[CALL FOR TESTING] FreeBSD 11.1, newer Realtek vendor driver and more

[Julien]

Yes, you are running opnsense-devel and I added kernel/base support there. But you can't install the 17.7.1 kernel and base because you locked them to stay at 18.1-BETA with "opnsense-update -L" so everything is as it should be.


Thanks,
Franco

Thank you for the explanation,
let test .
i'll report back in case something noticed.

[lattera]

I migrated my OPNsense firewall at work from 17.7 to 18.1. Working great so far. Suricata is in IPS mode.

[monstermania]

I've installed 17.7.5 and update to 18.1 and FreeBSD 11.1 on a Securepoint RC100 (Lexcom 3I525D) with Realtek NIC's.
So far without any problems. 

[lattera]

I just got around to testing my Tor-ified setup and all is well there, too.

[Julien]

Hi Lattera,
are you using VLANS on your productions ?
Are you using Promiscuous mode ?

[lattera]

Hi Lattera,
are you using VLANS on your productions ?
I was curious why IPS mode ?

I don't use VLANs currently. I use Suricata in IPS mode to help increase security.

[Julien]

Hi Franco,
I have installed this on a new Hardware.

Code: [Select]

root@firewall:~ # opnsense-update -bkgr 18.1.b -n "snapshots\/beta"
Kernel locked at 18.1.b-amd64, skipping.
Base locked at 18.1.b-amd64, skipping.
Your system is up to date.but on the Gui it shows the version

Code: [Select]

OPNsense 17.7.7_1-amd64
FreeBSD 11.1-RELEASE-p2
OpenSSL 1.0.2l 25 May 2017


[franco]

Did you change the firmware GUI settings? I used a stale mirror link snapshots/beta to prevent this foot-shooting.

Change it back to normal. And btw there is no update so far from 17.7.7.

[Julien]

Did you change the firmware GUI settings? I used a stale mirror link snapshots/beta to prevent this foot-shooting.

Change it back to normal. And btw there is no update so far from 17.7.7.

Hi Franco,
I understand there is no update 17.7.7 and the 18.1 is a beta.
we have followed the same steps on hardware 1 and its updated and shows 18.1
Firmware Mirror and Flavour is still Default.
I just want to share this with you as I don't consider this a problem  just sharing the outcome.

[franco]

Now it looks ok, but you edited away the previous error which makes this discussion hard to follow from now on.

[va176thunderbolt]

I've updated my home machine (I work from home, so it gets a good workout).

And A8-5545M
8GB RAM
3 Realtec rtl8111 nics

The guy is noticeably faster now.

I have Suricata 4.0.1 running, and I have it watching native and clan interfaces. No issues, has been very stable - very good job!

[franco]

Yay, thanks. I agree that FreeBSD did a good job on this release. The final 18.1 system will not be very different from the beta from the looks of it.


Cheers,
Franco

[interfaSys]

Unusable when Suricata in IPS mode (+ promiscuous) is enabled on VLANs. This is on a Zotac CI323 with Realtek chips.
Endless reboots until Suricata is turned off.

Couldn't find anything in dmesg, so it seems to be a different issue than the kernel crashes that used to happen.

On a more positive note, FreeBSD 11.1 seems to boot normally on that hardware. It used to be that the card reader would hang the boot process for 1-2 minutes.

[Ren]

Unusable when Suricata in IPS mode (+ promiscuous) is enabled on VLANs. This is on a Zotac CI323 with Realtek chips.
Endless reboots until Suricata is turned off.

Couldn't find anything in dmesg, so it seems to be a different issue than the kernel crashes that used to happen.

On a more positive note, FreeBSD 11.1 seems to boot normally on that hardware. It used to be that the card reader would hang the boot process for 1-2 minutes.

I'm running the same system with 4GB of ram and did not experience any reboots. However my WAN connection speed dropped to 20Mbps from 70Mbps. If i remove my VLAN, and OPENVPN interfaces from the HOME NETWORK tab (only LAN defined) in SURICATA my connection speeds jumps up to 50Mbps. What is the expected performance hit when running Suricata ?

[Julien]

Unusable when Suricata in IPS mode (+ promiscuous) is enabled on VLANs. This is on a Zotac CI323 with Realtek chips.
Endless reboots until Suricata is turned off.

Couldn't find anything in dmesg, so it seems to be a different issue than the kernel crashes that used to happen.

On a more positive note, FreeBSD 11.1 seems to boot normally on that hardware. It used to be that the card reader would hang the boot process for 1-2 minutes.

I'm running the same system with 4GB of ram and did not experience any reboots. However my WAN connection speed dropped to 20Mbps from 70Mbps. If i remove my VLAN, and OPENVPN interfaces from the HOME NETWORK tab (only LAN defined) in SURICATA my connection speeds jumps up to 50Mbps. What is the expected performance hit when running Suricata ?

I am experiencing the same, the internet drop really from 1Gbps to 300/400 Mbps with my Intel(R) PRO/1000 Network Connection 7.6.1-k
I have disabled the IPS for now