Messages

Looks like they were stale.  I have seen the FIOS IPV4 IP address change from time to time.  Will have to keep an eye out on the IPV6 side now. 

Maurice,

  I found an errant MTU setting that went from default to 9000.  Changed back to default, but not yet sure this is/was source of issue.

I have the same issue.  My Kills so to speak are 51511, 18534, 44127, and 19992. Did you ever figure out what this was?

Maurice,

  Thanks for responding. I do have IPV6 set to Track Interface as system is using Verizon FIOS. No manual settings under LAN.  Under WAN the usual Verizon setup of Request Only an IPV6 Prefix, Prefix Delegation Size is 56, Send IPV6 Prefix Hint and that is it.

I did a Powershell search for the IPV6 addresses as previously posted and they do not show up.  I am still getting the same error message though, and a few others that are similar but with different IPV6 addresses in the unreachable section of the message.  None of which are on my system:

"/usr/local/opnsense/scripts/dhcp/prefixes.php: The command '/sbin/route add -inet6 '2600:4040:b001:c1f0::/62' '2600:4040:b001:c100::1a1b'' returned exit code '1', the output was 'route: writing to routing socket: Network is unreachable add net 2600:4040:b001:c1f0::/62: gateway 2600:4040:b001:c100::1a1b fib 0: Network is unreachable'"

  I do have some IPV6 Firewall rules for the WAN:  All five are ICMP related e.g. Allow ICMP, Time Exceeded, Parameter Problem, Echo Request and Echo Response.

  On the LAN side there is the auto IPV6 default Allow LAN IPV6 to any rule.

Any idea what this is about?  Constantly shows up in my syslog as an error:

/usr/local/opnsense/scripts/dhcp/prefixes.php: The command '/sbin/route add -inet6 '2600:4040:b001:c1e4::/62' '2600:4040:b001:c100::1bf6'' returned exit code '1', the output was 'route: writing to routing socket: Network is unreachable add net 2600:4040:b001:c1e4::/62: gateway 2600:4040:b001:c100::1bf6 fib 0: Network is unreachable'

Thanks

Okay, did not see that.... Thank you.

On the WAN side it is 1500.  On the LAN side it is 9000 as I have 10Gb infrastructure, server, etc.

Zenarmor Engine will not start.

Get this error message:

netmap_register_if: mlxen2: NIOCREGIF ioctl failed for the interface: Invalid argument

Well, did not install Crowdsec again and do white listing as I just noticed System Firmware just spins away with RSS running:

2023-08-21T19:03:10-04:00   Error   configd.py   Timeout (120) executing : firmware tiers

Reverted back to system without RSS and the whole firmware section works fine now...

newsense,

  That did the trick, thank you!, but bummer on CROWDSEC as I liked the low overhead, etc.  Did not originally think it would be an issue either as I thought it was focused on inbound IPs and not outbound requests....

  Started looking to see if there is a setting for CROWDSEC that will work, or report to them as the case evolves.

Best,

Pat

Franco,

  Using the latest 23.3.1_3 release and a set of Mellanox Connectx-3 NICs.  Netstat -Q reports:

Configuration:
Setting                        Current        Limit
Thread count                        12           12
Default queue limit                256        10240
Dispatch policy                     direct       n/a
Threads bound to CPUs       enabled   n/a

Using an Intel i5 -10400 6 Cores, 12 threads so set "net.inet.rss.bits = 2"

Had to disable RSS as DNS resolving was taking upwards of 30 seconds to connect to any website.  I am using Unbound and Crowdsec at the moment.

Thanks.

Pat

I am trying a new 22.7 install of Opnsense with two Mellanox MCX311a NICs.  During install I see  zmellanox driver loaded, but when the setup gets to the point of letting me select Wan and Lan the cards do not show up. 

If I load ipFire or PFsense they are recognized without issue.

What am I missing with Opnsense?

Franco, that was it! Thank you. Best!

Disregard all previous comments I made here please.  Some how got it working...

Any updates by chance?