Lock with transmission

[yeraycito]

OPNsense 20.7.r_13
Suricata in wan, Sensei in lan

When I start downloading several torrent files with Transmission (default values) the following happens:
1 - Accessing several sites with a browser is impossible, not all of , some of them.
2 - Access with a device to the wifi is impossible ( It does not connect to the wifi )
3 - Downloading with Transmission works perfectly.
If I close Transmission the above still occurs.
If I restart Opnsense everything will work correctly again.
With the previous version of Opnsense it happened too.

[yeraycito]

Opnsense in mini-pc: Memory: 8 GB
Suricata max-pending-packets: 10000
Transmission on pc connected by network cable at mini-pc Opnsense

[franco]

Transmission a.k.a. BitTorrent has been known to open a huge amount of connections bringing state tables to its knees in all sorts of networking equipment. The only reliable way is to throttle the connection count somewhat.


Cheers,
Franco

[oscarr]

Single core router with 256MB RAM for 50 bucks can handle torrent clients and number of PCs, but much more powerful machine with OPNsense can't?
IMHO it is question of settings... or we all should find another firewall software.

[franco]

OPNsense can't run on 256 MB RAM... so ... yeah, well, let's just find another firewall then that does.


Cheers,
Franco

[oscarr]

You didn't understood what I wrote.

You are saying that BitTorrent is opening to many connections that OPNsense can't manage and thats the reason of problems.
I'm saying that if cheap ADSL routers with manufacturers firmware can handle BitTorrents, than much better hardware with OPNsense installed should have no problems at all. If it does have problem with Torrents we all should go and find another OS.

[franco]

I'm sorry. I am clinging to the mention of the entitled opinion of needing to find another firewall. It can be done quicker without posting here.

Because technically you are correct in finding out about the correct way to set up the parameters, state tables, etc.

But practically, mentioning both things at the same time is a let down for motivation not just for the original poster but for other readers and people willing to help.


Cheers,
Franco

[oscarr]

I am the reader, and sorry to say that, but it was you who let my motivation down telling in public that OPNsense can't handle torrents traffic because of too many connections.

I still don't understand how to set QOS on OPNsense, and idea of pipes sounds strange to me. When I read about need of throttling, I started to think that OPNsense may not be worth using, and started to consider other options.
Unfortunately there is not big choice. PFsense is not much different and only real competitioner is OpenWRT which is better here, worse there.

I need to find out how to set QOS up, and if throttling will be only way to prevent unwanted situations I will switch to other software.
For now I'm going to look for some tutorials, guides etc.

Regards,
Oscarr

[devnull.systems]

Can you disable Suricata in wan, Sensei in lan and see if it works? 

[Redundanz]

...
I'm saying that if cheap ADSL routers with manufacturers firmware can handle BitTorrents, than much better hardware with OPNsense installed should have no problems at all.
...

Are you not familiar with the compute & memory implications of a stateful packet filter and potential packet inspection ?
You know that ADSL routers basically do nothing else with your signal/packets except demodulation (layer 1) and layer 2/3 addressing?

Get to the bottom of the fact that your ADSL router doesn't really "handle" any BitTorrent... it just sees closed packages and throws them into a tube (untouched packets from the demodulated data stream from a "WAN" wire get sent out on a "LAN*" wire - NOTHING else except maybe on rare occasion a more complex NAT'ing!)

I suggest, and I don't want to offend you, that you read about the fundamentals of the operating principles of a stateful firewall and packet inspection.

[oscarr]

Sorry, but I don't care about packet inspection. I installed OPNsense because I was looking for x86_64 router OS that will handle OpenVPN, Zerotier and some other tasks.
I used Fresh Tomato, and was happy with it, but OpenVPN client was not perfectly stable on Tomato, and Zerotier didn't work very well.
Apart of that OpenVPN needs lots of CPU power and there is not many broadband routers that could handle higher transfers trough VPN. My Linksys EA6900 could achieve just around 20Mbps - just 10% of my actual bandwidth.
That's why I googled for "x86 router OS" and OPNsense is indeed best of that what I found.
Actually OpenWRT is not bad as well, but ideally would be to have something like Ubuntu-Server just with webUI to manage Interfaces, NAT, firewall, WiFi.