Quote from: dseven on Today at 05:54:32 PMbut do these ping failures start happening at exactly the same time as the DHCP lease renewal failures?
Quote<13>1 2026-05-27T10:47:08-04:00 router.home.lab dhclient 25229 - [meta sequenceId="1"] dhclient-script: Reason RENEW on igc1 executing
<13>1 2026-05-27T10:47:08-04:00 router.home.lab dhclient 27148 - [meta sequenceId="2"] dhclient-script: Creating resolv.conf
<27>1 2026-05-27T11:47:08-04:00 router.home.lab dhclient 40635 - [meta sequenceId="1"] send_packet: Host is down
<27>1 2026-05-27T11:47:10-04:00 router.home.lab dhclient 40635 - [meta sequenceId="2"] send_packet: Host is down
<27>1 2026-05-27T11:47:14-04:00 router.home.lab dhclient 40635 - [meta sequenceId="3"] send_packet: Host is down
<27>1 2026-05-27T11:47:25-04:00 router.home.lab dhclient 40635 - [meta sequenceId="4"] send_packet: Host is down
<27>1 2026-05-27T11:47:57-04:00 router.home.lab dhclient 40635 - [meta sequenceId="5"] send_packet: Host is down
<27>1 2026-05-27T11:48:12-04:00 router.home.lab dhclient 40635 - [meta sequenceId="6"] send_packet: Host is down
<27>1 2026-05-27T11:48:30-04:00 router.home.lab dhclient 40635 - [meta sequenceId="7"] send_packet: Host is down
<27>1 2026-05-27T11:48:45-04:00 router.home.lab dhclient 40635 - [meta sequenceId="8"] send_packet: Host is down
Quoterenew 3 2026/5/27 15:47:08;
rebind 3 2026/5/27 16:32:08;
expire 3 2026/5/27 16:47:08;
Quoterenew 3 2026/5/27 17:02:16;
rebind 3 2026/5/27 17:47:16;
expire 3 2026/5/27 18:02:16;
Quote from: SilentAgnostic on Today at 04:29:18 PMI have monitoring set up in different networking tools, including Uptime Kuma and some others. I also verified via SSH on the opnsense router that I was unable to ping my first hop at the ISP, but I was able to ping my "locally assigned WAN IP"
Quote from: BrandyWine on Today at 06:46:02 AMWhat does the console say?
Quote from: punq on Today at 08:01:43 AMI'm experiencing something very similar, every 2 weeks or so, it just dies. Manually assigned ip, and tried ping, no response.
I have worked through logs (with claude) and found nothing.
cpu temps look good, and memory seems stable. A reboot clears it right up.
Any advice on what to look for would be greatly appreciated. added some screenshot of WAN/LAN traffic
Quote from: nero355 on Today at 04:15:49 PMQuote from: xenon2008 on Today at 03:06:16 AMAt first I thought it was due to my old hardware, so I bought a brand new CWWK mini Firewall, reinstalled OPNsense, and restored the backup file.And if you don't use the old config.xml and start from scratch with a very basic setup and use that for a while : Do you experience the same issue(s) ?
It ran fine for a few days, but today the exact same problem happened again, just like on the old hardware.
Quote from: bestboy on Today at 10:25:51 AMI seem to have similar issues. The firewall seems to be still up & running, but it seems to shut out everything. The issue reminds me of the "new" startup behavior with divert-to rules: all traffic is dropped until the Suricata service is up & running. But this is happening after a day of uptime and the service (probably) up. In the suricata logs I found these errors:
Error
suricata
[100216] <Error> -- thread W-8000 failed
Warning
suricata
[101690] <Warning> -- Write to ipfw divert socket failed: No buffer space available
I'm not sure what buffer space ran out. mbufs seemed to be fine when checking the health graph in reporting. I'm running with kern.ipc.nmbclusters = 1000000
Unfortunately I just upgraded the system on the weekend from the rock solid 25.7.11. I also did the rules migration and migrated Suricata to the new divert-to functionality. So many moving parts changed in just a few days.
To me the problem "feels" to be firewall related so my first mitigation attempt is to revert the divert-to changes back to netmap for now.
I'm using a Protectli FW2B on CoreBoot with an Intel Celeron J3060
Quote from: Bob.Dig on May 19, 2026, 12:58:04 PMJust change the first "2" to a different number (e.g. 10.3.0.2).I'm glad this solves things for the OP. How come it is accommodated by the remote peer?
Quote from: qarkhs on May 22, 2026, 09:49:13 PMQuote from: Greg_E on May 21, 2026, 10:35:13 PMThere's not much Supermicro anymore
Supermicro make "Compact Edge System" with N97 cpus and 2x 2.5GbE. I see these selling for around $400 online but they may be using Realtek networking. The ones with 2x i226 are more like $530. Some of the GigaIPC boxes use 2x i225/i226 with N97 and are significantly cheaper. AAEON and Jetway sell similar systems, some of which have more ports. Jetway is probably the cheapest--you can find their cheapest boxes for around $300. With all of these systems you usually need to add your own memory and drive. My experience of these type of systems is limited to a GigaIPC with 2x Intel 1GbE and a J6412 CPU. I bought it from a US reseller, although I think it shipped direct from Gigabyte USA, in November 2023 for $170. After adding memory and storage it was $250. It was cheap and it's been very reliable.
See: https://www.supermicro.com/en/products/edge/compact-edge-systems