Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
MTU 9000 on 10G interfaces breaks GUI access
« previous
next »
Print
Pages: [
1
]
Author
Topic: MTU 9000 on 10G interfaces breaks GUI access (Read 1755 times)
dpsguard
Jr. Member
Posts: 70
Karma: 2
MTU 9000 on 10G interfaces breaks GUI access
«
on:
June 28, 2023, 02:59:25 pm »
Hi all,
I am running latest 23.1 with all patches and updates applied on a supermicro box with Quad core Xenon CPU and 12GB of RAM to test for a short term high density use case.
I was testing available throughput from my laptop with a 2.5Gbps USB adapter (cable matters) on windows 11 connected to a Copper SFP that rate shifts from 10 to 5 to 2.5 to 1Gbps. The iperf3 throughput I was getting was close to 1300Mbps and I did apply some tunable like disabling flow control and some net.isr items. Did not make any difference.
Then I proceed to change MTU to 9000 on both LAN and WAN 10Gig interfaces (this is Intel X520-DA2 DAC card). And now, I can still SSH into the box and even after reboots, I cannot http into it.
How can I change the MTU back to 1500 from CLI please?
Thanks
«
Last Edit: June 28, 2023, 03:12:53 pm by dpsguard
»
Logged
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: MTU 9000 on 10G interfaces breaks GUI access
«
Reply #1 on:
June 28, 2023, 05:10:04 pm »
Option 13 - restore a backup. Pick a date/time before you locked yourself out of the GUI
Bart...
Logged
dpsguard
Jr. Member
Posts: 70
Karma: 2
Re: MTU 9000 on 10G interfaces breaks GUI access
«
Reply #2 on:
June 29, 2023, 05:30:20 am »
Well, this is my lab environment with nothing really configured in terms of rulesets. I am just going to do a factory reset via shell, but question remains. How can we change the MTU via CLI ?
Logged
bartjsmit
Hero Member
Posts: 2017
Karma: 194
Re: MTU 9000 on 10G interfaces breaks GUI access
«
Reply #3 on:
June 29, 2023, 07:41:42 am »
https://www.cyberciti.biz/faq/freebsd-jumbo-frames-networking-configration/
Logged
dpsguard
Jr. Member
Posts: 70
Karma: 2
Re: MTU 9000 on 10G interfaces breaks GUI access
«
Reply #4 on:
June 29, 2023, 07:41:48 pm »
Thanks but I already tried that link yesterday (still open as a tab on my browser) and applied changes but that did not help. and I did not find the file /etc/rc.conf in OPNSense after temp ifconfig method did not work.
Over the weekend, I will just go ahead and do a factory reset and then reconfigure. This time, I may leave MTU to 1500 as there are mixed feelings about any gain with higher MTU in anything other than a pure datacentre storage type of environment. For internet access, it is generally smaller packets, averaging around 500 bytes (iMix) and I need to simulate large number of concurrent connections, which I might be able to leverage Locust for.
I will play with other things to improve 10G performance using the links like below and hopefully I may make it work much better.
https://forum.opnsense.org/index.php?topic=25844.0
https://lists.freebsd.org/pipermail/freebsd-net/2018-March/050114.html
https://people.freebsd.org/~olivier/talks/2018_AsiaBSDCon_Tuning_FreeBSD_for_routing_and_firewalling-Paper.pdf
https://www.reddit.com/r/opnsense/comments/145z092/bell_fibe_3gb_pppoe/
https://forum.opnsense.org/index.php?topic=6590.90
Thanks so much and keep doing good work.
Logged
dpsguard
Jr. Member
Posts: 70
Karma: 2
Re: MTU 9000 on 10G interfaces breaks GUI access
«
Reply #5 on:
June 30, 2023, 10:04:38 pm »
Turns out that this was not an issue with MTU. The LAN side mysteriously stops the GUI access after a while and then you just find next day that it starts working again or with reboot. Note that LAN side also has captive portal but I had added the IP address of my test machine to bypass the portal. I then enabled temp GUI access thru the WAN interface last night and it has not broken on the WAN interface, though it again was not working on LAN side for Management GUI access. So must be some bug. I will change the management ports for SSH and http to non-standard plus add 2FA and thus keep access open thru WAN interface, just in case.
Or I could go with 22.7 if that is stable enough or corresponding business edition (which is probably too expensive for a single community use case). Also not clear if business edition can be used with a single license on two HA machines as both will not be in use at the same time, being active and passive. I will rather donate for community project (already did my $100 last weekend and will do more once I get to use it and then later more when I use it at home).
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.1 Legacy Series
»
MTU 9000 on 10G interfaces breaks GUI access