Messages

> I don't have IPv6 connectivity so...
Great motivation! :-)

> ... shouldn't the firewall know that this is answer/followup traffic and use the gateway it originated from?
I think that is not how it works, that is, matching incoming and outgoing gateways, but maybe with an actual understanding of the topic could chime in.

>  It works perfectly if the traffic originates from my local network.
With 'it' being what? You mean "IPv6 routing going out via the (only) gateway that has IPv6"? Not trying to be obtuse here, I'm trying to get a picture of things, and with my limited network knowledge I can not fill in the blanks you leave in the story :-P

Edit - would your scenario not be similar to a multi-WAN-setup when you define your Vultr-link as WAN? Or WAN-failover for IPv6? In another topic, https://forum.opnsense.org/index.php?topic=33032.msg159805#msg159805 , that seems to be resolved with some help.

Hi Bob,

Is the fancy graph part of OPNsense? I only got top to show memory usage, which says I got over 2 GB free of 4 GB RAM, and no swap used out of 8 GB. This is on 23.1.3 after about a days uptime on a residential connection with a couple of Internet facing servers and fewer than 50 active devices on the LAN.

Hi undistio,

You tell that you have to reboot the ISP modem to restore the connection, and ask if there is an option to restore the connection in OPNsense.

In these cases, do you need to reset anything on the OPNsense-side after rebooting the ISP modem? Does the connection get restored in such a case when you reboot OPNsense instead of the ISP modem?

I am not aware of some kind of heartbeat/monitor/whatever function in OPNsense (which does not mean much with my knowledge of the platform...), but from your description it seems there is not any action on the OPNsense-side in restoring the connection so I'd say there is nothing to configure there either.

Hi Kreilinger,

Your subject states 'routing problem', did you have a look at the configured routes and their metrics? I have no idea in this case, but that is where I'd start my investigation.

Secondly, out of interest, which goal are you trying to reach with this setup?

[TL;WR: It's about DHCP6 on my LAN interface. I want stable IP's for either local or global name resolving.]

Hi all,

TL;WR: It's about DHCP6 on my LAN interface. I want stable IP's for either local or global name resolving.

• dynamic leases work
• static leases that exactly match SLAAC assignments work
• static leases that fit my requirements (and the subnet) are ignored

Full version:
Am I supposed to be able to create static leases for IPv6 as you'd do for IPv4 in case you like to have stable addresses in your network? I'm quite lousy with BB-code, please bear with me for markup errors!

My goals:

• Being able to set DNS AAAA records pointing to servers in the LAN;
• Being able to reach and recognize devices on the LAN

These things work for their IPv4 counterparts, but I really like to move forward and get started to leave IPv4 behind me (as a part of leaving it behind us and create a better world and all that).

There may be workarounds for those goals, but static DHCP6 seems the cleanest solution with current knowledge. Unfortunately, with current knowledge, I can't get it to work.

Settings overview, please let me know if more is needed for a picture:

• (edit): OPNsense is a clean install on VM of version is 23.1; it just got upgraded to 23.1.4 from 23.1.3.
  
  • ISP:  freedom.nl (sorry, no idea how to create a hyperlink correctly, https://helpdesk.freedom.nl/category-detail/algemene-instellingen-eigen-modem) (in Dutch)
  • WAN: DHCP6 with PPPoE over VLAN6 behind a copper/fiber media convertor (ISP on fiber --> ISP media convertor --> copper ethernet --> WAN-interface) ; it gives me a /48 prefix;
  • LAN: static IPv6/64, auto detected gateway, no 'use IPv4 connectivity'
  • DHCPv6 server on LAN:
    
    
    
    • a /64 subnet within the /48 prefix
    • network like P:P:P:S:I:I:I:I , with P=prefix byte, S=subnet byte, I=interface address byte
    • within this subnet, a tiny range is defined as DHCP6-range, only the last sixteen bits (is that correct? The last four hex values anyway, from 90:: to 90:ffff)
  • Router advertisement:
  
  
  • I think I want to use 'assisted'
  • but I tried 'router only', 'managed' and 'stateless' as well
  
  DHCP-assigned IPv6 more-or-less works:
  
  
  
  • hosts on the IPv6-part of the Internet are reachable;
  • Quite often, devices in the LAN can be reached at least one of the IPv6 addresses assigned to them
  
  Static leases seem a bridge too far for me. I not only want the (random) lease to be static, I also want it to be an IPv6 that I choose by myself. I don't know how to derive a DUID from time, MAC and whatever, so I let clients get a (for me) random IPv6 on their first lease, and then use the OPNsens GUI (services --> dhcp6 --> leases --> +button behind dynamic lease) to fill out the details with a valid DUID.
  
  I can only get a resemblance of working static leases in one of these two cases:
  
  
  
  • I assign the (for me random) SLAAC as fixed IPv6;
  • I use the IPv6 in the static lease definition, but on the client I configure a static IP instead of using a DHCP client
  
  When I define the IPv6 in the lease as per my wishes, I get a curious not working situation:
  
  
  
  • The configured IPv6 shows up in the GUI in the list of leases (good!)
  • The client actually uses a random IPv6 from the DHCP6 pool (bad!)
  In that situation I am not able to reach the client without having direct access to it, because there is no way to know which IP it got. OPNsense is not able to reach the client either, because it seems to think it got the IP I configured in the static lease
  
  When I check /var/log/dhcp/latest.log, I notice that on sollicit from the client, first the configured IP is advertised, directly followed by an advertisement of an address from the DHCP pool:
  
  

Code Select Expand

<190>1 2023-03-18T12:34:09+01:00 vpoort.osba.nl dhcpd 91505 - [meta sequenceId="542"] Solicit message from fe80::b2de:ebff:fe5a:2668 port 546, transaction ID 0xA1C85E00
<190>1 2023-03-18T12:34:09+01:00 vpoort.osba.nl dhcpd 75167 - [meta sequenceId="543"] Solicit message from fe80::b2de:ebff:fe5a:2668 port 546, transaction ID 0xA1C85E00
<190>1 2023-03-18T12:34:09+01:00 vpoort.osba.nl dhcpd 91505 - [meta sequenceId="544"] Advertise NA: address 2a10:3781:2d49:a:26:3:104:2668 to client with duid 00:01:00:01:28:c1:5c:be:b0:de:eb:5a:26:68 iaid = -346413464 static
<190>1 2023-03-18T12:34:09+01:00 vpoort.osba.nl dhcpd 75167 - [meta sequenceId="545"] Advertise NA: address 2a10:3781:2d49:a:26:3:104:2668 to client with duid 00:01:00:01:28:c1:5c:be:b0:de:eb:5a:26:68 iaid = -346413464 static
<190>1 2023-03-18T12:34:09+01:00 vpoort.osba.nl dhcpd 91505 - [meta sequenceId="546"] Sending Advertise to fe80::b2de:ebff:fe5a:2668 port 546
<190>1 2023-03-18T12:34:09+01:00 vpoort.osba.nl dhcpd 75167 - [meta sequenceId="547"] Sending Advertise to fe80::b2de:ebff:fe5a:2668 port 546
<187>1 2023-03-18T12:34:09+01:00 vpoort.osba.nl dhcpd 91505 - [meta sequenceId="548"] send_packet6: Permission denied
<187>1 2023-03-18T12:34:09+01:00 vpoort.osba.nl dhcpd 91505 - [meta sequenceId="549"] dhcpv6: send_packet6() sent -1 of 117 bytes

These blocks repeat for configured leases. Another thing you'll notice, are the last two lines: permission denied, I guess on port 546/547. In the live viewer of the firewall log, there are only 'pass' lines for those ports.

The SLAAC-addresses so far are outside of the DHCP6-range I defined, as are the static IP's I assigned client side. The IP's I want to assign via static lease are outside of the DHCP-range as well (as they should; to be sure I understood correctly, I tested creating a static lease with an IP inside of the range, and the GUI gave me an error).

I've been baning my head against this wall for most of a week now, I'm at my wits end.

Thank you for reading my lengthy post, I hope you can give me some pointers!

Hi ylu,

It has been a while, I hope you found a solution in the mean time.

I have been struggling with IPv6 the first few months of this year, after it had worked flawless before that.

In my case I ended up starting from scratch with a clean install: restoring backups of previous configurations would not restore IPv6 connectivity.

If you still have problems, do give some more details: with just this line from the log, you are the only one who can solve it!

Hi Config,

I have my OPNsense running on 'bare metal', and think of replacing it by a virtual server on somewhat more powerful hardware.

My VM is also running on Proxmox. I had to realize that the VM is a router, and that the two ports of the hardware are in different subnets. I had to connect my laptop to a switch on the 'internal' port before I could reach the web interface.

How is your network set up? Could it be the same problem?

Hi Thor,

The warning in the dnsmasq-log is not specific for OPNsense.

You can try a generic query for that warning on your favourite search engine, for example https://duckduckgo.com/?t=ftsa&q=Warningdnsmasqignoring+nameserver+127.0.0.1&ia=web , which in my case gives a first result for https://stackoverflow.com/questions/63273701/dnsmasq-starts-but-ignores-nameserver-local-interface explaining the meaning (sorry, I never picked up bbscript, no idea how to get the URLs nicely).

The warning is probably not related to your problem. What do you mean with localdomain, and what does not work as you expect?

Hi Frazzetta,

First of all, thank you for writing out your situation. I was reading your post thoroughly to see where it matches my situation, and did not skip forward to see the replies that were not there yet.

My configuration is quite a bit different, the only corresponding item being the lack of router advertisements. I was also depending on static IPv6 in the network, because I don't know enough about IPv6 to have it match DNS entries with SLAAC.

It worked till a couple of weeks (months, by now, I realize) back.

In case you solve your issue outside of the forum, would you mind posting the configuration you ended up with?

Sorry for not being of any help!

You just need to turn off the plugin.

Ah, thanks! I see now. I was searching the plugins, but it is in the menu under services > intrusion detection > administration

Hi all,

I downgraded hardware on my router, from an 3rd gen i3 with 8 G of RAM to an Atom D525-based system with 4 GB of RAM.

Suricata seems too heavy for the new box. CPU usage is quite sticky to the ceiling, Suricata keeping at least 2 of 4 threads busy. I thought I installed it as a plugin, but I don't see it available as a plugin for removal now.

Should I remove it directly via package management?

To start with the most obvious: there is a back-up / restore mechanism for the configuration.

If  you want to restore within 5 minutes of a misconfiguration, you probably are still near the web-interface or a shell, and can manually revert to the previously saved config.

There is a menu item to make this convenient: go to system > configuration > history

I didn't notice you asking how to do this automatically; if that is what you want to know then I don't know.

It helped me quite a lot to add tags to rules, so that I could filter on them.

It also happens that a previous (not logged) rule captures the occurrence.

Turning the filter around might help as well: define all kinds of things you do not want to see, and turn of the auto refresh; then show a couple of hundred records.

I do agree, without being involved in the log daily, it is not quite straight forward what to look for. I have no suggestions for improvement though!

Hi all,

My OPNsense has faultlessly been running for months on an overpowered platform. Now I replaced my desktop computer with my router as an upgrade, and repurposed my server as router.

My server has been running even longer than my router without problems, but I can't get a stable internet connection, if at all.

Maybe a kernel panic is to fault, I am not quite sure how to read the error log. I would say it is hardware related, can I recognize from this whether RAM is to blame, the SSD or maybe the network hardware itself?

Below is the tail of the log, cut from the startup 'beep' till the end of the log. The error logs give quite detailed information, which should I post?  Thanks in advance!

Code Select Expand

<118>>>> Invoking start script 'beep'
<118>Root file system: zroot/ROOT/default
<118>Sun Feb 27 20:32:50 CET 2022
<118>
<118>*** poort.osba.nl: OPNsense 21.7.8 (amd64/OpenSSL) ***
<118>
<118> LANpoort (em0)  -> v4: 192.168.1.1/24
<118> WANpoort (pppoe0) ->
<118>
<118> HTTPS: SHA256 F8 4F 4B 4B C1 55 38 CD A3 63 23 B4 1B B5 0A 4C
<118>               9B E5 EA FF 17 53 72 DA 86 E2 41 1C 3B 36 7E C8
<118> SSH:   SHA256 pVImfc1BUmRFkgMUk2ckqucwijfBqwq89ccwWKU405g (ECDSA)
<118> SSH:   SHA256 11lYai/e0awhzusFcvJGA+8G3/RjqK03OC/BAm8UtCo (ED25519)
<118> SSH:   SHA256 ZN+FvJYDAIovuPb5PAbImONW8/SwXGU5pisTpPXRXc4 (RSA)
<6>em1: link state changed to DOWN
<6>em1_vlan6: link state changed to DOWN
<6>em1: link state changed to UP
<6>em1_vlan6: link state changed to UP
<6>ng0: changing name to 'pppoe0'
<6>ng0: changing name to 'pppoe0'
574.211831 [ 295] generic_netmap_unregister Emulated adapter for pppoe0 deactivated
574.213389 [1035] generic_netmap_dtor       Emulated netmap adapter for pppoe0 destroyed
<3>nd6_dad_timer: called with non-tentative address fe80:8::225:90ff:fe33:1188(pppoe0)


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x54
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff80fa18e6
stack pointer         = 0x28:0xfffffe0025b12970
frame pointer         = 0x28:0xfffffe0025b129c0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 0 (if_io_tqg_0)
trap number = 12
panic: page fault
cpuid = 0
time = 1645990654
__HardenedBSD_version = 1200059 __FreeBSD_version = 1201000
version = FreeBSD 12.1-RELEASE-p22-HBSD #0  6fd65fcb739(stable/21.7)-dirty: Wed Jan 26 20:48:21 CET 2022
    root@sensey:/usr/obj/usr/src/amd64.amd64/sys/SMP
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0025b12620
vpanic() at vpanic+0x1a2/frame 0xfffffe0025b12670
panic() at panic+0x43/frame 0xfffffe0025b126d0
trap_fatal() at trap_fatal+0x39c/frame 0xfffffe0025b12730
trap_pfault() at trap_pfault+0x49/frame 0xfffffe0025b12790
trap() at trap+0x29f/frame 0xfffffe0025b128a0
calltrap() at calltrap+0x8/frame 0xfffffe0025b128a0
--- trap 0xc, rip = 0xffffffff80fa18e6, rsp = 0xfffffe0025b12970, rbp = 0xfffffe0025b129c0 ---
in6_setscope() at in6_setscope+0xa6/frame 0xfffffe0025b129c0
ip6_forward() at ip6_forward+0x359/frame 0xfffffe0025b12b10
pf_test6() at pf_test6+0x1cb5/frame 0xfffffe0025b12ca0
pf_check6_out() at pf_check6_out+0x3f/frame 0xfffffe0025b12cd0
pfil_run_hooks() at pfil_run_hooks+0x87/frame 0xfffffe0025b12d60
ip6_output() at ip6_output+0x1a06/frame 0xfffffe0025b12ff0
icmp6_reflect() at icmp6_reflect+0x2f0/frame 0xfffffe0025b130a0
icmp6_error() at icmp6_error+0x4aa/frame 0xfffffe0025b130f0
ip6_forward() at ip6_forward+0xc58/frame 0xfffffe0025b13240
ip6_input() at ip6_input+0xdf6/frame 0xfffffe0025b13330
netisr_dispatch_src() at netisr_dispatch_src+0xcf/frame 0xfffffe0025b13380
ng_iface_rcvdata() at ng_iface_rcvdata+0x14d/frame 0xfffffe0025b133c0
ng_apply_item() at ng_apply_item+0x2bd/frame 0xfffffe0025b13450
ng_snd_item() at ng_snd_item+0x186/frame 0xfffffe0025b13490
ng_apply_item() at ng_apply_item+0x2bd/frame 0xfffffe0025b13520
ng_snd_item() at ng_snd_item+0x186/frame 0xfffffe0025b13560
ng_apply_item() at ng_apply_item+0x2bd/frame 0xfffffe0025b135f0
ng_snd_item() at ng_snd_item+0x186/frame 0xfffffe0025b13630
ng_pppoe_rcvdata_ether() at ng_pppoe_rcvdata_ether+0x195/frame 0xfffffe0025b136c0
ng_apply_item() at ng_apply_item+0x2bd/frame 0xfffffe0025b13750
ng_snd_item() at ng_snd_item+0x186/frame 0xfffffe0025b13790
ether_demux() at ether_demux+0x207/frame 0xfffffe0025b137c0
ether_nh_input() at ether_nh_input+0x346/frame 0xfffffe0025b13820
netisr_dispatch_src() at netisr_dispatch_src+0xcf/frame 0xfffffe0025b13870
ether_input() at ether_input+0x4b/frame 0xfffffe0025b138a0
vlan_input() at vlan_input+0x1f8/frame 0xfffffe0025b138f0
ether_demux() at ether_demux+0x122/frame 0xfffffe0025b13920
ether_nh_input() at ether_nh_input+0x346/frame 0xfffffe0025b13980
netisr_dispatch_src() at netisr_dispatch_src+0xcf/frame 0xfffffe0025b139d0
ether_input() at ether_input+0x4b/frame 0xfffffe0025b13a00
iflib_rxeof() at iflib_rxeof+0xacb/frame 0xfffffe0025b13ae0
_task_fn_rx() at _task_fn_rx+0xc0/frame 0xfffffe0025b13b20
gtaskqueue_run_locked() at gtaskqueue_run_locked+0x144/frame 0xfffffe0025b13b80
gtaskqueue_thread_loop() at gtaskqueue_thread_loop+0x98/frame 0xfffffe0025b13bb0
fork_exit() at fork_exit+0x83/frame 0xfffffe0025b13bf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0025b13bf0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
panic.txt0600001214206751376  7144 ustarrootwheelpage faultversion.txt06000022414206751376  7624 ustarrootwheelFreeBSD 12.1-RELEASE-p22-HBSD #0  6fd65fcb739(stable/21.7)-dirty: Wed Jan 26 20:48:21 CET 2022
    root@sensey:/usr/obj/usr/src/amd64.amd64/sys/SMP


The box locks up frequently, it would seem after about an hour. The activity LED on the WAN port stays active then, and while the activity LED on the LAN port keeps flashing, no traffic is happening (web interface nor SSH is available).

There is not always a fault on reboot. This morning there was,

Code Select Expand



em0: link state changed to UP
em1: link state changed to UP
lo0: link state changed to UP
aesni0: No AES or SHA support.
em1: link state changed to DOWN
vlan0: changing name to 'em1_vlan6'
em0: link state changed to DOWN
WARNING: attempt to domain_add(netgraph) after domainfinalize()
ng0: changing name to 'pppoe0'
em1: link state changed to UP
em1_vlan6: link state changed to UP
em0: link state changed to UP
pflog0: permanently promiscuous mode enabled
em1: link state changed to DOWN
em1_vlan6: link state changed to DOWN
em1: link state changed to UP
em1_vlan6: link state changed to UP
ng0: changing name to 'pppoe0'
ng0: changing name to 'pppoe0'
nd6_dad_timer: called with non-tentative address fe80:8::225:90ff:fe33:1188(pppoe0)


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address = 0x54
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff80fa18e6
stack pointer         = 0x0:0xfffffe0025b12970
frame pointer         = 0x0:0xfffffe0025b129c0
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 0 (if_io_tqg_0)
trap number = 12
panic: page fault
cpuid = 0
time = 1646029975
__HardenedBSD_version = 1200059 __FreeBSD_version = 1201000
version = FreeBSD 12.1-RELEASE-p22-HBSD #0  6fd65fcb739(stable/21.7)-dirty: Wed Jan 26 20:48:21 CET 2022
    root@sensey:/usr/obj/usr/src/amd64.amd64/sys/SMP
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0025b12620
vpanic() at vpanic+0x1a2/frame 0xfffffe0025b12670
panic() at panic+0x43/frame 0xfffffe0025b126d0
trap_fatal() at trap_fatal+0x39c/frame 0xfffffe0025b12730
trap_pfault() at trap_pfault+0x49/frame 0xfffffe0025b12790
trap() at trap+0x29f/frame 0xfffffe0025b128a0
calltrap() at calltrap+0x8/frame 0xfffffe0025b128a0
--- trap 0xc, rip = 0xffffffff80fa18e6, rsp = 0xfffffe0025b12970, rbp = 0xfffffe0025b129c0 ---
in6_setscope() at in6_setscope+0xa6/frame 0xfffffe0025b129c0
ip6_forward() at ip6_forward+0x359/frame 0xfffffe0025b12b10
pf_test6() at pf_test6+0x1cb5/frame 0xfffffe0025b12ca0
pf_check6_out() at pf_check6_out+0x3f/frame 0xfffffe0025b12cd0
pfil_run_hooks() at pfil_run_hooks+0x87/frame 0xfffffe0025b12d60
ip6_output() at ip6_output+0x1a06/frame 0xfffffe0025b12ff0
icmp6_reflect() at icmp6_reflect+0x2f0/frame 0xfffffe0025b130a0
icmp6_error() at icmp6_error+0x4aa/frame 0xfffffe0025b130f0
ip6_forward() at ip6_forward+0xc58/frame 0xfffffe0025b13240
ip6_input() at ip6_input+0xdf6/frame 0xfffffe0025b13330
netisr_dispatch_src() at netisr_dispatch_src+0xcf/frame 0xfffffe0025b13380
ng_iface_rcvdata() at ng_iface_rcvdata+0x14d/frame 0xfffffe0025b133c0
ng_apply_item() at ng_apply_item+0x2bd/frame 0xfffffe0025b13450
ng_snd_item() at ng_snd_item+0x186/frame 0xfffffe0025b13490
ng_apply_item() at ng_apply_item+0x2bd/frame 0xfffffe0025b13520
ng_snd_item() at ng_snd_item+0x186/frame 0xfffffe0025b13560
ng_apply_item() at ng_apply_item+0x2bd/frame 0xfffffe0025b135f0
ng_snd_item() at ng_snd_item+0x186/frame 0xfffffe0025b13630
ng_pppoe_rcvdata_ether() at ng_pppoe_rcvdata_ether+0x195/frame 0xfffffe0025b136c0
ng_apply_item() at ng_apply_item+0x2bd/frame 0xfffffe0025b13750
ng_snd_item() at ng_snd_item+0x186/frame 0xfffffe0025b13790
ether_demux() at ether_demux+0x207/frame 0xfffffe0025b137c0
ether_nh_input() at ether_nh_input+0x346/frame 0xfffffe0025b13820
netisr_dispatch_src() at netisr_dispatch_src+0xcf/frame 0xfffffe0025b13870
ether_input() at ether_input+0x4b/frame 0xfffffe0025b138a0
vlan_input() at vlan_input+0x1f8/frame 0xfffffe0025b138f0
ether_demux() at ether_demux+0x122/frame 0xfffffe0025b13920
ether_nh_input() at ether_nh_input+0x346/frame 0xfffffe0025b13980
netisr_dispatch_src() at netisr_dispatch_src+0xcf/frame 0xfffffe0025b139d0
ether_input() at ether_input+0x4b/frame 0xfffffe0025b13a00
iflib_rxeof() at iflib_rxeof+0xacb/frame 0xfffffe0025b13ae0
_task_fn_rx() at _task_fn_rx+0xc0/frame 0xfffffe0025b13b20
gtaskqueue_run_locked() at gtaskqueue_run_locked+0x144/frame 0xfffffe0025b13b80
gtaskqueue_thread_loop() at gtaskqueue_thread_loop+0x98/frame 0xfffffe0025b13bb0
fork_exit() at fork_exit+0x83/frame 0xfffffe0025b13bf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe0025b13bf0
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
---<>---
Copyright (c) 2013-2019 The HardenedBSD Project.


A  thread (sorry, don't know how to make a link of it; https://forums.freebsd.org/threads/fatal-trap-12-page-fault-while-in-kernel-mode-during-network-operations.80474/ ) on a BSD forum suggests looking at offloading features of the NIC. These are turned off.

The memory might be at fault, but when the box is running, I have seen RAM  being used to 80% without a problem (2x 2GB, non-ECC).

Any progress ?

I'm struggling on my side.

Sorry for not writing any more. I have not been able to match the labels in the web interface with tutorials for Nginx. I hate to admit I threw in the towel (always carry a towel) and found a low budget VPS to host the service that I intended to proxy :-(