[Oisf-users] Suricata causes massive packet loss

peter.mueller at ipfire.org peter.mueller at ipfire.org
Sat Sep 7 17:29:00 UTC 2019


Hello Stefan, hello Peter, hello Eric, hello *,

sorry for the late reply.

@Peter: Thank you for the "max-pending-packets" hint. Changing the value
from 1024 (default) to 2048, 4096 and 8192 unfortunately did not made
things better - OpenVPN throughput stays the same.

@Stefan: Thank you for building and packaging! I will install it on
my testing machine and report back within the next days.

Since I was unable to reproduce the OpenVPN bandwidth issue on another
(productive) system running on Core Update 134, I guessed Core 135
(https://blog.ipfire.org/post/ipfire-2-23-core-update-135-released)
introduced that problem. This is wrong, I have updated the system meanwhile,
performed a reboot, and everything stays the same.

@Eric: It is good to know that the DNS problem can be tracked down
to a Netfilter bug. There are some iptables/Netfilter/... packages which
we are not shipping the latest version, I will update them. Do you happen
to have a bugtracker ID or link for that problem?

@All: Meanwhile, the domain "suricata-ids.org" was listed at URIBL
(http://uribl.com/), so some mails got rejected at our mail server. I
guess that was a false positive and removed hard reject action for URIBL.
Anyway: Is anyone aware of a compromise or security issues at "suricata-ids.org"?

Thanks, and best regards,
Peter Müller


More information about the Oisf-users mailing list