Topics

1

17.1 Legacy Series / 17.1.r1 Kernel Panic

« on: January 22, 2017, 02:40:37 pm »

I updated my System on Friday from 16.7.13 to 17.1.r1, so far both Saturday and Sunday it has had a Kernel Panic at just after 7:00am Local time. I was able to capture the console output on today's crash.

Code: [Select]

Fatal trap 12: page fault while in kernel mode
cpuid = 2; apic id = 04
fault virtual address   = 0x30
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff80bfcd0c
stack pointer           = 0x28:0xfffffe0119c09430
frame pointer           = 0x28:0xfffffe0119c09460
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = resume, IOPL = 0
current process         = 87062 (sh)
[ thread pid 87062 tid 100087 ]
Stopped at      turnstile_broadcast+0x9c:       movq    0x20(%rbx,%rax,1),%rcx
db>

I looked through the crontab -l output and the /etc/crontab file I can't see anything set to run at about that time. But the fact that It did apparently at the same time, make me really suspicious and of course being that the process was sh, it could be any shell script I haven't been able to find a log message on the system indicating what happened.
Unfortunately later today I am going to have to roll it back until next weekend, this is installed at my house, for my home network and mail server, on weekdays I am in the office by 7, so if the system crashes just afterwards my mail server will be offline all day.
Anyone have any ideas on what I could do to try to narrow this down today as to the cause.

2

16.7 Legacy Series / NAT Reflection & LACP

« on: September 19, 2016, 08:50:32 pm »

I switch my server over from a single port to an LACP 3 port aggregation on the switch. I can talk to all the local IPs and ports just fine, but NAT Reflection isn't working at all. External IP to internal NAT appears to be hit or miss, however this could be a result of certain services talking to other services with NAT reflection.

The server is running FreeBSD the applications are all running from within Jails on the system. When I look at the firewalls ARP table through the interfaces diagnostic page it only shows the base systems ARP entry. However when I ssh to the internal IP of the firewall and list arp entries using arp -a it properly shows the individual jails ARP entries as well.

Looking at tcpdump on the server it appears to show the traffic coming from the firewall and being replied to but the reply never makes it to the client.

Has anyone seen this before?

I am running OPNsense 16.7.3-amd64

3

Hardware and Performance / APU1D4, Performance Tuning

« on: November 13, 2015, 11:45:16 pm »

Does Anyone have an APU1D4, that's able to pull greater than 30Mbits throughput on it? I have a 60Mbits download speed, but can't get over 30Mbits no matter what settings I change. I am currently running on a Virtual Box installation. So I can do some significant testing, I rebuilt the install, with fresh settings, I have verified cabling is not an issue, ports are negotiating 1000Mbits, with flow control. Both interfaces are tied to a Dell PowerConnect 2724 switch, using VLANS to segregate traffic.

4

15.7 Legacy Series / Captive Portal, Breaking OpenVPN site to site Tunnel

« on: October 06, 2015, 08:50:34 pm »

I have 3 VLANs setup on my LAN interface, native VLAN 1, for normal LAN traffic, a VLAN 2 for a GUEST Interface, and VLAN 3 for another, limited interface (same as guest minus captive portal). When I enable the Captive Portal service on the GUEST interface the OPNsense stops forwarding traffic from the OpenVPN tunnel to the LAN interface. I have to disable the Captive Portal and reboot the OPNsense Firewall before it begins forwarding traffic again.
It appears as if the captive portal settings are getting applied to the OpenVPN tunnel interface in addition to the GUEST interface. But of course I don't get an authentication prompt.
The OpenVPN tunnel is a client to another OPNsense firewall which is functioning as the server, I can use the packet capture utility in diagnostics to verify that traffic is passing through the tunnel from the remote end, and hitting the OpenVPN interface of the local OPNsense firewall. But is never forwarded outbound on the LAN interface.
Has anyone else tried to use a captive portal on an OPNsense firewall that also had an OpenVPN client tunnel connection, and or VLANs on the LAN interface to verify whether or not they have seen this issue as well?