Messages

For ISP reasons, I am forced to connect my OPNSense router behind my ISP's fibre router, set to DMZ. When I compare the bandwidth I get directly from the fibre router to what I get through OPNSense, there is a significant reduction (although an improvement in bufferbloat). What could be the different contributing factors to this? In terms of hardware, the OPNSense router has:
CPU: AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache, 4GB DRAM
NICs: i210AT 1Gb/s

Fibre router:
You cannot view this attachment.

OPNSense behind fibre router:
You cannot view this attachment.

Are there specific OPNSense configuration tweaks I should try to reduce the bandwidth reduction?

OK, so that is what I don't have - the graph time is UTC while the system time is CEST:

You cannot view this attachment.You cannot view this attachment.

Does your System Information gadget show the same time as the latest time in the graph?

I have been annoyed for some time that the graphs in the Reporting module use UTC time rather than the system time that is shown elsewhere, e.g. in the System Information gadget on the dashboard. Is there no way to get the Reporting module to respect the system time zone?

I searched for previous posts about this but only found this old thread from 2020.

If this needs to be an enhancement request, where do I post it?

[Kudos and thanks]

Successfully upgraded from 25.1.11 to 25.7.1_1 without a hitch on my APU2E4 with i210AT LAN, AMD GX-412TC CPU and 4 GB DRAM. Unifi, Adguard, os-acme and a few other plugins all work as before the upgrade.
Kudos and thanks to all that help improve this system for all of us!

Are your mirror and flavour settings (in System > Settings) set to default? What does it say in "Mirror" and "Repositories" on your System > Status page?

@beneix may I ask when you installed your system?

The system was purchased in 2022 and I installed UFS. Then in 2024 I decided to take the leap and re-install with ZFS - I think it was when 24.7.1 was out. I don't recall giving any particular input to sizing, I think I just let the installer set the defaults, but I could be wrong.

Plan some time for a reinstallation with ZFS and a reasonably large EFI partition ;-)

First of all, thanks for all your help! Just a question for the future - do I understand you correctly that if the boot partition is 512K it would be a good idea to plan for a repartitioning followed by a reinstall at some convenient point in the future? I run ZFS and my gpart output looks like this:

Code Select Expand

# gpart show -l
=>       40  234441568  ada0  GPT  (112G)
         40     532480     1  efiboot0  (260M)
     532520       1024     2  gptboot0  (512K)
     533544        984        - free -  (492K)
     534528   16777216     3  swap0  (8.0G)
   17311744  217128960     4  zfs0  (104G)
  234440704        904        - free -  (452K)(I realise that the boot partition size is not a current issue but a theoretical future one.) I don't suppose there is a way to do a repartitioning in situ without a full reinstall?

No compilation required, it's just a script. Download it, chmod +x it and run it as root.

Doh! Thanks

So there is a general recommendation to keep your bootloader up-to-date, but I am not sure I understand how this utility achieves this. Am I to understand that there is updated code in one place on the disk but this has not been copied to the right place? My output from the utility is:

Code Select Expand

One or more efi partition(s) have been found.

Examining ada0p1...
Efi partition ada0p1 is already mounted in /boot/efi.
Would run: cp /boot/loader.efi /boot/efi/efi/freebsd/loader.efi
Would run: cp /boot/loader.efi /boot/efi/efi/boot/bootx64.efi

One or more freebsd-boot partition(s) have been found.
The root file system is zfs.

Examining ada0...
Would run: gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 2 ada0

-------------------------------
Your current boot method is BIOS.
Updatable EFI loader: 2
Updatable BIOS loader: 1
-------------------------------

Hello! There is a small utility for checking the bootloader.

I have never compiled anything from scratch on my OPNsense system. How would I go about installing this utility?

find: /usr/local/lib/libicuio.qo: No such file or directory
find: /usr/local/share/man/man3/SSL_CTX_set_default_verify_dir,3ossl.gz: No such file or directory

That looks like typos in the script. "libicuio.qo" should be "libicuio.so", and "SSL_CTX_set_default_verify_dir,3ossl.gz" should be "SSL_CTX_set_default_verify_dir.3ossl.gz".

I tried an upgrade from 25.1.9_2 to 25.1.12. The system booted up but many of the services were not running. I had noticed before the reboot that the upgrade script seemed to be installing 25.1.11, not 25.1.12. Attempting to reboot left the system unresponsive and I had to pull the power to reboot. Since I use snapshots, I was able to get back to a working system on 25.1.9_2 but I will hold off on upgrades until 25.7 seems stable.

It seems if you are on older versions like my 25.1.9_2, the upgrade from the dashboard will not go straight for 25.1.12 and therefore the fix of partial upgrades will not be installed, leaving the system broken with 25.1.11.

When I upgraded from 23.1.7 to 23.1.9 a long time ago, my system started to show strong oscillations in CPU use, from 0 to 100, all the time. It would reach 100% about every 10 seconds or so. Because of the high average CPU, the temperature of the system went up by a couple of degrees. I have lived with this ever since because I couldn't isolate what was driving it.

After I upgraded from 25.1.7_2 to 25.1.7_4 and now 25.1.9_2, this oscillation has disappeared and now I am seeing a nice smooth line of CPU use (obviously subject to traffic volume). System temperatures are also lower.

Just thought I'd thank all the developers for continuous improvement - I have no idea which component makes the difference in my case, but this was a long-desired improvement.

Thanks gspannu, I got the beta installed and it's working much better.

I recently migrated from the "legacy" OpenVPN client configuration to the "instance" one.

I have an existing, working client setup under legacy that it would be nice to be able to migrate, but since the old one was set up with the help of the wizard and includes both the VPN setup, firewall rules and a dedicated interface, I am a bit daunted how to replicate the legacy client in the new Instances setup, without the wizard to guide me.

The documentation I found mentions two examples (site-to-site tunnel and road warrior) but neither fits my scenario. I just need to route traffic from a specific client on my LAN to a tunnel to my VPN provider.

Has anyone found improved documentation to guide them?