Messages

1

23.7 Production Series / Re: Firewall randomly going down.

« on: August 16, 2023, 07:05:28 pm »

If you happen to have breezeline there are multiple people in Columbus Ohio area with ISP related issues and of course they will always tell you there isn’t an issue. Just FYI your ISP is ALWAYS lying to you, always assume ISP issue. I’ll say this looks a lot like just that, I’d always suggest disabling all v6 in WAN interface.

2

23.7 Production Series / Re: DHCP leases can't be deleted

« on: August 07, 2023, 04:18:08 pm »

I have leases marked abandoned that I can't delete. I don't know why. They are set to expire, so I believe they will go away then.

Still a bug though since that's unexpected behavior + it worked on the previous release, glad to see I'm not the only one

3

23.7 Production Series / Re: DHCP leases can't be deleted

« on: August 07, 2023, 02:51:53 pm »

Bump

4

23.7 Production Series / DHCP leases can't be deleted

« on: August 06, 2023, 01:34:33 am »

DHCP leases that are active dynamic and dynamic in-active cannot be deleted, the only error I see is this:

10.10.10.1 gateway.mydomain.com - [05/Aug/2023:19:33:06 -0400] "POST /api/dhcp/leases/delLease/10.0.10.10 HTTP/1.1" 400 84 "https://gateway.mydomain.com/ui/dhcpv4/leases" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15"

Edit: Same results when not using the custom domain, i.e. direct to IP of OPNSense

5

23.7 Production Series / Re: [Tutorial/Call for Testing] Enabling Receive Side Scaling on OPNsense

« on: July 25, 2023, 04:31:21 pm »

Hi,

I tried enabling RSS and Suricata works. Better spread of CPU load and better performance. However, haproxy runs into issues. HAProxy can't connect to anything, not for health checks and not for live traffic. Based on earlier comment on so_reuseport, I changed my config to simple binds and enabled noreuseport for haproxy, but haproxy still fails to connect.

It gets very sporadic, ~10%, successes but that's rare enough for a health check not to clear. Since I have 8 RSS queues it is almost like haproxy only gets traffic from 1 queue which would amount to 12.5% success.

I have an X520 (ix) and that does not support RSS to my knowledge.  running this will confirm:

sysctl dev.ix | grep rss

No results means driver/nic is unsupported, mine returns nothing.

I've tried all combos of net.inet.rss.enable, noreuseport, with health checks, w/o health checks and success/failure depends completely on net.inet.rss.enable. The error reported from haproxy is "Layer4 timeout"

driver: ix
NIC: Intel D-1500 soc 10 gbe, (X552)
Opnsense: 22.1.7_1

I more than happy to help testing but would appreciate any suggestions in what direction to start.

6

General Discussion / Re: Issues with mDNS Repeater

« on: July 25, 2023, 02:53:48 pm »

Has anyone else run into issues with the mDNS Repeater plugin? Initially it worked fine for me, though now I see maybe 3-4 cast devices and the rest do not appear. Interestingly enough, the ones that do appear all chromecast videos, the rest of the devices that do not appear are google home and mini, as well as a google chromecast audio. I have tried several configurations on my managed switch for IGMP snooping, though Im not really sure what all of the settings mean. It seems odd that it worked with the default IGMP settings, and then stopped.

UDP broadcast Relay plugin

Broadcast Address: 224.0.0.251
Source Address: 1.1.1.1
Instance ID: 1
Relay Port: 5353

This is for Apple devices, you can google the correct settings for google but should be similar

7

23.7 Production Series / Re: os-ddclient with Cloudflare API token

« on: July 25, 2023, 02:50:43 pm »

Are you using the OPNsense backend? Services->Dynamic DNS->General Settings? I could not get the columns to update without switching the backend.

I am using backend, still no dice, I am going to uninstall and re-install and see if that fixes anything - RC2 here

8

Zenarmor (Sensei) / Re: Local vs Remote confusion

« on: July 24, 2023, 02:06:50 pm »

Hi,

Actually, the passive mode is using pcap, not netmap. the disadvantage of it is that you lose blocking features. @GeoffW, I will get back to you on Monday about the passive mode issue.

Interesting I did not know that! Thank you for the clarification.

9

23.7 Production Series / Re: os-ddclient with Cloudflare API token

« on: July 24, 2023, 02:02:02 pm »

Following this thread, I have switched 2 domains and it seems to work. Need an IP change to test, but looks like it updated A records.

Also, why aren't you using Argo Tunnels removes the need for dynamic DNS updates.

Edit: Current IP and Updated do not populate, looking into potential causes

10

General Discussion / 23.7 RC upgrade path

« on: July 21, 2023, 02:04:42 am »

I didn't see anything in the change log this morning but I'm assuming the RC does not currently have an in place upgrade yet? Im seeing the latest beta in the dev channel but no RC. Do I have to update to dev channel prior to going to the RC?

11

Zenarmor (Sensei) / Re: OPNsense upgrade failure with Zenarmor (23.1.7)

« on: June 14, 2023, 04:33:49 pm »

Had this as well, intel nics.  This has happened on these nics for over a year, I did reach out to support who did offer to remote in, which is hard to do when interfaces are all down I uninstalled, but have you tried emulated mode? Ive heard emulated is pretty stable now...

12

Zenarmor (Sensei) / Re: Sensei throughput cap despite high-performance device

« on: April 27, 2023, 01:00:45 am »

I have not! I’ll give it a shot when I get home next week. Can’t do remote as last few installs have also just hard locked the system when adjusting anything touching netmap

13

Zenarmor (Sensei) / Re: Sensei throughput cap despite high-performance device

« on: April 26, 2023, 12:32:40 am »

Following for a fix, I keep having to uninstall as it barely hits gigabit (10gb network here). I see multi gig on the roadmap, maybe I’ll circle back when it doesn’t cut my speed so dramatically.

14

Zenarmor (Sensei) / Re: Source/Destination IPs wrong

« on: February 13, 2023, 11:11:00 pm »

Yep that fixed that issue. Now it is blocking nothing per policy on intel ix based nic. And when placed in bypass mode, it drops all internet on opnsense until a restart of the firewall. uninstalling yet again and will wait for a less buggy release. Thank you!

15

Zenarmor (Sensei) / Re: Source/Destination IPs wrong

« on: February 13, 2023, 07:52:11 pm »

WOW that was it, thank you, I don't remember that every being an option...is this enabled by default? Should it?? I didn't enable it. That did indeed fix the issue.