Messages

1

21.1 Legacy Series / Re: Disable writing log files to the local disk

« on: June 29, 2021, 09:08:12 am »

The 'Local Logging - Disable writing log files to the local disk' option corresponds to the `disablelocallogging` configuration paramter in the back end.  If the option is checked, the logic appears to skip over creating several syslog directives which would result in logs being written to disk; effectively not logging anything.  However, if I'm reading it right, this only appears to occur if 'Disable circular logs' is  unchecked.  I.e. `clog` logs.

So unless 'Disable circular logs' is unchecked, logs will always be written to disk regardless of the 'Local Logging' setting.  This is unlikely to be intentional behaviour.  If your goal is it minimise writes to disk, the current best option is use of '/var RAM disk' (as already suggeted) and a small number for 'Preserve logs (Days)'.

Just among us.. If you made a poll, and asked 100 random opnsense admin, how many would know this is how this logging thing works in opnsense 21.1? As the docs in this topic  are unhelpful, even worse completely misleading the reader, as usual very frequently.

2

21.1 Legacy Series / Re: Native-kernel wireguard support for 21.1 feasible? FreeBSD 13 may have it

« on: June 20, 2021, 02:44:32 pm »

Glad to hear it working great for you. I also find it worth using a known good speedtest server.

I usually try and use http://ovh.net as I know all their test locations are 10gbit connections, if speedtest.net is looking to give odd/varying results.

"ovh.net" does not even open for me in the browser, is that a public speedtest service by the way?

3

Hardware and Performance / Re: apu4d4 low throughput

« on: June 11, 2021, 07:54:29 pm »

If pppoe is out of question, you may win the 500Mbit/sec battle (but not the big 1Gbit war, hehe).

What is seriously limiting the performance, is the NAT function done via the "pf". If you can, you may experiment with 2 local PC: connect 1 directly to the WAN leg of the APU, and connect the other PC directly to the LAN leg of the APU, and try to do pure routing with NAT disabled and proper IP subnets assigned to each PC and the APU intrefaces.
Also in my experience, upload speed was much higher via NAT, than the download speed, for an unknown reason.
Good luck, and share any results, somebody may benefit from it.

4

Hardware and Performance / Re: apu4d4 low throughput

« on: June 11, 2021, 03:45:42 pm »

Welcome to the club of dissappointed Pcengines APU2-3-4-5-6-... owners

5

Hardware and Performance / Re: APU2D4 very low throughput 1Gbit

« on: June 01, 2021, 07:30:21 am »

It would be great to highlight these trapmines, as the average APU owner goes to Techlager.se or to some random Calomel article e.g. https://calomel.org/freebsd_network_tuning.html -> and apply the performance optimization sysctl-s that were relevant only for an older v10 or v11 freebsd release, and the current fbsd / hbsd / opnsense release runs v12.x, and benefit near-0% from them.

6

21.1 Legacy Series / Re: Will /var be periodically backed up even if it is set as a memory filesystem?

« on: May 31, 2021, 08:04:37 am »

My problem, when I enabled MFS was also the loss of vnstat history and the vnstat db got corrupt and had to do DB reset every single time the system booted.
The "solution" suggested from one of the opnsense devs was, to turn off MFS. Then do a reboot. Then turn ON the MFS, then reboot again. Suddenly, the vnstat database was relocated under the folder /root/var/lib/vnstat (dont ask me how it happened, I think it was some faulty race condition or sthg similar mistake), so in fact it remained on permanent storage. So the issue has been "fixed" so to say.
On another opnsene with MFS this same vnstat+MFS issue still persist even today, but the MFS turn ON and then OFF then ON again did not fix it the same way. So after every reboot I have to always reset the DB, otherwise the vnstat service fails to start.
Seems nobody else in the community is affected. Or nobody is using MFS + vnstat on the same system. Or simply nobody else reported this issue after all...

7

Virtual private networks / Re: IPSec routed mode - fragmentation issues

« on: May 31, 2021, 03:11:05 am »

Thanks. Another nail in the "ipsec transport mode on fbsd" coffin.

8

Hardware and Performance / Re: APU2D4 very low throughput 1Gbit

« on: May 29, 2021, 05:15:50 pm »

This will disable all throttling and lock the CPU at 1.4GHZ

-> This is plain incorrect. The CPU is only 1.0Ghz fast, and core performance boost can increase only 1 core, and this one only up to max 1.4Ghz, and only for a short moment of time. Then it will get back to 1.0Ghz.
Throttling can decrease the clockspeed of all cores down to 800Mhz or the minimum 600Mhz.

9

21.1 Legacy Series / Re: SSD / eMMC wear out & ram disks on 21.1

« on: May 24, 2021, 02:46:22 pm »

Sorry to spam your thread:

how can I measure the write amount of the SSD? I have setup MONIT, and it shows read and write statistics. But my /var and /tmp is on ramdrive, and I am not sure if the root FS stats exclude the /var and /tmp amount from that?

10

21.1 Legacy Series / Re: IGMP proxy not started

« on: May 20, 2021, 03:59:38 pm »

I get what you mean. I am more or less familiar with the (complex) nature of multicast. Ok, its not the igmpproxy responsibility, to describe how to make it work under the Opnsense firewall. Then who should be the producer of such a guide, e.g. : how to send multicast traffic between Site-A and Site-B (back and forth), when there are Opnsense routers (1 or more) between the sites, connected via e.g. IPSEC VPN tunnel? Firewall is obviously in the picture, I guess there is a very good chance >99,99% of the opnsense users do use the firewall feature, so there is no real reason not to consider that part of the setup.

11

21.1 Legacy Series / Re: IGMP proxy not started

« on: May 19, 2021, 04:22:47 pm »

Sorry if it seems offtopic, but igmp proxy would require a LOT of documentation. As today practically its an undocumented piece of software. And I mean NOT source code level COMMENTING, but enduser level human readable DOCUMENTATION.

12

Hardware and Performance / Re: High CPU-load caused by two sqlite3-processes

« on: May 01, 2021, 12:27:03 am »

subscribe...

These tips and suggestions should be part of the official docs page, under the troubleshooting section. Because what is there currently, is less than practial, no matter who is reading it.

13

Hardware and Performance / Re: HDD an absolute necessity ?

« on: April 23, 2021, 04:29:16 pm »

and if usb is not a good enough alternative are there any cheap alternatives would an SD card trough a reader be better

What kind of interfaces do you have available on your G4? A new SATA SSD (128GB) costs about $20 on Amazon.

Does your G4 support m.2 SSDs?
I bought 32GB m.2 SSD for $6 off Ebay. That size is plenty for basic usage + VPN which is what I am using that box for.

The entire opnsense setup -- HP T730 (used) + i340-T4 NIC (used) + 32GB m.2 SSD (used) --  cost me only $126 USD.

HP proliant G4 server are from 2004-2008 timeframe. M.2 wasnt even in the dreams of its inventors...

14

Hardware and Performance / Re: PC Engines APU2 1Gbit traffic not achievable

« on: April 16, 2021, 06:49:51 pm »

The best solution is to get a written(!) assurance from Deciso, what traffic their hardware can do. That way you can demand the promised performance for your money, if it turns out thweir hardware underperforms. Otherwise any vendor on the planet can say literally anything they are not shy to say. As you cant depend on generic  marketing PDFs.

15

Hardware and Performance / Re: PC Engines APU2 1Gbit traffic not achievable

« on: April 15, 2021, 03:29:45 pm »

check this forum for the "APU2 stuck at 600Mhz" issue:

https://github.com/pcengines/coreboot/issues/457

Regarding the policy based ipsec enablement immediately halves the throughput even if the traffic is bypassing the vpn tunnel, is very concerning. I also have some policy based vpn tunnels, so it may further limit my WAN speed, even if that traffic is not getting routed into the vpn tunnel. Big mess, I have to say, and years can pass by without resolution