Messages

The issue seems to be with some TCP connections that show a MSS of 1452 where 1460 would be expected [...]

When using OPNsense: [...] downloads of speedtest-files are only 20 megabit/s.

Not an expert, but I don't see how a difference of 8 bits in maximum segment size will cost you a whopping 800 MBit/s in throughput. I don't think looking at MTU or MSS is going to reveal the issue at hand.

Some of the stuff in blocklists is typically not DNS-related and could/should be blocked in general (e.g. DROP, EDROP, etc). You could try to put all your non-DNS related blocking into firewall rules via the URL table alias[1] and only keep DNS-filtering to Unbound's DNSBLs.


[1] https://docs.opnsense.org/manual/how-tos/edrop.html

https://mikrotik.com/products/group/switches may be interesting to you

Lots of stuff uses python

top -CHiPSaz

AFAIK you disable ntpd by removing all NTP servers from the listing in Services > Network Time > General

https://forum.opnsense.org/index.php?topic=8904.msg40070#msg40070

The issue seems only to exist for VLAN interfaces. Physical interfaces are working fine.

I created a bug report for it: https://github.com/opnsense/core/issues/6357

[uname -a]

Hi,

I have trouble setting up Netflow. It seems to not support VLAN interfaces nor PPPoE interfaces, which is basically all I have. None of my interfaces seem to be able to collect any data. My cache tab is empty.


root@cepheus:~ # uname -a
FreeBSD cepheus.home.lan 13.1-RELEASE-p6 FreeBSD 13.1-RELEASE-p6 stable/23.1-n250396-d34cd428508 SMP amd64

root@cepheus:~ # df -H
Filesystem                  Size    Used   Avail Capacity  Mounted on
/dev/gpt/rootfs             239G    2.0G    218G     1%    /
devfs                       1.0k    1.0k      0B   100%    /dev
/dev/gpt/efifs               268M    1.8M    267M     1%    /boot/efi
devfs                       1.0k    1.0k      0B   100%    /var/dhcpd/dev
devfs                       1.0k    1.0k      0B   100%    /var/unbound/dev
/usr/local/lib/python3.9    239G    2.0G    218G     1%    /var/unbound/usr/local/lib/python3.9

root@cepheus:~ # cat /usr/local/etc/netflow.conf
#
# Automatic generated configuration for netflow.
# Do not edit this file manually.
#
netflow_interfaces="vlan0.1.12 vlan0.1.23 vlan0.1.3 pppoe0 "
netflow_egress_only="pppoe0  "
netflow_version="9"
netflow_int_destination="127.0.0.1:2055"
netflow_destinations="127.0.0.1:2056"
netflow_active_timeout=1800
netflow_inactive_timeout=15

root@cepheus:~ # cat /var/log/flowd.log


root@cepheus:~ # ll /var/netflow/
total 100
-rw-r-----  1 root  wheel   8192 Feb 23 19:14 dst_port_000300.sqlite
-rw-r-----  1 root  wheel   8192 Feb 23 19:14 dst_port_003600.sqlite
-rw-r-----  1 root  wheel   8192 Feb 23 19:14 dst_port_086400.sqlite
-rw-r-----  1 root  wheel   8192 Feb 23 19:14 interface_000030.sqlite
-rw-r-----  1 root  wheel   8192 Feb 23 19:14 interface_000300.sqlite
-rw-r-----  1 root  wheel   8192 Feb 23 19:14 interface_003600.sqlite
-rw-r-----  1 root  wheel   8192 Feb 23 19:14 interface_086400.sqlite
-rw-r-----  1 root  wheel  12288 Feb 23 19:14 metadata.sqlite
-rw-r-----  1 root  wheel   8192 Feb 23 19:14 src_addr_000300.sqlite
-rw-r-----  1 root  wheel   8192 Feb 23 19:14 src_addr_003600.sqlite
-rw-r-----  1 root  wheel   8192 Feb 23 19:14 src_addr_086400.sqlite
-rw-r-----  1 root  wheel   8192 Feb 23 19:14 src_addr_details_086400.sqlite

root@cepheus:~ # /usr/local/etc/rc.d/netflow restart
setup vlan0.1.12
ngctl: send msg: Invalid argument
error vlan0.1.12: cannot create netflow node for vlan0.1.12
setup vlan0.1.23
ngctl: send msg: Invalid argument
error vlan0.1.23: cannot create netflow node for vlan0.1.23
setup vlan0.1.3
ngctl: send msg: Invalid argument
error vlan0.1.3: cannot create netflow node for vlan0.1.3
setup pppoe0 [egress only]
ngctl: send msg: No such file or directory
error pppoe0: cannot create netflow node for pppoe0


I have named the VLAN interfaces according to this pattern vlan0.<interface-id>.<vlan-id>
with interface-id 0 for igb0 and interface-id 1 for igb1. I believe that should be fine.

Any help is appreciated.