Messages

Im newbie. Dont event know which and where to check logs. Zen armor not showing any info. Only info was about activated license. Nothing else. Just tell me how to provide more info, and i do this.

Code Select Expand

2025-02-12T20:33:40 Error suricata [101313] <Error> -- opening devname netmap:igb0-0/R@conf:host-rings=4 failed: Cannot allocate memory
2025-02-12T20:32:39 Warning suricata [100499] <Warning> -- flowbit 'http.dottedquadhost' is checked but not set. Checked in 2021076 and 0 other sigs
2025-02-12T20:32:39 Warning suricata [100499] <Warning> -- flowbit 'et.JavaArchiveOrClass' is checked but not set. Checked in 2017761 and 0 other sigs
2025-02-12T20:32:39 Warning suricata [100499] <Warning> -- flowbit 'ET.wininet.UA' is checked but not set. Checked in 2021312 and 0 other sigs
2025-02-12T20:32:39 Warning suricata [100499] <Warning> -- flowbit 'min.gethttp' is checked but not set. Checked in 2023711 and 0 other sigs
2025-02-12T20:32:39 Warning suricata [100499] <Warning> -- flowbit 'et.MS.WinHttpRequest.no.exe.request' is checked but not set. Checked in 2022653 and 0 other sigs
2025-02-12T20:32:39 Warning suricata [100499] <Warning> -- flowbit 'ET.DMTP_Protocol' is checked but not set. Checked in 2858384 and 0 other sigs
2025-02-12T20:32:39 Warning suricata [100499] <Warning> -- flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023672 and 1 other sigs
2025-02-12T20:32:39 Warning suricata [100499] <Warning> -- flowbit 'et.MS.XMLHTTP.ip.request' is checked but not set. Checked in 2022050 and 1 other sigs
2025-02-12T20:32:39 Warning suricata [100499] <Warning> -- flowbit 'ET.vba-jpg-dl' is checked but not set. Checked in 2814992 and 0 other sigs
2025-02-12T20:32:39 Warning suricata [100499] <Warning> -- flowbit 'et.WinHttpRequest' is checked but not set. Checked in 2019823 and 0 other sigs
2025-02-12T20:32:39 Warning suricata [100499] <Warning> -- flowbit 'exe.no.referer' is checked but not set. Checked in 2020500 and 0 other sigs
2025-02-12T20:30:08 Error suricata [110140] <Error> -- opening devname netmap:igb0-0/R@conf:host-rings=4 failed: Cannot allocate memory
2025-02-12T20:29:08 Warning suricata [100920] <Warning> -- flowbit 'http.dottedquadhost' is checked but not set. Checked in 2021076 and 0 other sigs
2025-02-12T20:29:08 Warning suricata [100920] <Warning> -- flowbit 'et.JavaArchiveOrClass' is checked but not set. Checked in 2017761 and 0 other sigs
2025-02-12T20:29:08 Warning suricata [100920] <Warning> -- flowbit 'ET.wininet.UA' is checked but not set. Checked in 2021312 and 0 other sigs
2025-02-12T20:29:08 Warning suricata [100920] <Warning> -- flowbit 'min.gethttp' is checked but not set. Checked in 2023711 and 0 other sigs
2025-02-12T20:29:08 Warning suricata [100920] <Warning> -- flowbit 'et.MS.WinHttpRequest.no.exe.request' is checked but not set. Checked in 2022653 and 0 other sigs
2025-02-12T20:29:08 Warning suricata [100920] <Warning> -- flowbit 'ET.DMTP_Protocol' is checked but not set. Checked in 2858384 and 0 other sigs
2025-02-12T20:29:08 Warning suricata [100920] <Warning> -- flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023672 and 1 other sigs

Like in topic.

Code Select Expand

2025-01-30T21:13:33 Error suricata [156306] <Error> -- opening devname netmap:igb0-0/R@conf:host-rings=4 failed: Cannot allocate memory
2025-01-30T21:12:42 Warning suricata [100508] <Warning> -- flowbit 'et.JavaArchiveOrClass' is checked but not set. Checked in 2017761 and 0 other sigs
2025-01-30T21:12:42 Warning suricata [100508] <Warning> -- flowbit 'http.dottedquadhost' is checked but not set. Checked in 2021076 and 0 other sigs
2025-01-30T21:12:42 Warning suricata [100508] <Warning> -- flowbit 'ET.DMTP_Protocol' is checked but not set. Checked in 2858384 and 0 other sigs
2025-01-30T21:12:42 Warning suricata [100508] <Warning> -- flowbit 'et.IE7.NoRef.NoCookie' is checked but not set. Checked in 2023672 and 1 other sigs
2025-01-30T21:12:42 Warning suricata [100508] <Warning> -- flowbit 'ET.wininet.UA' is checked but not set. Checked in 2021312 and 0 other sigs
2025-01-30T21:12:42 Warning suricata [100508] <Warning> -- flowbit 'ET.vba-jpg-dl' is checked but not set. Checked in 2814992 and 0 other sigs
2025-01-30T21:12:42 Warning suricata [100508] <Warning> -- flowbit 'et.MS.XMLHTTP.ip.request' is checked but not set. Checked in 2022050 and 1 other sigs
2025-01-30T21:12:42 Warning suricata [100508] <Warning> -- flowbit 'et.MS.WinHttpRequest.no.exe.request' is checked but not set. Checked in 2022653 and 0 other sigs
2025-01-30T21:12:42 Warning suricata [100508] <Warning> -- flowbit 'min.gethttp' is checked but not set. Checked in 2023711 and 0 other sigs
2025-01-30T21:12:42 Warning suricata [100508] <Warning> -- flowbit 'et.WinHttpRequest' is checked but not set. Checked in 2019823 and 0 other sigs
2025-01-30T21:12:42 Warning suricata [100508] <Warning> -- flowbit 'exe.no.referer' is checked but not set. Checked in 2020500 and 0 other sigs
2025-01-29T16:13:46 Error suricata [103481] <Error> -- opening devname netmap:igb0-0/R@conf:host-rings=4 failed: Cannot allocate memory

After update to 25.1 intrusion detection no longer works. I case logs are needed just tell me how to provide logs because im newbie.

After update to 25.1 production series zenarmor packet engine stops working. I tried to reinstall it but:

Code Select Expand

***GOT REQUEST TO INSTALL***
Currently running OPNsense 25.1 (amd64) at Wed Jan 29 15:51:42 CET 2025
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
pkg: os-sensei has a missing dependency: os-sensei-updater
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***
Currenty i am without zenarmor.

Probably found a solution. There was one rj45 plug with bad contact. I think it will work now. Sorry for unnecessary posting.

My opnsense router (OPNsense 24.7.11_2-amd64) at least once per day switch all connections from 1gbit to 100mbit. I dont know why it happends but rebooting router always solves this issue for some time. I am newbie so i dont know what else i need provide to solve issue. Just ask me and i do what i can. Thank you for help in advance. I mudt also say that my english is not perfect. My network card is i350-t2 connected with some cheap tp-link 8 port non manageable switch(gigabit).

EDIT: I think its software related. Because when i set to different interface speed than autoselect and then back to autoselect there is no need of restarting router.

Thanks.

Do the firewalling with ipv6 works only on end clients? Is there way to make nat/firewall for dual stack ipv4/ipv6 network? Im not network specialist. Simple explanation please.

I no longer can access to WebUI. Cant do this over http or https. 192.168.1.1 responds to ping and router is accesible over SSH. Internet connection trough the router works fine. What can i do for access to the WebUI?
Tired different browsers with no success.

EDIT: i get same situation after fresh install. Still have access over ssh but dont know what can i do to restore user interface. Just updated opnsense to 24.1.8 installed os-realtek-re and disabled user interface access over wan (it properly done, same as ssh but i have access over ssh).Nobody can help me?

EDIT2: Solved now unwanted wan acces by setting custom port for WebUI and blocking this port in firewall on wan side. This is just workaround for this bug. Now access from wan is blocked and lan access working.

When i disabled energy efficient ethernet in intel nic with my previous x86 router i have more responsive internet and gaming. Also different flow controll setting give different bufferbloat tests results. But no problems at all currently on mentioned nic/driver. I dont know do the realtek has similiar tunnables.

EDIT: After installation of os-realtek-re vendor drivers i got this tunnables:

Code Select Expand

dev.re.1.wake: 0
dev.re.1.msix_tbl: -1
dev.re.1.pci_regs: -1
dev.re.1.ext_regs: -1
dev.re.1.pcie_phy: -1
dev.re.1.tx_desc: -1
dev.re.1.rx_desc: -1
dev.re.1.eth_phy: -1
dev.re.1.registers: -1
dev.re.1.stats: -1
dev.re.1.driver_var: -1
dev.re.1.%parent: pci3
dev.re.1.%pnpinfo: vendor=0x10ec device=0x8168 subvendor=0x10ec subdevice=0x0123 class=0x020000
dev.re.1.%location: slot=0 function=0 dbsf=pci0:3:0:0 handle=\_SB_.PC00.RP12.PXSX
dev.re.1.%driver: re
dev.re.1.%desc: Realtek PCIe GbE Family Controller
dev.re.0.wake: 0
dev.re.0.msix_tbl: -1
dev.re.0.pci_regs: -1
dev.re.0.ext_regs: -1
dev.re.0.pcie_phy: -1
dev.re.0.tx_desc: -1
dev.re.0.rx_desc: -1
dev.re.0.eth_phy: -1
dev.re.0.registers: -1
dev.re.0.stats: -1
dev.re.0.driver_var: -1
dev.re.0.%parent: pci1
dev.re.0.%pnpinfo: vendor=0x10ec device=0x8168 subvendor=0x10ec subdevice=0x0123 class=0x020000
dev.re.0.%location: slot=0 function=0 dbsf=pci0:1:0:0 handle=\_SB_.PC00.RP04.PXSX
dev.re.0.%driver: re
dev.re.0.%desc: Realtek PCIe GbE Family Controller
dev.re.%parent:


I dont know what they do but i dont see nothing responsible for EEE and flow controll.
But i must say that bufferbloat is slightly better with new drivers also games works slightly better. Almost forgot to say that cpu usage during speed test is lower.

Is there are some new tunnables for os-realtek-re drivers? Im currently using default installation with bsd re driver. How i can list possible nic tunnables? I tried:

Code Select Expand

sysctl dev.re
And there was few of them. Nothing usefull. Installing os-realtek-re drivers changes something?

Code Select Expand

root@router:~ # pciconf -lcv | grep ASPM
                 link x4(x16) speed 5.0(8.0) ASPM L1(L0s/L1)
                 link x0(x1) speed 0.0(8.0) ASPM L0s/L1(L0s/L1)
                 link x0(x1) speed 0.0(8.0) ASPM L0s/L1(L0s/L1)
                 link x0(x4) speed 0.0(8.0) ASPM L0s/L1(L0s/L1)
                 link x4(x4) speed 5.0(5.0) ASPM L1(L0s/L1)
                 link x4(x4) speed 5.0(5.0) ASPM L1(L0s/L1)

hwpstate disabled for lower power draw

Code Select Expand

sysctl dev.hwpstate_intel.<cpu>.epp=[0-100]
changes nothing even on 100 value. When hwpstate is enabled processor wont drop clocks lower than 1593mhz. After disabling it it drops clocks to 800mhz when idle.

after tunnable

Code Select Expand

sysctl hw.acpi.cpu.cx_lowest=Cmaxi get this:

Code Select Expand

root@router:~ # sysctl dev.cpu | grep cx
dev.cpu.3.cx_method: C1/mwait/hwc C2/mwait/hwc C3/mwait/hwc
dev.cpu.3.cx_usage_counters: 440 60 3436
dev.cpu.3.cx_usage: 11.17% 1.52% 87.29% last 177us
dev.cpu.3.cx_lowest: C8
dev.cpu.3.cx_supported: C1/1/1 C2/2/151 C3/3/256
dev.cpu.2.cx_method: C1/mwait/hwc C2/mwait/hwc C3/mwait/hwc
dev.cpu.2.cx_usage_counters: 400 100 3017
dev.cpu.2.cx_usage: 11.42% 2.84% 85.73% last 139us
dev.cpu.2.cx_lowest: C8
dev.cpu.2.cx_supported: C1/1/1 C2/2/151 C3/3/256
dev.cpu.1.cx_method: C1/mwait/hwc C2/mwait/hwc C3/mwait/hwc
dev.cpu.1.cx_usage_counters: 570 28 3431
dev.cpu.1.cx_usage: 14.14% 0.69% 85.15% last 133us
dev.cpu.1.cx_lowest: C8
dev.cpu.1.cx_supported: C1/1/1 C2/2/151 C3/3/256
dev.cpu.0.cx_method: C1/mwait/hwc C2/mwait/hwc C3/mwait/hwc
dev.cpu.0.cx_usage_counters: 4008 13899 35455
dev.cpu.0.cx_usage: 7.51% 26.04% 66.44% last 448us
dev.cpu.0.cx_lowest: C8
dev.cpu.0.cx_supported: C1/1/1 C2/2/151 C3/3/256


lowest is c8 but supported lowest c3 i dont know why.
Opnsense not supporting c-states deeper than C3?

Is there any advantages by using igc (i-226-v) interface over igb (i350-t2) interface? Do the newer driver/chipset/technology can improve: power consumption, ping , cpu load , bufferbloat or any other cases? i350 is 13 years old so it can be any disadvantage comparing to the i-226-v? Any differences beetwen igb and igc driver? I currently have i350-t2 but can buy for few dollars per piece single slot pci-e i-226-v cards rom china. Is it worth/worthless? Main difference is 1Gb vs 2,5Gb interface speed.