Messages

I recently began having issues with Unbound, seemingly out of nowhere. I'm on the latest version of OPNsense. I reloaded to a config which I had unbound working on to no avail. I have a bare-bones Unbound config, and have kept nothing in the advanced tab enabled while I'm troubleshooting. This is not too far off from my usual working config, as Unbound essentially serves as a forwarder for me. If I switch a client's DNS servers to 8.8.8.8, 8.8.4.4, DNS works fine. Logs reveal nothing useful, I've also tried following this Unbound config without any results. I've reinstalled Unbound a few times as well to hopefully clear any corrupt files.

EDIT: After looking over a packet capture on one of my WAN Interfaces, I can see that the firewall is forwarding traffic back to itself. The WAN interface gets the query, and sends it back to the LAN interface IP. No packets show any forwarding to 8.8.8.8 or 8.8.4.4 which I have Unbound set to forward traffic to.

Any help would be appreciated.

I'm having this same issue when configuring a second WAN for the first time. When I pull the second WAN connection, it fails over to the second firewall (typically all interfaces will failover, but several times i've seen this to not be the case, and only the downed interface will transfer). Regardless of who is master of the second WAN after failover, a client on the LAN stop being able to ping a client on the WAN until I do a tracert between the clients, which will succeed and I am able to ping again. All of my VIPs are uniq, and assigned to the same interfaces, my advskew is set correctly as well. It seems like some sort of gateway/routing issue to me? I have no static routes configured on either firewalls. I have the gateways configured so that WAN1 GW is the default (I've been testing the 2nd WAN HA with the first WAN uninitialized, so this gateway shouldn't be used at all during this scenario). I've tried setting up gateway groups, changing priorities, etc., but I can't seem to find something that works.

I have read a lot on the previous issues that have popped up with this controller since it was baked into FreeBSD and I have been researching kernel tunables to try and increase throughput. I have noticed in my pursuit that it seems like opnsense is not loading the igc driver. When I run kldstat, I am not seeing a module loaded for the card but somehow the card is still identified:

When I run 'pciconf -a igc0', it only shows that it is attached and no driver information. Am I missing something here? I know that the freebsd man page for IGC4 says that the driver was not implemented until 14.0, but how is this card working under freebsd 13.2 base? The reason I am asking about this is that I found a driver pack that references the I225-V card that was updated on 12/23/2023 here (https://www.intel.com/content/www/us/en/download/15084/intel-ethernet-adapter-complete-driver-pack.html) and was wondering if maybe this could be helpful to alleviate the rampant issues with this controller. Other reason that I am curious is because I found this paper "Tuning FreeBSD for routing and firewalling" (https://papers.freebsd.org/2018/asiabsdcon/cochard-tuning_freebsd_for_routing_and_firewalling.files/cochard-tuning_freebsd_for_routing_and_firewalling-paper.pdf referenced in another post under this forum and it makes mention of setting the receive process limit to unlimited on Intel controllers; however, 'sysctl -a | grep rx_process_limit' only returns an oid of "hw.vtnet.rx_process_limit: 1024".
Am I missing something on this whole thing?

I'm having this exact issue. Did you ever find a fix to this?