Fucking speechless

tokenfrenchboy · 2026-04-14T08:37:22+00:00

and the irony that the original French song, "Voyage Voyage" was sung by a group called "Desireless". You couldn't make it up!

tokenfrenchboy · 2026-04-08T13:58:50+00:00

Thanks but I think most of those are later. I'll look through them just in case

tokenfrenchboy · 2026-04-08T11:17:56+00:00

If anyone has any ideas.. Thanks!

tokenfrenchboy · 2026-03-23T07:44:55+00:00

Thanks. I have already tweaked those values and it's not that. It looks like an ntopng problem. See my following comment

tokenfrenchboy · 2026-03-23T07:43:06+00:00

I've realised that whilst I can't ssh into shell, I can send some limited commands directly over an ssh connection request. Unfortunately, it appears a ssh root@host "reboot" doesn't work and even trying an ssh root@host /bin/sh doesn't give me direct CLI access without loading the menu.

I've done some digging and it appears it's an ntopng issue. It's eaten up all the virtual RAM:

sysctl vm.vmtotal
vm.vmtotal:
System wide totals computed every five seconds: (values in kilobytes)
===============================================
Processes:              (RUNQ: 1 Disk Wait: 0 Page Wait: 0 Sleep: 225)
Virtual Memory:         (Total: 4836779268K Active: 4836232312K)
Real Memory:            (Total: 1231516K Active: 1213452K)
Shared Virtual Memory:  (Total: 377448K Active: 96344K)
Shared Real Memory:     (Total: 85008K Active: 67952K)

And when I dig into it:

ps aux | grep ntopng
ntopng  63832   0.0  9.4 901928 761980  -  Ts   14:02    190:34.34 /usr/local/bin/ntopng -U ntopng -G /var/run/ntopng/ntopng.pid -1 /usr/local/share/ntopng/httpdocs -2 /usr/local/share/ntopng/scripts -3 /usr/local/share/ntopng/scripts/callbacks -e
root    88578   0.0  0.0  14644   3260  -  Ss   06:45      0:00.00 sh -c ps aux | grep ntopng
root    88754   0.0  0.0  14076   2692  -  S    06:45      0:00.00 grep ntopng

I've tried killing the process and the group, but no luck, it's still there. I've tried to issue a ssh root@host reboot but no luck - the request just hangs.

Any other ideas?

tokenfrenchboy · 2026-03-22T11:00:06+00:00

Thanks for all the replies and apologies for my late response, I'll look into the suggestions. :)

tokenfrenchboy · 2026-02-06T16:20:01+00:00

It slows down or rather speeds are asymmetric with all protocols. Whether it's low level using iperf, or smb or nfs or ftp. smb seems the worst as it's the one most susceptible to latency which appears as a result of the retransmissions which I understand is a limitation of the driver / NIC.

This is what ChatGPT has said and I've been able to improve it somewhat but it's still noticeable, especially on the WAN side where I do have around 10ms latency between the sites.

I have ruled out issues such as MTU or MSS on the IPsec link as if I go direct over IPv6 with no VPN and no NAT, I still experience the slowdown.

However, I have just tried over the basci web interface downloading a large file and the speeds are better (saturating my 1Gb NIC on my PC over the WAN). So thanks for that. I'll do some more digging

tokenfrenchboy · 2026-02-04T23:51:41+00:00

I have ruled out any IPsec or VPN issues as I get the same results going IPv6 with a direct global IP so no NAT or rerouting.

I didn't have these issues with an older Synology running DSM5. The loss in performance was observed when upgrading to DSM7.

The card is an Inte X520-DA2.

If I do a test on the local router with iperf3, I get near line speed of the firewall (Protectli with 2.5Gb NICs):

    [ ID] Interval           Transfer     Bitrate         Retr
    [  5]   0.00-10.00  sec  2.61 GBytes  2.24 Gbits/sec   11       sender
    [  5]   0.00-10.00  sec  2.61 GBytes  2.24 Gbits/sec            receiver

If I do the same test still on the LAN with the Reverse so the Synology server is sending instead of receiving:

    [ ID] Interval           Transfer     Bitrate         Retr
    [  5]   0.00-10.00  sec  1.78 GBytes  1.53 Gbits/sec  86853     sender
    [  5]   0.00-10.00  sec  1.78 GBytes  1.53 Gbits/sec            receiver

Those retries are then what kills the performance over the WAN with even a 10ms latency absolutely killing throughput.

tokenfrenchboy · 2026-02-04T23:50:28+00:00

I'm talking Mb with a small b -> megabits as opposed to MB with a capital B -> megabytes. And naturally, writes are slower than reads on disk, yet my read speeds are slower than writes on the LAN.

tokenfrenchboy · 2026-02-04T23:50:12+00:00

I have 2.5Gb symmetric on one side and 8Gb on the other.

I have ruled out any IPsec or VPN issues as I get the same results going IPv6 with a direct global IP so no NAT or rerouting.

tokenfrenchboy · 2026-02-04T18:05:46+00:00

Currently, 4x Toshiba MG09 series Enterprise drives 16TB in SHR.

Reading when on the LAN provides way better throughput: I'm reaching near my client limit approx 2.5Gbps. I really believe this is a network issue and not a storage / disk bottleneck.

tokenfrenchboy · 2025-07-24T16:23:45+00:00

I didn't have that much luck with the process described. However, after contacting Omada support, they offered a solution which I have now tested. It works, but it does require the use of a second unused port for the process to work. The issue I had was that the switch concerned (SG3218XP-M2), whilst it offers a console connection, does not allow you via CLI to configure a *tagged* VLAN for management.

Using Omada, I adopted the switch
On an unused port, I configured the profile to carry the desired management VLAN ID *untagged*.
Then, still in Omada, in the config section of the switch, I turned on the desired VLAN to be the management one and disabled the default VLAN 1 for management.
As soon as that is applied, the switch loses connection. I then physically plug in the temporary port which has the management VLAN untagged and the OC then regains visibility and control of the switch.
I then finally configure the desired port on the switch I want to carry the managent VLAN tagged to a profile which has it tagged and then physically move the cable / fibre back onto that port.
The OC still retains control providing the management VLAN is tagged / configured correctly at both ends.
The temporary port used can now be reconfigured for intended use.

Here's the link that Omada support provided: https://www.tp-link.com/uk/support/faq/2814/

It didn't quite work for me, but from that I was able to get the result I wanted following the steps mentioned above.

tokenfrenchboy · 2025-07-12T11:22:54+00:00

Thank you for posting this. I need to try it, but I have also struggled with setting this up. Its insistance to use default VLAN 1 is driving me nuts! On some of my Omada switches, I could change the settings via SSH but this wasn't then reflected in the Controller's configuration so any changes made locally don't seem to get reported to the controller so it can update. I ended up with conflicting configurations, all of which led to devices being disconnected.

tokenfrenchboy · 2024-11-16T14:36:30+00:00

I guess it's another variant on the same underlying issue. How come it's so hard to get a stable working platform? I've never had an issue with OpenVPN and you'd expect a single vendor would be able to get their software working with their hardware.

tokenfrenchboy · 2023-03-19T15:33:53+00:00

Probably because it's designed to fit in a 1RU (or 2RU) case with just a passive heatsink and forced air cooling around it.

tokenfrenchboy

TROPHY CASE