Skip to main content

Troubleshooting for Zenarmor Packet Engine

Most frequently seen Zenarmor Packet Engine issues and their solutions are given below.

netmap_register_if: Cannot allocate memory

If you are getting netmap_register_if: em0: NIOCREGIF ioctl failed for the interface: Cannot allocate memory error and can not start the Zenarmor packet engine, this means netmap buffer size on your platform is less than the required value. You can follow the steps given below to solve this problem on your OPNsense node:

  1. Navigate to System > Settings > Tunable on your OPNsense UI.

    Figure 1. Tunable System Settings on OPNsense

  2. Click +Add to add a new system tunable.

  3. Type dev.netmap.buf_num in the Tunable field.

  4. Type Netmap Buffer Size in the Description field.

  5. Type 1000000 in the Value field.

    Figure 2. Adding System Tunable to Increase Netmap Buffer Size on OPNsense

  6. Click Save to save the settings.

  7. Click Apply Changes button to activate the settings.

    Figure 3. Applying System Tunable Changes on OPNsense

You can follow the steps given below to solve Cannot allocate memory problem on your pfSense Software node:

  1. Navigate to System > **Advanced ** > System Tunables on your pfSense software UI.

    Figure 4. Tunable System Settings on pfSense software

  2. Click +New to add a new system tunable.

  3. Type dev.netmap.buf_num in the Tunable field.

  4. Type 1000000 in the Value field.

  5. Type Netmap Buffer Size in the Description field.

    Figure 5. Adding System Tunable to Increase Netmap Buffer Size on pfSense

  6. Click Save to save the settings.

  7. Click Apply Changes button to activate the firewall tunables.

    Figure 6. Applying System Tunable Changes on pfSense software

netmap_register_if: vtnet1: NIOCREGIF ioctl failed for the interface: Invalid argument

If you are getting netmap_register_if: vtnet1: NIOCREGIF ioctl failed for the interface: Invalid argument error and can not start the Zenarmor packet engine, this means MTU (Maximum Transmission Unit) size on your platform is higher than the netmap supported value (1500). You should check and fix the MTU value of the Zenarmor protected interface on your firewall.

You can follow the steps given below to solve this problem on your OPNsense node:

  1. Navigate to Interfaces on OPNsense Web UI.

  2. Selected the interface, such as LAN, that you want to be protected by Zenarmor.

  3. Scroll-down to the Generic Configuration pane.

  4. Set the MTU option to a value maximum 1500.

    Figure 7. Setting MTU size of Network Interface on OPNsense

  5. Click Save to save the settings.

  6. Click Apply Changes button to activate the firewall tunables.

Cannot read any worker configuration from workers.map

If you are getting Cannot read any worker configuration from workers.map error, and the Zenarmor packet engine immediately stops after you start it, you can follow the steps given below to solve this problem on your OPNsense node:

  1. Log in to the console as root
  2. Delete .configdone file by running rm -f /usr/local/zenarmor/etc/.configdone command.
  3. Open any Zenarmor menu on the GUI.
  4. Complete Zenarmor configuration wizard.
Last updated on by Zenarmor