Messages

1

24.7 Production Series / Re: CPU temp increase since 24.7.8

« on: November 08, 2024, 08:16:37 am »

Thanks for the advice, I think I found it - when I ran top the only process that looked to be constantly busy was "monit", and when I tried to stop the service nothing happened, either with the menu option or with the diagnostics/services menu. So I tried to kill it through top and still the process would not stop, and even a normal kill failed on the command line. Had to use kill -9 to get it to stop.


I then checked the monit log and it had been repeatedly complaining for a while about a Suricata alert not available, although the last message was over 12hrs ago, which was probably as I stopped using Suricata quite some time ago. I removed the alert, restarted the monit service and so far the CPU temp has gone back down to previous levels.

2

24.7 Production Series / [SOLVED] CPU temp increase since 24.7.8

« on: November 07, 2024, 11:32:35 am »

After upgrading from 24.7.7 to 24.7.8, the CPU temp of the Proxmox host that OPNsense runs on has increased a fair bit. Has anyone else seen this?


It's still within an acceptable range but it's never been like this for the all the time I've been running it as a VM. There are a couple of other very small containers on the same host, but even when I shut them down the temperature doesn't change. It's also a passively cooled unit so I'd rather it was back to previous temperatures.

3

24.7 Production Series / Re: Notifications upon acme auto-renewal failures

« on: October 31, 2024, 10:04:23 am »

I have a Zabbix server monitoring all my certificate's expiration dates, and it's occasionally alerted me to a failed ACME renewal, but as you mention, it would be nice for ACME itself to have some way to report problems, if there isn't already some other way that I'm not aware of.

4

24.7 Production Series / Re: Best Guest System to virtualize OPNsense in Proxmox

« on: September 20, 2024, 01:38:51 pm »

Not sure what the point of repeating yourself was, so https://man.freebsd.org/cgi/man.cgi?query=virtio_balloon&sektion=4&manpath=FreeBSD+14.1-STABLE points to that it should and someone else on the forum stated that it did for them: https://forum.opnsense.org/index.php?topic=41958.msg209102#msg209102

5

24.7 Production Series / Re: Best Guest System to virtualize OPNsense in Proxmox

« on: September 20, 2024, 01:16:20 pm »

I am not sure if I should use Ballooning or not, when the guest is running Proxmox reports around 90% RAM usage, when in reality is no more than 20%, I have been playing around with Ballooning ON/OFF, but it doesn't seem to solve the memory reporting issue in Proxmox, are you experiencing the same problem? Thanks

This has been $64billion question on the Proxmox forum with no end of reasons given but none of them to me really explaining why. For me the issue is worse for Windows, because it's Windows, but also if ZFS is involved then that can use RAM without the OS knowing about it as well. I just enable it when I can and just monitor it from within the VMs, for which I use Zabbix.

6

24.7 Production Series / Re: OPNsense as a VM in Proxmox, what FS to select UFS or ZFS

« on: September 19, 2024, 08:04:39 am »

Agreed, ZFS - when I went from physical to Proxmox I took the opportunity to change from UFS to ZFS

7

24.7 Production Series / Re: Best Guest System to virtualize OPNsense in Proxmox

« on: September 19, 2024, 08:02:17 am »

Personally I've used q35, have to make sure secureboot is disabled as it's not supported, so use SEABIOS or disable it in the UEFI bios, and yes enable the QEMU agent as there's support for that within OPNsense.


For now I have ballooning off as when I installed last year it would give OPNsense more than 2GB, but I believe this is solved now and just something I need to get around to checking out again.

8

24.7 Production Series / Re: Update to 24.7.2 results in kernel panic

« on: August 29, 2024, 09:56:58 am »

I'm suspecting a bad zpool in your install that is now found since zpool import -Na does what it should.

What's the best way to check this and hopefully fixing it before attempting an upgrade?

9

24.7 Production Series / Re: OPNsense and KVM's Virtio Network Driver

« on: August 19, 2024, 09:27:41 am »

Out of interest, how much RAM is OPNsense reporting as installed on the dashboard?


I can see you have a balloon set at 2048 with 8192 for the total, which is much like what I wanted, but that never worked for me and OPNsense reported only ever reported 2048 and would never go above this. I had to set balloon to 0, i.e. disable it, before it could see all 8GB. Again, not sure yet if this is something that 24.7 may have fixed with its newer OS - going to give the upgrade a go this coming weekend.

10

24.7 Production Series / Re: OPNsense and KVM's Virtio Network Driver

« on: August 05, 2024, 01:31:04 pm »

Perhaps you can post the VM config from Proxmox so we can see exactly how it's been configured?


I have a small multi-NIC Intel mini-PC running OPNsense on Proxmox really well, so hopefully it's just a misconfiguration somewhere. This is my config - I have 3 of the 4 NICs in pass-through for performance and not wanting anything else interfering with them, with the 4th one bridged for access to my LAN + a couple of VLANs:

Code: [Select]

agent: 1
args: -vnc 0.0.0.0:10
balloon: 0
bios: seabios
boot: order=scsi0
cores: 4
cpu: host
hostpci0: 0000:01:00,pcie=1
hostpci1: 0000:03:00,pcie=1
hostpci2: 0000:04:00,pcie=1
hotplug: disk,network,usb,cpu
machine: q35,viommu=virtio
memory: 8192
meta: creation-qemu=8.1.2,ctime=1701086589
name: BART
net0: virtio=BC:REDACTED:D5,bridge=vmbr0
numa: 1
onboot: 1
ostype: l26
scsi0: local-zfs:vm-100-disk-1,discard=on,iothread=1,size=64G
scsihw: virtio-scsi-single
smbios1: uuid=fa-REDACTED-88
sockets: 1
startup: order=2
tags: linux;vm
vmgenid: 84-REDACTED-bf

When I first installed this back in September 2023, the only real issues I had were that I could not get OPNsense to boot if I tried to use UEFI, hence why I have "seabios" for the BIOS, plus disabling ballooning or I would be stuck at 2GB RAM. Otherwise it's all pretty standard.


This is on PvE v8.2.4 and OPNsense v24.1 as I haven't been brave enough to upgrade to v24.7 yet.

11

24.1 Legacy Series / Re: Not able to download Windows 11 ISO

« on: July 18, 2024, 12:44:53 pm »

Yeah good luck getting anywhere for that error with Microsoft - I had the same issue for nearly 5 years, and I'm an an EU country, until a few months back when I could finally get the ISOs again. No-one I contacted could give me anything useful let alone actually tell me who to actually report it.


I'm afraid it's definitely not an OPNsense issue.

12

24.1 Legacy Series / Re: PPPoE Slow Upload

« on: June 27, 2024, 09:08:47 am »

Thought I would add my experience seeing as I have a PPPoE connection (1000Mbit down/500Mbit up), also use OPNsense on Proxmox, kernel is v6.8.8-1 although I have an upgrade to 6.8.8-2 waiting on a reboot, plus my WAN NIC is passed as a device, whereas the LAN is a Proxmox bridge device. My speeds always vary but they're pretty much what I would expect, and did not change much, actually improved when I went from bare-metal to VM.


I also do not use the OPNsense widget nor the Speedtest website for measurements - I installed the Ookla Freebsd command-line tester and use it via a script that tests against 5 different providers I choose manually. I have often found that the one it auto chooses can return very bad results or even be in another country when all the others look good. I revisit the 5 whenever I see large or many drops in speed tests. Oh, and I also have a local LibreSpeed VM on my LAN so I can measure the connection there - it's always good.


I use Zabbix to collect the results and my graph current looks like this:



I cannot fault the performance that both OPNsense and Proxmox are providing me, and having it as a VM at least gives me peace of mind that I can recover from problematic updates. Let me know if you want any more information.

13

24.1 Legacy Series / Re: Delete old OpenVPN interface under Firewall Rules

« on: April 25, 2024, 10:00:15 am »

Maybe its related to this?

https://forum.opnsense.org/index.php?topic=38704.msg192770#msg192770

Regards,
S.

Thanks, I suspect you're right though I think I can at least just delete the rule.

14

24.1 Legacy Series / Re: Delete old OpenVPN interface under Firewall Rules

« on: April 24, 2024, 01:49:34 pm »

Is it listed when you go to the Shell and run the ifconfig command?

Nope

Code: [Select]


root@bart:~ # ifconfig | grep -i description
        description: WANTR (opt4)
        description: LAN (lan)
        description: LOL (opt5)
        description: GUEST (opt1)
        description: DMZ (opt2)
        description: WAN (wan)
        description: SOWG (opt3)


15

24.1 Legacy Series / Delete old OpenVPN interface under Firewall Rules

« on: April 24, 2024, 09:49:41 am »

I was tidying up a few things on the firewall rules and noticed it still listed OpenVPN as an interface with a single disabled rule. I stopped using OpenVPN back when WireGuard was introduced and there are no OpenVPN instances or any settings in the VPN section for it. Yet this interface and rule remain.


I think I can delete the rule, but how can I delete the interface? It doesn't show up anywhere under "Interfaces" either, only under "Firewall, Rules".