Messages

but this thread seems like it has a lot of misinformation in it

So far I haven't seen anything that isn't true in the sense that it's a total lie ?!

I use an old unifi cloud key gen2

The problem with those things is that once they are declared EOL you can't use them for anything else...

yea i apologize, i didn't realize cpus like N5105 lacked AVX and that mongo with arm64 was so aggressive to essentially eliminate support for for Pi 3 and 4. really annoying to homelabers for sure.

as far the cloud key, they were introduced in august 2018, so it goes for 10+ years, with PoE and 1w idle, i find that acceptable for $150.. time vs money. that being said, i dont think they have been sold/in-stock on the official store for a while now, only the gen2 plus model with the hdd slot. though there are plenty on ebay.

what i found worked well with the new UniFi OS server was to setup a Debian LXC on Proxmox 9.1, containers supported with keyctl=1 setting. i just setup LXC, updated system packages, ran the UniFi OS installer from https://ui.com/download/software/unifi-os-server and everything was setup without really any interaction. but if you running proxmox on N5105, i guess you are still out of luck with no AVX.

where is the AVX is required?

For MongoDB since version 5.0:  https://www.mongodb.com/docs/manual/administration/production-notes/

And for ARM you need at least ARMv8.2-A.

This change effectively rendered both my Intel NUC7PJYH (J5005) and RPi 3B+ incapable of running the Network controller with any still-supported version of Mongo.  Neither can my OPNsense box (N5105).

ah man, i am surprised the N5105 is missing AXV, just has SSE4.2. well that kinda sucks. i use an old unifi cloud key gen2 (the one without the hard drive), since its poe, uses 1-2w idle, and then i dont have think about it and move on with my life and not make homelab a 2nd full time job. i assume either that is arm64 is 8.2+ or unifi will figure it out, one way or the other.

https://ui.com/download/software/unifi-os-server

has an arm64 build, which installs on raspiberry pi without AXV, obviously. where is the AVX is required? maybe for x86? AVX2 was 2013, haswell, so even that isn't really a concern at this point.

i have no love for unifi and its lottery / gamble of software updates, i run unifi switches, APs, protect and its really a gamble sometimes (much like zenarmor!), but this thread seems like it has a lot of misinformation in it

hrm, watching this thread. i am running a vp2440 with opnsense 25.10.2_8 (business) and coreboot 0.9.1-rc3, so its running 25.7.14 base, but 26.4 is scheduled to be released mid-april and will likely use the 26.1 kernel/drivers. i was running AMI bios before, as coreboot 0.9.0 dropped packets all the time on 2.5g ports with ASPM enabled. 0.9.1-rc3 seem to fix that and really helped with the idle power.

now i am worried upgrading to 26.4 will come with some surprises for x710..

Hi,

- @dirtyfreebooter, Regarding the speed issue, we will check the update server for any slowness. You should not experience any problems at the moment. 

- @RutgerDiehard, Concerning the interrupted update issue, could you please share a report using the "Have Feedback" option located in the bottom-left corner of the UI? 

i just let it sit there and after 40+ minutes, it finally finished and completed the install. today i tried downloading with curl and the speed has returned. i am sure it was just some networking issue *shrug*

Code Select Expand

$ curl https://repo.zenarmor.net/opnsense/FreeBSD:14:amd64/25.10/latest/All/os-sensei-2.4.2.pkg
  % Total    % Received % Xferd  Average Speed  Time    Time    Time  Current
                                Dload  Upload  Total  Spent  Left  Speed
100 111.6M 100 111.6M  0      0 88.92M      0  00:01  00:01        82.40M

i looks like the update server is having major bandwidth issues. i just speedtest and my network seems fine 945 mbps up/down. no other network issues. update server is going at like 50 kb/s. i manually fetching the pkg in my browser to test.



speedtest

i updated to 25.10.2_8 this morning. now zenarmor has an update. and it just hangs. i killed the pkg process and tried again and it just hangs. no problems with the OPNsense update earlier. does any updates from zenarmor ever get tested? the QA the process end to end? ugh

i've also tried updating from the zenarmor dashboard button. same thing, hangs on fetching.

Code Select Expand

***GOT REQUEST TO UPDATE***
Currently running OPNsense 25.10.2_8 (amd64) at Thu Mar 26 09:46:37 MDT 2026
Strict TLS 1.3 and CRL checking is enabled.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
Waiting for another process to update repository SunnyValley
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
Updating SunnyValley repository catalogue...
SunnyValley repository is up to date.
All repositories are up to date.
Checking for upgrades (88 candidates): .......... done
Processing candidates (88 candidates): . done
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
os-sensei: 2.4.1 -> 2.4.2 [SunnyValley]

Number of packages to be upgraded: 1

112 MiB to be downloaded.
[1/1] Fetching os-sensei-2.4.2.pkg:

I thought multithread was available in one of the paid versions?

The faster the clock speed, the better ZA will run, kind of the only rule of thumb we currently have. I'm looking at an n355 device for my next hardware, something with at least 6 i226 ports and maybe trade a couple for some SFP+ (10g lan to lan would be NICE). I only have gigabit out to wan, so don't need the i226, but it's what I'm finding because it's what most people want going forward.

Also looking at a different model with 8 i226 ports, not seeing anything with "cheaper" i350 ports anymore, and I'm not going to try Realtek for real work.

the roadmap has it 90% complete and has it listed under business and higher licenses, so no paid home license.

yea, i run business edition, but i put 26.1 on VM to explore the new firewall rules and such and i immediately noticed the grids and unbound blocklists got huge usability improvements. combining the blocklists and extended blocklists into one interface also. very nice. i can't wait for these improvements to make their way into the business edition :)

yea, i guess i assumed they were using UFS because of the common issues of using ZFS on guest, when ZFS is also on the hypervisor, but if that is not why they were using UFS, ignore what i said

another option with installing opnsense with zfs on top of proxmox with zfs, is do these 2 things:

opnsense uses 128k record size, proxmox defaults to 8k. make the opnsense zvol ahead of time (don't let the wizard do it)

Code Select Expand

zfs create -V 64G -b 128k rpool/data/vm-100-disk-0that minimizes the write amplification when the record size mismatches.

to eliminate the double arc, set the caching to metadata only.

Code Select Expand

zfs set primarycache=metadata rpool/data/vm-100-disk-0
for the level of IO opnsense does, this pretty much eliminates zfs on zfs issues, imo. enough so that trying to get UFS working seems like more effort than its worth...

yea sounds good. i am going to do a PR soon, but i wanted to get some initial feedback on visual pieces, so thanks.

This looks good!

Would it be possible as well to show transfer rate?

Regards,
S.

yep, i can add that.

x-posting with main forum to get user feedback: https://forum.opnsense.org/index.php?topic=51327.0

looking for user feedback on how one would expect to use the vnstat widget? is having that interface html dropdowns useful? or should it be a widget preference that you select once and it always shows the same interface/period selected?

any other ideas?

looking for feedback on this vnstat dashboard widget.

screenshots: https://imgur.com/a/6QKI3a3

couple of questions:

• at first i put the interface/period(daily/monthly/yearly) in widget preferences, but then thought it was nice to be able to interact with it more. no other dashboard widget though have interactive html elements..
• i am not sure what the best way to enumerate all the interfaces is. there are a bunch of interfaces that are nonsense. i am enumerating the interfaces that come from vnstat data, not the interfaces from opnsense. not sure which list to pick at the authority. if you removed an interface and wanted to look at historical data, using the interfaces in vnstat data seems correct...

open to any other thoughts, suggestions, best practices.