Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - gafrol

Pages: [1]

24.7 Production Series / Re: Duplicate Echo Reply Received

« on: October 07, 2024, 10:44:07 pm »

I am seeing the same messages from my dual WAN setup.

2024-10-07T22:36:00   Warning   dpinger   WAN2_DHCP 8.8.4.4: duplicate echo reply received
2024-10-07T21:16:09   Warning   dpinger   WAN2_DHCP 8.8.4.4: duplicate echo reply received
2024-10-07T21:02:47   Warning   dpinger   WAN2_DHCP 8.8.4.4: duplicate echo reply received
2024-10-07T18:33:54   Warning   dpinger   WAN2_DHCP 8.8.4.4: duplicate echo reply received

General Discussion / High latency pinging the Opnsense LAN interface

« on: November 08, 2023, 09:52:10 pm »

Still observing random high latency pinging the Opnsense LAN interface 192.168.1.1 From the same PC I am pinging two other internal IP's 192.168.1.2 and 192.168.1.192 with no latency issues.
This is really annoying because my latency-sensitive voice applications (internet-based) don't like it.

General Discussion / Re: High Latency - every 8 hours

« on: November 08, 2023, 08:05:35 am »

When switching off REPORTING: NETFLOW the observed high-latency disappears.

General Discussion / Re: High Latency - every 8 hours

« on: November 07, 2023, 03:15:39 pm »

in /var/log/system/latest.log I see these log entries every time this happens.

<13>1 2023-11-07T04:01:09+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum dst_port_000300.sqlite
<13>1 2023-11-07T04:01:09+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum dst_port_003600.sqlite
<13>1 2023-11-07T04:01:09+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum dst_port_086400.sqlite
<13>1 2023-11-07T04:05:20+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum src_addr_details_086400.sqlite
<13>1 2023-11-07T04:08:13+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum src_addr_000300.sqlite
<13>1 2023-11-07T04:08:13+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum src_addr_003600.sqlite
<13>1 2023-11-07T04:08:13+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum src_addr_086400.sqlite
<13>1 2023-11-07T04:09:29+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum interface_000030.sqlite
<13>1 2023-11-07T04:09:30+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum interface_000300.sqlite
<13>1 2023-11-07T04:09:31+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum interface_003600.sqlite
<13>1 2023-11-07T04:09:31+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="4"] vacuum interface_086400.sqlite
<13>1 2023-11-07T04:09:31+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="5"] vacuum done

<13>1 2023-11-07T12:01:48+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum dst_port_000300.sqlite
<13>1 2023-11-07T12:01:48+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum dst_port_003600.sqlite
<13>1 2023-11-07T12:01:48+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum dst_port_086400.sqlite
<13>1 2023-11-07T12:05:56+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum src_addr_details_086400.sqlite
<13>1 2023-11-07T12:08:17+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum src_addr_000300.sqlite
<13>1 2023-11-07T12:08:17+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum src_addr_003600.sqlite
<13>1 2023-11-07T12:08:17+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum src_addr_086400.sqlite
<13>1 2023-11-07T12:09:24+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="1"] vacuum interface_000030.sqlite
<13>1 2023-11-07T12:09:25+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="2"] vacuum interface_000300.sqlite
<13>1 2023-11-07T12:09:26+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="3"] vacuum interface_003600.sqlite
<13>1 2023-11-07T12:09:26+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="4"] vacuum interface_086400.sqlite
<13>1 2023-11-07T12:09:26+01:00 OPNsense.localdomain flowd_aggregate.py 75395 - [meta sequenceId="5"] vacuum done

Has this something to do with reporting?

General Discussion / High Latency - every 8 hours

« on: November 07, 2023, 03:01:07 pm »

I am observing high-latency pings to the local wired Interface of the Opnsense firewall from the LAN. Starting at 4 am (CET) latency climbs to 2500 for about 2-3 minutes, repeating every 8 hours.

I can replicate the issue on every interface. For troubleshooting purposes, I have configured a new interface put a Windows machine in the newly configured Network, and connected it with an ethernet cable directly to the Opnsense firewall, with no switch in between. Just the Win PC -- ethernet cable - Opnsense. I don't see any interface errors or collisions in the statistics.

Again the issue repeats every 8 hours, starting at 4am. Trying to understand what is causing this behavior.

General Discussion / Re: DNS weirdness - Unbound DNS

« on: October 31, 2023, 04:55:40 pm »

Nope, wrong direction. Zenarmor was the problem. Zenarmor -> servers.rmnoise.com -> parked domain, returns 100.64.3.4. Now fixed

General Discussion / Re: DNS weirdness - Unbound DNS

« on: October 31, 2023, 04:27:25 pm »

The FW gets the correct IP's

16:23:46.614491 IP 84-73-XXX-XXX.dclient.hispeed.ch.48804 > dns.google.domain: 61194+ [1au] A? servers.rmnoise.com. (48)
16:23:46.633358 IP dns.google.domain > 84-73-XXX-XXX.dclient.hispeed.ch.48804: 61194 2/0/1 A 174.170.161.132, A 184.80.221.105 (80)

General Discussion / Re: DNS weirdness - Unbound DNS

« on: October 31, 2023, 03:56:42 pm »

No overrides configured

General Discussion / DNS weirdness - Unbound DNS

« on: October 31, 2023, 03:13:04 pm »

I am puzzled. A DNS request for servers.rmnoise.com returns IP address 100.64.3.4 while the real IP addresses are 184.80.221.105 AND 174.170.161.132. 192.168.1.1 is my Opnsense FW. Here is a Wireshark capture.

I don't have any DNS issues at all besides the one with servers.rmnoise.com.
Any ideas?

Web Proxy Filtering and Caching / Re: Prevent download of password protected ZIP

« on: December 04, 2022, 01:18:29 am »

Apparently this is not possible which is a bit concerning as this attack vector is quite common.

Web Proxy Filtering and Caching / Prevent download of password protected ZIP

« on: November 24, 2022, 03:06:43 pm »

Is this somehow possible ?

Thanks

Pages: [1]