Topics

Hello,

I have set up a secondary firewall, the NIC configuration is different, but I don't believe that is a problem anymore.  I do not have CARP configured yet.  For HA, I have All Services selected, and all networks configured equally, for example HA is called HA and LAN is called LAN on both firewalls.

After sync, everything looks good, except for HA firewall rules.  The single basic HA rule is being removed on the secondary firewall after sync. So I can no longer perform another sync until I add the rule back to the secondary firewall.

Any idea what is causing the behaviour?

Thanks

I have an odd issues, where when a device restarts DHCPv6 is always giving the client a new IPv6 address.

Within the leave on "ICP DHCPv6" I see the following (attached)



Any idea's the leave times are default?

Hi Guys,

• I have DHCPv6 configured on the WAN interface and its using PD with a /56.
• I also have Static IPv6 configured on my LAN interfaces using ULA configured as /64.
• I'd like to use NPT for 1:1 between the equivalent WAN /56 mapped to the LAN /56.

I have this working with NPT (/56 and /64) mapping configs, however I need to enter the "External IPv6 Prefix (target)" to make this work.  I recall reading to leave "External IPv6 Prefix (target)" empty for it to work dynamically, however that does not work, even with /56, which is address to address.

Any thoughts, what I'm missing?

Hi Guys,

I understand the Common Name within 'Client Specific Overrides' is the certificate CN used for the user, however, it doesn't appear to be working.

Any Ideas?

Thanks,

Hi Guys,

I have a couple of shapers, one for inbound and one for outbound on my WAN interface.  I am running a virtual firewall, the external WAN interface is now passthrough using igb, which has improved things a lot.

When enabling any shapers using vmxnet3 on the LAN interface, my download performance drops from 800-900Mbit to 600Mbit. 

I therefore changed to E1000e for the LAN, and that increased performance without shapers to between 850-950Mbit.  However, I am still getting a performance drop with shapers to around 700Mbit (during testing, I am increasing the shaper to 1800Mbit to eliminate queue size).

Any Suggestions?

Thanks,

Hi Guys,

Is there any support for VRF's?  I have a use case for a Management/OOB interface.

Thanks,

Hi Guys,

I don't know if I'm doing something wrong here, but I cannot get weights to work on queues.

I have the following:

Pipe:
Bandwidth - 100Mb
Scheduler - Weighted Fair Queueing

Queue 1:
Pipe - Above
Weight - 100

Queue 2:
Pipe - Above
Weight - 1

Rule 1:
Destination Address: host 1
Target - Queue 1

Rule 2:
Destination Address: host 2
Target - Queue 2

The queues are working, but no matter what I use for weight, it is always around 50/50.

Thanks,

Sup guys,

Netflow appears to be counting traffic twice, this port UPnP.  Am I seeing this correctly, check out the pictures.

EDIT: I'm also seeing the same thing with NAT rules.

Thanks,

Hi Guys,

I hit reset in the Traffic Shaper and although I have rules in the GUI I have lost all rules when I run 'ipfw -a list' I now get:

Code Select Expand


root@OPNsense:~ # ipfw -a list
65535 17072 4146486 allow ip from any to any


Hi Guys,

I've been playing with the Traffic Shaper, having come for pfSense, but gave up on the shapers, I thought I'd give it another look with the change to dummynet/ipfw.

I have a simple Pipe with bandwidth set to 200Mbit and a rule for one host.  When I test this limit and look at some traffic charts on opnsense, it's extremely choppy between 110Mbit and 150Mbit.  I'd expect it to hit 200Mbit and stay there.  I have tested at different bandwidths and it does the same, never keeping at a stable throughput.

Any ideas?  Is it my understanding.

I am running on an ESXi Virtual Machine, performance and memory look ok and they are E1000 NICs.

Thanks,