Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Point me in the right direction? Opnsense crash during speedtest with IDS/IPS on
« previous
next »
Print
Pages: [
1
]
Author
Topic: Point me in the right direction? Opnsense crash during speedtest with IDS/IPS on (Read 841 times)
Boomshiko
Newbie
Posts: 10
Karma: 0
Point me in the right direction? Opnsense crash during speedtest with IDS/IPS on
«
on:
September 23, 2024, 10:09:34 am »
Yesterday evening I enabled IDS and IPS on my Opnsense setup (running version 24.7.4_1, using Hyperscan as pattern matching algorithm, monitoring my LAN interface in promiscuous mode as I have two VLANs setup on the LAN and all hardware offloading and filtering disabled).
All seemed to be going well. My setup has 8GB of RAM of which about 30% was being used after the rules were loaded and when I ran a speedtest I got my usual 930/930 Mbit/s performance without maxing out the CPU. I left everything as is for a few hours and then came back to test something on my Wireguard setup. I ran a speedtest twice from a Wireguard client. The first one went fine, but after the second I noticed that I lost all connectivity. When I closed the VPN connection I was still without connection, and then I realised none of my devices have any connection to the router anymore. There was no way for me to connect to the router via my LAN anymore.
I rebooted the mini-PC on which I'm running Opnsense and that thankfully restored all connections. To rule out if it was anything VPN related, I again ran speedtest two or three times (this time without VPN) and again all connectivity was lost.
I have disabled IDS and IPS since and I can speedtest whatever I want without the LAN-connectivity crashing. I have tried looking in the logs (System -> Log Files and Services -> Intrusion Detecion -> Log File). These are the ERROR level messages I can find at the time of the crash
--- System | Log Files | General ---
2024-09-22T22:20:56 Error opnsense /usr/local/etc/rc.newwanip: The command '/usr/local/etc/rc.d/igmpproxy onestart' returned exit code '1', the output was 'igmpproxy already running? (pid=14925).'
2024-09-22T22:20:56 Error opnsense /usr/local/etc/rc.newwanip: The command '/usr/local/sbin/ntpd -g -c '/var/etc/ntpd.conf'' returned exit code '1', the output was 'daemon control: got EOF'
2024-09-22T22:20:44 Error dhcp6c transmit failed: Can't assign requested address
---
After that I find some more errors, but it seems to me they are related to the shutting down and/or boot procedure
--- System | Log Files | General ---
2024-09-22T22:22:26 Error opnsense /usr/local/etc/rc.newwanipv6: The command '/bin/kill -'TERM' '87406''(pid:/var/dhcpd/var/run/dhcpdv6.pid) returned exit code '1', the output was 'kill: 87406: No such process'
2024-09-22T22:22:15 Error opnsense /usr/local/etc/rc.linkup: The command '/bin/kill -'TERM' '88443''(pid:/var/run/dhcpleases6.pid) returned exit code '1', the output was 'kill: 88443: No such process'
2024-09-22T22:22:15 Error opnsense /usr/local/etc/rc.linkup: The command '/bin/kill -'TERM' '87406''(pid:/var/dhcpd/var/run/dhcpdv6.pid) returned exit code '1', the output was 'kill: 87406: No such process'
2024-09-22T22:22:12 Error opnsense /usr/local/etc/rc.newwanipv6: The command '/bin/kill -'TERM' '88443''(pid:/var/run/dhcpleases6.pid) returned exit code '1', the output was 'kill: 88443: No such process'
2024-09-22T22:22:12 Error opnsense /usr/local/etc/rc.newwanipv6: The command '/bin/kill -'TERM' '87406''(pid:/var/dhcpd/var/run/dhcpdv6.pid) returned exit code '1', the output was 'kill: 87406: No such process'
2024-09-22T22:22:10 Error opnsense /usr/local/etc/rc.linkup: The command '/bin/kill -'TERM' '88443''(pid:/var/run/dhcpleases6.pid) returned exit code '1', the output was 'kill: 88443: No such process'
2024-09-22T22:22:10 Error opnsense /usr/local/etc/rc.linkup: The command '/bin/kill -'TERM' '87406''(pid:/var/dhcpd/var/run/dhcpdv6.pid) returned exit code '1', the output was 'kill: 87406: No such process'
---
I don't really know how to find out what's going on from here. Any help is appreciated, though it might take me a while to try out your hints as purposefully blowing out my whole internet connection can only be done at night.
Logged
Boomshiko
Newbie
Posts: 10
Karma: 0
Re: Point me in the right direction? Opnsense crash during speedtest with IDS/IPS on
«
Reply #1 on:
September 25, 2024, 10:18:23 am »
From the information I gather online, I guess that the following two points are relevant.
My Opnsense device has Realtek NICs
I'm running VLANs (both on the LAN and WAN side by the way, the latter because of ISP requirements)
Historically there have been issues with the driver and netmap/MTU-things (I can find only vague information about this).
So I'm guessing these are some things to try (your advice needed here)
Use the official Realtek driver
Changing some netmap/MTU related settings via tunables (but which ones?)
Something else?
Logged
Boomshiko
Newbie
Posts: 10
Karma: 0
Re: Point me in the right direction? Opnsense crash during speedtest with IDS/IPS on
«
Reply #2 on:
October 04, 2024, 03:26:07 pm »
I haven't been able to clear a moment to test some stuff yet, but think I'll soon be able to. Wanted to check something, are there some issues with PowerD and IDS/IPS?
I do have PowerD enabled, and it might contribute to some of my woes?
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Point me in the right direction? Opnsense crash during speedtest with IDS/IPS on
«
Reply #3 on:
October 05, 2024, 05:46:20 pm »
You might have more than one problem source and although you might solve some, you'll have to come back to the main one which is Realtek. Simply they are not good for freeBSD networking.
Yes you can and should try to use the vendor's driver instead of the one on freebsd base, but good performance and stability is not guaranteed.
The more stress these NICs are under, the more unstable they become. So normal running and VLANs on them might work fine until perhaps a large transfer is made, say a large download or a big backup job.
The typical tell-tale is a "watchdog timeout" message in kernel logs. Other logs are usually just symptoms of it.
Then you put IPS and it is almost guaranteed it will bomb out. Maybe you can get away with IDS.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Point me in the right direction? Opnsense crash during speedtest with IDS/IPS on