kernel: pflog0: promiscuous mode enabledkernel: pflog0: promiscuous mode disabled
@FullyBorked: I'm having the issues #3 and #4 (both) too. I've reported issue #3 some minutes ago (https://github.com/opnsense/core/issues/4272)Regarding syslog-ng there are several reports of users which having the same or other issues (https://github.com/opnsense/core/issues/4263)
This isn't comprehensive by any means, but outlines what I am experiencing. I've not found any workarounds for these issues. I consider 1 and 2 more serious than the others. I'll try and keep this up to date as issues are resolved or more are encountered. 1. WAN throughput is very slow IPS on or off doesn't matter, I'm only getting about 15% of my actual WAN bandwidth. A reboot fixes the issue temporarily but at some point it will drop back to being slow. Edit: Messing with my power settings https://forum.opnsense.org/index.php?topic=18450.0 seemed to "fix" this somehow. Very confused, maybe it was stuck in a low power mode? No idea but my speed is fine now, maybe try cycling your power settings.2. GEO IP Alias simply doesn't work, the zip file is being downloaded from maxmind.com but the alias won't populate, so any rules containing the alias fail to correctly function. 3. Dashboard traffic graphs don't show data with IPS enabled. I'm on an Intel NIC, some have suggested it's driver related. Worked ok in 20.1.9 though maybe there is a bug in the latest driver? No workaround has resolved the issue as of yet. 4. Syslog-NG service doesn't start on it's own after reboot. Starting it manually does seem to work, but is inconvenient after reboot. This appears to be fixed with 20.7.1.4. Restarting suricata service sometimes stops the ntpd service for some reason. It can be manually started. 5. Bogons alias is inexplicably empty at times. Firewall > Diagnostics > pftables > bogons > "update bogons" does populate the list. 6. Seeing log spam just like https://forum.opnsense.org/index.php?topic=18480.msg84175#msg84175 constantly in the log. Not sure if this is cause of issue #1 or not. Code: [Select]kernel: pflog0: promiscuous mode enabledkernel: pflog0: promiscuous mode disabled
Quote from: FullyBorked on August 07, 2020, 07:31:57 pmThis isn't comprehensive by any means, but outlines what I am experiencing. I've not found any workarounds for these issues. I consider 1 and 2 more serious than the others. I'll try and keep this up to date as issues are resolved or more are encountered. 1. WAN throughput is very slow IPS on or off doesn't matter, I'm only getting about 15% of my actual WAN bandwidth. A reboot fixes the issue temporarily but at some point it will drop back to being slow. Edit: Messing with my power settings https://forum.opnsense.org/index.php?topic=18450.0 seemed to "fix" this somehow. Very confused, maybe it was stuck in a low power mode? No idea but my speed is fine now, maybe try cycling your power settings.2. GEO IP Alias simply doesn't work, the zip file is being downloaded from maxmind.com but the alias won't populate, so any rules containing the alias fail to correctly function. 3. Dashboard traffic graphs don't show data with IPS enabled. I'm on an Intel NIC, some have suggested it's driver related. Worked ok in 20.1.9 though maybe there is a bug in the latest driver? No workaround has resolved the issue as of yet. 4. Syslog-NG service doesn't start on it's own after reboot. Starting it manually does seem to work, but is inconvenient after reboot. This appears to be fixed with 20.7.1.4. Restarting suricata service sometimes stops the ntpd service for some reason. It can be manually started. 5. Bogons alias is inexplicably empty at times. Firewall > Diagnostics > pftables > bogons > "update bogons" does populate the list. 6. Seeing log spam just like https://forum.opnsense.org/index.php?topic=18480.msg84175#msg84175 constantly in the log. Not sure if this is cause of issue #1 or not. Code: [Select]kernel: pflog0: promiscuous mode enabledkernel: pflog0: promiscuous mode disabledI have observed many of the same issues. #3,4,5,6 are the ones that seem to also affect my installation.No observed issue with bandwidth slowdowns (#1), even with IPS and traffic shaping turned on. Power Saving settings have "Use PowerD" enabled and Hiadaptive set for all drop downs.I'm not sure if I have seen a problem with GeoIPs (#2). I checked pfTables and see GeoIPs being filled in for all the Alias. Also "Firewall: Aliases > GeoIP settings tab" claims last update was 2020-08-14T20:38:26. Maybe the install I am looking at is OK, not sure how to test it.
I'm not sure if I have seen a problem with GeoIPs (#2). I checked pfTables and see GeoIPs being filled in for all the Alias. Also "Firewall: Aliases > GeoIP settings tab" claims last update was 2020-08-14T20:38:26. Maybe the install I am looking at is OK, not sure how to test it.
Quote from: Steven on August 18, 2020, 04:36:56 amI'm not sure if I have seen a problem with GeoIPs (#2). I checked pfTables and see GeoIPs being filled in for all the Alias. Also "Firewall: Aliases > GeoIP settings tab" claims last update was 2020-08-14T20:38:26. Maybe the install I am looking at is OK, not sure how to test it.Is it the GUI not displaying the GeoIP table or that GeoIP is not working.Test the GUI by going to Firewall > Diagnostics > pftables and selecting the GeoIP rules to see what's there.Test it's working by going to a site such as https://www.host-tracker.com/v3/en/check - there are many others.
Force it and then try.https://forum.opnsense.org/index.php?topic=15409.60 Msg #62
Hi,Have you went to firewall->params and change the max entries pfTables up to 400.000 (default is 200.000)? Goldorak92
