Messages

526

18.1 Legacy Series / Re: Has anyone had a problem-free upgrade from OPNsense 17.7.12 to 18.1?

« on: February 01, 2018, 06:23:41 pm »

Two issues for me.

1- NAT didn't work at first, but a patch solved that one
2- Download speed has dropped 50% from previous version.
**** UPDATE ****
Speeds were affected because custom tweaks were removed by the upgrade. All OK now.

527

18.1 Legacy Series / Re: 18.1 Network Performance (17.7.11-12 was fine)?

« on: February 01, 2018, 06:19:48 pm »

Also slowdowns here. Using Intel i350T4
Here is a comparison using same ISP connection.
150 down with OPNsense
310 down with PFsense.

Upload speed does not seem affected
Was not like this with 17.7.12

Not happy, hope there is an explanation or patch soon

528

18.1 Legacy Series / Re: NAT, port aliases, redirect not working after upgrade

« on: February 01, 2018, 05:57:48 pm »

18.1 update also killed my NAT. Patch fixed it for me.

529

Intrusion Detection and Prevention / Re: Performance tuning for IPS maximum performance

« on: January 29, 2018, 04:15:43 pm »

These were the only em settings in my sysctl
hw.em.eee_setting: 1
hw.em.rx_process_limit: 100
hw.em.enable_msix: 1
hw.em.sbp: 0
hw.em.smart_pwr_down: 0
hw.em.txd: 1024
hw.em.rxd: 1024
hw.em.rx_abs_int_delay: 66
hw.em.tx_abs_int_delay: 66
hw.em.rx_int_delay: 0
hw.em.tx_int_delay: 66
hw.em.disable_crc_stripping: 0

I did see some dev.em settings in the pfsense sysctl but not in OPNsense.
It is possible more settings show up if you have an em driver active. The pfsense did have one active em device.

I would also put these in the tunables
hw.em.eee_setting   value=0
dev.em.<x>.eee_control   value=0 ,<x> being the IPS interface#
Then recheck sysctl and make sure they changed


Tunables are a trial and error thing, but certainly can't hurt to disable any em.eee setting.

530

Hardware and Performance / Re: Success installing on Netgate SG-4860?

« on: January 28, 2018, 10:09:29 pm »

There are more defectors every day because of their 'shenanigans'. And OPNsense is getting better everyday. In my opinion, OPNsense is a superior product anyway. You made a wise decision.

531

General Discussion / Re: System hanging on reboot

« on: January 28, 2018, 10:02:53 pm »

I have also run into some issues and just had to reinstall OPNsense. Usually from making too many major configuration changes like adding or removing packages. Rule changes never affected anything. I learned that it is crucial to make a backup when you get to a stable point so you can reinstall back to the same point if an issue occurs. I have never had to reinstall from a stable working configuration.
I think this is just the nature of the FreeBSD beast. That is why you get everything just right before releasing into production, then leave it alone.

532

17.7 Legacy Series / Re: GeoIP Blocks All Traffic Instead of Per-Country Traffic

« on: January 28, 2018, 09:51:33 pm »

I do a two tier approach. Weeding out the top 10 worst spam countries with IPS, then the rest with GeoIP.
That way IPS can drop the highest traffic offenders before my firewall has to deal with it.

533

17.7 Legacy Series / Re: Newb Q: What to take into account when moving from pfSense

« on: January 28, 2018, 09:46:39 pm »

It's always better to start fresh so you can weed out old issues and obsolete items.
NAT, Firewall rules, and aliases will work the same way and can just be copied over manually.

Then follow some of the guides in this forum for setting up IPS. Always take a logical approach and choose based on your requirements.

534

18.1 Legacy Series / Re: Bug? "Move selected rules before this rule" in Firewall: NAT: Port Forward

« on: January 28, 2018, 09:36:02 pm »

Should be simple. Do the reordering, then click apply after you are done with the reorder

535

17.1 Legacy Series / Re: OPNsense vs. pfSense article - any thoughts on that?

« on: January 25, 2018, 03:30:47 pm »

Looking forward to ZFS. most of my firewall installations are remotely maintained.
The packaged version of Monit will also help with remote maintenance.
Keep up the great work.

536

17.1 Legacy Series / Re: OPNsense vs. pfSense article - any thoughts on that?

« on: January 23, 2018, 03:06:17 pm »

ZFS provides redundancy if setup as a mirror. A nice feature when some firewalls are very remote. If a disk goes down the firewall keeps running until you have a chance to replace it.

537

17.1 Legacy Series / Re: OPNsense vs. pfSense article - any thoughts on that?

« on: January 22, 2018, 03:10:17 pm »

I hopes it's zfs

538

17.7 Legacy Series / Re: Upgraded to 17.7.12 and it says unbound-1.6.7_1 is vulnerable

« on: January 21, 2018, 10:21:35 pm »

Received the same Audit Unbound problem.

Installed Unbound 1.6.8 as per your instructions.

All issues resolved. Thanks

539

17.1 Legacy Series / Re: OPNsense vs. pfSense article - any thoughts on that?

« on: January 21, 2018, 09:57:16 pm »

Once they go fully commercial, they won't go back. When that happens, watch for a flood of new OPNsense users. Besides IPS doesn't work well on their system. And as far as I am concerned, you don't have a true firewall without IPS. IMO

540

Intrusion Detection and Prevention / Re: Windows Updates

« on: January 21, 2018, 09:34:59 pm »

I also implemented this change
Can't tell if the change does anything since I also saw blocks before the change.
I take it that eve.json is the IDS alerts list.

elektroinside - I figured the updates problems were rules. Glad you found it. I didn't see it because I do not have those rulesets enabled.