OPNSense 25.7 Firewall:Diagnostics:Sessions painfully slow and very unresponsive

Started by hharry, August 02, 2025, 01:18:54 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 02, 2025, 01:18:54 PM Last Edit: August 02, 2025, 01:42:04 PM by hharry
After upgrading from OPNSense 25.1.12 to 25.7.1 and 25.7.1_1-amd64, the OPNSense 25.7 Firewall:Diagnostics:Sessions page is painfully slow and very unresponsive....hardly usable anymore....

There's only about 1000 sessions, and it's snails pace for the page to load with spinning circle, as below...once page is loaded, any search, is just as slow as the page loading...

Running a cli top whilst the page spins circle, shows more than 76% idle CPU....

I used this page a lot in the earlier OPNSense 25.1.12, and never had this issue.

My setup is very basic, and not changed from OPNSense 25.1.12 to 25.7.1 and 25.7.1_1-amd64.

basic INET G/W F/W, 1 LAN and 1 WAN interface
frr plugin to learn LAN side OSPF routes
IDS / suricata in IDS only mode
OpenVPN client instance to NordVPN, already using new instance, already migrated from legacy mode weeks ago...well before the upgrade

Both Chrome and brave browsers, give the same snails speed loading and searching issue.


I've already done a health check audit, and came back 100% clean

Still considering to roll back to 25.1.12.....25.7 seems too much of a regression / half baked....sigh....


Code Select
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 25.7.1_1 (amd64) at Sat Aug  2 21:29:29 AEST 2025
>>> Root file system: /dev/gpt/rootfs
>>> Check installed kernel version
Version 25.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 25.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense (Priority: 11)
>>> Check installed plugins
os-frr 1.45_1
os-net-snmp 1.6
os-sftp-backup 1.1_2
os-upnp 1.7
os-vmware 1.5_1
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" at 25.7.1_1 has 68 dependencies to check.
Checking packages: ..................................................................... done
***DONE***
OPNsense 25.7.1_1-amd64 running on ESXi 6.7 U2 VM, 4Gbytes RAM, 2 x vCPU
frr OSPF + eBGP, IDS, AdGuard Home, sftp-backup plugins. limited kea DHCP server deployment.
September 04, 2025, 11:04:45 AM #1
As an Opnsense beginner, I can confirm this behavior. Version 25.7.2-amd64
September 04, 2025, 11:11:07 AM #2
Perhaps this commit from yesterday:

# opnsense-patch https://github.com/opnsense/core/commit/30102d5ee4

A ticket on GitHub would speed this process up, BTW.


Cheers,
Franco
September 04, 2025, 12:46:30 PM #3 Last Edit: September 04, 2025, 01:00:43 PM by hharry
thanks for taking a look Franco, much appreciated.

I'm not sure which change regressed the behavior, but to replicate the issue, as below;

1. open the opnsense Firewall: Diagnostics: Sessions page
2. select the page option, All, i do this so i can scroll down and view all the F/W sessions on one single page, in earlier 25.1.x releases this always worked without delay, in opnsesne 25.7.x release, the page takes forever to load, with spinning circle. There is less than 1100 sessions, so the number is not massive....
3. entering an ip address, or other search string in the page search bar, again the page takes forever to load.


To workaround the regression, i reduce the number of rows to page display to something like 100, which helps speed up the page load and search, but then have multiple pages to further search for specific sessions / ports of interest etc...

I'll try the patch soon, once family have gone to bed....

Yes i can raise a templated github ticket...will do shortly...
OPNsense 25.7.1_1-amd64 running on ESXi 6.7 U2 VM, 4Gbytes RAM, 2 x vCPU
frr OSPF + eBGP, IDS, AdGuard Home, sftp-backup plugins. limited kea DHCP server deployment.
September 04, 2025, 02:39:45 PM #4 Last Edit: September 04, 2025, 02:45:08 PM by hharry
Quote from: franco on September 04, 2025, 11:11:07 AMPerhaps this commit from yesterday:

# opnsense-patch https://github.com/opnsense/core/commit/30102d5ee4

A ticket on GitHub would speed this process up, BTW.


Cheers,
Franco

thanks Franco, i applied the patch to OPNsense 25.7.2-amd64, and have successfully tested the patch you provided in both test LAB and production environment's, in LAB i run nmap from the LAN side Linux host, to a WAN side destination, to create more than 10000 outbound active sessions, and confirmed it has resolved the issue, in the opnsense Firewall: Diagnostics: Sessions page

I also found the below pages also have the same issue, when there is a moderate number of rows to display, so perhaps i should raise a github ticket

opnsense Firewall: Diagnostics: States
opnsense Firewall: Diagnostics: Aliases
OPNsense 25.7.1_1-amd64 running on ESXi 6.7 U2 VM, 4Gbytes RAM, 2 x vCPU
frr OSPF + eBGP, IDS, AdGuard Home, sftp-backup plugins. limited kea DHCP server deployment.
September 04, 2025, 04:56:44 PM #5
September 04, 2025, 04:59:16 PM #6
@hharry thanks for confirming!
Print
Go Up Pages1
User actions