[NETFLOW] No data available for logical interfaces

[kavi0208]

Hello,

I configured the netflow so as to be able to view it with insight. But it is only able to capture data on physical interfaces and nothing on gre tunnel or pppoe. In opnsense i didnot see any warning or errors but tried to restart Netflow service via cli and i get these errors:

setup pppoe0
ngctl: send msg: No such file or directory
ngctl: line 1: error in file
setup vtnet0
setup gre0
ngctl: send msg: No such file or directory
ngctl: line 1: error in file

OPNsense version:

OPNsense 17.1.10-amd64
FreeBSD 11.0-RELEASE-p10
OpenSSL 1.0.2l 25 May 2017

Any help on this please?

Thanks.

[kavi0208]

@fichtner Any help please?

[fichtner]

this may be a limitation of ng_netflow(4), see https://www.freebsd.org/cgi/man.cgi?query=ng_netflow

[kavi0208]

it seems like the interface in netgraph is unnamed:

root@gw:~ # ngctl list
There are 16 total nodes:
  Name: vtnet0          Type: ether           ID: 00000001   Num hooks: 2
  Name: vtnet1          Type: ether           ID: 00000002   Num hooks: 1
  Name: mpd12950-lso    Type: socket          ID: 00000006   Num hooks: 1
  Name: mpd12950-cso    Type: socket          ID: 00000007   Num hooks: 0
  Name: mpd12950-eso    Type: socket          ID: 00000008   Num hooks: 0
  Name: ng0             Type: iface           ID: 00000009   Num hooks: 1
  Name: mpd12950-wan    Type: ppp             ID: 0000000a   Num hooks: 3
  Name: mpd12950-wan_link0-lt Type: tee             ID: 0000000b   Num hooks: 2
  Name: <unnamed>       Type: socket          ID: 0000000c   Num hooks: 0
  Name: <unnamed>       Type: pppoe           ID: 0000000d   Num hooks: 2
  Name: mpd12950-stats  Type: socket          ID: 0000000e   Num hooks: 0
  Name: mpd12950-wan-mss Type: tcpmss          ID: 0000000f   Num hooks: 2
  Name: snmpd           Type: socket          ID: 00000010   Num hooks: 0
  Name: netflow_vtnet0  Type: netflow         ID: 00000016   Num hooks: 3
  Name: <unnamed>       Type: ksocket         ID: 00000017   Num hooks: 1
  Name: ngctl40003      Type: socket          ID: 0000001e   Num hooks: 0

May be this can be the problem. While searching further i saw that mpd5, which is used for pppoe session, support netflow configuration. But am unable to test as each time the configuration is erased by opnsense.

[fichtner]

you can add mpd.conf additions to https://github.com/opnsense/core/blob/master/src/etc/inc/interfaces.inc#L1438

it's /usr/local/etc/inc/interfaces.inc on the device

[kavi0208]

Thanks. Added these two lines to interfaces.inc and restarted mpd5:

$mpdconf_arr[] = "set netflow peer 127.0.0.1 2056";
$mpdconf_arr[] = "set netflow version 9";

But still no luck.

[fichtner]

Unfortunately I don't have a setup to test against.

There was a netflow-related thread here: https://sourceforge.net/p/mpd/discussion/44693/thread/df7fc19b/

Possible naming here... http://mpd.sourceforge.net/doc5/mpd44.html#44

The overal documentation lacks, worst case we need to look at the source code to find out why it is not registering a reachable node name.

[fichtner]

And this: http://mpd.sourceforge.net/doc5/mpd34.html

It looks like we could connect to the existing node by doing this:

set netflow node nodename

But again it's not very clear how the setup flow is. I remember @AdSchellevis spent a lot of time getting the system into a usable state.

[kavi0208]

will try it and let you know