20.7-BETA images with HBSD 12.1

[ruggerio]

Question to Suricata 5: is it still necessary to disable all hardware offloading?

[Supermule]

I think so.

[ruggerio]

GUI says, that there exist updates, but if doing so, the following occurs:

***GOT REQUEST FOR TYPE: opnsense***
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
pkg-static: No packages matching 'opnsense' have been found in the repositories

Number of packages to be fetched: 1
No packages are required to be fetched.
Integrity check was successful.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
pkg-static: No packages available to install matching 'opnsense' have been found in the repositories
Starting web GUI...done.
Generating RRD graphs...done.
***DONE***

you can do that the whole day long

[lattera]

How is the beta image so much larger than the current production image? Does it have debugging enabled?

At least part of the growth would be the introduction of a new exploit mitigation: Non-Cross-DSO Control Flow Integrity (CFI). More information about CFI can be found in HardenedBSD's wiki: https://git-01.md.hardenedbsd.org/HardenedBSD/HardenedBSD/wiki#control-flow-integrity-cfi

[franco]

@ruggerio: what version are you running? it looks like you found an older image that's not supposed to be 20.7-BETA, at least the log issue and the firmware warning are telltale clues.

[ruggerio]

OPNsense 20.7.b_3-amd64
FreeBSD 12.1-RELEASE-p3-HBSD

The one i downloaded yesterday

[Bluewind]

Early in the beta I reported that during the install, OPNSense would not detect a USB Ethernet connection. I also  could not manually install the adapter (UE0). My USB Ethernet connector would not work with that beta.

I just again installed the beta via ISO. No surprise it would not detect the adapter. However since the WAN adapter was working, after completing install I updated the software from the console. After the update to the latest beta, I started the console process and install the adapters. This time the USB Ethernet adapter was detected by the auto detection process and I was able to install it as UE0 adapter.

Thanks for the fix.

------------------------------------

I tried to install OPNsense-devel-20.7.b-OpenSSL-serial-amd64 from a USB Memory Stick. It would not detect my USB Ethernet dongle during the "auto detection" of the LAN/WAN connections. When I plugged in the USB dongle I would see an OS message but OPNsense would not detect that an interface was added.

I removed the dongle and tried again with the same results.

I continued with the install. When the webGUI was available, I tried to add the interface but it would not show the USB interface.

I then installed FreeBSD 11.2-RELEASE-p17-HBSD  b0b3393e380(stable/20.1) amd64 from a USB Memory Stick. During install, the "auto detection" worked fine showing the USB dongle as UE0. The dongle worked fine.

Below is data from the working "stable/20.1" using the Reporter to show the enumeration of the USB devices.

What other info can I provide?

Thanks.

usbus0 on xhci0
usbus0: 5.0Gbps Super Speed USB v3.0

usbus1: EHCI version 1.0
usbus1 on ehci0
usbus1: 480Mbps High Speed USB v2.0

uhub1: 13 ports with 13 removable, self powered
uhub0: 2 ports with 2 removable, self powered
ugen0.2:  at usbus0

[ruggerio]

What hardware do you have?

[Bluewind]

The PC is a mini-PC from ASUS with one gigabit Ethernet port. The USB port the Ethernet dongle plugs into is USB 3.0. The dongle is a generic Ethernet/USB dongle.

https://www.amazon.com/UGREEN-Ethernet-Adapter-Nintendo-Chromebook/dp/B00MYT481C/ref=sr_1_3?crid=Q2X0HBPNW010&dchild=1&keywords=ethernet+usb+adapter&qid=1586311410&sprefix=ethernet+usb+%2Caps%2C158&sr=8-3

Specs for the PC.
https://www.asus.com/us/Mini-PCs/VivoMini_UN42/specifications/

[ruggerio]

Have you tried installing it in the shell, using the manual method of assigning interfaces?

In this version, just my lan interface was recognized fine, but e.g. neither lan nor dmz, which both have been connected. With manual assignment, it worked.

[kuleszdl]

Thank you for providing this first build! I was keen to see how HBSD 12.1 would perform, so I tried the image on a APU 1D4 that was running the latest stable (currently 20.1.4) before. I am using the base unit with only the stock 16G msata card (no wifi installed, no USB addons). With the switch to HBSD 12.1 I was hoping for better throughput (due to newer Realtek drivers) and lower power consumption.

The good news is that the 20.7 version seems to be working without  regressions in this very simple test so far. However, I could not observe any improvements regarding throughput or power consumption. I am still limited to around 350 Mbps of my Gigabit line in various speed tests and the box consumes around 9.5-10 Watts in idle. In comparison, Linux-based systems consume only around 5.5-6 Watts and deliver gigabit speed on the very same hardware.

I noticed some python3 and php processes that are keeping both cpu cores quite busy all the time. But this has been already the case in the 20.1 series.

[franco]

Thanks for testing. On the Realtek side the driver isn't newer, not sure where you read this.

If all goes well next week there will be an online update with PHP 7.3 included and some bugs fixed.


Cheers,
Franco

[marjohn56]

Happy to say all good on my test unit, green lights across the board. Nice also to note that my dhcp6 multiwan patches all applied and working too. On furlough here so have some time to play.

[ruggerio]

works well now in daily usage. Only thing is logging on postfix. All the rest i could not find any errors.

[Kali]

I did a test on kvm with virtio net driver, and a quick test shows a big performance improvement 2/3 times faster than 20.1 (I guess is the driver update from 11.2 to 12.1)