Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Errors Out on VLANs
« previous
next »
Print
Pages: [
1
]
Author
Topic: Errors Out on VLANs (Read 3608 times)
firewalled101
Newbie
Posts: 20
Karma: 0
Errors Out on VLANs
«
on:
May 20, 2022, 07:33:46 pm »
I setup OPNSENSE virtualized on proxmox desktop machine. I use Intel I350 Quad Port by CISCO UCSC-PCIE-IRJ45 via bridge in proxmox. I have 1 port for WAN and 1 port for LAN (and carries all VLAN segments). I use managed switch by TPLink TL-SG108E between LAN and my Wifi AP. I exclusively use VLANs on my network and preserved LAN for management. I have over 1300 errors outs on firewall statistics.
How can I approach this issue? Thanks in advance.
«
Last Edit: May 20, 2022, 07:46:28 pm by firewalled101
»
Logged
lilsense
Hero Member
Posts: 600
Karma: 19
Re: Errors Out on VLANs
«
Reply #1 on:
May 21, 2022, 01:31:09 pm »
Firewall error may be resource utilization issue.
Please post your stats that you are referring to..
Logged
firewalled101
Newbie
Posts: 20
Karma: 0
Re: Errors Out on VLANs
«
Reply #2 on:
May 24, 2022, 07:22:04 am »
Here is my stat page:
«
Last Edit: May 24, 2022, 07:25:09 am by firewalled101
»
Logged
lilsense
Hero Member
Posts: 600
Karma: 19
Re: Errors Out on VLANs
«
Reply #3 on:
May 24, 2022, 12:13:52 pm »
I'd say replace the cable on the LAN to see if this is fixed. If not then it may be due to the CPU/proxmox resource issue.
Logged
firewalled101
Newbie
Posts: 20
Karma: 0
Re: Errors Out on VLANs
«
Reply #4 on:
May 24, 2022, 09:18:57 pm »
The LAN cable is one supplied by my NAS so I expect it to be decent but I will try.
Can you elaborate on the CPU/proxmox issue?
I am wondering whether this is related to my switch because it is a budget one. Sp I will setup another trunk port and route LAN/VLANs through it.
The other thing is I do not use my LAN at all this is why it is 0 errors (in part). I will wire connect to LAN over my switch and see if this generates errors. This way I skip my AP route.
Of note, I added a third NIC to opnsense VM and I lost connection to opnsense GUI and connectivity although post was showing on proxmox console but without a WAN IP address. Not sure if this has to do anything with the errors.
Thanks!
Logged
lilsense
Hero Member
Posts: 600
Karma: 19
Re: Errors Out on VLANs
«
Reply #5 on:
May 24, 2022, 10:42:52 pm »
I am not sure now if I understand your issue clearly. Are you stating that all four interfaces from the Quad NIC is part of the OPNSense? but your picture shows 6 interfaces. I am not clear which interface is what. Can you clarify maybe with a diagram?
I was under the presumption that one NIC is for all the connections using VLANS.
Logged
firewalled101
Newbie
Posts: 20
Karma: 0
Re: Errors Out on VLANs
«
Reply #6 on:
May 25, 2022, 12:15:43 am »
You are right, and I do not know how to draw a network. I am not an engineer or IT person
My proxmox host has 2 Ethernet ports from the motherboard and 4 others from the I-350 card. I use one on the motherboard to access proxmox interface wired to my network switch. I assigned 2 ports on I-350 to opnsense VM as Linux bridge: one goes to my modem as WAN; and the other goes to my trunk port on my switch as LAN. The LAN carried all VLANs.
What I meant by adding a 3rd port to opnsense is that I attempted to assign a 3rd physical port to opnsense but it stopped working for me as I detailed. I though I would use this for DMZ or VPN.
I hope this clarifies the confusion.
Logged
lilsense
Hero Member
Posts: 600
Karma: 19
Re: Errors Out on VLANs
«
Reply #7 on:
May 25, 2022, 11:42:06 am »
If this is the case then I'd look at the proxmox interface statistics to see if there are any errors. If there are any then it would be the cable issue. If not then the allotted CPU would need to increase so that the traffic would not drop..
Logged
firewalled101
Newbie
Posts: 20
Karma: 0
Re: Errors Out on VLANs
«
Reply #8 on:
May 27, 2022, 12:15:17 am »
I switched my LAN cable and did not make a difference. Errors counts slowed down after I changed my switch IP address to static but did not last for long. Why do you think it is a CPU issue. The CPU work load is barely 3% all times. It seems like people have had this problem for awhile now
https://github.com/opnsense/src/issues/74
Logged
firewalled101
Newbie
Posts: 20
Karma: 0
Re: Errors Out on VLANs
«
Reply #9 on:
July 01, 2022, 03:17:02 am »
I uninstalled Zenarmor (Sensei) for I found Elasticsearch Database was taking so much disc space. And the surprise, all interface errors disappeared. It has been 24 hours so far. You may close this post. Thank you.
Logged
lilsense
Hero Member
Posts: 600
Karma: 19
Re: Errors Out on VLANs
«
Reply #10 on:
July 01, 2022, 03:10:06 pm »
As I stated originally, packets get dropped when resources are being depleted. So, in your case it would be Zenarmor, either due to too much data being written (CPU HOG) as opposed to too much data inspection (CPU HOG).
It's not ideal to place a virtual firewall in place, unless you are running Threadripper... LOL
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Errors Out on VLANs