not find this in man pages.
Question 2)
Is there any reason for a specific compatibility issue with no error in the boot and running config logs for my particular setup?
Question 3)
Could someone please shed some light on this issue of py 3.11 having a single thread pinned at 100% cpu constantly.
Question 4)
Can someone shed some light on 20+ minute boot times?
Ive solved the issue with multiple ram reseats, I was mistaken in thinking this was a software issue.
So I recently cut over to 25.1 coming from pFsense latest community and I seem to be running into some sort of compatability issue that the logs dont specifically give any clues to as far as I can tell.
My system is an old cpu but should have no problem running freebsd.
Hardware Configuration:
My system is an i5-650 "Westmere(clarksdale)",Q57 chipset, 8gb ddr3 1333, dual port intel 1000base-T nic and 120gb Samsung 840 EVO in zfs single stipe single drive config (no raid) using onboard intel gfx.
Problem Details and actions taken:
The real issue is the the system is so dogged slow that diagosing the issue is almost impossible with 3 to 4 minute load times on the webgui for a single save proc and 20+ minute reboot times.
Things Ive managed to do is enable and configure PowerD cfg and enable intel CPU on-die temp mon, dumped ram usage, cpu usage times and disk stats and all look fine afaik Its just after cpu and system detection on init during boot every module takes for EVER to load for some reason.
on boot the real slowdown seems to occur when UNBOUND Dns starts. Unbount starts, signals done then loads again and signals done again. I dont believe this should be loading twice.
When viewing diagnostics> activity I can see the process py3././././filter/update_tables.py (python 3.11) utilizing 100.00% of a single thread 100% of the time.
It appears these two issues are unrelated.
There should be no reason for this to be a point of contention and the cpu is not being pinned whatsoever while loading things and it seems to be a bug possibly with thread ordering.
Although the cpu is a q2 2010 release it should be plenty fast for the application and the system meets exactly the recommended spec on opnsense man pages.
Just the loading from page to page seems broken on opnsense and my dashboard homepage errors out on every widget, its all red with exclamation marks and so far I have not seen so much as an error in system logs. Im beginning to think my install may be botched somehow despite verifilying my install media twice against sha256 hash.
Compartitive Experience:
On pfsense the hardware was major overkill and I am an advanced to to expert level user and have been using since m0n0wall dating back to 2006ish, switched to smoothwall with 3.0 and 3.1 and back to pfsense in about 2013 till recent when I decided to try opnsense.
With pfsense 23.1+ was able to run:
~3-12% normal idle with background loads
<50% cpu utilization under moderate load
~70% - 100% with the rare extreme load.
Addons running and configured:
1)squidproxy
2)suricata and or snort
3Unbound dns forward and resolver
4)netflow Plugin
5)ldap and ccdp plugins
6)bgp forwarding
7)iperf
8)rrd graphing and logging (30 days)
9)FreeRadius server
10) TFTP server on opt1
11) speedtest.net plugin and widget with hourly cron job.
12)opnvpn always on vpn
13) kea
14) NTP with remote link to NIST secure NTP servers
15) Service Watchdog
40 inbound and outbound firewall rules with explicit and explicit ranging. 7 vlan's with 2 of them tunneled. GeoIP Blocking. Snort ET and The other guys ET rulesets as well as some botnet rulesets from cisco and a broad gateway ad blocking and spam blocking ruleset.
with this running config I could do:
980mbps sustained on outbound with minimum inspection.
320mbps inbound with all filtering enabled and cloudflare DNS directing inbound traffic via vpn port forwarded to proxy service on pfsense.
To further expand on the expected performance characteristics:
the epyc 3201 used in deciso's opnsense hardware offering between 3k and 5k usd is only 150pts higher in single core single thread performance and about 3.5x multithread mutlicore performance than my cpu and can handle 15 to 21 gbps firewall throughput performance not including tdp rating as this doesnt matter in my case. Furthermore my cpu beats the Intel xeon D offerings in every bench again just with a higher tdp.
Why am I testing opnsense over pFsense?
I am planning to expand the wan profile to a higher speed tier and due to opnsense's ability to reach higher throughput than pfsense while maintaining service stability and having a more mature freebsd base I am exploring opnsense deployment. My internal network is all fiber 40g running cumulus and HPE and gigamon equipment directing selective flows to and from multi-wan's.
This is my production homelab btw.
Question 1)
Could you tell me if there is a post-install logfile that logs initial installation? It may bear clues as to what is going on. Could not find this in man pages.
Question 2)
Is there any reason for a specific compatibility issue with no error in the boot and running config logs for my particular setup?
Question 3)
Could someone please shed some light on this issue of py 3.11 having a single thread pinned at 100% cpu constantly.
Question 4)
Can someone shed some light on 20+ minute boot times?
Ive solved the issue with multiple ram reseats, I was mistaken in thinking this was a software issue.
#6
25.1, 25.4 Production Series / Re: 25.1 Dog slow on fresh install - Need insight
February 08, 2025, 03:37:15 PMQuote from: newsense on February 08, 2025, 10:47:13 AMTo answer your first question directly, pfsense 23.1+ was able to run with less than 50% cpu utilization under moderate load, 70% - 100% with the rare extreme load and 3-12% normal idle with background loads while also running lots of addons including squidproxy, suricata and snort, 50gb logfiles, dns forward and resolver, netflow, ldap and ccdp plugins, bgp forwarding, iperf, rrd graphing, radius server, TFTP server on opt1 and more including some non pfsense approved plugins such as speedtest.net plugin as well as an opnvpn always on vpn and the obvious defaults such as kea and NTP with remote link to NIST secure NTP servers without ever hitting 100% utilization all on spinning rust, not even ssd. I could do 980mbps sustained on outbound with minimum inspection.Quote from: epimpin on February 08, 2025, 06:46:19 AMAm I expecting too much from this OS?
Good question, how much faster is FreeBSD 14.2 on that 11+ year old dual core CPU ? Did you find anything related to your issue on FreeBSD forum and/or bugzilla ?
To further expand on this the epyc 3201 used in deciso's opnsense hardware offering between 3k and 5k usd is only 150pts higher in single core single thread performance and about 3.5x multithread mutlicore performance than my cpu and can handle 15 to 21 gbps firewall throughput performance not including tdp rating as this doesnt matter in my case. Furthermore my cpu beats the Intel xeon D offerings in every bench again just with a higher tdp. There should be no reason for this to be a point of contention and the cpu is not being pinned whatsoever while loading things and it seems to be a bug.
Yes I found something about the default intel gfx driver and switching to freebsd vga driver but so far thats about it. Although the cpu is a q2 2010 release it should be plenty fast for the application and the system meets exactly the recommended spec on opnsense man pages.
Just the loading from page to page seems broken on opnsense and my dashboard homepage errors out on every widget, its all red with exclamation marks and so far I have not seen so much as an error in system logs. Im beginning to think my install may be botched somehow despite verifilying my install media twice against sha256 hash.
Could you tell me if there is a post-install logfile that logs initial installation? It may bear clues as to what is going on.
To elaborate further, I am planning to expand the wan profile to a higher speed tier and due to opnsense's ability to reach higher throughput than pfsense while maintaining service stability and having a more mature freebsd base I am exploring opnsense deployment. My internal network is all fiber 40g running cumulus and HPE and gigamon equipment directing selective flows to and from multi-wan's.
This is my production homelab btw.
#7
25.1, 25.4 Production Series / Re: Known issues & workaround section
February 08, 2025, 06:58:47 AMQuote from: wuwzy on February 07, 2025, 02:26:34 AMIt's a good suggestion, but this problem will not exist forever, and it will be meaningless after it is fixed.
It is a basic rule not to use a large update version in the production environment first. Give the developers time to solve it. As a seasoned vet in software development and network engineering yotalling 34 years, I smugly disagree with you.
Drink less coffee and sleep more.
#8
25.1, 25.4 Production Series / Re: changing OPNsense hostname breaks Web GUI
February 08, 2025, 06:52:12 AM
I am on a brand new fresh install of 25.1, I changed my hostname as one of my first acts but my gui did not experience any ill effects from this as far as I can tell. My system is slower than molasses in january though for unknown reasons as I am new.
I from what I gather from other posts, bug reports can be done on the github?
I from what I gather from other posts, bug reports can be done on the github?
#9
25.1, 25.4 Production Series / Re: 25.1 Dog slow on fresh install - Need insight
February 08, 2025, 06:46:19 AM
My settings for everything outside of running the wizard adding powerD cfg and enabling on die cpu temp are bone stock, Not a single fw rule nor state table population. Am I expecting too much from this OS?
It appears the vibe im getting from what im reading in this forum searching key terms related to my own issue that opnsense is just dog slow even on fast systems and it seems devs possibly are adding issues faster than they can correct existing issues where the cost of innovation is greater than the value of outcome. Correct me if you think Im mistaken here.
It appears the vibe im getting from what im reading in this forum searching key terms related to my own issue that opnsense is just dog slow even on fast systems and it seems devs possibly are adding issues faster than they can correct existing issues where the cost of innovation is greater than the value of outcome. Correct me if you think Im mistaken here.
#10
25.1, 25.4 Production Series / Re: 25.1 Dog slow on fresh install - Need insight
February 08, 2025, 04:24:47 AM
Further developments: on boot the real slowdown seems to occur when UNBOUND Dns starts. Unbount starts, signals done then loads again and signals done again. I dont believe this should be loading twice.
When viewing diagnostics> activity I can see the process py3././././filter/update_tables.py (python 3.11) utilizing 100.00% of a single thread 100% of the time.
EDIT: It appears these two issues are unrelated.
Could someone please shed some light on this issue. I do not currently have the device connected to the web so I do not have any hotfix updates if there are any.
When viewing diagnostics> activity I can see the process py3././././filter/update_tables.py (python 3.11) utilizing 100.00% of a single thread 100% of the time.
EDIT: It appears these two issues are unrelated.
Could someone please shed some light on this issue. I do not currently have the device connected to the web so I do not have any hotfix updates if there are any.
#11
25.1, 25.4 Production Series / Re: 25.1 Dog slow on fresh install - Need insight
February 08, 2025, 02:54:41 AM
Things Ive managed to do is enable and configure PowerD cfg and enable intel CPU on-die temp mon, dumped ram usage, cpu usage times and disk stats and all look fine afaik Its just after cpu and system detection on init during boot every module takes for EVER to load for some reason.
#12
25.1, 25.4 Production Series / 25.1 Dog slow on fresh install - Need insight
February 08, 2025, 02:47:51 AM
So I recently cut over to 25.1 coming from pFsense latest community and I seem to be running into some sort of compatability issue that the logs dont specifically give any clues to as far as I can tell.
My system is an old cpu but should have no problem running freebsd.
My system is an i5-650 "Westmere(clarksdale)",Q57 chipset, 8gb ddr3 1333, dual port intel 1000base-T nic and 120gb Samsung 840 EVO in zfs single stipe single drive config (no raid) using onboard intel gfx.
On pfsense it was major overkill and I am an advanced to to expert level user and have been using since m0n0wall dating back to 2006ish, switched to smoothwall with 3.0 and 3.1 and back to pfsense in about 2013 till recent when I decided to try opnsense.
Ive done a bit of research over at freebsd forum and found user reports about intel gfx driver possibly being an issue in 13.0+?
The real issue is the the system is so dogged slow that diagosing the issue is almost impossible with 3 to 4 minute load times on the webgui for a single save proc and 20+ minute reboot times.
IF I can get the system to actually dump the bootlog I will post it but so far for logs all I get are timeouts.
My system is an old cpu but should have no problem running freebsd.
My system is an i5-650 "Westmere(clarksdale)",Q57 chipset, 8gb ddr3 1333, dual port intel 1000base-T nic and 120gb Samsung 840 EVO in zfs single stipe single drive config (no raid) using onboard intel gfx.
On pfsense it was major overkill and I am an advanced to to expert level user and have been using since m0n0wall dating back to 2006ish, switched to smoothwall with 3.0 and 3.1 and back to pfsense in about 2013 till recent when I decided to try opnsense.
Ive done a bit of research over at freebsd forum and found user reports about intel gfx driver possibly being an issue in 13.0+?
The real issue is the the system is so dogged slow that diagosing the issue is almost impossible with 3 to 4 minute load times on the webgui for a single save proc and 20+ minute reboot times.
IF I can get the system to actually dump the bootlog I will post it but so far for logs all I get are timeouts.
Pages1
