Messages

its done by ISC and OPNSense does it correctly. Did some research on that back in 2022, referencing the dhcpd.conf(5) man page, see (2) above.

plugging in one of those 10G SFP+ Copper (10GbE) transceivers will probably work - if you have a free SPF+ (AX) port on the DEC. They can run quite hot, but you would get 10G between your modem and the OPNsense box.

Issue solved.

Problem: For some reason, after the update OPNsense "auto" enabled Router Advertisements (RA) in "router only" mode on the uplink interface of the problematic box (C - Slave router in this example). After disabling RA on the interface manually, everything worked and prefix is assigned (1).

@Monviech: Thank you for the hints to kea. It will come. But since I heavily rely on v6 on most networks, I need the time for a reliable testing - especially with PD to subrouters.

@dseven: No, ::a0 - ::a0 is the correct notation in this case (2)

references:

(1) similar issue, helped me find the bug: IPv6 connectivity error after update to OPNsense 25.7.10-amd64

(2) still valid about PD ranges / documentation: IPV6 prefix delegation range, please clarify

third screenshot: C) OpnSense client router DHCP interface settings

You cannot view this attachment.

Sorry for the next post, but screenshots took too much attachment space (300kb limit).

So the text image: B) Master delegated prefix table (empty)

You cannot view this attachment.

Hi folks,

I cannot get dynamic v6 prefixes delegated to a OPNsense downstream router ("Slave" see below) anymore. PD from FritzBox to the first OPNsense box in the chain works fine. Pretty stuck here.

Router chain Setup:

A) Fritzbox (/56 assigned)
  -> B) OpnSense Master (/57 assigned)
    -> C) OpnSense Slave (/59 expected, not assigned)

The exact same setup has worked fine previously, with the drawback of needing to reboot the Slave C) sometimes after it lost the prefix. However since updating to the latest OPNSense releases on both boxes yesterday, prefix delegation has stopped completely. Played with felt every possible setting already but can not get v6 networks delegated to the C) Slave.

Please see the screenshots of the settings below.

Did anything dramatically change?

Screenshot: B) OpnSense Master DHCP Server config

You cannot view this attachment.

ifconfig:

Code Select Expand

root@DEC3850:~ # ifconfig -m ax0
ax0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: ax0hw (opt12)
        options=4e503bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
        capabilities=4f503bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWFILTER,VLAN_HWTSO,NETMAP,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
        ether f4:90:ea:00:64:37
        media: Ethernet 10GBase-KR (10GBase-SFI <full-duplex,rxpause,txpause>)
        status: active
        supported media:
                media autoselect
                media 100M-SGMII
                media 100baseTX
                media 1000Base-SGMII
                media 1000baseT
                media 1000baseSX
                media 1000baseLX
                media 1000baseCX
                media 1000Base-KX
                media 10GBase-SFI
                media 10Gbase-T
                media 10GBase-KR
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
root@DEC3850:~ # ifconfig ax0 media 10GBase-KR
root@DEC3850:~ #
no error ;-)

[after the log dump]

Hi Cedrik,

thank you for the fast reply.

Yes, I have removed my "personal" (old) tunings, but that might have been after the log dump I posted.

However, did not make a difference after reboot.

The system is not a new install. It runs since a couple years. Only change this weekend was installing a new switch on the location in order to upgrade to 10G. The DEC3850 itself has been running 10G previously fine in another location, but this has been some years ago - so many Opnsense / FreeBSD releases back in time.

Hi everyone,

I have a very strange issue with a recent Opnsense setup. In short:

The AX0 10G interface will not come up after a reboot, throwing an error. When I enter the interface settings and press "apply", the interface comes up.

Hardware Setup:

- Router: DEC3850, Opnsense 26.1.2_5
- Switch: Zyxel XGS2210-52HP
- Client: Mellanox CX311A @ Debian Host, Intel I5-7800 CPU, 8GTx4 link speed
- connected via 10G DAC cables

(For testing purposes, I eliminated the switch and plugged the client directly into the router. Same issue.)

(1) Connectivity

Connectivity / driver selection: I can only get the DEC3850 link 10G to the switch by selecting "10GBASE-KR" in Opnsense as speed/duplex model. Twinax DAC is not available.

In the system log right after boot, there is one obvious error:

Code Select Expand

2026-02-22T17:52:15 Error opnsense /usr/local/etc/rc.bootup: The command </sbin/ifconfig 'ax0' media '10GBase-KR'> returned exit code 1 and the output was "ifconfig: SIOCSIFMEDIA (media): Invalid argument"
(2) Performance once up

The issue might be linked. Even when up, I mostly get only about 1.5 Gbit/s throughput testing with iperf3 running ON the Opnsense box. It MAY spike up to 4 Gbit/s. It may even spike up to 7 Gbit/s.

This is vague since iperf3 is running on the router itself, but on other opnsense boxes I usually get 5-7 GBit/s even when running iperf3 on the router. Unfortunately, I did not have the chance of testing THROUGH the router due to the lack of addition 10G hardware on this specific location.

However, WAN speed also seems to be decreased to around 700Mbit (1G Cable downlink)

To sum it all up

This is strange. My primary suspects are:

(1) The DAC cable?

(2) Drivers in Opnsense?

It would be great if anyone has an idea of what to look at next. I never had such a strange problem with 10G networking. I am happy to provide more information.

Best & thanks,
Stefan


Attachments:

- syslog
- HWProbe at https://bsd-hardware.info/?probe=c67f01f83f

(edit: attached system.log)

+1

I use it.

However, the ddclient plugin provides the "nsupdate" method. According to do the documentation at https://ddclient.net/protocols.html that should do it, but might require editing ddclients config files? Never tried.

I like the os-rfc2136 plugin because it works out of the box and I can set TTLs.

[Thanks for a fresh look]

first of all: Thanks for a fresh look :)

I know how much work this is.

Just a few personal notes for desktop view, some already repeated:

- Readability is not great. Body (article) Text sizing indeed needs improvement.
- Is it really a good idea to have body (article) text on a grey background? Despite the size, that degrades readability.
- The type face runs pretty wide by nature. That also does not improve readability.

All that being said, in my personal opinion the official OPNsense documentation - which uses the same type face - is much more readable.

Just my 2 cents :)

So I understand this problem is technical / development related and can not be changed.

It was just an idea from a pure users perspective to eliminate those ahead numberings and not knowing which product is based on what without reading notes. Maybe one day.

Sorry for noise guys :)

We can't have the same numbers.

I see, this gets confusing here. I simply don't have the background to understand why you can't have the same numbers :)

Example thought with some initial release dates in mind:

Would it be a problem to release 24.7 Business Edition in October based on 24.7 Community Edition released in July?

Any drawback on this?

[future]

@Franco: I do know all the facts, that's why this is my idea for mid term future release cycles.

Take the forum itself: There 24.7 prod series board is now labeled 24.7, 24.10 although no 24.10. CE is not even out yet. Confiusing already, but what as soon as 24.10 CE comes out ;-)?

I guess you get my point:

For example, labeling the BE on it's actual CE BASE would be more consistent and intuitive to users.

LTE releases of software do that too, they are not ahead of something.

As said, that's just an idea and I'm sure you have more thoughts and logic behind this.

[7]

Hi folks,

I don't know if this is the right place to ask, but anyway:

It's really hard to easily distinguish between business and community edition releases. For example right now, CE is currently at 24.7x while BE is at 24.10x

This indicates to the user that BE is ahead in development and features, which is not the case.

Since BE is a toughly tested product based on a CE release, it is clear and logical that it must by nature be behind the CE release which it is based on.

I think this confuses many users, including myself sometimes. Yes, I do know about the release cycles and I read the release notes of the BE series which indicate the CE base. But not everyone does, especially not new users.

Could there be a cleaner an more intuitive way - maybe starting with the 25.x series?

best & thanks,
Stefan

PS: I personally use both. I happily pay for 2 BE subscriptions because I like the idea of supporting the project, although I sometimes even switch to CE on the BE "licensed" machines because there is a feature "I want now" :)