Topics

1

22.1 Legacy Series / Whois as a Diagnostic in the GUI

« on: January 31, 2022, 02:28:10 am »

Hi All, since the "whois" command is part of FreeBSD base and a really useful command, do you know if it is possible to make it part of the GUI under Diagnostics?

2

22.1 Legacy Series / Top Talkers old features

« on: January 31, 2022, 02:24:23 am »

Hi All, is there a specific reason why the FQDN toggle in the Top Talkers (Reporting -> Traffic -> Top Talkers) section is not there anymore? It was very useful to perform an instant DNS lookup of the IP instead of copying it and then move to another section (Interfaces -> Diagnostic -> DNS Lookup) to do it.

Also, it would nice to filter per interface and see the destination IP that the host on that interface is talking to with the direction of the traffic. If I filter by the 2 interfaces where the traffic is flowing there is now way to understand the traffic flow of the top hosts as it's a mix of IP addresses.

Thank you!

3

General Discussion / CLI vs GUI opinions

« on: November 23, 2020, 10:58:56 pm »

Hi All,

This post is mainly aimed to understand why the OPNsense userbase has chosen OPNsense rather than using a stock FreeBSD/OpenBSD install with pf managed by the CLI.

I come from a stock FreeBSD+pf+unbound+dhcpd setup since years and the main reason I wanted to move to a GUI was the fact that after a while that I was not logging into it I was going to forget commands and how to do things, and so I was always landing on google/personal notes to remember how to do it. Also the fact that I have a complete dashboard with the current overall status of the appliance gives me more quick awareness of what's passing through my firewall, instead of executing single commands to retrieve isolated information (i.e. top, pftop, systat queues, etc).

What I found online is that many users have the same common reason of not wanting to run a webserver+php on their appliances for security reason, and the fact that via CLI you have more control and learn more.

4

20.7 Legacy Series / Dashboard: CPU usage graph style

« on: November 10, 2020, 05:16:30 pm »

Hi all,

this is mainly a personal/cosmetic taste and I just wanted to know what do you think about changing the CPU usage graph in the dashboard to be the same as the one for State table size/MBUF Usage/Memory usage/Disk usage?

Beside being the same style I think the bars provide more detailed view, always showing the percentage value of the usage.

Thank you,
tofaz

5

20.7 Legacy Series / Shaper not showing IPs/subnets in the status active flows

« on: November 10, 2020, 04:46:58 pm »

Hey Guys,

Does any of you is experiencing the same issue where the shaper status is not showing IP address/subnets details in the active flows?

Should it shows the details about the socket that is using that flow? In my case it's always 0.0.0.0/0 for all active flows as per the screenshot attached.

Thank you!
tofaz

6

20.7 Legacy Series / DHCPv4 and multiple subnets

« on: November 03, 2020, 09:02:28 pm »

Hi all,

I'm currently running FreeBSD with PF as my current firewall and I'm using ISC-DHCPD as the DHCP server for all my networks. Since my core switch is taking care of the internal VLANs routing, then there is a /30 link to connect to the firewall.

With the setup above my DHCP server is configured with multiple subnets (not directly connected to it) and the core switch is relaying DHCP request from all the networks.

I'm thinking to switch back to OPNsense but I see that is not possible to assign multiple subnets to the DHCP scope if they're not directly assigned to it. Looking around I've seen few posts here and there in regards to the "issue" and a PR ticket on GitHub that never got resolved.

Does anyone know if this feature will ever appear in any future OPNsense release? They are using the same DHCP daemon so I'm not sure where the limitation is on the OPNsense side.

Thank you!
tofaz

7

Hardware and Performance / Interface errors

« on: November 15, 2019, 03:39:06 pm »

Hi all,

this post is to share my experience with my current hardware and see if someone can help me out with the current issue that I am facing.

Here the info:

Hardware:

Brand: Protectli
Intel Quad Core Celeron J1900, 64 bit, 2.0GHz, 2MB L2 Cache
4x Intel Gigabit Ethernet NIC ports
4GB DDR3L RAM, 16GB mSATA SSD

Software: OPNsense 19.7.6

Internet connection: Fiber 500Mb/125Mb

Topology:
ISP ONT <--GETH--> Catalyst 3560G <--GETH--> OPNsense


Everytime I reach my top download speed I see the INerrors on the WAN interface increasing:

Name    Mtu     Network          Ipkts     Ierrs  Idrop    Opkts     Oerrs  Coll
em0    1500   <Link#1>       8157917  5362     0      3404088     0        0

But looking at top(1) I see that the CPU is used around 70% during the download test:

last pid: 17396;  load averages:  1.20,  0.99,  0.66                                                                                                up 0+10:44:02  09:27:29
50 processes:  1 running, 49 sleeping
CPU: 25.5% user,  0.0% nice, 43.6% system,  0.3% interrupt, 30.6% idle
Mem: 80M Active, 903M Inact, 474M Wired, 229M Buf, 2360M Free

Looking on the switch interface no errors are present:

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 2940000 bits/sec, 384 packets/sec
  5 minute output rate 10082000 bits/sec, 870 packets/sec
     290584 packets input, 243902590 bytes, 0 no buffer
     Received 2 broadcasts (0 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     686870 packets output, 980312212 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

I have swapped the patch cord from the switch to the FW but the issue persist and at this point I believe it is something related to the NIC drivers. I have run a test and the appliance can reach almost 1Gbps traffic (980Gbps).

If I test the traffic between the other interfaces I see the INerrors increasing on them as well.

Does any of you encountered the same issue or have any idea of what can cause the errors on the interface?

Thank you!

8

18.7 Legacy Series / [Resolved] Feature request (DHCP leases counter)

« on: November 14, 2018, 03:35:38 am »

Hi all,

something I was thinking that could possibly be helpful would be having the counter of how many DHCP leases are in use. I am aware that you can gather it by yourself with the CLI but would be nice and convenient to have the summary in the same page as the status.

Any thoughts?

9

General Discussion / [SOLVED] Static route configuration issue

« on: November 08, 2018, 03:07:29 am »

Hi all,

I am trying to setup a static route on my LAN interfance in order to link a second network behind a router on my private network. My private network is a 10.0.0.0/24 and the other network is a 172.16.0.0/24. The router has the interface1 with 10.0.0.160 and interface2 with 172.16.0.1.

I have added a new gateway in System->Gateways->Single as 10.0.0.160 on the LAN interface.
But when I'm going to add the static route in  System->Routes->Configuration, it is not allowing me to add a route for the network 172.16.0.0 on the LAN new added gateway (Message "Specify a valid network matching the gateways ip protocol").

Am I doing something wrong?

I have tried on another kind of firewall and it is allowing me to add the static route.

Thank you!

10

General Discussion / Unbound DNS and local cache queries

« on: October 12, 2018, 08:45:26 pm »

Hi all,

I just moved to OPNS 18.7 from PFS 2.4.4 and I was wondering if it is still true that the Unbound DNS is still caching previous queries as it will first query itself and then the configured external DNS for faster responses.

When I diagnose a DNS query in "Interfaces: Diagnostics: DNS Lookup" I see that only the configured DNS are queried and not itself as "127.0.0.1" with 0ms response time since it's local.

Thank you!