Messages

Hi.
Just moved config from opnsense 24.x ( I was one version behind the latest 24 ) running on an older server, to a new N1000 based server running 25.1

Phase1 will come up for a while, phase2 doesn't. Then phase1 will drop.
Have there been any major changes that would stop the IPSec VPN from working ?

Also do I need to configre System: Settings: Miscellaneous:  Hardware acceleration ?
Currently this is set to none, should it be set to anything for the N100 ?  Not sure if it matters I also have a wireguard VPN.

Thanks

New box is in and configured with the suggested tunables.
So far it looks good.

Speedtests seem good, may be 20/30Mbps slower than the ISP router.
Resources are find, CPU is staying pretty idle under load.

Any tips for tweaking the last bit out of the connection ?

Thanks

Thanks that is very helpful.

I already have the first two parameters set, I'll enable the last one.
I have a new N100 mini pc coming tomorrow, so I'll set it up and see how I get on.

Thanks

Your CPU load shows that the load is not distributed over the CPU cores, but instead uses only one of them. That is because you did not enable RSS, which, according to the very first sentence in the link I gave you:

is used to distribute packets over CPU cores using a hashing function

So what exactly is it that you do not understand?

Thanks. I thought PPPOE only used a single core and there was no way to change that.
Thats why I was looking at the N100 as it has a faster single core speed.

Is that wrong ?

Thanks, I've read that and I'm still none the wiser!

Thanks. What's RSS ?

I'm now live on my 1000/115 FTTP.
Speed tests using the ISP router are approx 940 / 110

When I use my existing opnsense server this drops to 600 / 110.

CPU usage shows:
https://imgur.com/a/jLMfnFm

It does look like a single core is being consumed.
Will an N100 cope with this ?

Thanks

Are there recommended tuneables for all CPU's when PPPOE is used ?
I've currently got:
net.isr.bindthreads   boot-time   1   
net.isr.dispatch   runtime   deferred   
net.isr.maxthreads   boot-time   -1

Is that correct ?
Thanks

Morning.
I've removed it and so far nothing appears to be wrong :)
Hopefully it won't cause any issues.

Thanks

I'll give this a try in the morning.
Thanks

Good evening again Patrick.
I have an FTTP circuit which uses a PPPOE connection via a BT modem.

Looking at the interface there is nothing there and it's not enabled.

Enable:
Lock:
Identifier: opt5
Device:    igb0
Description: OPT5

I'm pretty certain it wasn't set up originally.
How should I have this setup ?

Thanks

Thanks

Hi
Today I've spent some time doing some housekeeping and general tidying up on my firewall.

I've noticed an interface called OPT5, but I don't know what this is.
It seems to be using the same interface as my WAN.

Can anyone advise what this is, and if it is needed or can it be removed?

Thanks

Ok. I've been an idiot 😞
I'm running 24.7.12 NOT 24.7.2 !

I've restarted my server and now the VPN is up. 🤦

Your DNS for the OPNsense system itself is somehow broken:

Code Select Expand

pkg: https://pkg.opnsense.org/FreeBSD:14:amd64/24.7/latest/packagesite.pkg: Non-recoverable resolver failure


I can ping the address and browse to it.
Is there any other option to set the upgrade ?