Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - Morta

Pages1 2
#1
General Discussion / Could you add init7.net mirror as a option?
May 25, 2024, 03:32:29 PM
Hi OPNsense-Team

Could you add the init7.net mirror to https://opnsese/ui/core/firmware#settings

Code Select
https://mirror.init7.net/opnsense/FreeBSD:13:amd64/24.1

I can't add to the menu only in the config file for

https://opnsense/ui/core/firmware#status

Code Select
type opnsense-devel
Version 24.7.b
Architecture amd64
Commit 4e1613489
Mirror https://mirror.init7.net/opnsense/FreeBSD:13:amd64/24.1
Repositories OPNsense
Updated on Tue May 21 17:39:20 CEST 2024
Checked on Sat May 25 15:10:50 CEST 2024

Much appreciated
#2
23.7 Legacy Series / reboot of opnsense every time after kernel update of client
November 11, 2023, 02:12:35 PM
Hi!

I have a ArchLinux client with bond0 interface and a OPNsense router. I have to reboot the router every time after a kernel update on the client.

the habits is that he lost connection on ping.

Code Select
[morta@5erver ~]$ ping google.ch
PING google.ch (142.250.203.99) 56(84) bytes of data.
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=1 ttl=110 time=3.30 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=2 ttl=110 time=3.25 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=3 ttl=110 time=3.25 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=4 ttl=110 time=3.26 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=5 ttl=110 time=3.25 ms
From 5erver (192.168.1.100) icmp_seq=6 Destination Host Unreachable
From 5erver (192.168.1.100) icmp_seq=7 Destination Host Unreachable
From 5erver (192.168.1.100) icmp_seq=8 Destination Host Unreachable
From 192.168.1.100 (192.168.1.100) icmp_seq=9 Destination Host Unreachable
From 5erver (192.168.1.100) icmp_seq=10 Destination Host Unreachable
From 5erver (192.168.1.100) icmp_seq=11 Destination Host Unreachable
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=12 ttl=110 time=186 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=13 ttl=110 time=3.27 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=14 ttl=110 time=3.38 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=15 ttl=110 time=3.27 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=16 ttl=110 time=3.28 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=17 ttl=110 time=3.29 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=18 ttl=110 time=3.25 ms
q64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=19 ttl=110 time=3.26 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=20 ttl=110 time=3.27 ms


after reboot of the router isn't anymore packet loss. On the router isn't it at anytime packet loss.

My toughts goes to the DHCP-server of OPNsense....

Why?
#3
23.7 Legacy Series / How I can tell unbound to use DoT if ISP nativly?
August 07, 2023, 08:04:12 PM
Hi!

How I can tell Unbound to use DoT of my ISP? They provide both DNS and DoT.

Cheers
#4
Development and Code Review / Run GUI for development with own webserver
August 04, 2023, 05:15:06 PM

Hi
Is there a way to run the GUI only on a webserver?

I know the vagrant image for developing propse.

Thx 4 input
Modify message
#5
23.7 Legacy Series / DHCPv6 range
August 01, 2023, 09:04:57 PM
Hi

I want for my clients a range from 2a02:XXX:a774::2 to 2a02:XXX:a774::ffff

I did this under Service -> DHCPv6 following settings



but mi clients has still addresses like this one, why?

2a02:XXX:a774:be33:de22:ab42:3245:ff32

Should look like this

2a02:XXX:a774::34d4
#6
23.7 Legacy Series / acme.sh broken with cloudflare
August 01, 2023, 04:43:17 PM
hi

I can't renew my certs.... validation failed always was working with opnsense 23.1.11

Code Select
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] skip dns.
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] dns_entries
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] _clearupdns
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] No need to restore nginx, skip.
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] pid
#define WITH_MSGLEVEL 0 /*debug*/
#define WITH_RETRY 1
#define WITH_FILAN 1
#define WITH_SYCLS 1
#define WITH_LIBWRAP 1
#undef WITH_FIPS
#define WITH_OPENSSL 1
#define WITH_PTY 1
#undef WITH_TUN
#undef WITH_READLINE
#define WITH_EXEC 1
#define WITH_SYSTEM 1
#define WITH_PROXY 1
#undef WITH_VSOCK
#define WITH_SOCKS4A 1
#define WITH_SOCKS4 1
#define WITH_LISTEN 1
#define WITH_SCTP 1
#define WITH_UDP 1
#define WITH_TCP 1
#undef WITH_INTERFACE
#define WITH_GENERICSOCKET 1
#define WITH_RAWIP 1
#define WITH_IP6 1
#define WITH_IP4 1
#undef WITH_ABSTRACT_UNIXSOCKET
#define WITH_UNIX 1
#define WITH_PIPE 1
#define WITH_TERMIOS 1
#define WITH_GOPEN 1
#define WITH_CREAT 1
#define WITH_FILE 1
#define WITH_FDNUM 1
#define WITH_STDIO 1
features:
running on FreeBSD version FreeBSD 13.2-RELEASE-p1 stable/23.7-n254737-f223233eef4 SMP, release 13.2-RELEASE-p1, machine amd64
socat version 1.7.4.4 on Jul 28 2023 02:30:20
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat:
nginx doesn't exist.
nginx:
apache doesn't exist.
apache:
OpenSSL 1.1.1t-freebsd 7 Feb 2023
openssl:openssl
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] Diagnosis versions:
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] code='200'
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] _ret='0'
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg'
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] POST
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] payload='{}'
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg'
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] code='200'
2023-08-01T16:26:38 acme.sh [Tue Aug 1 16:26:38 CEST 2023] _ret='0'
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q'
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] POST
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] payload='{}'
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q'
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] Please add '--debug' or '--log' to check more details.
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] _on_issue_err
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] Error add txt for domain:_acme-challenge.xxx.ch
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] invalid domain
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] h
2023-08-01T16:26:37 acme.sh [Tue Aug 1 16:26:37 CEST 2023] ret='0'
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] timeout=
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] url='https://api.cloudflare.com/client/v4/zones?name=ch&account.id=83f5c74cb3acc5ca609b3d2127439721'
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] GET
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] zones?name=ch&account.id=83f5c74cb3acc5ca609b3d2127439721
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] h='ch'
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] ret='0'
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] timeout=
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] url='https://api.cloudflare.com/client/v4/zones?name=xxx.ch&account.id=83f5c74cb3acc5ca609b3d2127439721'
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] GET
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] zones?name=xxx.ch&account.id=83f5c74cb3acc5ca609b3d2127439721
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] h='xxx.ch'
2023-08-01T16:26:36 acme.sh [Tue Aug 1 16:26:36 CEST 2023] ret='0'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] timeout=
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] url='https://api.cloudflare.com/client/v4/zones?name=_acme-challenge.xxx.ch&account.id=83f5c74cb3acc5ca609b3d2127439721'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] GET
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] zones?name=_acme-challenge.xxx.ch&account.id=83f5c74cb3acc5ca609b3d2127439721
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] h='_acme-challenge.xxx.ch'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] First detect the root zone
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] Adding txt value: vBGqNBwnBNPub-yg8pwc16AL0Sa3-kLgeOuU332S0p0 for domain: _acme-challenge.xxx.ch
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] Found domain api file: /usr/local/share/examples/acme.sh/dnsapi/dns_cf.sh
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] d_api='/usr/local/share/examples/acme.sh/dnsapi/dns_cf.sh'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] txt='vBGqNBwnBNPub-yg8pwc16AL0Sa3-kLgeOuU332S0p0'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] txtdomain='_acme-challenge.xxx.ch'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] _d_alias
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] d='xxx.ch'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] vlist='xxx.ch#ng-F-kDuIB1YZZyTwIzmqVQm3xNZP-F7ltGCuFU7Jv4.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I#https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q#dns-01#dns_cf,*.xxx.ch#W-ljgGYxywmaPA9dkYh1KnQEzNBgIITlBfCGh0OMePI.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I#https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg#dns-01#dns_cf,'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] d
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] dvlist='*.xxx.ch#W-ljgGYxywmaPA9dkYh1KnQEzNBgIITlBfCGh0OMePI.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I#https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg#dns-01#dns_cf'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] keyauthorization='W-ljgGYxywmaPA9dkYh1KnQEzNBgIITlBfCGh0OMePI.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] token='W-ljgGYxywmaPA9dkYh1KnQEzNBgIITlBfCGh0OMePI'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615776/cy7mdg","token":"W-ljgGYxywmaPA9dkYh1KnQEzNBgIITlBfCGh0OMePI"'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] _currentRoot='dns_cf'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] _w='dns_cf'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] Getting webroot for domain='*.xxx.ch'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] d='*.xxx.ch'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] dvlist='xxx.ch#ng-F-kDuIB1YZZyTwIzmqVQm3xNZP-F7ltGCuFU7Jv4.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I#https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q#dns-01#dns_cf'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] keyauthorization='ng-F-kDuIB1YZZyTwIzmqVQm3xNZP-F7ltGCuFU7Jv4.ETMb2KXsswasLjgwr1dygv27ErzJtu32o8b3ggDhx_I'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] token='ng-F-kDuIB1YZZyTwIzmqVQm3xNZP-F7ltGCuFU7Jv4'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/250977615786/7BHP0Q","token":"ng-F-kDuIB1YZZyTwIzmqVQm3xNZP-F7ltGCuFU7Jv4"'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] _currentRoot='dns_cf'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] _w='dns_cf'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] Getting webroot for domain='xxx.ch'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] d='xxx.ch'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] code='200'
2023-08-01T16:26:35 acme.sh [Tue Aug 1 16:26:35 CEST 2023] _ret='0'
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/250977615786'
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] POST
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] payload
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/250977615786'
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] code='200'
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] _ret='0'
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/250977615776'
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] POST
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] payload
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/250977615776'
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/406092430/198736715916'
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/406092430/198736715916'
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] code='201'
2023-08-01T16:26:34 acme.sh [Tue Aug 1 16:26:34 CEST 2023] _ret='0'
2023-08-01T16:26:33 acme.sh [Tue Aug 1 16:26:33 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:33 acme.sh [Tue Aug 1 16:26:33 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
2023-08-01T16:26:33 acme.sh [Tue Aug 1 16:26:33 CEST 2023] POST
2023-08-01T16:26:33 acme.sh [Tue Aug 1 16:26:33 CEST 2023] _ret='0'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g -I '
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] HEAD
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] RSA key
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] payload='{"identifiers": [{"type":"dns","value":"xxx.ch"},{"type":"dns","value":"*.xxx.ch"}]}'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] d
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] d='*.xxx.ch'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Getting domain auth token for each domain
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Multi domain='DNS:xxx.ch,DNS:*.xxx.ch'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _createcsr
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Read key length:ec-384
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _saved_account_key_hash is not changed, skip register account.
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] d
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _currentRoot='dns_cf'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Check for domain='*.xxx.ch'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] d='*.xxx.ch'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _currentRoot='dns_cf'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Check for domain='xxx.ch'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] d='xxx.ch'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Le_LocalAddress
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _chk_alt_domains='*.xxx.ch'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _chk_main_domain='xxx.ch'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _on_before_issue
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] ACME_NEW_AUTHZ
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] ret='0'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _CURL='curl --silent --dump-header /var/etc/acme-client/home/http.header -L -g '
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] timeout=
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] url='https://acme-v02.api.letsencrypt.org/directory'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] GET
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _init api for server: https://acme-v02.api.letsencrypt.org/directory
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Le_NextRenewTime
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] DOMAIN_PATH='/var/etc/acme-client/home/xxx.ch_ecc'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Using config home:/var/etc/acme-client/home
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _alt_domains='*.xxx.ch'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] _main_domain='xxx.ch'
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Running cmd: issue
2023-08-01T16:26:32 acme.sh [Tue Aug 1 16:26:32 CEST 2023] Using server: https://acme-v02.api.letsencrypt.org/directory

Code Select
2023-08-01T16:26:38 opnsense AcmeClient: validation for certificate failed: xxx.ch
2023-08-01T16:26:38 opnsense AcmeClient: domain validation failed (dns01)
2023-08-01T16:26:32 opnsense AcmeClient: running acme.sh command: /usr/local/sbin/acme.sh --issue --syslog 7 --debug --server 'letsencrypt' --dns 'dns_cf' --dnssleep '120' --home '/var/etc/acme-client/home' --certpath '/var/etc/acme-client/certs/621d15ce2aa0d1.02076547/cert.pem' --keypath '/var/etc/acme-client/keys/621d15ce2aa0d1.02076547/private.key' --capath '/var/etc/acme-client/certs/621d15ce2aa0d1.02076547/chain.pem' --fullchainpath '/var/etc/acme-client/certs/621d15ce2aa0d1.02076547/fullchain.pem' --domain 'xxx.ch' --domain '*.xxx.ch' --days '1' --force --ocsp --keylength 'ec-384' --accountconf '/var/etc/acme-client/accounts/6207d3f1b10373.66815486_prod/account.conf'
2023-08-01T16:26:32 opnsense AcmeClient: using challenge type: Cloudflare
2023-08-01T16:26:32 opnsense AcmeClient: account is registered: xxx
2023-08-01T16:26:32 opnsense AcmeClient: using CA: letsencrypt
2023-08-01T16:26:32 opnsense AcmeClient: issue certificate:xxx.ch
2023-08-01T16:26:32 opnsense AcmeClient: certificate must be issued/renewed:xx.ch
2023-08-01T16:26:27 opnsense AcmeClient: ignoring revocation request for certificate xx.ch (not issued yet)


#7
23.1 Legacy Series / sshjump with openssh
May 22, 2023, 01:32:32 PM
I want to forward ssh traffic. I did following config in

/usr/share/etc/ssh/ssh_config

Code Select
#       $OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP no
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   VerifyHostKeyDNS yes
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
#   UserKnownHostsFile ~/.ssh/known_hosts.d/%k

### First jump host. Directly reachable
host r0uter.net.work
  HostName xxx.ch

### Second jumphost. Only reachable via jumphost1.example.org
Host 5erver.net.work
  HostName server.xxx.ch
  ProxyJump 5erver

### Host only reachable via alphajump and betajump
Host pikvm.net.work
  HostName kvm.xxx.ch
  ProxyJump pikvm
#
Host nas.net.work
  Hostname nas.xx.ch
  Proxyjump nas

But I can't reach the hosts with the hostnames it goes all to r0uter. Why?

I followed https://wiki.gentoo.org/wiki/SSH_jump_host

How I can edit settings of the openssh daemon of OPNsense?
#8
22.7 Legacy Series / bridge on router and Linux client gives strange behaviour
November 14, 2022, 07:21:48 AM
Hi

I have a OPNsense router with all interfaces excepted WAN as bridge.
I go with two ixl 10 Gbps interfaces to a NIC which is a bridge on a Linux client with two 10Gbps.

The network is going down. Why?

I exclude one Interface on router all goes well
#9
22.7 Legacy Series / OPNsense throttle Bittorrent-Traffic
October 30, 2022, 10:02:04 PM
Hi

I have a OPNsene router behind him is a server with qBittorrent-nox 4.5.5 as client.

The Upload speed is proper but the download speed breaks down after seconds and if it's highspeed.

How I can fix this?
#10
22.7 Legacy Series / Ookla speedtest with NIC 25 Gbits
October 24, 2022, 02:34:29 PM
Hi

I have a ISP Connection of 25 Gbps and a NIC with 2x25 Gbps. When I lunch Ookla CLI Speedtest I get 10 Gbps in Up/Download but no ~20 Gbps. The Server ID of ooklaserver is 43030.

Are 25 Gbps possible with OPNsense...
#11
22.7 Legacy Series / NAT Portforwarding with TPC/UDP and IPv4+6
September 25, 2022, 04:40:19 PM
Hi!

I have two rules. Exactly the same for 5060 and 8080 Port





curl works for IPv4 but not for IPv6. The SERVER has a IPv4 (192.168.1.100) and IPv6(2a02:XXX:a774:2000)

A direct curl on SERVER works with IPv4/6 but a curl on ROUTER IPv6 (192.168.1.1/2a02:XXX:a774::1) doesn't work but IPv4 works
Code Select

[morta@lapt0p ~]$ curl -v6 http://[2a02:XXX:a774::1]:5060
*   Trying 2a02:XXX:a774::1:5060...
* connect to 2a02:XXX:a774::1 port 5060 failed: Die Wartezeit für die Verbindung ist abgelaufen
* Failed to connect to 2a02:XXX:a774::1 port 5060 after 129960 ms: Die Wartezeit für die Verbindung ist abgelaufen
* Closing connection 0
curl: (28) Failed to connect to 2a02:XXX:a774::1 port 5060 after 129960 ms: Die Wartezeit für die Verbindung ist abgelaufen
[morta@lapt0p ~]$ curl -v6 http://[2a02:XXX:a774::2000]:5060
*   Trying 2a02:XXX:a774::2000:5060...
* Connected to 2a02:XXX:a774::2000 (2a02:XXX:a774::2000) port 5060 (#0)
> GET / HTTP/1.1
> Host: [2a02:XXX:a774::2000]:5060
> User-Agent: curl/7.85.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Sun, 25 Sep 2022 14:31:34 GMT
< Connection: Keep-Alive
< Content-Type: text/html
< Content-Length: 109
<
<html><head><title>OoklaServer</title></head><body><h1>OoklaServer</h1><p>It worked!<br /></p></body></html>
* Connection #0 to host 2a02:XXX:a774::2000 left intact



What I'm doing wrong?

#12
22.7 Legacy Series / There were error(s) loading the rules
September 24, 2022, 11:15:06 PM
Code Select
There were error(s) loading the rules: /tmp/rules.debug:88: address family (inet/inet6) undefined - The line in question reads [88]: binat on ixl1 from $SERVER to any -> $SERVER

Line 88 in /tmp/rules.debug is

Code Select
# rdr pass on ixl1 inet proto tcp from {any} to {(ixl1)} port {80} -> $SERVER port 80

How to fix this error?

SERVER is a aliases
ixl1 is the WAN port 
#13
22.1 Legacy Series / TV7 (init7.net) with latest igmp proxy
June 26, 2022, 04:12:29 PM
Hi!

Somebody could help to fix my issue with TV7 and igmp proxy?

Code Select

Name Type Values Description
WAN upstream 77.109.129.0/25, 77.109.129.16/32, 77.109.129.17/32, 77.109.129.18/32, 77.109.129.19/32 WAN_UP
LAN downstream 192.168.1.0/24 LAN_DOWN



The stream stops all 30 sec for a while equal MiBox or a Philips Andorid TV over LAN.

My igmp proxy setup is for out traffic a pass rule:

Code Select

IPv4 IGMP WAN address * 224.0.0.0/4 * * *
     

Sometimes is working but most time doesn't. Have someone a working setup with OPNsene and a Android TV/BOX ? 
#14
22.1 Legacy Series / Nvidia card sleeps
June 08, 2022, 06:36:53 PM
Hi!

I have a KVM Switch with 4 Ports on one is the OPNsense router with NVIDIA grahpic cards.
So I have the issue that the HDMI port sleep and doesn't wake up even I switch the KVM port with the keyboard.

So it's a FreeBSD/OPNsense or a graphic card issue (particullary broken)?

How I can fix that?
#15
Tutorials and FAQs / Distribute your SSL cert to remote servers over ssh
April 10, 2022, 12:23:15 PM
Hi Community

I did a short tutorial how to distribute your wildcard cert to remote machine over ssh
with own cron job every month who execute the csh script

https://joelmueller.ch/distribute-your-wildcard-ssl-certs-to-the-servers-with-opnsense/

Cheers!
#16
22.1 Legacy Series / IPv6 with init7
March 21, 2022, 08:01:14 PM
Hi,

I read some threads about IPv6 issue since latest upgrades. The ISP says all is ok they doesn' change anything!

So I wasn't able to fix it.

I have following configuration Ipv6:




No one of my clients have a IPv6. They should have one from the range...

I coudn't find any WAN rules in the Firewall they should changed.

Can anyone help me? I would apricaded it!
#17
22.1 Legacy Series / Radvd can't start
March 06, 2022, 05:09:21 PM
How can I reset the config of radvd?

I'm not able to start anymore!

EDIT: On boot shows me that radvd start but not a link in services list in the webui
#18
General Discussion / VLAN - Where I can see which Interface provide which IPv4 and v6?
January 07, 2022, 02:32:22 PM
Hi, I wanna make VLANs on my homenetwork but I can't find where is the IPv4+6 of the interfaces?

I can see the leases under DHCPv4+6 there is only the MAC of the target NIC and no IP to the interface MAC of the router?

How I can find out which router interface provide which IPV4 and IPV6?

Thanks a lot
#19
Hardware and Performance / How can I enable netmap for bridge?
December 11, 2021, 08:23:34 PM
I see netmap for following ports

Code Select

# dmesg | grep netmap
000.000066 [4344] netmap_init               netmap: loaded module
ix0: netmap queues/slots: TX 8/2048, RX 8/2048
ix1: netmap queues/slots: TX 8/2048, RX 8/2048
ixl0: netmap queues/slots: TX 8/1024, RX 8/1024
ixl1: netmap queues/slots: TX 8/1024, RX 8/1024


But not for the device re0-3 and bridge0 ? It's enabled only on ix ports of bridge0 and not on re0-3 and hole bridge0?

Code Select

# ifconfig
ix0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=803828<VLAN_MTU,JUMBO_MTU,WOL_UCAST,WOL_MCAST,WOL_MAGIC>
ether 04:d9:f5:bc:97:56
inet6 fe80::6d9:f5ff:febc:9756%ix0 prefixlen 64 scopeid 0x1
media: Ethernet autoselect (10Gbase-T <full-duplex,rxpause,txpause>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
ix1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=803828<VLAN_MTU,JUMBO_MTU,WOL_UCAST,WOL_MCAST,WOL_MAGIC>
ether 04:d9:f5:bc:97:57
inet6 fe80::6d9:f5ff:febc:9757%ix1 prefixlen 64 scopeid 0x2
media: Ethernet autoselect (1000baseT <full-duplex,rxpause,txpause>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
ixl0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=e507bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
ether 64:9d:99:b1:b4:ad
media: Ethernet autoselect
status: no carrier
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
ixl1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=800028<VLAN_MTU,JUMBO_MTU>
ether 64:9d:99:b1:b4:ae
inet6 fe80::669d:99ff:feb1:b4ae%ixl1 prefixlen 64 scopeid 0x4
inet6 2a02:168:2000:33:669d:99ff:feb1:b4ae prefixlen 64 autoconf
inet 85.195.234.234 netmask 0xffffff00 broadcast 85.195.234.255
media: Ethernet autoselect (25GBase-LR <full-duplex>)
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
re0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=2008<VLAN_MTU,WOL_MAGIC>
ether 00:0a:cd:40:ad:73
inet6 fe80::20a:cdff:fe40:ad73%re0 prefixlen 64 scopeid 0x5
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
re1: flags=8903<UP,BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=2008<VLAN_MTU,WOL_MAGIC>
ether 00:0a:cd:40:ad:74
inet6 fe80::20a:cdff:fe40:ad74%re1 prefixlen 64 tentative scopeid 0x6
media: Ethernet autoselect
status: no carrier
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
re2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=2008<VLAN_MTU,WOL_MAGIC>
ether 00:0a:cd:40:ad:75
inet6 fe80::20a:cdff:fe40:ad75%re2 prefixlen 64 scopeid 0x7
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
re3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=2008<VLAN_MTU,WOL_MAGIC>
ether 00:0a:cd:40:ad:76
inet6 fe80::20a:cdff:fe40:ad76%re3 prefixlen 64 scopeid 0x8
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
enc0: flags=0<> metric 0 mtu 1536
groups: enc
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lo0: flags=8149<UP,LOOPBACK,RUNNING,PROMISC,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0xa
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pfsync0: flags=0<> metric 0 mtu 1500
syncpeer: 0.0.0.0 maxupd: 128 defer: off
groups: pfsync
pflog0: flags=20100<PROMISC,PPROMISC> metric 0 mtu 33160
groups: pflog
bridge0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:7a:f7:55:60:00
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 2a02:168:a774::1 prefixlen 64
inet6 fe80::27a:f7ff:fe55:6000%bridge0 prefixlen 64 scopeid 0xd
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: ix0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
        ifmaxaddr 0 port 1 priority 128 path cost 2000
member: re3 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
        ifmaxaddr 0 port 8 priority 128 path cost 20000
member: re2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
        ifmaxaddr 0 port 7 priority 128 path cost 20000
member: re1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
        ifmaxaddr 0 port 6 priority 128 path cost 20000
member: re0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
        ifmaxaddr 0 port 5 priority 128 path cost 20000
member: ix1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
        ifmaxaddr 0 port 2 priority 128 path cost 55
groups: bridge
nd6 options=1<PERFORMNUD>
#20
Hardware and Performance / Poor Speedperformance with IntelXXV710 and Intel X550 10GBASE-T Cards
November 22, 2021, 06:06:47 PM
I have Router/Server with following config:

1x   20764828 - Delock PCI-Express Netzwerkkarte, 1Gb      
1x   26457620 - Intel Xeon W-3223 (3.50GHz / 16.5MB)      
1x   26437551 - Asus Pro WS C621-64L SAGE/10G  Intel X550 10GBASE-T   
1x   25508406 - Intel ADAPTER XXV710      
1x   28720468 - Fractal Design Torrent Solid -    
1x   26256405 - Seasonic Focus PX 650 650W      
1x   27575835 - Samsung 980 Pro NVMe M.2 Gen4 - 500GB   
1x   25219950 - Noctua NH-U12S DX-3647 Kühler - 120mm      
2x   24769696 - Samsung D4 2666 32GB ECC R 1,2V 1x32GB      
1x   28718781 - Asus GeForce GT 1030 SL - 2GB

From the Router WAN I got with iperf3 only about 2Gbits to the server of my ISP.

Over bridge which include Realtek 4x1Gbits and the Intel X550 2x10 Gbits NIC i got from a other Server arround 7 Gbits.

The WAN is connected with 25Gbits to the ISP over a the Intel XXV710 NIC.

I read the igb performance tuning thread and do some performance tweaks but nothing helps.
The interfaces are listed as re, ix and ixl so this aren't igb interfaces.

The drivers are ixgbe (X550) and i40e(XXV-710)

How I can improve the performance?


Pages1 2