Messages

I was able to get a 6100 and put OpnSense on it..

By default the installer takes the ig[0-3] lan ports and makes ig0 LAN and ig1 WAN

ix0 and ix1 are combo ports, but plugging copper into the ix0 does get link light but does not register link. Status stays as 'no carrier'.

Is there an ethtool equivalent.. or some way to enable/force the copper portion?

Code Select Expand

dmesg | grep ix0
ix0: <Intel(R) X553 N (SFP+)> mem 0x80400000-0x805fffff,0x80604000-0x80607fff at device 0.0 on pci9
ix0: Using 2048 TX descriptors and 2048 RX descriptors
ix0: Using 4 RX queues 4 TX queues
ix0: Using MSI-X interrupts with 5 vectors
ix0: allocated for 4 queues
ix0: allocated for 4 rx queues
ix0: Ethernet address: 90:ec:77:29:03:26
ix0: eTrack 0x8000084b PHY FW V65535
ix0: netmap queues/slots: TX 4/2048, RX 4/2048

uname -a
FreeBSD OPNsense.localdomain 13.1-RELEASE-p7 FreeBSD 13.1-RELEASE-p7 stable/23.1-n250411-85724e9ce22 SMP amd64

I found this from 2020.. but this does not seem to be related..

https://forums.freebsd.org/threads/intel-x553-driver-support-for-freebsd-12-1.75588/

Code Select Expand


root@OPNsense:~ # sysctl dev.ix.0 | grep driver
dev.ix.0.iflib.driver_version: 4.0.1-k
dev.ix.0.%driver: ix


Any suggestions?

Thanks in advance.

I have a netgate 6100 to use for a little while.. Install went fine detected everything.. igc0 for LAN had link, igc[1-3] never could get link on anything except igc0..

no vlans, etc..

It was a bummer, had to go back to pfsense plus to use the device..

I still have it for a few more days..

Suggestions?

vlan42 is working, static assigned the bce1 dhcp to the bce0_vlan42.. could see L2 on the other side..

no icmp to the default gw or any outbound host..

another satisfied optimum client..

one screenshot was the contents of:
/var/db/dhclient.leases.bce1
and
/var/db/dhclient.leases.bce0_vlan42

*WAIT*

dhcp relay..

If I temp disabled dhcp relay.. I'd break dhcp for vlan20 and vlan172.. but I'd have working dhcp for vlan42..

.. maybe optimum isn't the bad guy here (not about this.. not yet.. )

*BUT* dhcp relay wouldn't have anything to do with not passing icmp.. *sigh*

I have automatic outbound nat.. it wouldn't care what was on the other side (as evidenced by L2 mac address on the other side..)

connected interfaces :: bce0_vlan42 -> unifi trunk -> cable bridge/modem -> provider gw and I have arp on opnsense..

there is something L3 and up.. possibly all the way to L8.. again Optimum..

https://imgur.com/a/qxrJXL9

I didn't look at netstat -rn .. but I still should have been able to get to that host as I can get to to it when I get a dhcp address..

Think I'm going to tip my hat at Optimum.. unless someone else has something to share about getting this working w/ Optimum specifically.. Or can point out something I might have missed..

No point in calling Optimum.. always feels like I'm in Celebrity Jeopardy..

Thank you for the response..

(unifi gear should you be interested..)

created vlan42, added it to the trunk, created vlan42 on bce0, assigned it to the wan0 interface, checked on Interfaces -> Overview

confirmed wan0 was assigned to bce0_vlan42.

assigned a switch port to vlan42, plugged the cable modem into the configured switch port, bounced the modem.. had link light (was thinking about needing a crossover; device to device and all, just to rule out possible mismatch - didn't change anything)

even bounced the opnsense box afterwards.. just in case I missed releasing something, etc..

wan0 as bce0_vlan42 didn't get an ip..

disabled lldp, tcn, and stp..

open to any valid suggestion.. like possibly Optimum blocking oui ranges for Unifi.. :P

layer2-wise I think nothing is wrong..

I was thinking about static assigning my wan_bce1 ip and mask to the wan_vlan42 just to see if I can see a mac on the other side.. I'm delegated as part of a /23..

arp -an | grep bce1 yields valid and accurate information..

thoughts/opinions?

(thanks in advance)

I have an OptiPlex 9020 with an onboard em0 (disabled) and a dual bce0/1 pcie card in use.

wan0 is bce1

vlan10, vlan20, vlan172 is bce0

I keep getting interface errors on the bce0/1 card..

I've done all the hardware troubleshooting and disabling tso and such.

Can I put wan0 on a trunk interface as well?

Can I remove the dual bce card, enable em0, and reconfigure vlan10, vlan20, vlan172, wan0 to all be on em0?

Obviously configuring another port/vlan tag for wan0..

wan0 is currently a self purchased cable modem compatiable with Optimum Online..

I'm not ruling out the self purchased cable modem, I have had the modem for 3+ years and is still the current "non Altice service" given out today.

Service is 200/35 (<rant> currently costs $95 a month with no modem rental, which is a sin because the latency and reliability of the service is horrid, but it is our only option.. </rant>) (insert monty python song every sperm is sacred.. ) Every packet is sacred..

I was thinking if em0 was trunked and the add-on card removed, then that would rule out possible irq conflicts, which might be the cause of the errors..

screenshot is.. rebooted machine, and watched a YT video and listened to something on Spotify while downloading a small iso and doing a wifi speed test.. pushed 1G of traffic and got 71 input errors.. (wan0 bce1)

Opinions?

(thanks in advance for taking the time to read.. )

Sorry for the necrobump..

Just moved to opnsense and ntp redirect seemed to work fine.. I just wanted to point out what I found..

Looks like you cannot make ntpd listen on loopback, so no redirecting to 127.0.0.1 (there is no ntpd listening)

On this page: Services: Network Time: General

These options control access to NTP from the WAN.

Enable Kiss-o'-death packets

All my firewall/redirection rules were correct, but now my hosts were getting KoD packets, but it was being logged as the actual server KoD'd them..

Nov 24 10:21:28 art3mis chronyd[4001]: Received KoD RATE from 62.168.65.36
Nov 24 10:23:06 art3mis chronyd[4824]: Received KoD RATE from 65.182.224.60
Nov 24 10:23:34 art3mis chronyd[4824]: Received KoD RATE from 171.66.97.126

(then I removed the KoD checkbox.. )

Nov 24 10:23:47 art3mis chronyd[4858]: chronyd version 4.1 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 -DEBUG)
Nov 24 10:23:47 art3mis chronyd[4858]: Frequency -0.046 +/- 0.635 ppm read from /var/lib/chrony/drift
Nov 24 10:23:47 art3mis chronyd[4858]: Using right/UTC timezone to obtain leap second data
Nov 24 10:23:47 art3mis systemd[1]: Started NTP client/server.
Nov 24 10:23:52 art3mis chronyd[4858]: Selected source 23.131.160.7 (2.arch.pool.ntp.org)
Nov 24 10:23:52 art3mis chronyd[4858]: System clock TAI offset set to 37 seconds


(not working, kod packets, etc.)
# chronyc tracking
Reference ID    : 00000000 ()
Stratum         : 0
Ref time (UTC)  : Thu Jan 01 00:00:00 1970
System time     : 0.000000003 seconds slow of NTP time
Last offset     : +0.000000000 seconds
RMS offset      : 0.000000000 seconds
Frequency       : 0.046 ppm slow
Residual freq   : +0.000 ppm
Skew            : 0.000 ppm
Root delay      : 1.000000000 seconds
Root dispersion : 1.000000000 seconds
Update interval : 0.0 seconds
Leap status     : Not synchronised

(working, with ntp redirection)
# chronyc tracking
Reference ID    : 1783A007 (time.nullroutenetworks.com)
Stratum         : 7
Ref time (UTC)  : Wed Nov 24 15:23:54 2021
System time     : 0.000000008 seconds slow of NTP time
Last offset     : +0.000007702 seconds
RMS offset      : 0.000007702 seconds
Frequency       : 0.042 ppm slow
Residual freq   : +0.726 ppm
Skew            : 0.777 ppm
Root delay      : 0.032589957 seconds
Root dispersion : 0.945359826 seconds
Update interval : 2.0 seconds
Leap status     : Normal

With ntpd on opensense turned off the clients do no sync.. but I do not have anyway to look at opnsense and confirm they came to my for sync..

Thanks in advance.

https://humdi.net/vnstat/cgidemo/

vnstat looks like something good..

and I found this:
https://github.com/mihakralj/opnsense-speedtest

I'll work on adding either of those packages and adding something in cron.. but it looks like it will work..

vnstat installs under services

speedtest installs under reporting

@mihak

https://forum.opnsense.org/index.php?topic=22459.0

I did get Ookla installed.. and ran one test by hand.. subsequent trials gave what looked like an format output error..

Ookla seemed to work once.. then just installed speedtest-cli (py38-speedtest-cli-2.1.3)

Just scheduled a speedtest via cron for 10:30A see what it does..

But there's hope..

vnstat gives text output (not sure if the demo/screenshot is possible..)

 bce0_vlan10+bce1  /  hourly

         hour        rx      |     tx      |    total    |   avg. rate
     ------------------------+-------------+-------------+---------------
     11/03/21
         09:00      1.04 GiB |    1.05 GiB |    2.09 GiB |    4.99 Mbit/s
         10:00    806.82 MiB |  654.71 MiB |    1.43 GiB |   20.43 Mbit/s
     ------------------------+-------------+-------------+---------------

 bce0_vlan10+bce1  /  daily

          day        rx      |     tx      |    total    |   avg. rate
     ------------------------+-------------+-------------+---------------
      11/03/21      1.83 GiB |    1.69 GiB |    3.52 GiB |  825.86 kbit/s
     ------------------------+-------------+-------------+---------------
     estimated      4.33 GiB |    3.98 GiB |    8.31 GiB |

bce0_vlan10+bce1  /  monthly

        month        rx      |     tx      |    total    |   avg. rate
     ------------------------+-------------+-------------+---------------
       Nov '21      1.83 GiB |    1.69 GiB |    3.52 GiB |  144.35 kbit/s
     ------------------------+-------------+-------------+---------------
     estimated     22.68 GiB |   20.88 GiB |   43.55 GiB |

vlan10 is the family bce1 is the wan..

https://maltechx.de/en/2021/03/opnsense-setup-traffic-shaping-and-reduce-bufferbloat/
I also did this in hopes of helping the Mrs with her 'Google Meets' for work and meetings..

(cron was scheduled correctly.. can't seem to find any evidence)

/var/cron/tabs/nobody
30 10 * * * /usr/local/sbin/configctl spedtest run

makes output.. and updated Reporting/Speedtest

(hmm)
Thanks for the help

I had a pfsense setup that I thought I could migrate to opnsense.. (skipping the rest of the story around how that all didn't work.. )

At some point I just reset the configuration and decided to just rebuild all the needed portions of the config.. It was at this point that my system had *seven* major upgrades which needed to happen.. I didn't understand why as I just downloaded the latest available that morning.. and after a few hours of having no stable connectivity I decided to reset - this is when the many major upgrades were required.. 

Now I have this:

os-dmidecode (misconfigured)   1.1_1   2.83KiB   OPNsense   Display hardware information on the dashboard   
os-dyndns (misconfigured)   1.25   170KiB   OPNsense   Dynamic DNS Support   
os-git-backup (misconfigured)   1.0_1   14.2KiB   OPNsense   Track config changes using git   
os-iperf (installed)   1.0_1   24.6KiB   OPNsense   Connection speed tester   
os-maltrail (misconfigured)   1.8   45.3KiB   OPNsense   Malicious traffic detection system   
os-net-snmp (misconfigured)   1.5_1   27.5KiB   OPNsense   Net-SNMP is a daemon for the SNMP protocol   
os-wireguard (installed)   1.7   47.2KiB   OPNsense   WireGuard VPN service

Aside from the words 'misconfigured' I'm not sure what to do about those..

I was going to simply backup my config, download 21.7.1, reinstall and upload my config.. but I wasn't sure if that would bring these issues forward as well..

I've seen in the 'Google Wifi' app that it has a nightly speedtest for historical purposes.. Is something like that available? (I tried to attach a screenshot, not sure if it's going to show.. preview not giving me the warm fuzzies..)

I see there is a Interface Stats available on the dashboard, but is there something for daily/weekly/monthly accruals/accounting?

Thanks in advance

I use observium in my environment, logs many devices.. I swapped out an Unifi Edge router a few weeks back for an OpnSense box.. added the net-snmp plugin, observium started logging data (great).

I got the IDS going and snmp seems to have stopped reporting traffic activity in addition to the 'active traffic graph' widget on the Lobby..

https://imgur.com/a/YmM1iTo

Is this a casuality of enabling the IDS?

snmp v2 fwiw..

snmpwalk -v2c -c COMMUNITY 1.2.3.4

sysUpTimeInstance is ticking and showing change

In the imgur link are images showing the view from observium of the device, then from observium via the attached switchport..

Thanks in advance.