Messages

It seems that I got the same hang yesterday around the same time (8.15pm).

I only see a "hole" on the system tab monitoring. Yesterday, the traffic seems to be okay and I didn't notice any disconnection.

Hello there,

I have a strange thing with my opnsense firewall.

Here a health report with System tab selected:


https://imgur.com/6fyTEiS

The symptom were multiple.
I was connected to the VPN and I get disconnected. I cannot reconnect during few seconds.

The memory, states, processor, free disk and everything are fine (even the uptime 80 days since my last maintenance).
It is far from being overwhelmed.

It seems that any traffic can go trough the firewall here an internal interface monitoring. We have the same hang everywhere on Packet and Traffic tab.


http://imgur.com/JAD1u7Q

I can't find anything in the logs.
I checked on the management interface of the server and everything is green.

Any idea on what I'm missing ?

Thanks
Romain

Good for me thank you :-)

I also thought about a STP problem and I deactivate it temporary. Nothing better.

I will try the plugin you are talking about. I don't know it. I will let you know if it's better

Thanks for your answer.

Any news / ideas for me ?

Few more information from dmesg:

Code Select Expand


oce0: <Emulex CNA NIC function:///10.0.664.0///> mem 0xdf204000-0xdf207fff,0xdf1e0000-0xdf1fffff,0xdf1c0000-0xdf1dffff irq 22 at device 0.0 on pci4
oce0: Ethernet address: 00:90:fa:9d:29:d8
oce0: link state changed to UP
oce1: <Emulex CNA NIC function:///10.0.664.0///> mem 0xdf200000-0xdf203fff,0xdf1a0000-0xdf1bffff,0xdf180000-0xdf19ffff irq 23 at device 0.1 on pci4
oce1: Ethernet address: 00:90:fa:9d:29:dc
oce1: link state changed to UP
vlan0: changing name to 'lagg0_vlan8'
vlan1: changing name to 'lagg0_vlan11'
lagg0: promiscuous mode enabled
lagg0_vlan8: promiscuous mode enabled
carp: demoted by 240 to 4080 (interface down)
lagg0_vlan11: promiscuous mode enabled
carp: demoted by 240 to 4320 (interface down)
carp: demoted by 240 to 10080 (interface down)
carp: demoted by 240 to 10320 (pfsync bulk start)
oce0: Interface Up
lagg0: IPv6 addresses on oce0 have been removed before adding it as a member to prevent IPv6 address scope violation.
oce0: Interface Up
oce0: promiscuous mode enabled
lagg0: link state changed to UP
carp: 28@lagg0_vlan8: INIT -> BACKUP (initialization complete)
carp: demoted by -240 to 2160 (interface up)
carp: 11@lagg0_vlan11: INIT -> BACKUP (initialization complete)
carp: demoted by -240 to 960 (interface up)
lagg0_vlan2070: link state changed to UP
oce1: Interface Up
lagg0: IPv6 addresses on oce1 have been removed before adding it as a member to prevent IPv6 address scope violation.
oce1: Interface Up
oce1: promiscuous mode enabled
oce1: Interface Down
oce1: Interface Up
ifa_maintain_loopback_route: deletion failed for interface lagg0_vlan8: 3
ifa_maintain_loopback_route: deletion failed for interface lagg0_vlan8: 3
ifa_maintain_loopback_route: deletion failed for interface lagg0_vlan8: 3
carp: 28@lagg0_vlan8: BACKUP -> INIT (hardware interface up)
lagg0_vlan8: promiscuous mode disabled
lagg0_vlan8: promiscuous mode enabled
ifa_maintain_loopback_route: deletion failed for interface lagg0_vlan11: 3
ifa_maintain_loopback_route: deletion failed for interface lagg0_vlan11: 3
ifa_maintain_loopback_route: deletion failed for interface lagg0_vlan11: 3
carp: 11@lagg0_vlan11: BACKUP -> INIT (hardware interface up)
lagg0_vlan11: promiscuous mode disabled
lagg0_vlan11: promiscuous mode enabled
carp: 11@lagg0_vlan11: INIT -> BACKUP (initialization complete)
carp: demoted by 240 to 240 (pfsync bulk start)
carp: demoted by -240 to 0 (pfsync bulk done)


Hello,

I have a strange behavior with my OPNsense box.
I configured a lagg on two network cards. It seems to works great but at every boot, the lagg stay down/inactive. I need to go to Interfaces > Other types > LAGG and edit my lag.
Once validate (without any change), the lagg goes up/active and everything is working again.

I have some CARP VIP address set up on the lagg but I don't find anything why the lagg is not up and running (that I understand) from the boot of the firewall.

Any idea ?

Thank you
Romain

I will make my tests in the coming days.

If I don't post anything, it means it work like this. At least for my usage.

Keep you posted.

Thank you

@Franco you're a god to me.
Thank you. I now see my network card :-)

Quick question, can I use my 16.7.14 backup file to import in my new 17.7.1 box ?

Thank you again

I tired to update the firmware but nothing works.

here the result of the command: pciconf -lveV

Code Select Expand

none4@pci0:4:0:0:       class=0x020000 card=0xe72310df chip=0x071019a2 rev=0x01 hdr=0x00
    vendor     = 'Emulex Corporation'
    device     = 'OneConnect 10Gb NIC (be3)'
    class      = network
    subclass   = ethernet
  PCI-e errors = Correctable Error Detected
                 Unsupported Request Detected
     Corrected = Advisory Non-Fatal Error
    VPD ident  = 'OCe11102-NT 2P 10GbE Tomcat Enterprise CNA, NIC PF'
    VPD ro PN  = 'OCe11102-NT'
    VPD ro SN  = 'FC50938137'
    VPD ro V0  = 'FC50938137'
    VPD ro VB  = 'PW=25W; PCIe 2.0 x8 5GT/s'
    VPD ro V1  = 'Emulex OneConnect OCe11102-NT 2-port PCIe 10Gbase-T CNA'
    VPD ro V2  = 'OCe11102-NT'
    VPD ro V4  = '0'
none5@pci0:4:0:1:       class=0x020000 card=0xe72310df chip=0x071019a2 rev=0x01 hdr=0x00
    vendor     = 'Emulex Corporation'
    device     = 'OneConnect 10Gb NIC (be3)'
    class      = network
    subclass   = ethernet
  PCI-e errors = Correctable Error Detected
                 Unsupported Request Detected
     Corrected = Advisory Non-Fatal Error
    VPD ident  = 'OCe11102-NT 2P 10GbE Tomcat Enterprise CNA, NIC PF'
    VPD ro PN  = 'OCe11102-NT'
    VPD ro SN  = 'FC50938137'
    VPD ro V0  = 'FC50938137'
    VPD ro VB  = 'PW=25W; PCIe 2.0 x8 5GT/s'
    VPD ro V1  = 'Emulex OneConnect OCe11102-NT 2-port PCIe 10Gbase-T CNA'
    VPD ro V2  = 'OCe11102-NT'
    VPD ro V4  = '1'

J'avais pensé à regardé mais je n'ai pas d'erreur:

Code Select Expand

Sep  1 07:39:08 OPNsense kernel: pcib4: <ACPI PCI-PCI bridge> mem 0xdf4a0000-0xdf4bffff irq 20 at device 3.0 on pci0
Sep  1 07:39:08 OPNsense kernel: pci4: <ACPI PCI bus> on pcib4
Sep  1 07:39:08 OPNsense kernel: pci4: <network, ethernet> at device 0.0 (no driver attached)
Sep  1 07:39:08 OPNsense kernel: pci4: <network, ethernet> at device 0.1 (no driver attached)

J'ai des cartes Intel qui sont par contre correctement détectées:

Code Select Expand


Sep  1 07:39:08 OPNsense kernel: pci0: <processor> at device 11.0 (no driver attached)
Sep  1 07:39:08 OPNsense kernel: pci0: <base peripheral, IOMMU> at device 15.0 (no driver attached)
Sep  1 07:39:08 OPNsense kernel: igb0: <Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k> port 0xe0c0-0xe0df mem 0xdf460000-0xdf47ffff,0xdf50c000-0xdf50ffff irq 20 at device 20.0 on pci0
Sep  1 07:39:08 OPNsense kernel: igb0: Using MSIX interrupts with 9 vectors
Sep  1 07:39:08 OPNsense kernel: igb0: Ethernet address: 0c:c4:7a:32:63:f4
Sep  1 07:39:08 OPNsense kernel: igb0: Bound queue 0 to cpu 0
Sep  1 07:39:08 OPNsense kernel: igb0: Bound queue 1 to cpu 1
Sep  1 07:39:08 OPNsense kernel: igb0: Bound queue 2 to cpu 2
Sep  1 07:39:08 OPNsense kernel: igb0: Bound queue 3 to cpu 3
Sep  1 07:39:08 OPNsense kernel: igb0: Bound queue 4 to cpu 4
Sep  1 07:39:08 OPNsense kernel: igb0: Bound queue 5 to cpu 5
Sep  1 07:39:08 OPNsense kernel: igb0: Bound queue 6 to cpu 6
Sep  1 07:39:08 OPNsense kernel: igb0: Bound queue 7 to cpu 7
Sep  1 07:39:08 OPNsense kernel: igb0: netmap queues/slots: TX 8/1024, RX 8/1024
Sep  1 07:39:08 OPNsense kernel: igb1: <Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k> port 0xe0a0-0xe0bf mem 0xdf440000-0xdf45ffff,0xdf508000-0xdf50bfff irq 21 at device 20.1 on pci0
Sep  1 07:39:08 OPNsense kernel: igb1: Using MSIX interrupts with 9 vectors
Sep  1 07:39:08 OPNsense kernel: igb1: Ethernet address: 0c:c4:7a:32:63:f5
Sep  1 07:39:08 OPNsense kernel: igb1: Bound queue 0 to cpu 0
Sep  1 07:39:08 OPNsense kernel: igb1: Bound queue 1 to cpu 1
Sep  1 07:39:08 OPNsense kernel: igb1: Bound queue 2 to cpu 2
Sep  1 07:39:08 OPNsense kernel: igb1: Bound queue 3 to cpu 3
Sep  1 07:39:08 OPNsense kernel: igb1: Bound queue 4 to cpu 4
Sep  1 07:39:08 OPNsense kernel: igb1: Bound queue 5 to cpu 5
Sep  1 07:39:08 OPNsense kernel: igb1: Bound queue 6 to cpu 6
Sep  1 07:39:08 OPNsense kernel: igb1: Bound queue 7 to cpu 7
Sep  1 07:39:08 OPNsense kernel: igb1: netmap queues/slots: TX 8/1024, RX 8/1024
Sep  1 07:39:08 OPNsense kernel: igb2: <Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k> port 0xe080-0xe09f mem 0xdf420000-0xdf43ffff,0xdf504000-0xdf507fff irq 22 at device 20.2 on pci0
Sep  1 07:39:08 OPNsense kernel: igb2: Using MSIX interrupts with 9 vectors
Sep  1 07:39:08 OPNsense kernel: igb2: Ethernet address: 0c:c4:7a:32:63:f6
Sep  1 07:39:08 OPNsense kernel: igb2: Bound queue 0 to cpu 0
Sep  1 07:39:08 OPNsense kernel: igb2: Bound queue 1 to cpu 1
Sep  1 07:39:08 OPNsense kernel: igb2: Bound queue 2 to cpu 2
Sep  1 07:39:08 OPNsense kernel: igb2: Bound queue 3 to cpu 3
Sep  1 07:39:08 OPNsense kernel: igb2: Bound queue 4 to cpu 4
Sep  1 07:39:08 OPNsense kernel: igb2: Bound queue 5 to cpu 5
Sep  1 07:39:08 OPNsense kernel: igb2: Bound queue 6 to cpu 6
Sep  1 07:39:08 OPNsense kernel: igb2: Bound queue 7 to cpu 7
Sep  1 07:39:08 OPNsense kernel: igb2: netmap queues/slots: TX 8/1024, RX 8/1024
Sep  1 07:39:08 OPNsense kernel: igb3: <Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k> port 0xe060-0xe07f mem 0xdf400000-0xdf41ffff,0xdf500000-0xdf503fff irq 23 at device 20.3 on pci0
Sep  1 07:39:08 OPNsense kernel: igb3: Using MSIX interrupts with 9 vectors
Sep  1 07:39:08 OPNsense kernel: igb3: Ethernet address: 0c:c4:7a:32:63:f7
Sep  1 07:39:08 OPNsense kernel: igb3: Bound queue 0 to cpu 0
Sep  1 07:39:08 OPNsense kernel: igb3: Bound queue 1 to cpu 1
Sep  1 07:39:08 OPNsense kernel: igb3: Bound queue 2 to cpu 2
Sep  1 07:39:08 OPNsense kernel: igb3: Bound queue 3 to cpu 3
Sep  1 07:39:08 OPNsense kernel: igb3: Bound queue 4 to cpu 4
Sep  1 07:39:08 OPNsense kernel: igb3: Bound queue 5 to cpu 5
Sep  1 07:39:08 OPNsense kernel: igb3: Bound queue 6 to cpu 6
Sep  1 07:39:08 OPNsense kernel: igb3: Bound queue 7 to cpu 7
Sep  1 07:39:08 OPNsense kernel: igb3: netmap queues/slots: TX 8/1024, RX 8/1024


Thank for the quick answer.

That's strange my out of box installed version of Opnsense didn't see my extra network card.

If I go on the manufacturer (https://www.broadcom.com/products/ethernet-connectivity/network-adapters/oce11102-nt#downloads), it says:

Use the inbox Ethernet driver included with FreeBSD 11.0.

Do I need to include/load a special module ?

Thank you

Hello,

I'm trying to update my firewalls and I would like to install my Emulex network card (OCE1102NT).

Based on the editor website, the default driver given in the FreeBSD image should do the job.

How can I included them on my OPNsense installation ?

Thank you
Romain

I'm good thank you. and what about you ?

Good. I downloaded it. Great thank you.

Romain