Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - iBROX

Pages: 1 [2] 3 4

21.7 Legacy Series / Re: Namecheap with DynDNS receives "unknown response" after upgrade to 21.7

« on: November 25, 2021, 11:23:23 pm »

Thank you Franco, applied the patch and the issue has been resolved.

Great work!

21.7 Legacy Series / Re: Namecheap with DynDNS receives "unknown response" after upgrade to 21.7

« on: November 25, 2021, 09:09:52 am »

I also get this just about every day when I log into the web Gui :

PHP Errors:

[25-Nov-2021 00:38:35 PHP Warning: simplexml_load_string(): Entity: line 1: parser error : Document labelled UTF-16 but has UTF-8 content in /usr/local/etc/inc/plugins.inc.d/dyndns/phpDynDNS.inc on line 1502
[25-Nov-2021 00:38:35 PHP Warning: simplexml_load_string(): in /usr/local/etc/inc/plugins.inc.d/dyndns/phpDynDNS.inc on line 1502
[25-Nov-2021 00:38:35 PHP Warning: simplexml_load_string(): ^ in /usr/local/etc/inc/plugins.inc.d/dyndns/phpDynDNS.inc on line 1502
[25-Nov-2021 00:38:42 PHP Warning: simplexml_load_string(): Entity: line 1: parser error : Document labelled UTF-16 but has UTF-8 content in /usr/local/etc/inc/plugins.inc.d/dyndns/phpDynDNS.inc on line 1502
[25-Nov-2021 00:38:42 PHP Warning: simplexml_load_string(): in /usr/local/etc/inc/plugins.inc.d/dyndns/phpDynDNS.inc on line 1502
[25-Nov-2021 00:38:42 PHP Warning: simplexml_load_string(): ^ in /usr/local/etc/inc/plugins.inc.d/dyndns/phpDynDNS.inc on line 1502
[25-Nov-2021 00:38:42 PHP Warning: simplexml_load_string(): Entity: line 1: parser error : Document labelled UTF-16 but has UTF-8 content in /usr/local/etc/inc/plugins.inc.d/dyndns/phpDynDNS.inc on line 1502
[25-Nov-2021 00:38:42 PHP Warning: simplexml_load_string(): in /usr/local/etc/inc/plugins.inc.d/dyndns/phpDynDNS.inc on line 1502
[25-Nov-2021 00:38:42 PHP Warning: simplexml_load_string(): ^ in /usr/local/etc/inc/plugins.inc.d/dyndns/phpDynDNS.inc on line 1502
[25-Nov-2021 01:11:00 PHP Warning: simplexml_load_string(): Entity: line 1: parser error : Document labelled UTF-16 but has UTF-8 content in /usr/local/etc/inc/plugins.inc.d/dyndns/phpDynDNS.inc on line 1502
[25-Nov-2021 01:11:00 PHP Warning: simplexml_load_string(): in /usr/local/etc/inc/plugins.inc.d/dyndns/phpDynDNS.inc on line 1502
[25-Nov-2021 01:11:00 PHP Warning: simplexml_load_string(): ^ in /usr/local/etc/inc/plugins.inc.d/dyndns/phpDynDNS.inc on line 1502

21.7 Legacy Series / Re: Namecheap with DynDNS receives "unknown response" after upgrade to 21.7

« on: November 23, 2021, 11:27:06 pm »

This is what my one says :

2021-11-19T01:11:00 opnsense[13440] /usr/local/etc/rc.dyndns: Dynamic DNS (domain.com): PAYLOAD: <?xml version="1.0" encoding="utf-16"?>

21.7 Legacy Series / Re: Namecheap with DynDNS receives "unknown response" after upgrade to 21.7

« on: November 22, 2021, 11:03:07 pm »

Same issue here and it generates a dump file every time has well, have submitted to the team.

Hopefully a fix soon

21.7 Legacy Series / Re: Iperf speeds slow (Vmware environment)

« on: October 21, 2021, 02:24:27 am »

Thanks guys, massive improvement with the following settings applied in tuneables :

dev.vmx.0.iflib.override_nrxds = 0,2048,0
dev.vmx.0.iflib.override_ntxds = 0,4096
dev.vmx.1.iflib.override_nrxds = 0,2048,0
dev.vmx.1.iflib.override_ntxds = 0,4096
hw.ibrs_disable = 1
vm.pmap.pti = 0

Speeds went from :

[ 5] 174.00-175.00 sec 106 MBytes 885 Mbits/sec 60 575 KBytes
[ 5] 175.00-176.00 sec 108 MBytes 903 Mbits/sec 60 369 KBytes
[ 5] 176.00-177.00 sec 105 MBytes 881 Mbits/sec 0 666 KBytes
[ 5] 177.00-178.00 sec 106 MBytes 890 Mbits/sec 59 489 KBytes
[ 5] 178.00-179.00 sec 107 MBytes 895 Mbits/sec 43 198 KBytes
[ 5] 179.00-180.00 sec 104 MBytes 869 Mbits/sec 0 585 KBytes
[ 5] 180.00-181.00 sec 107 MBytes 895 Mbits/sec 59 375 KBytes

TO

[SUM] 49.00-50.00 sec 753 MBytes 6.31 Gbits/sec 0
^C- - - - - - - - - - - - - - - - - - - - - - - - -
[ 5] 50.00-50.55 sec 61.2 MBytes 941 Mbits/sec 0 747 KBytes
[ 7] 50.00-50.55 sec 46.2 MBytes 711 Mbits/sec 0 641 KBytes
[ 9] 50.00-50.55 sec 67.5 MBytes 1.04 Gbits/sec 0 840 KBytes
[ 11] 50.00-50.55 sec 36.2 MBytes 557 Mbits/sec 0 663 KBytes
[ 13] 50.00-50.55 sec 41.2 MBytes 634 Mbits/sec 0 691 KBytes
[ 15] 50.00-50.55 sec 36.2 MBytes 557 Mbits/sec 0 660 KBytes
[ 17] 50.00-50.55 sec 40.0 MBytes 615 Mbits/sec 0 677 KBytes
[ 19] 50.00-50.55 sec 35.0 MBytes 538 Mbits/sec 0 607 KBytes
[ 21] 50.00-50.55 sec 28.9 MBytes 444 Mbits/sec 0 527 KBytes
[ 23] 50.00-50.55 sec 38.8 MBytes 595 Mbits/sec 0 675 KBytes
[SUM] 50.00-50.55 sec 431 MBytes 6.63 Gbits/sec 0

Nice improvement!

21.7 Legacy Series / Re: Iperf speeds slow (Vmware environment)

« on: October 12, 2021, 05:33:05 am »

Thanks guys, I've had more time to have a play. If I have two FreeBSD VMs (v12 &v13) sitting on the same VLAN (same vswitch) it happily transfers at :

VM 1 VLAN 50
VM 2 VLAN 50

[ 5] 61.00-62.00 sec 3.07 GBytes 26.3 Gbits/sec 0 1.77 MBytes
[ 5] 62.00-63.00 sec 3.15 GBytes 27.1 Gbits/sec 0 1.77 MBytes
[ 5] 63.00-64.00 sec 2.93 GBytes 25.1 Gbits/sec 0 1.77 MBytes
[ 5] 64.00-65.00 sec 3.02 GBytes 25.9 Gbits/sec 0 1.77 MBytes

When I then do the same test, but have one of the VMs sitting on the other side of the FW so the traffic has to pass through Opnsense, I get :

VM1 VLAN 50
VM2 VLAN 76

[ 5] 174.00-175.00 sec 106 MBytes 885 Mbits/sec 60 575 KBytes
[ 5] 175.00-176.00 sec 108 MBytes 903 Mbits/sec 60 369 KBytes
[ 5] 176.00-177.00 sec 105 MBytes 881 Mbits/sec 0 666 KBytes
[ 5] 177.00-178.00 sec 106 MBytes 890 Mbits/sec 59 489 KBytes
[ 5] 178.00-179.00 sec 107 MBytes 895 Mbits/sec 43 198 KBytes
[ 5] 179.00-180.00 sec 104 MBytes 869 Mbits/sec 0 585 KBytes
[ 5] 180.00-181.00 sec 107 MBytes 895 Mbits/sec 59 375 KBytes

Linux shows the same speeds (Debian 11)

[ 5] 8.00-9.00 sec 2.68 GBytes 23.0 Gbits/sec 0 2.85 MBytes
[ 5] 9.00-10.00 sec 2.66 GBytes 22.9 Gbits/sec 0 3.02 MBytes
[ 5] 10.00-11.00 sec 2.77 GBytes 23.8 Gbits/sec 0 3.02 MBytes
[ 5] 11.00-12.00 sec 2.81 GBytes 24.2 Gbits/sec 0 3.02 MBytes
[ 5] 12.00-13.00 sec 2.77 GBytes 23.8 Gbits/sec 0 3.02 MBytes
^C[ 5] 13.00-13.28 sec 781 MBytes 23.8 Gbits/sec 0 3.02 MBytes

When I then do the same test, but have one of the VMs sitting on the other side of the FW so the traffic has to pass through Opnsense, I get :

[ 5] 4.00-5.00 sec 104 MBytes 870 Mbits/sec 0 701 KBytes
[ 5] 5.00-6.00 sec 102 MBytes 860 Mbits/sec 1 608 KBytes
[ 5] 6.00-7.00 sec 102 MBytes 860 Mbits/sec 0 725 KBytes
[ 5] 7.00-8.00 sec 106 MBytes 891 Mbits/sec 1 638 KBytes
[ 5] 8.00-9.00 sec 105 MBytes 881 Mbits/sec 2 539 KBytes
[ 5] 9.00-10.00 sec 102 MBytes 860 Mbits/sec 0 669 KBytes

It's a bit of a difference, the CPU on the Opnsense VM isn't getting stressed really either.

Any ideas on where else to look ?

I've added "hw.pci.honor_msi_blacklist=0" made no real difference.

Unless my testing is flawed, the common factor seems to be traffic passing through the FW.

21.7 Legacy Series / Re: FW rule issue

« on: October 09, 2021, 12:29:14 pm »

Managed to fix this one, it wasn’t opnsense at fault but an issue further upstream in the network on the core switches, someone didn’t clean up their “temporary” configuration from years ago. A bit of debugging and back tracking I managed to work it out.

21.7 Legacy Series / Iperf speeds slow (Vmware environment)

« on: October 08, 2021, 06:01:40 am »

Pretty simple setup here.

Running latest version of Opnsense in Vmware (7) installed Iperf in Opnsense and I have a standard debian VM connecting as the client, only getting the following speeds :

[ 5] 549.00-550.00 sec 71.2 MBytes 598 Mbits/sec 2 525 KBytes
[ 5] 550.00-551.00 sec 73.8 MBytes 619 Mbits/sec 0 621 KBytes
[ 5] 551.00-552.00 sec 71.2 MBytes 598 Mbits/sec 0 704 KBytes
[ 5] 552.00-553.00 sec 72.5 MBytes 608 Mbits/sec 2 567 KBytes
[ 5] 553.00-554.00 sec 76.2 MBytes 640 Mbits/sec 0 663 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-554.46 sec 41.0 GBytes 635 Mbits/sec 567 sender
[ 5] 0.00-554.46 sec 0.00 Bytes 0.00 bits/sec receiver

Network topology is quite straight forward

Test VM (Vlan50) ----> OPNsense VM (Trunk port, VLAN50)

I've read multiple threads that there are known performance issues with running in a virtualised environment with the VMXNET3 driver, is this still the case?

I don't need a lot of bandwidth but would have expected to see at least 1GB

21.7 Legacy Series / Re: FW rule issue

« on: October 05, 2021, 09:38:15 am »

Different interfaces, for some reason it keeps getting hit by the default deny (floating rule) if I add a new rule on that specific interface and say "block or reject" it, I can see it hitting that rule. It's only if it has a permit it doesn't even get that far.

21.7 Legacy Series / Re: FW rule issue

« on: October 05, 2021, 04:22:34 am »

Ok I can see what is happening for some reason its not keeping state. If I disable all FW it works, but the moment I enable the FW it doesn't.

I can see in the FW log that the SYN ACK is getting lost on the way back so for example :

Host A : 192.168.10.10 (listening on port 111)
Host B : 192.168.20.20

I can see in the FW log that the default deny is picking this up and blocking it on the way back.

21.7 Legacy Series / Re: FW rule issue

« on: October 04, 2021, 11:01:19 am »

I have something listening on 80 as well, same issue. However I think I might know what’s causing this after taking a step back. I’ll have more of a play tomorrow.

21.7 Legacy Series / FW rule issue

« on: October 04, 2021, 09:06:59 am »

Hi,

This should be simple and it probably is, but for some reason it isn't working, I'll explain best I can.

Network A : 192.168.90.0/24
Network B : 192.168.100.0/24

I am trying to connect to TCP/22 from Network A to Network B , I have the rule in place but for some reason it keeps getting picked up by the default deny rule in the logs. I can ping a host on network B from network A no problems but for some reason it isn't parsing the rule. I can also see the request come into the host on network B using a netstat or a tshark capture.

From the deny log for some reason it looks like it is the wrong way around (unless I'm reading it wrong)

I've attached the deny log.

I can access the host on Network B from another host on Network B no problems.

21.7 Legacy Series / ARP moved messages in the logs

« on: September 28, 2021, 10:03:26 am »

Hi,

I'm getting the following messages in the dmesg and console log of my Opsense install :

vmx2: promiscuous mode enabled
arp: x.x.x.x moved from x.x.x.x to y.y.y.y on vmx2

https://lucatnt.com/2016/02/arp-moved-messages-in-freenaspfsense-explained/

I've tried a few things to turn this off but no matter what I do it still shows, I've added a system tunable of :

net.link.ether.inet.log_arp_movements = 0

I see that be added to /boot/loader.conf but after a reboot if I do a sysctl -a it shows it as a value of 1 :

net.link.ether.inet.log_arp_movements: 1

If I run sysctl -w after a reboot it stops the messages, however after a reboot it reverts back to a value of "1" and starts the messages again.

Any ideas?

21.1 Legacy Series / Re: VLAN to VLAN FW allow

« on: March 15, 2021, 10:35:20 am »

Got it now!! And it's working as expected.

Thanks again.

21.1 Legacy Series / Re: VLAN to VLAN FW allow

« on: March 15, 2021, 10:28:30 am »

Got it, thanks again.

One other thing if I wanted to block say port 80 from IP 192.168.15.55 (vlan 15)

Would that be a rule on the Guestnetwork (vlan 15) outbound ?

Pages: 1 [2] 3 4