Messages

[network]

I would like to just point here,

Control plane QoS/Shaping, is here to guarantee stability of the network during congested state, not to improve for example ping latency.

When control plane QoS/Shaping is configured, it should be always done for the network devices that are responsible for maintaining the stability of the network. Thus with precise specified sIP dIP +/or protocol specific. But due to the fact the documentation needs to account for a larger audience, it was written in more generic way, so even a casual user can understand and implement it.

Regards,
S.

From a different topic, there was a mention about multicore...

Hello @jlficken,

Glad to hear you're excited about the new 5-policy limit — that one came straight from the majority of requests we've been hearing, so we're happy to make it part of the Home subscription.

On multi-core support: we definitely see the value for power users like yourself, but at the same time it's not something the broader Home community has been asking for, and if we make it too powerful, we start seeing the Home plan misused in business environments (which the license isn't meant for). That's why we've kept the Home subscription balanced for personal use while still growing it step by step.

That said — we do want to support the advanced setups that some of our most passionate users are running. We're considering a SASE Starter tier that would fit more of lab-builder needs.

This isn't ready yet and will likely be invite-only rather than a generally available tier — but if that sounds interesting, feel free to reach out to us directly and we'd be happy to explore it with you.

On multi-core support: we definitely see the value for power users like yourself, but at the same time it's not something the broader Home community has been asking for, and if we make it too powerful, we start seeing the Home plan misused in business environments (which the license isn't meant for). That's why we've kept the Home subscription balanced for personal use while still growing it step by step.

Sorry mb but this is a bit of corporate nonsense.

As mentioned above by @Taunt9930 the "multi-core" is not a power user feature, but an essential feature.
The survey you did is as well not properly reflecting reality, as many users don't care about it and user who did fill it didn't even know this could be a possibility. You are partially correct that adding more features for HOME sub could cause a miss-usage, but lets be honest here, HOME sub is already very cut so if it had an essential feature like this it would not cause any extra miss-usage....

That said — we do want to support the advanced setups that some of our most passionate users are running. We're considering a SASE Starter tier that would fit more of lab-builder needs.

Don't take this the wrong way but..... but this is stupid. So instead giving home labers multicore support for a HOME labing based sub, you want to make us to choose a subscription for a features set we do not want, have no use or even care? This is not the way, and I can imagine a lot of people will rebel, because this basically feels forced.

Regards,
S.

Did you checked the community section of the plugins? On the right TOP side is a button.

Regards,
S.

When you check the Reports in configuration, do you have any at all configured there?

Regards,
S.

I had similar experience not with Parrot but with Arch. For some funny reasons ZA is totally unaware of the concept of mirrors and reflectors for Arch (and most likely other Linux Distros).

I did lot of manual whitelisting and reporting of such repositories to ZA directly. This is bit sad as lists of Linux Distros mirrors are publicly available one would thought ZA is already including them.

Regards,
S.

What could be the different contributing factors to this? In terms of hardware, the OPNSense router has:
CPU: AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache, 4GB DRAM
NICs: i210AT 1Gb/s

Exactly this.

You are running a 1G line on a APU2. Depending on the configuration of your OPNsense (like Shaper etc.) this is the MAX you can get and I would bet the throughput you get is variable.

My old APU2 was capable merely 400Mbit with Shaper and few VLANs.

Regards,
S.

I neither understand what is the meaning of "good ASPM support"?

When you are researching HW for OPNsense, do not look what kind of ASPN support device has, more or less look for if it can be disabled. Taking ASPM support into the equation of which HW to buy sounds to me pointless.

If you want a future proof device you have two choices currently
1. Official OPNsense DEC HW
2. Mini PC N100 and above (N100 is more than enough)

Regards,
S.

Do not test Iperf between a host and the GW, test it across.

PC1 (iperf) - OPNsense - PC2 (iperf)

As well upgrade your BIOS
https://forum.opnsense.org/index.php?topic=46672.15

Regards,
S.

By default yes, but you can choose as well to which to apply it explicitely.

Open that Floating rule and check to which interfaces is it applied.

Regards,
S.

Doesn't look like anything changed. You hit the apply button which triggered an "empty change".

OPNsense config compare will always tell you what exactly changed, in this case only config timestamp.

Regards,
S.

To which interfaces did you assign that floating rule?

Regards,
S.

Or you can just sent them to Pfelk or just a simple syslog server.

OPNsense can do that, you will not have such a "nice" "eye candy" representation but the sessions can be sent via syslog to a collector.

Regards,
S.

I use two types NVMEs for my PRX and OPNsense

Samsung 980 500GB - 300 TBW
Lexar SSD NM790 512GB - 500 TBW

Regards,
S.

Also is there a chance you spoof your MAC address on WAN and LAN interfaces?

Regards,
S.