plugins icon indicating copy to clipboard operation
plugins copied to clipboard

Published 20 hours ago verified publisher icon opnsense

os-iperf plugin does not open firewall

Open gareththered opened this issue 10 months ago • 0 comments

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

  • [X] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
  • [X] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue
  • [X] The title contains the plugin to which this issue belongs

Describe the bug

iperf3 does not open firewall

Tip: to validate your setup was working with the previous version, use opnsense-revert (https://docs.opnsense.org/manual/opnsense_tools.html#opnsense-revert)

To Reproduce

Steps to reproduce the behavior:

  1. Install os-iperf plugin.
  2. Go to 'Interfaces > Diagnostic > Iperf'.
  3. Click on 'Create Instance', having selected your interface fist.
  4. Start iperf3 on the client device using the port listed in OpnSense.
  5. iperf3 on the client hangs and after a while fails due to a communication error.

Expected behavior

iperf3 on the client should connect to the specified port and carry out the speed checks.

Describe alternatives you considered

A workaround is to manually open the firewall on the interface and port specified.

Screenshots

image

Relevant log files

If applicable, information from log files supporting your claim.

Additional context

sockstat -4 -l | grep iperf3

root     iperf3     72189 3  tcp46  *:12156               *:*
root     iperf3     65993 3  tcp46  *:28391               *:*
root     iperf3     63859 3  tcp46  *:42588               *:*
root     iperf3     93022 3  tcp46  *:8509                *:*
root     iperf3     70443 3  tcp46  *:55047               *:*
root     iperf3     47900 3  tcp46  *:41104               *:*

Note that old instances of iperf3 are left running even though they are not show in the UI - another bug?

The top three listed above are shown on the UI too. It seems that a pf anchor called 'iperf' is created and is listed in /tmp/rules.debug as the last line (anchor "iperf"). However:

pfctl -a iperf -s rules

returns nothing.

Environment

Software version used and hardware type if relevant, e.g.:

OPNsense 24.1.6-amd64

gareththered avatar Apr 26 '24 12:04 gareththered