Messages

106

Hardware and Performance / Re: PCENGINES APU[1-5] Coreboot SeaBIOS Open Source Firmware

« on: September 23, 2020, 11:32:19 am »

Is anybody using APU with firmware v4.12.0.4, and Opnsense 20.7.x, having any mysterious AMDTEMP issue, or ACPI issue, IGB issue, or anything usual problem?

107

20.7 Legacy Series / Re: PCEngines APU2/APU3/APU4 running on 20.7

« on: September 08, 2020, 11:46:29 am »

I'm not sure. We can't really tell people what to do and what not to do. Some complain about having to do (so many) updates, but the truth is they just can avoid pressing the update button.

And as for reading what we write specifically... let's say it can be difficult for any number of reasons: time, language, context, larger version jumps, plugin use and other local complications.

We try to pack all release-relevant information into the releases notes and that includes current issues that a lot of people are struggling with, see the netmap information in 20.7.2 for example.

Syslog-ng had issues for sure, but so much that it kept crashing people's deployments completely so we have to weigh importance and for this reason syslog-ng did not meet the bar for inclusion.

A number of workarounds existed prior to 20.7.2 and if you need personal assistance there is also commercial things to be considered.

All of this is no substitute to test locally and roll back if you really need to. Snapshots and backups are great.

I know that people see their issues first and would like to not deal with them and ask us to be super up front and direct for every small issue, but this is neither done intentionally nor do we not work on fixes in the background in the scope of what impact is relevant for whom.

To circle back, a known issues section is more for something permanent that is unlikely to change for a longer period, not as transient bug. First releases of a major version are always a little noisy and if persistent issues emerge we shall document and report on them properly. So far we seem to be on a good standing for syslog-ng on 20.7.2.


Cheers,
Franco

@jassonmc: Welcome to the opensense community

108

20.7 Legacy Series / Re: PCEngines APU2/APU3/APU4 running on 20.7

« on: September 06, 2020, 09:47:16 pm »

Sure, syslog-ng dlsym() crash was fixed. If you see another one just put in a qualified report and we shall solve it. That said, we expect you ran the workarounds other people shared already?

Judging from your other activity you have a lot of problems with OPNsense in general?


Cheers,
Franco

I was upgrading from 20.1.9 to 20.7.2, and saw the release notes said something about a resolved syslog-ng crash that I wasnt aware . As I did not look for it specifically: if that was fixed among otber fixed things, I did not check each of them whether any of them may still be unfixed. The release notes doesnt have known issues section, so I dont know what to expect. So if you say there is something wrong with syslong-ng on 20.7, then it seems I need to investigate. Adding a "known issues" section to release announcements could improve the experience for upgrades. You can call it "afterupdate-things-to-be-aware" if you dont like to call problematic things as "Known issues". But something should be there to make people aware, that not everything is perfectly working
 On twitter I saw explicitly mentioning @opnsense that there are no major upgrade issues with 20.7. Having syslog-ng break just after upgrade is still suspicious for me. At least now I know I have to look after this. Maybe I have some new syslogng problem, maybe its the same as others had.

109

20.7 Legacy Series / Re: Unbound - URLs of Blacklists bug

« on: September 06, 2020, 02:59:38 pm »

Hm, can you try without and reboot of this still happens?

I disabled /var ramdisk and it's applying the changes after a reboot.

Unfortunately I turned on not writing the firewall logs to disk as I'm using a circular log by default and have an SSD drive. I also don't need a lot of logs (I don't use reporting) so I don't want to turn off circular log.

I had similar issue with unbound since the beginning. I cannot use include files for unbound, because it must be loaded from /var due to being chrooted and the /var is on ramdisk for me as well. So it is rebuilt from 0 after every reboot, so any files copied there disappear. Would be great, if unbound service would start only after the ramdisk is already mounted, and would provide some form of automated file copy servixe that could place the files under /var, so by the time unbound wants to start, those files are already under the proper location. But because thats not the case, I gave up using that include file method.

110

20.7 Legacy Series / Re: PCEngines APU2/APU3/APU4 running on 20.7

« on: September 06, 2020, 02:39:59 pm »

Updated today to 20.7.2
Sofar it seems I hit the syslog-ng defect, its unable to start, triggering manually results in service coredump. Hence no logs are available under System \ Logging
Would be worthy to mentio  in the release notes before people push the update button carelessly.

111

20.7 Legacy Series / Re: Does OPNsense 20.7 not support PPPoE anymore?

« on: August 07, 2020, 04:15:09 pm »

It supports PPPoE as a client, but os-pppoe was a legacy plugin to run OPNsense as a PPPoE server which is highly unusual (outside of a lab)

I mean thats a completely 100% valid question, myself wasnt able to figure out what that changelog entry should mean to the users of opnsense. Difficult topic I know, but maybe doesnt hurt to add some explanation to those changelog lines.

112

20.7 Legacy Series / Re: PCEngines APU2/APU3/APU4 running on 20.7

« on: August 06, 2020, 10:55:07 am »

I have 2 APU2C4 running here, both on coreboot v4.0.30. No issues so far

You are running
1) legacy 4.0.x BIOS versus the mainline 4.10+ BIOS, and
2) you are behind the latest (4.0.32 is the latest, contains watchdog and PCIE addressing issues)

113

20.7 Legacy Series / PCEngines APU2/APU3/APU4 running on 20.7

« on: August 04, 2020, 12:01:41 pm »

Hi folks!

I prepared this thread as a community contributed gathering place for anyone out there who is running Opnsense on any of the PCEngines APU2/3/4 boards. Since Opnsense 20.7 is a big jump from the old FreeBSD/HardenedBSD 11.x to the new FreeBSD/HardenesBSD 12.1, I expect many compatibility, driver, and performance issues. So I definitely resist upgrading. I let others share their experience first

- what Coreboot BIOS you are currently using? Did Core Performance Boot (CPB), the Watchdog, PCIE energy saving, AMDTEMP CPU temperature sensor driver, APULED driver, CPU sysctls gone after Coreboot upgrade, and other recent features broke anything in your firewall?
- are you planning to compare the speed benchmark before 20.7 upgrade and after 20.7 upgrade? E.g. WAN throughput, VPN throughput, OpenSSL -EVP (AES-NI) speed test etc.
- Any igb NIC driver issues observed? Manual sysctl / tuned config file entries?
- ECC functions properly with the new 12.1 BSD? How can you prove it really works?
- does the new 12.1 BSD firmware boot-time microcode update works now properly? How can you prove?
- dmidecode output under 12.1 BSD versus dmidecode under 11.x BSD shows correct ACPI entries, RAM ECC-capable flag(s), RAM module speed vs bus speed reporting discrepancy, etc?
- the infamous terrible PPPoE performance has any improvement, or still limited to 200-400 Mbit max on a 1Gbit fibre WAN + NAT + pf?

And any other issues that are not obvious catch, if you dont have a proper testing checklist after every upgrade performed ("it works for me fine after the update" is a clear sign of no checklist used).

114

Documentation and Translation / 20.7 final small typo in release notes

« on: August 03, 2020, 11:45:34 am »

Known issues and limitations:

o legacy MPD5 plugins os-l2tp, os-pppoe and os-pptp are longer available

Are NO longer available, im I right?

115

20.1 Legacy Series / Re: Permanent VNSTAT database on MFS

« on: June 20, 2020, 10:33:14 am »

Thanks

So far it has survived couple of reboots and seems still working. Lets hope 20.7 wont screw it up again.

116

Hardware and Performance / Re: J4105 throughput speeds

« on: June 19, 2020, 04:44:26 pm »

I am based in Asia - so not possible to acquire the usual recommendations of Fitlet2 /APU2 / Protectli.

My home network is fairly straightforward:
1x DIY NAS
4x Hosts

Am looking to improve throughput on my gigabit network from a consumer router and provide additional security for the NAS running some publicly available services (e.g. NextCloud). Have been issues transferring large files (>5GB) on samba. I enjoy tinkering and am happy to go DIY. The fiber connection is 1Gbps up/down.

Would a J4105 be fast enough to get close to max throughput? Would like to run a WireGuard server too if poss. If not, what's a good recommendation? It appears to meet the recommended spec in the manul (multi-core 1.5 GHz) but I haven't seen any posts on measuring throughput.

The recommended page in Opnsense is dated back to prehistoric times. Its completely misleading everybody who reads that page for the 1st time. It does not tell what WAN speed you can achieve with a 1,5Ghz multi-core CPU. 10mbit? 100Mbit? 1Gbit? THey dont tell it to you. For example a symmetric 1 Gigabit fiber UP+DOWN needs strong single-core performance. I translate this to human language: preferably above 2Ghz. If you have PPPoE type of WAN, than it would need even more powerful CPU. Multi-core CPU does not help here, if PPPoE is single-threaded. And it seems it indeed is.

117

Hardware and Performance / Query SSD wear level under Opnsense

« on: June 19, 2020, 03:59:59 pm »

I have a small 16GB SSD running in the APU2 router, and I am concerned about how long does it live before wearing out. I have set up TMPFS for /var and /tmp, but some other services are writing lot of data to the /rootfs.

I checked SMARTmontools: it gives strange result

241 Lifetime_Writes_GiB     0x0012   100   100   000    Old_age   Always       -       157

That would mean 157 GB written? Thats unreallistic.

I installed Monit --> under system stats it shows written: 7,5 GB. But as far as I can understand, that only counts a single run of the operating system, when I reboot this value resets back to zero. Also I am not sure if it counts writes to /rootfs, does it exclude writes to the /var and /tmp partitions, which both are TMPFS, therfore they dont contribute to the wearing of the SSD? Cannot figure out what to do here...

118

Hardware and Performance / Re: PC Engines APU2 1Gbit traffic not achievable

« on: June 19, 2020, 03:46:15 pm »

First of all: I have absolutely no clue. Please Ignore this if I'm completely wrong.

Is it perhaps HardenedBSD related?
It might be tuning away from performance by using different defaults than other OS?


e.g.
https://bsdrp.net/documentation/technical_docs/performance#entropy_harvest_impact
Suggestts reducing kern.random.harvest.mask from 511 to 351 for performance gain.

OPNsense default seems to be 2047.

Now i take a look and see:

# sysctl kern.random
kern.random.harvest.mask: 67583

2^16+2047=67583
Some different Byte is set.
Tho i never tested 66047 nor 65887 nor 351.

And this thread almost a year ago:
https://forum.opnsense.org/index.php?topic=12058.0

more recently
https://forum.opnsense.org/index.php?topic=15686.msg71923#msg71923


Perhaps someone who understands this stuff can give advice how to tune?

I am confident, nobody has the 100% reliably working solution for this problem.

119

Development and Code Review / Re: APU LEDs Plugin

« on: June 19, 2020, 01:34:25 pm »

I am using the plugin successfully :-)

FYI, due to a change in the APU Bios I had to add the line

Code: [Select]

debug.acpi.avoid="\_SB_.PCI0.GPIO" to loader.conf to make the general APULED module work again.
(see https://github.com/opnsense/core/issues/2114#issuecomment-609365754 and https://github.com/pcengines/coreboot/issues/329#issuecomment-526217280)
-> It survived the OPNsense upgrade from 20.1.3 to 20.1.4

I want to do changes on the module, e.g. I would suggest to have the 1st LED always blinking to have "heartbeat", as I had in the past APU boards that freezed and if the LED is always on, you would not notice that the device got stuck. Should I "pre-discuss" it somewhere or just provide a pull-request in Github?

That is a long running story, unfortunately with no result. Somebody demoed a youtube video that it works under linux. But under Freebsd i think it was never done.

120

20.1 Legacy Series / Re: How to utilize most of the RAM in the router?

« on: June 16, 2020, 12:58:20 pm »

This is my current memory allocation details:

SYSTEM MEMORY INFORMATION:
mem_wire:         568782848 (    542MB) [ 13%] Wired: disabled for paging out
mem_active:  +    127094784 (    121MB) [  3%] Active: recently referenced
mem_inactive:+   2809913344 (   2679MB) [ 68%] Inactive: recently not referenced
mem_cache:   +            0 (      0MB) [  0%] Cached: almost avail. for allocation
mem_free:    +    603004928 (    575MB) [ 14%] Free: fully available for allocation
mem_gap_vm:  +      -217088 (      0MB) [  0%] Memory gap: UNKNOWN
______________ ____________ ___________ ______
mem_all:     =   4108578816 (   3918MB) [100%] Total real memory managed
mem_gap_sys: +    129896448 (    123MB)        Memory gap: Kernel?!
______________ ____________ ___________
mem_phys:    =   4238475264 (   4042MB)        Total real memory available
mem_gap_hw:  +     56492032 (     53MB)        Memory gap: Segment Mappings?!
______________ ____________ ___________
mem_hw:      =   4294967296 (   4096MB)        Total real memory installed

SYSTEM MEMORY SUMMARY:
mem_used:         882049024 (    841MB) [ 20%] Logically used memory
mem_avail:   +   3412918272 (   3254MB) [ 79%] Logically available memory
______________ ____________ __________ _______
mem_total:   =   4294967296 (   4096MB) [100%] Logically total memory


Does that mean I have plenty of un-itilized memory, that could be actively used for additional added value service?