Messages

Okay, I'll try this evening, thanks.

P.S.
1. should I consider to shape the WAN upload only or also WAN download?

2. although the PS5 is on a different subnet, in the section 'source' of the rule the default value is "any" so that covers all the networks, right?

3. this setup covers everything leaving WAN, including VPN traffic which I have on another port (LAN2), and I suppose it's perfectly fine, no need to worry ?

My son's PS5 is connected to one of the OPNsense firewall ports (LAN3), and I want to prioritise (or reserve) upload bandwidth for it in OPNsense. Basically, when he is gaming and I'm uploading large files, his latency jumps from about 20 ms to 150 ms. How can I stop that from happening?

I already read this article, is that the approach I should follow? Ideally, I'd want to assign to the PS5 5 Mb/s of bandwidth in upload when he is playing, but then when the PS5 is switched off, I'd want to be able to use the whole bandwidth for my devices.

Tia.

...there are Merans given how to Check if they work for your setup.

Could you tell me how?

Below is the output of ifconfig command, and with pppoe0=1500 I believe it's working as expected, right?

Code Select Expand

igc0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1508
        options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,HWSTATS,MEXTPG>
        ether ab:cd:ef:gh:ff:ff
        media: Ethernet autoselect (2500Base-T <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
...
pppoe0: flags=10088d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: WAN (wan)
        options=0
        inet xx.xx.xxx.xxx --> xx.xxx.xx.xxx netmask 0xffffffff
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>


I've just updated to the latest AdGuard Home (v0.107.74), and unfortunately the small button to check for updates at the bottom of the main page next to the version number has disappeared, and as a result, I'm no longer able to check for updates.

Also, if I log out and log back in (or just refresh the home page), I get a red error message saying: "Update check failed. Please check your Internet connection." But I do have Internet connection and I'm still able to update the DNS blocklists.

I've already cleared cookies and browser cache (Brave and Firefox) and rebooted OPNsense, but with no success.

Has anyone experienced something similar?

I'm running OPNsense v26.1.6 and latest mimugmail plugin v1.16.

Tia.

[!192.168.0.1]

On post #128, you stated "You only need to catch DNS traffic NOT going to your DNS Server IP (in this case OPNsense) and not ALL DNS traffic".

Now, in my case 192.168.0.1 is the LAN address of my OPNsense that is also the IP address of the DNS server --> I can either use !192.168.0.1 or !LAN address, is that right?

Let's say that "networking concepts go over my head faster than gigabit speeds" :-)

LAN Net = Your network's subnet so let's say 192.168.1.0/24
LAN Address = The Gateway IP Address so let's say 192.168.1.1

Yes, but which one is more accurate (and if possible, also why)?

[!LAN net]

Sorry if it's a dumb question, but in the forward rule, --> destination, is it !LAN net or !LAN address ?

Could someone explain to me what the difference is?

Also, as for the source, why is it 'any' and not LAN net if I want to 'control' the clients on my LAN network?

Thanks guys, and how do you understand it's actually a bot?

Hopefully I won't fall for it again next time...

Many thanks for your explanation, much appreciated.

I ran that dig command, and this is the output:

Code Select Expand

; <<>> DiG 9.20.20 <<>> @127.0.0.1 whoami.akamai.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5092
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;whoami.akamai.net.            IN      A

;; ANSWER SECTION:
whoami.akamai.net.      2400    IN      A      74.63.26.235

;; Query time: 8 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sun Apr 05 10:42:48 BST 2026
;; MSG SIZE  rcvd: 62

The only IP address returned is 74.63.26.235 (I use Quad9 as resolver, so I think that IP address from WoodyNet makes sense) but don't see my real IP address, is that an issue?

I forgot to mention that I have also two relays, is that the reason why I can't see my real IP address?

I'm playing around with DNSCrypt (+ Unbound) and there are a couple of things I need clarification on:

1. In Unbound -> Query Forwarding there are two options that I cannot understand, i.e. 'Forward TCP upstream' & 'Forward first' - can someone please confirm whether I have to check them?

2. If I disable DNSCrypt to check any possible DNS leaks, I actually still have Internet access, and on dnsleaktest.com I can see it finds one DNS server, which is my ISP's. How do I troubleshoot this?

Tia.

Alright, thanks Patrick.

So, can you please show me an example of a (block) list which would be compatible with the alias type "Networks"?

Can you explain why? That link is a list of networks e.g. 2.57.122.0/24 and "URL Table (IPs)" should be used with a list of IP addresses, or am I missing something?

I'd want to create an alias using the block list https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt and from my understanding - reading here - I should select the type 'networks', but unfortunately I get the error that the entry is not a network, can someone advise, please?

Tia.