OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of devhunter55 »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - devhunter55

Pages: [1]
1
Hardware and Performance / Flow control - best practices
« on: April 17, 2022, 03:52:02 pm »
Dear all

i read a lot about advantages about having flow control disabled - but i'm not sure if this might be some kind of mandatory for some use cases (like suricata or ISP WAN IP) ?

I read a forum advice from a member that Flowcontrol enabled on some device solved his problem, so i'm unsure, what to do (let flowcontrol enabled on all nics or not).

"Turns out it was a problem with flow control. Once I enabled flow control for only my LAN SFP+ connection on my firewall to the switch and left flow control off for the WAN interface on the firewall both 1G and 10G clients were getting proper WAN speeds on the switch.

Remember ethernet speed mismatch can cause problems, use flow control to resolve them!
"

my current opnsense settings:

root@opnsense:~ # sysctl -a | grep dev.igb| grep -i control
dev.igb.5.rx_control: 4194304
dev.igb.5.device_control: 136053313
dev.igb.5.eee_control: 1
dev.igb.4.rx_control: 4194304
dev.igb.4.device_control: 136053313
dev.igb.4.eee_control: 1
dev.igb.3.rx_control: 4194304
dev.igb.3.device_control: 135791169
dev.igb.3.eee_control: 1
dev.igb.2.rx_control: 4194304
dev.igb.2.device_control: 136053313
dev.igb.2.eee_control: 1
dev.igb.1.rx_control: 71598082
dev.igb.1.device_control: 1075577409
dev.igb.1.eee_control: 1
dev.igb.0.rx_control: 71598082
dev.igb.0.device_control: 1075577409
dev.igb.0.eee_control: 1

Thx all for help & ideas .. and Happy Easter  :D

2
22.1 Production Series / ZPOOL Features - any recommendations ?
« on: March 12, 2022, 12:32:55 pm »
Dear all

is there any recommendation on that : (did see this after going to FreeBSD 13).
Just enabling or not ?

  pool: zroot
 state: ONLINE
status: Some supported and requested features are not enabled on the pool.
        The pool can still be used, but some features are unavailable.
action: Enable all features using 'zpool upgrade'. Once this is done,
        the pool may no longer be accessible by software that does not support
        the features. See zpool-features(7) for details.

3
General Discussion / ssh to another server from opnsense may take sometimes till 30 seconds
« on: March 08, 2022, 12:34:53 am »
Hi all

i've got a strange behave on Opnsense  - when ssh to another server (which is configured in UNBOUND DNS),
ssh connection takes sometimes up to 30 seconds - but not always.

Most of the time the ssh connects very quickly, but sometimes there is a huge wait.

I.e. opnsense# ssh server1

Did run the command (ssh server1) with debug option, i see these messages:

debug3: verify_host_key_dns
DNS lookup error: general failure

The "DNS lookup error: general failure" appears also, when the ssh connection is quick, so i think this not the culprit here.

nslookup of server1 is always very fast  (means, the server can be resolved by DNS).

cannot find any relevant information into the logs ..

4
22.1 Production Series / OPNsense 22.1.1_3 Upgrade to 22.1.2 - UNBOUND 100% CPU - Recovery needed
« on: March 07, 2022, 11:56:05 am »
7.3.2022: Did an upgrade from:OPNsense 22.1.1_3 TO:OPNsense 22.1.2.

After that, UNBOUND got permanent CPU of 100% & was most of time unresponsive.

Had to do a FULL ZFS-Recovery to the previous version (22.1.1_3).
Now system is running stable again.

5
21.7 Legacy Series / OPNsense 21.7.3_3 - device is seen only on port 6 on the switch
« on: October 18, 2021, 01:48:41 pm »
i did setup a new Device with "OPNsense 21.7.3_3".

After completing the setup i did connect the device to another port on my TP-LINK Switch.
After doing this, the device is not reachable anymore from network.
(i used the same ethernet cable).

After contacting the TP-Link support, they told me, the OpnSense has enabled "802.1X-Authentication" per default - and the opnsense will allow connections to this specific switch port (port:6) only - now and in the future.

The TP-Link support told me - when i would change this behave, then i need to buy a Switch, which will have the following characteristics:

* Level 2+ or Level 3 Switch, which supports 802.1x
* Switch Dynamic VLAN Assignment

Does anyone have got some experience, advices on that ?

(may be there is configuration i missed to setup and i don't need to buy another switch)

Thanks all for any answer. I do appreciate.
Mike

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2022 All rights reserved
  • SMF 2.0.18 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2