Incorrect bandwidth monitor values

stephenw10 · May 24, 2022, 8:56 PM

Hmm, do you see an outbound state for the openvpn traffic on vmx1?

MindlessMavis · May 24, 2022, 10:11 PM

This post is deleted!

stephenw10 · May 24, 2022, 10:29 PM

Hmm, you could try something more radical like importing the config into a new VM and seeing if it's still replicated.

MindlessMavis · May 24, 2022, 10:45 PM

This post is deleted!

stephenw10 · May 25, 2022, 3:07 PM

Mmm, I mean it looks like some values have been switched somehow such that pf is referencing the wrong interface(s). But if that was the case I would expect the policy routing and firewall rules to also be wrong. Also I've never seen that happen before and really I have no idea how it could!

I could imagine the interfaces becomes switched, for example ovpnc2 is no longer the tunnel you think it is. Or the interfaces are re-ordered in vmware. But that would not account for traffic switching from vmx to ovpn.

MindlessMavis · May 25, 2022, 3:07 PM

This post is deleted!

stephenw10 · May 25, 2022, 3:55 PM

You could create a new NIC on the same vswitch and then reassign WAN to that, vmx2 for example.

pf has an interface for all OpenVPN traffic that is uses for firewall rules on unassigned interfaces. I wonder if somehow the ovpnc8 graph is pulling data from that. Though that would still include data from ovpnc9.

For anything like that to happen it would have to very low level. I assume ifconfig still reports the correct number of interfaces with the correct names?

Steve

MindlessMavis · May 26, 2022, 9:26 AM

This post is deleted!

MindlessMavis · May 26, 2022, 10:52 AM

This post is deleted!

stephenw10 · May 26, 2022, 1:08 PM

@hvr-lust said in Incorrect bandwidth monitor values:

PPROMISC

Hmm, that's.... interesting!

Is it in a bridge by any chance? Or are any of those interfaces in a bridge?

I wouldn't normally expect to see a TAP mode client in a bridge in that sort of setup but...

Steve

MindlessMavis · May 26, 2022, 1:34 PM

This post is deleted!

stephenw10 · May 26, 2022, 1:34 PM

Mmm, it seems the interface is being used in some unexpected way to cause it to be flagged like that. This seems very likely to be related.

Steve

stephenw10 · May 26, 2022, 1:36 PM

And the actual pfctl output shows that data on the wrong interfaces too?

stephenw10 · May 26, 2022, 1:39 PM

It would be good to test a 2.7 snapshot if you can. There have been a lot of pf changes there recently. There's a good chance it will at least behave differently.

MindlessMavis · May 26, 2022, 1:55 PM

This post is deleted!

stephenw10 · May 26, 2022, 2:03 PM

Ok so to be clear you don't have any bridge interfaces?

No TAP mode openvpn clients?

Did your config include the RRD data? Definitely worth testing without it if so.

Steve

MindlessMavis · May 26, 2022, 2:46 PM

This post is deleted!

MindlessMavis · May 26, 2022, 3:12 PM

This post is deleted!

stephenw10 · May 26, 2022, 3:37 PM

Is that a config from 2.4.5?

SSH keys were not included in the config until 2.6. You can probably remove that section from the config to allow it restore.

Steve

MindlessMavis · May 26, 2022, 6:30 PM

This post is deleted!