Messages

1

Web Proxy Filtering and Caching / Re: HAproxy suddenly stopped working!!

« on: November 28, 2024, 01:46:57 pm »

SOLVED: It was Cloudflare DNS record that despite being logged as updated, in fact did not update the public IP for some reason.

VERY ODD

2

Web Proxy Filtering and Caching / [SOLVED] HAproxy suddenly stopped working!!

« on: November 28, 2024, 12:48:18 pm »

For the life of me I cannot get around this...

OUT OF THE BLUE, HAproxy simply stopped working and all my services are unaccessible now.

I haven't changed my configuration for the last 2 years at least and just like that, this morning, it stopped redirecting traffic.

What makes it even more bizzarre is that the only URL that accepts is the one that takes to OPNsense itself.

After having checked the entire configuration from ZERO, I'm at a dead end. Any ideas?

3

24.7 Production Series / Re: ax driver reports impossible number of errors

« on: November 14, 2024, 03:45:31 pm »

Code: [Select]

feld@gw:~ $ netstat -I ax0
Name    Mtu Network        Address                             Ipkts                 Ierrs                 Idrop       Opkts                 Oerrs                  Coll
ax0    1500 <Link#5>       f4:90:ea:00:62:2d                  382472  18446744073709551610                     0  1703087022                     0                     0
ax0       - fe80::%ax0/64  fe80::f690:eaff:fe00:622d%ax0           0                     -                     -           0                     -                     -


I used to have the same (DEC3840) trying bring down and back the face via shell.
That not only cleared out all errors (I now have 0 errors across the board), but also gave me full 9.4G D/U

this is impossible

4

24.7 Production Series / Re: HELP NEEDED: Performance issue on DEC850 after upgrade to 24.7

« on: November 14, 2024, 03:43:37 pm »

There must be something worth investigating in...
I look forward to hearing from the likes of @franco

5

24.7 Production Series / Re: HELP NEEDED: Performance issue on DEC850 after upgrade to 24.7

« on: November 08, 2024, 10:51:32 am »

Maybe @franco can advise?

6

24.7 Production Series / Re: HELP NEEDED: Performance issue on DEC850 after upgrade to 24.7

« on: November 07, 2024, 03:59:40 pm »

I've noticed a bizarre behavior (DEC3840 here)...

All HW offload is ON but VLAN.

By bringing down and then back up ax0 via ifconfig, I achieve clean 9.4G UP/DOWN

If I reboot, I need to run that command through shell again otherwise I'm capped to 4.5G UP/DOWN

7

Zenarmor (Sensei) / Re: Netmap 10G

« on: June 30, 2024, 06:42:40 pm »

I've now uninstalled Zenarmor for good and going to cancel my subscription at the end of its term (wish I had a refund TBH!!)

Now no more errors on IFs (either physical or VLANs) and performances are gone back up to more than decent.

HOWEVER, what puzzles me is that Speedtest returns just 5G DL/UL when tested at FW level via CLI and 1G clients are capped at 740M DL while UL is fine at 940M.

I may open a new topic somewhere else...but, what do you think might be the cause of this?

I'm running on a Deciso DEC3840 with 64G ECC RAM

8

Zenarmor (Sensei) / Re: Netmap 10G

« on: June 28, 2024, 12:15:15 pm »

OK, so...

1) for troubleshooting purposes, I've now uninstalled Zenarmor...very little errors on VLANs, but still there

2) I've done done that and did not help unfortunately

3) I've moved that IP from physical IF to a dedicated VLAN

I've also factory reset my Tunables and reconfigured them...still no luck

What would you suggest I shall do for better troubleshoot?

9

Zenarmor (Sensei) / Re: Netmap 10G

« on: June 27, 2024, 08:54:58 pm »

Thanks for taking the time to look into this...

Going in order:

1) Yes, Send Queue Drops = SUM(VLANs Output Errors)
2) When I turn RSS on, the actual errors number goes through the roof
3) Yes, the physical interface has its own IP where switches and APs are living. Is that a mistake?

10

Zenarmor (Sensei) / Re: Netmap 10G

« on: June 27, 2024, 03:53:04 pm »

Yeah sure!

Please find attached screenshots for both ROOT (physical IF) and LAN (VLAN living in ROOT)

11

Zenarmor (Sensei) / Re: Netmap 10G

« on: June 26, 2024, 03:54:45 pm »

Let me get this straight: Zenarmor is supposed to protect the LAN, not the WAN.

Let me get this straight: when have I ever mentioned that I was protecting the WAN??

That 10G interface is the LAN.

UPDATE: I'm getting errors building up on all VLANs running on that IF as well as the physical IF itself

Can you specify which counter?

Do you see on
VLANs increase on Output Errors
Physical ports Send Queue Max Length

Regards,
S.

Hi Seimus,

Thanks for your support. Please find attached a screenshot of what I'm seeing.

EDIT: ROOT is the physical IF with a /24 management ip, everything else are VLANs running onto that IF

12

Zenarmor (Sensei) / Re: Netmap 10G

« on: June 25, 2024, 09:17:25 pm »

Let me get this straight: Zenarmor is supposed to protect the LAN, not the WAN.

Let me get this straight: when have I ever mentioned that I was protecting the WAN??

That 10G interface is the LAN.

UPDATE: I'm getting errors building up on all VLANs running on that IF as well as the physical IF itself

13

Zenarmor (Sensei) / Re: Netmap 10G

« on: June 25, 2024, 01:11:06 pm »

Hello,

I checked that link before posting and it’s not helping in my case as I’ve got just a bunch of users per se (less than 10) an around 150 clients overall.

My FW throughput is 17G supported by an EPYC CPU with 32G ECC RAM

That being said, my question is around whether native netmap is supported on ax1 port (SFP+ module) as I’m setting errors building up in the interface statistic widget of OPNsense.

Any help?

14

Zenarmor (Sensei) / Netmap 10G

« on: June 24, 2024, 06:51:05 pm »

Hello,

I've been running Zenarmor on my DEC3840 for a while and just recently I've upgraded to a 10G/10G p2p INET connection. Zenarmor is monitoring my AX1 and I wonder whether it supports Native Netmap as I'm seeing a growing number of errors (OUT) on all VLANs as reported onto the INTERFACE STATISTICS widget.

I hadn't notice any errors when Zenarmor was monitoring igbx ports.

Any suggestion?

15

Hardware and Performance / Re: DEC3840 - RAM UPGRADE

« on: June 24, 2024, 06:36:19 pm »

Posting in here in case it'd help anybody else in the future...

I've managed to upgrade the RAM from 8G to 32G by installing 2x Kingston KSM26ED8/16MR