Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - Gilad

Pages1
#1
Hardware and Performance / Problem with the OPNsense DEC750 and SFP
February 07, 2024, 01:49:11 PM
Hi,

It seems like something is not working when I'm using SFP adapters with the DEC750...

The DEC750 (latest software version) is connected with SFP (x0) to a Cisco L2 switch.

The WAN interface is coming up, but I can't send or receive any traffic. The only way to get it working is to change something in the WAN interface settings (like MTU), and then the connection is back to life.

Before the MTU change I can't even see the MAC address entry on the Cisco...

I'm using a standard Cisco RJ45 SFTP (I've tried several). The following is the log on the console when inserting the FSP:

Code Select
ax0: xgbe_phy_sfp_signals: port_sfp_inputs: 0x0
ax0: SFP detected:
ax0:   vendor:   CISCO-AVAGO     
ax0:   part number:    ABCU-5710RZ-CS4
ax0:   revision level: B2 
ax0:   serial number:  AGM165220FH     
miibus0: <MII bus> on ax0
e1000phy0: <Marvell 88E1111 Gigabit PHY> PHY 0 on miibus0
e1000phy0:  none, 1000baseSX, 1000baseSX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
ax0: Link is UP - 1Gbps/Full - flow control off


Any ideas?
#2
23.1 Legacy Series / Something is seriously wrong with OPNSense 23.1.5
March 29, 2023, 06:14:39 PM
I can't access the internet, everything get blocked on: Default deny / state violation rule

All the NAT/access rules are still in place, but DNS query blocked:

DMZ      2023-03-29T17:11:33   10.10.50.110:39249   10.10.50.1:53   udp   Default deny / state violation rule   
DMZ      2023-03-29T17:11:33   10.10.50.110:39249   10.10.50.1:53   udp   Default deny / state violation rule   
DMZ      2023-03-29T17:11:28   10.10.50.110:39249   10.10.50.1:53   udp   Default deny / state violation rule   
DMZ      2023-03-29T17:11:28   10.10.50.110:39249   10.10.50.1:53   udp   Default deny / state violation rule   
DMZ      2023-03-29T17:11:23   10.10.50.110:50869   10.10.50.1:53   udp   Default deny / state violation rule   
DMZ      2023-03-29T17:11:23   10.10.50.110:50869   10.10.50.1:53   udp   Default deny / state violation rule   
DMZ      2023-03-29T17:11:19   10.10.50.110:50869   10.10.50.1:53   udp   Default deny / state violation rule   
DMZ      2023-03-29T17:11:19   10.10.50.110:50869   10.10.50.1:53   udp   Default deny / state violation rule

Access outside blocked:

DMZ      2023-03-29T17:13:29   10.10.50.110:58044   151.101.0.81:443   tcp   Default deny / state violation rule   
DMZ      2023-03-29T17:13:25   10.10.50.110:58044   151.101.0.81:443   tcp   Default deny / state violation rule   
DMZ      2023-03-29T17:13:23   10.10.50.110:58044   151.101.0.81:443   tcp   Default deny / state violation rule   
DMZ      2023-03-29T17:13:22   10.10.50.110:58044   151.101.0.81:443   tcp   Default deny / state violation rule
#3
23.1 Legacy Series / IPsec tunnels dies after a few hours, but tunnels status is still up on OPNsense
March 27, 2023, 02:24:33 PM
Started after installing the latest version - 23.1.4 (and still happened after 23.1.4_1).

The two IPsec tunnels were rock stable with the previous versions.

The tunnels status is still up on the OPNsense GUI, but I can't ping or SSH to hosts on the other side.
After around 40 minutes I'm getting these entries in the log:

2023-03-27T13:13:02   Informational   charon   05[ENC] <con3|25> generating CREATE_CHILD_SA request 8 [ N(REKEY_SA) N(ESP_TFC_PAD_N) SA No KE TSi TSr ]   
2023-03-27T13:13:02   Informational   charon   05[IKE] <con3|25> establishing CHILD_SA con3{57} reqid 3   
2023-03-27T13:13:02   Informational   charon   05[KNL] creating rekey job for CHILD_SA ESP/0xec8f744e/167.xxx.xxx.xxx

and then this:

2023-03-27T13:16:11   Informational   charon   11[IKE] <con2|24> rekeying IKE_SA failed, peer not responding   
2023-03-27T13:16:11   Informational   charon   11[IKE] <con2|24> giving up after 5 retransmits   
2023-03-27T13:15:47   Informational   charon   11[KNL] <con3|25> unable to delete SAD entry with SPI c088053f: No such process (3)   
2023-03-27T13:15:47   Informational   charon   11[IKE] <con3|25> giving up after 5 retransmits

Only restarting the strongswan service solves the problem.

Any ideas?
#4
Hardware and Performance / Deciso DEC850 - CPU speed goes up only to 1500MHz instead of 3100MHz?
January 29, 2022, 12:20:51 PM
Hi,

I have the Deciso OPNsense DEC850, with the AMD EPYC 3201 CPU, running OPNsense version 22.1 (was the same with versions 21.7.x).
This CPU should run at 1500MHz to 3100MHz frequency, but when running the shell command powerd -v I can see that it's actually never goes above 1500MHz:

Code Select
load  40%, current freq 1500 MHz ( 0), wanted freq 2643 MHz
load  83%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  30%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  56%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  33%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  15%, current freq 1500 MHz ( 0), wanted freq 2906 MHz
load  68%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  51%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load   0%, current freq 1500 MHz ( 0), wanted freq 2906 MHz
load   0%, current freq 1500 MHz ( 0), wanted freq 2815 MHz
load   0%, current freq 1500 MHz ( 0), wanted freq 2727 MHz
load  82%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 129%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load   0%, current freq 1500 MHz ( 0), wanted freq 2906 MHz
load   0%, current freq 1500 MHz ( 0), wanted freq 1486 MHz
load   0%, current freq 1500 MHz ( 0), wanted freq 1439 MHz
load   4%, current freq 1500 MHz ( 0), wanted freq 1394 MHz
changing clock speed from 1500 MHz to 1400 MHz
load   0%, current freq 1400 MHz ( 1), wanted freq 1350 MHz
load   0%, current freq 1400 MHz ( 1), wanted freq 1307 MHz
load   0%, current freq 1400 MHz ( 1), wanted freq 1266 MHz
load  12%, current freq 1400 MHz ( 1), wanted freq 1226 MHz
load   0%, current freq 1400 MHz ( 1), wanted freq 1200 MHz
changing clock speed from 1400 MHz to 1200 MHz
load   0%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   3%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   0%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   3%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   8%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   4%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   5%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   0%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   0%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load   6%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load  15%, current freq 1200 MHz ( 2), wanted freq 1200 MHz
load 117%, current freq 1200 MHz ( 2), wanted freq 3000 MHz
changing clock speed from 1200 MHz to 1500 MHz
load  57%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  40%, current freq 1500 MHz ( 0), wanted freq 2402 MHz
load 105%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 122%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 100%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 105%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 100%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 104%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  98%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load  91%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 104%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 100%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 100%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 100%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 100%, current freq 1500 MHz ( 0), wanted freq 3000 MHz
load 100%, current freq 1500 MHz ( 0), wanted freq 3000 MHz


I've already tried (in System: Settings: Miscellaneous) to switch the PowerD off and on, and change the settings to Maximum, Minimum, Adaptive And Hiadaptive, but it makes no difference.

It's quite an expensive box, and one would assume that Deciso will make sure OPNsense support all the features of their own hardware...

Any ideas?
#5
21.7 Legacy Series / 21.7.4: Dashboard error: A problem was detected. Click here for more information
October 29, 2021, 03:23:31 PM
Hi,

I've upgraded to version 21.7.4 yesterday, and didn't have any problems.
However, today I've noticed this error displayed on the dashboard, and it seems like it a PHP error:

[29-Oct-2021 11:39:15 Europe/London] PHP Warning:  Phalcon\Session\Adapter\Stream::read(/var/lib/php/sessions/sess_be911bfde6d67e18ba8a619c4b5cb3cb): failed to open stream: No such file or directory in /usr/local/opnsense/mvc/app/config/services_api.php on line 73

From /usr/local/opnsense/mvc/app/config/services_api.php:

Code Select
62
63 /**
64  * Start the session the first time some component request the session service
65  */
66 $di->setShared('session', function () {
67     $session = new Manager();
68     $files = new Stream([
69         'savePath' => session_save_path(),
70         'prefix'   => 'sess_',
71     ]);
72     $session->setAdapter($files);
73     $session->start()
74     // Set session response cookie, unfortunalty we need to read the config here to determine if secure option is
75     // a valid choice.
76     $cnf = Config::getInstance();
77     if ((string)$cnf->object()->system->webgui->protocol == 'https') {
78         $secure = true;
79     } else {
80         $secure = false;
81     }
82     setcookie(session_name(), session_id(), null, '/', null, $secure, true);
83
84     return $session;
85 });
86

I thought It's a session/cookie issue, but restarting Google Chrome and even using Firefox doesn't help...


Any ideas?

(I've submitted a crash report)
#6
21.1 Legacy Series / Several log entries of "getty[54705]open /dev/ttyUx: No such file or directory"
July 09, 2021, 04:28:12 PM
Hi,

Running the latest build on OPNsense DEC850, I'm getting several log entries per second of the following:

2021-07-09T15:15:17   getty[9966]   open /dev/ttyU0: No such file or directory   
2021-07-09T15:15:17   getty[9966]   open /dev/ttyU0: No such file or directory   
2021-07-09T15:15:17   getty[55359]   open /dev/ttyU3: No such file or directory   
2021-07-09T15:15:17   getty[55359]   open /dev/ttyU3: No such file or directory   
2021-07-09T15:15:17   getty[41650]   open /dev/ttyU0: No such file or directory   
2021-07-09T15:15:17   getty[41650]   open /dev/ttyU0: No such file or directory   
2021-07-09T15:15:17   getty[80220]   open /dev/ttyU3: No such file or directory   
2021-07-09T15:15:17   getty[80220]   open /dev/ttyU3: No such file or directory   
2021-07-09T15:15:17   getty[13807]   open /dev/ttyU3: No such file or directory   
2021-07-09T15:15:17   getty[13807]   open /dev/ttyU3: No such file or directory   
2021-07-09T15:15:17   getty[99240]   open /dev/ttyU3: No such file or directory

Any ideas?
#7
21.1 Legacy Series / IPsec VPN from an iOS device to OPNsense connect and works fine, then just dies
May 07, 2021, 12:53:09 PM
Hi,

I've configured IPsec on my OPNsense DEC850, with AES256, SHA256 and DH-14. Works great for 20-30 seconds, then just stops passing traffic (user stays connected). I've tried different encryption and hash options, but nothing helps. I wonder if this has anything to do with the AES-NI acceleration bug...

any ideas?
Pages1