OPNsense does not negotiate Speed/Duplex for WAN Properly

I have a 150MBit Internet connection but during the last few days I have noticed that I am limited to roughly 10-15Mbit. After doing a few tests I narrowed the issue down to the firewall and when looking at the dashboard and when browsing through my settings I noticed the WAN’s speed was set to 100baseTX
.

I tried setting it to 1000baseT like LAN and IoT put this results in no Internet connection. When I directly connect a computer to the modem I am able to get my full Internet speed, so this does not seem to be the problem.

Screenshot 2024-06-22 at 13.46.09

Additionally, I think the issue only occurred (was noticed) yesterday and I did have my full Internet speed a few days prior while no changes to the firewall or my network setup have been made, aside from installing the newest update.

Another problem I have noticed is that after a reboot of the firewall I sometimes did not get a WAN connection (just like when I used 1000baseT), but since I have manually set it to 100baseTX this seems to be solved now.


Any help on how to resolve this issue would be greatly appreciated!

Edit 1: The OPNsense version I am currently using is OPNsense 24.1.9_4-amd64 and FreeBSD 13.2-RELEASE-p11 on a AMD Ryzen Embedded V1500B (4 cores, 8 threads) machine.

Edit 2: Adjusted title

Edit 3: I set the interface to 1000baseT via the terminal but this results in no Internet connection. Setting it back to 100baseTX via the terminal also does not seem to work, but a restart and appropriate GUI settings seem to solve the problem. I have uploaded a log of this process here:

1 Like

silly question, but you did check the wan cable? like, if one ethernet pin is off, then it won’t do gigabit?

obvs does not apply if fibre…

1 Like

I have not visually checkes the cable, but the same cable connected to my notebook achieves 150Mbit. I will have to check which speed it negotiates though.

4d ago there was a major update of OPNsense so this might have been the culprit.

1 Like

NIC dying? Or the physical port on the NIC maybe has a broken pin on it now?

1 Like

It seems to be more of a hardware issue than a software one. I’d check cables first then look at the NICs, then the switch itself. Last time I had a similar problem, the issue was the idiot that made the ethernet cables (me), as I had wired the RJ45 connectors wrong.

1 Like

Thanks for the responses. So, I did use the same cable on my notebook and then switched to a different one also using a different port on the ISP’s modem:

~ ❯ ifconfig
...
en7: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=404<VLAN_MTU,CHANNEL_IO>
	...
	inet 192.168.0.94 netmask 0xffffff00 broadcast 192.168.0.255
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect (1000baseT <full-duplex>)
	status: active

 ~ ❯ ifconfig
...
en7: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=404<VLAN_MTU,CHANNEL_IO>
	...
	media: autoselect (1000baseT <full-duplex>)
	status: active

As you can see, both use 1000baseT <full-duplex> on my notebook, whereas both use 100baseTX <half-duplex> on my OPNsense firewall.

As you can see above, two different cables produce the same results and both the ISP modem as well as the firewall stand next to each other, so there was no need for wiring the cables myself.

How would you go about checking the NICs though? Any ideas?

Regarding the issue being a hardware one an not software related, I think my issues started appearing when I first installed OPNsense 24.1.9, so I am thinking drivers might be causing this :thinking:

1 Like

Let’s start with what NIC you are using. Even onboard NIC operate off a chipset of one type or another. When it comes checking the health of a NIC that one is more difficult. But you can start with a physical inspection looking looking at all the ports, pins and card itself (if it isn’t onboard), then move on to doing some preformance testing with tools like iperf, and beyond that you would need to test on a different NIC (gigabit NICs are cheap these days I suggest always keeping spare or two on hand).

2 Likes

Thanks! So I did have a look at the ports and I could see nothing suspicious. Aside from that, I am not sure if I am allowed to open the device without voiding the warranty as I am using a DEC740. (It would also be hard to replace the NIC itself I assume.)

This is the output of pciconf though:

azulath@OPNsense:~ % pciconf -lv | grep -A1 -B3 network
igb0@pci0:2:0:0:	class=0x020000 rev=0x03 hdr=0x00 vendor=0x8086 device=0x1539 subvendor=0x8086 subdevice=0x0000
    vendor     = 'Intel Corporation'
    device     = 'I211 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb1@pci0:3:0:0:	class=0x020000 rev=0x03 hdr=0x00 vendor=0x8086 device=0x1539 subvendor=0x8086 subdevice=0x0000
    vendor     = 'Intel Corporation'
    device     = 'I211 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb2@pci0:4:0:0:	class=0x020000 rev=0x03 hdr=0x00 vendor=0x8086 device=0x1539 subvendor=0x8086 subdevice=0x0000
    vendor     = 'Intel Corporation'
    device     = 'I211 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
--
    class      = non-essential instrumentation
ax0@pci0:6:0:1:	class=0x020000 rev=0x00 hdr=0x00 vendor=0x1022 device=0x1458 subvendor=0x1022 subdevice=0x1458
    vendor     = 'Advanced Micro Devices, Inc. [AMD]'
    class      = network
    subclass   = ethernet
ax1@pci0:6:0:2:	class=0x020000 rev=0x00 hdr=0x00 vendor=0x1022 device=0x1458 subvendor=0x1022 subdevice=0x1458
    vendor     = 'Advanced Micro Devices, Inc. [AMD]'
    class      = network
    subclass   = ethernet

That is good information, I didn’t realize you were running a commerical device and I was assuming you had a DIY solution. That being said if you are running a DEC device drivers shouldn’t be an issue. With that being said I did find a thread on the OPNSense forums relating the I211 chipset and some instablity. Which would be odd given that said chipset ships with one of their commercial products. Personally, I think it is worth a call to tech support, which you should have with your device as it comes with a commercial license.

1 Like

Yeah, in the end I might have to contact tech support. I want to make sure though, that the problem is not anything on my side before contacting them and maybe even returning my device for repair.

I have also updated the OP.

I tried downgrading via sudo opnsense-revert -r 24.1.8 opnsense but the issue persists. (Have not tried downgrading the kernel since it is not advised.)

I keep coming back to bad hardware. I honestly don’t think you are having driver issues. But I have been wrong before.

1 Like

Yeah, you may be right. I will contact the support on Monday. The only thing that worries me a bit is that the contact lists only sales representatives:
https://shop.opnsense.com/product-categorie/support/

So, they might just tell me to return the device regardless…

Yeah I can’t tell you about the customer support experience with them as I opted to build my own router rather than buy their commercial products and didn’t buy a commercial license to go with my router.

1 Like

The router is commercial, the OS license is not though. (You get a year and afterwards I switched to the free edition.)

Yes I was assuming you were in that year period. You may be out of luck with support then.

1 Like

To a certain extent, if the hardware is faulty they still have to replace/repair it.

Maybe, that depends on the warranty on the hardware. It has been a while since I looked at their devices so I couldn’t tell you what that warranty period is.

1 Like

I sort of have a Band Aid fix for the issue now by doing the following:

Since I have a DEC740 device I have three RJ45 ports at my disposal with Port 0 and Port 1 by default being assigned to LAN and set to 1000baseT <full-duplex> as well as WAN and 100base respectively.

So, I went into Interfaces>Assignments and set WAN to use igb2 (aka Port 2). Now, I do have 1000baseT <full-duplex> on my WAN again.

This makes me wonder though as the output below shows that all three ports use the same networking device. Thus, a driver/kernel issue can be ruled out, right?

azulath@OPNsense:~ % pciconf -lv | grep -A1 -B3 network
igb0@pci0:2:0:0:	class=0x020000 rev=0x03 hdr=0x00 vendor=0x8086 device=0x1539 subvendor=0x8086 subdevice=0x0000
    vendor     = 'Intel Corporation'
    device     = 'I211 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb1@pci0:3:0:0:	class=0x020000 rev=0x03 hdr=0x00 vendor=0x8086 device=0x1539 subvendor=0x8086 subdevice=0x0000
    vendor     = 'Intel Corporation'
    device     = 'I211 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
igb2@pci0:4:0:0:	class=0x020000 rev=0x03 hdr=0x00 vendor=0x8086 device=0x1539 subvendor=0x8086 subdevice=0x0000
    vendor     = 'Intel Corporation'
    device     = 'I211 Gigabit Network Connection'
    class      = network
    subclass   = ethernet
--
    class      = non-essential instrumentation
ax0@pci0:6:0:1:	class=0x020000 rev=0x00 hdr=0x00 vendor=0x1022 device=0x1458 subvendor=0x1022 subdevice=0x1458
    vendor     = 'Advanced Micro Devices, Inc. [AMD]'
    class      = network
    subclass   = ethernet
ax1@pci0:6:0:2:	class=0x020000 rev=0x00 hdr=0x00 vendor=0x1022 device=0x1458 subvendor=0x1022 subdevice=0x1458
    vendor     = 'Advanced Micro Devices, Inc. [AMD]'
    class      = network
    subclass   = ethernet

Now that I think of it, my ISP’s modem died two weeks ago, could it be that it fried my Port 1?

Anyway, any help or ideas would definitely still be appreciated.

Maybe, it depends on what happened to it. Any number of things can cause power surges, and those can flow through any conductor.

1 Like