Topics

1

20.7 Legacy Series / 20.7 - SNMP interface stats not working properly

« on: August 10, 2020, 10:45:52 am »

Since installing 20.7 my SNMP monitoring is not working correctly. Interfaces which previously were delivering stats via SNMP are now showing zero utilisation, or only a few packets here and there.

I'm not sure if it's related to the new netstat functionality, but the os-net-snmp package isn't working well with 20.7.

2

20.1 Legacy Series / Increased latency since 20.1.8 upgrade

« on: July 03, 2020, 11:38:36 pm »

Since upgrading from 20.1.7 to 20.1.8 I've seen increased latency on the WAN. I use thinkbroadband to monitor the WAN link, plus I have a ping which runs regularly from a monitoring platform on my network. After I performed the upgrade at 14:30 yesterday, my latency and jitter has gone up significantly.

Attached are two graphs. Were there any code changes or package updates that might have caused this? At this stage, I can't rule out my ISP but the timing is exactly when I performed the upgrade.

(the large red spikes in the first graph are outages when I restarted opnsense)

3

20.1 Legacy Series / Net-SNMP plugin CPU usage

« on: April 21, 2020, 04:53:00 pm »

I've been looking at tuning some elements of my OPNsense system and whilst doing that I've noticed the the SNMP process is using over 5% of my CPU when idle (when no SNMP queries are being sent to it).

Code: [Select]

PID USERNAME       THR PRI NICE   SIZE    RES STATE   C   TIME    WCPU COMMAND
67970 root             1  22    0 26004K 15188K select  2   0:17   5.04% /usr/local/sbin/snmpd -p /var/run/net_snmpd.pid
If you update 'top' manually with the space bar or set the interval to 1 second, the snmpd process spikes sometimes to 15-30% cpu when idle (no SNMP queries).

(the above was just after a reboot so the total CPU time was still low - I'll post an update once the server has been running for some time).

I don't see why SNMPD should be using quite so much CPU (for reference, this server is running on an i3-8300T).

I see a few errors in /var/log/snmpd.log but these only seem to written ever 30 seconds or so when idle:

Code: [Select]

error on subcontainer 'ia_addr' insert (-1)
When receiving an actual SNMP query (every 5 mins), quite a few of these get written to the log:

Code: [Select]

error on subcontainer 'swrun container' insert (-1)
There's very little configuration changes that can be done to Net-SNMP so was wondering if there was an issue in the implementation.

4

20.1 Legacy Series / Cannot see log files in GUI

« on: March 01, 2020, 12:17:15 am »

No matter which log file I try, I can't see any log entries in the GUI. The screen always shows 'loading...' (see attached pic).

This is true which log file I choose:

Firewall / Plain View
Services / Intrusion Detection / Log File
Unbound DNS / Log File
System / Log Files / General, Backend, Web GUI
etc. etc.

I tried removing all logs in /var/log and rebooting. There are log files in /var/log with data in them.

5

20.1 Legacy Series / High IO - sqlite3 process - reset, repair netflow doesn't work

« on: February 29, 2020, 11:14:59 pm »

The sqlite3 process (/usr/local/bin/sqlite3 /var/netflow/src_addr_086400.sqlite.fix) has started thrashing my disk.
The disk light is on permanently and 'top -m io -o write -s 1' reports 100% utilisation all the time:

PID USERNAME        VCSW  IVCSW   READ  WRITE  FAULT  TOTAL PERCENT COMMAND
58129 root             610      2      0    762      0    762 100.00% sqlite3

I've tried 'Reset Netflow Data' and 'Repair Netflow Data'. I've also tried deleting everything in /var/netflow and rebooting. Every time the server comes back up, this process starts thrashing the disk. The only thing I can do right now is kill -9 the process.

Any ideas on what I can do to fix this?

6

19.7 Legacy Series / CPU frequency and PowerD settings

« on: January 11, 2020, 12:59:56 am »

I currently have 'Use PowerD' enabled in the GUI with all 3 settings set to Adaptive; but I don't think it's working.

From a console, I load up the CPUs and run 'powerd -v' and from the output it seems as though it wants to change the CPU frequency but it can't:

Code: [Select]

root@OPNsense:~ # powerd -v
powerd: unable to determine AC line status
load 400%, current freq  800 MHz (15), wanted freq 3200 MHz
changing clock speed from 800 MHz to 3100 MHz
load 400%, current freq  800 MHz (15), wanted freq 6200 MHz
changing clock speed from 800 MHz to 3100 MHz
load 400%, current freq  800 MHz (15), wanted freq 6200 MHz
changing clock speed from 800 MHz to 3100 MHz
load 400%, current freq  800 MHz (15), wanted freq 6200 MHz
changing clock speed from 800 MHz to 3100 MHz
Here's the output on idle:

Code: [Select]

root@OPNsense:~ # powerd -v
powerd: unable to determine AC line status
load   0%, current freq  800 MHz (15), wanted freq  800 MHz
load  42%, current freq  800 MHz (15), wanted freq  896 MHz
changing clock speed from 800 MHz to 1000 MHz
load  18%, current freq  800 MHz (15), wanted freq  868 MHz
changing clock speed from 800 MHz to 1000 MHz
load   0%, current freq  800 MHz (15), wanted freq  840 MHz
changing clock speed from 800 MHz to 1000 MHz
load   4%, current freq  800 MHz (15), wanted freq  813 MHz
changing clock speed from 800 MHz to 1000 MHz
load   0%, current freq  800 MHz (15), wanted freq  800 MHz
load  16%, current freq  800 MHz (15), wanted freq  800 MHz
load   0%, current freq  800 MHz (15), wanted freq  800 MHz

I've checked the BIOS, there's nothing obviously wrong (e.g. power management is turned on). I've also checked the CPU frequency using sysctl whilst under load repeatedly, and freq never changes:

Code: [Select]

root@OPNsense:~ # sysctl -a | grep dev.cpu.0.freq:
dev.cpu.0.freq: 800
Any ideas on getting this working? I've tried the other settings in the GUI (max,min,hiadaptive) - the behaviour does not change.

7

General Discussion / [SOLVED] Static routing problem

« on: October 31, 2018, 06:55:35 pm »

I have Opnesense set up with a LAN interface (192.168.1.0/24) and a WAN Internet interface - standard NAT setup etc.

I added another new router to my LAN (192.168.30.0/24) that default gateways to Opnsense. On Opnsense I've added a new gateway for the new router, and added a static route to 192.168.30.0/24 - plus did the NAT rules etc. Outcome, hosts on 192.168.30.0/24 can access the Internet on the WAN, plus I can access the Opnsense web portal on 192.168.1.0/24.

However, hosts on 192.168.30.0/24 cannot access hosts on the 192.168.1.0/24 network. In a network trace on a .30 host, I can see packets coming in - but no packets going out (TCP connection won't establish). If I look on Opnsense, I can see in the Live Firewall logs that Opnsense is blocking the return traffic by the 'default deny rule':

   lan      Oct 31 17:50:53   192.168.1.198:22   192.168.30.12:52372   tcp   Default deny rule

The .30 host default gateway points to Opnsense. If I add a static route to the .30 host (e.g.  route add -net 192.168.30.0/24 gw 192.168.1.250 then magically it all works, and Opnsense doesn't block at the firewall level. I've tried adding in firewall rules to allow all the traffic on the LAN interface but nothing works.

My question: how do I get this to work? Why does adding a manual static route to a host magically let the traffic through the firewall?

8

General Discussion / Support Schedules in Traffic Shaper Rules

« on: June 04, 2018, 06:40:45 pm »

This would be a really useful feature. We can already define schedules for firewall rules, could we look at providing the same support for the firewall rules in the traffic shaper?

There will be circumstances where traffic needs to be prioritised differently at different times of the day, e.g. work hours prioritise certain interactive traffic, evening prioritise more bulk or backup traffic etc.

9

18.1 Legacy Series / Traffic Shaper not working as expected - not close to configured pipe speed

« on: April 08, 2018, 10:41:05 am »

I'm running 18.1.5.

I've been having problems getting the traffic shaper to work. As an example, I have two simple pipes - one set to 400Mbps which I apply to download traffic on my subnet via rules, and another pipe set to 20Mbps which I apply to upload traffic on my subnet (not using queues in this example).

The interfaces on the device a gigabit - and I test using an iperf client and server on either side. The upload pipe works as expected, no problems there. However, the download pipe I only get around 250Mbit/s (when its set to 400Mbps) - no matter what settings I try for the pipe. In some circumstances, shortly after resetting the rules I see 395Mbit/s for about 4-5 seconds, and then it settles back down to around 250Mbits/s again. I've tried no mask, source, destination, codel, different scheduler types - just can't seem to get past the 250Mbit/s.

If I set the download pipe to 800Mbit/s I then get around 600Mbit/s of traffic through the interface. With no other traffic on the network, I'm struggling to see why I don't get the full speed? With no traffic shaping enabled I get around 940Mbit/s.

Any ideas why this is happening? Ultimately I'd like to start using queues to prioritise traffic but I'm just trying to get the basic pipes working for the moment - I just can't get close to the configured speed. I could fudge it by upping the bandwidth configured, but that makes no sense to me.

10

17.7 Legacy Series / DHCPv6 Relay Service won't start

« on: November 26, 2017, 06:56:59 pm »

Hi all,

I'm unable to start the DHCPv6 Relay service.

My WAN and LAN interfaces have IPv6 addresses - I'm not running DHCPv6 Server on any of them, I have Advertisments turned off - but I just can't start the service.

I click on start, and nothing, no errors - does anyone know where I can find logs to debug this further or have any ideas what could be causing the issue?

Thanks!