Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - allebone

#61
No IP has a control panel you can log into also doesnt it?
#62
Yes I saw this error:
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.1/OpenSSL/latest/packagesite.pkg: Not Found

I was already ignoring it since I didnt feel like looking into it when I noticed it, so will continue to do so.
#63
Zenarmor (Sensei) / Re: PPPoEeeeeeeee
March 11, 2022, 03:40:44 AM
Seems to work on zenarmor but not sure about suricata, or I can select the interface in the options.
#64
This is often asked and normally its because pfsense defaults is to disable spectre/meltdown while opnsense enables these mitigations consuming more cpu. You can lookup the tunables to disable them and see if cpu returns to what you had before.
#65
I would agree, its like installing the same app on windows 7, then upgrading to windows 8 and saying that the same app runs hotter/uses more cpu. Too much has changed under the hood to look at opnsense. The OS got bigger, uses more cpu cycles and with each new version of freebsd or whatever it will always tend to use more cpu as time goes on.
#66
Ok cool, guess it works then. Or at least no problems. Unsure if anyone is seeing some major benefit. Guess I dont hammer my firewall enough.
#67
Thank you zz00mm.

Based on what you said I did this in my screenshot.
I tested before and after things like latency, speed upload download etc from opnsense itself and from a client machine and also checked cpu etc.

Before and after I could detect no discernible difference. I was expecting some sort of speed boost but apparently not much changed.

Here is my output of commands. I guess its working although I dont see any benefit at all from it. Not sure if thats expected? Everything is the same even the temperatures of the unit.
#68
Problem is in open source is there are no coders developing something then just moaning that it must be maintained in a certain way is not helpful.  When you bring up other companies and say company x would never have done this they would have supported Y in some way, this is illogical. They pay people to code whatever they want. Open source does not work this way. Either you contribute or you dont moan. So either write and submit the code you want added or learn to adapt like the rest of us have.
#69
Hello,

I would also like to test this improvement with RSS. I have read through all the forum posts and believe I need to make these changes. I have a protectli with ix (ixl?) NIC driver and also 2 cores, 4 threads.

The values I believe I need to set are as following under the gui tunables section:

net.isr.maxthreads =  4
net.isr.dispatch = deferred
hw.ix.enable_rss = 1
net.isr.bindthreads = 1
net.inet.rss.enabled = 1
net.inet.rss.bits = 2

Does this above 6 tunables seem to make sense. Sorry for asking, its hard to follow but I believe they should work correctly.

Also I am on     OPNsense 22.1-amd64 .

Do i need to still run this command?

opnsense-update -zfkr 21.7.2-rss -D

Or can I just change to a dev build or something?
Many thanks in advance. I will do some performance testing before and after if someone can confirm my changes :)

Kind regards
Pete
#70
I thought that if you didnt enable powerd then your cpu would not turbo. That was what i read about powerd anyway.
#71
I would only use it with Zenarmor as the other (free) options are not enterprise level.
#72
I believe you are correct and replied to your post on reddit with my findings. Opnsense is slower if highadaptive is not used because under some cases it uses only 1 core and this causes issues with adaptive governor in powerd. This means you must run the appliance hotter to get performance in the test you described. There is no way around it if opnsense only uses 1 core for certain things.
#73
@ranceh it is unfortunate but ports being open in that way is no longer safe, even with key based login because a vulnerability can be found. You should consider using a reverse proxy solution such as guacamole which can give access to rdp/ssh etc instead if a vpn is not feasible or alternatively using wireguard on a port such as 53 or 443 or some port that can bypass prevenative measure that try block vpns. Another option that works well is using something like zerotier that will use udp hole punching to bypass a strict firewall or route via their beacons when that does not work. All these options are preferable to opening a port.
#74
I see what you mean, sorry no. I am using an intel on a protectli box. I was unaware AMD dont allow reporting of the frequency above the base clock. I guess intel must be different because mine seems to report.
#75
Strange, I do see a difference between my results and the people affected. Mine does show frequencies above 2700 which you can see above, as the CPU can turbo to 3100. Im wondering if a little more checking should be performed personally.