pkg, fetch & update check issues in 21.7.5

Started by survive, November 25, 2021, 03:25:39 AM

Previous topic - Next topic
In case someone stumbles across the same problem (can't update because of timeouts) but hasn't found a solution here: for me, it helped to set the MTU of my interfaces to 1472. My setup is OPNSense behind a FritzBox with cable internet.

The connectivity audit is a lot more aggressive in testing in recent 22.1.x so that such issues should also appear there (ping uses a large payload of 1500 bytes to see if fragmentation works) and IPv4 and IPv6 are tested separately to make these issues more visible.


Cheers,
Franco

Well, sadly, it wasn't the MTU. I can't find out what happened and had to remove opnsense from my network.  I could trace it down to timeout errors, but couldn't find the right way to repair it.
So what I was able to see: By logging in with ssh as root and executing something like this:
truss -fdD fetch http://mirror.fra10.de.leaseweb.net/opnsense/FreeBSD:11:amd64/20.1/
I would see something like this:

0.105005698 0.000020700 read(3,"<!DOCTYPE html PUBLIC "-//W3C//D"...,1651) = 1651 (0x673)
15.105096928 15.000018920 read(3,"\r",1)           = 1 (0x1)
15.105185998 0.000018960 read(3,"\n",1)           = 1 (0x1)
15.105316468 0.000025120 read(3,"4",1)            = 1 (0x1)
15.105436228 0.000048200 read(3,"5",1)            = 1 (0x1)
15.105554448 0.000019800 read(3,"0",1)            = 1 (0x1)
15.105655648 0.000019000 read(3,"\r",1)           = 1 (0x1)
15.105741818 0.000018680 read(3,"\n",1)           = 1 (0x1)
33.105861038 18.000020730 read(3,"/opnsense/FreeBSD:11:amd64/20.1/"...,1104) = 1104 (0x450)

What this means: data flows so slowly that the connection effectively timeouts. It took 15 to 18 seconds for receiving 1651 bytes. I also did a tcpdump and could see the TCP resets. But this didn't helped me to repair the connection. I played around with the MTU on all network interfaces that are under my control (my machine, opnsense, proxmox), but to no avail.

I would be very happy to be able to use opnsense, so if someone knows how to deal with problems like that, please let me know!

truss seems to be a bit useless here. In general these issues happen because of defunct IPv6 and then it's better to turn it off in the WAN interface or at least prefer IPv4 over IPv6 in general settings.

However, 20.1 is about as old as it gets and you won't have much fun with it anyway. There's also no connectivity audit yet in that version (I think it was introduced some time during 21.1.x).


Cheers,
Franco