Messages

Are you sure you're losing internet access, and it's not just DNS failing?

I ask because I noticed that after 5 to 8 days, and it ended up being Unbound needing to be restarted.  Which btw, didn't work properly once Unbound was in a bad state.  So I set up a cron job to restart Unbound every 5 days or so.

Just a thought....hope it helps.

-S

If I'm not mistaken you could also use their family DNS servers that [attempt to] block porn and malware. 1.1.1.3 & 1.0.0.3

You should correct the thread title.
The actual title is not the real situation.
There is no way readable you described in the past with a hack concerning opnsense.
So be so serious and change the title to whatever, i was hacked or so.

THIS!

Well I'm not sure if this would compatible with your network configuration, but this worked very well for me.

https://forum.opnsense.org/index.php?topic=50768.0

Thanks for the input!  I'll check it out.

Do you mean an AP to attach to an interface on an existing Opnsense box?

At face value you are asking to run Opnsense on an ARM A53. How would you propose to do that with proven software?

LOL  Okay, I guess I missed the ARM A53 aspect of that box.

I'm looking for fire up wireless using a box with OpnSense on it.  it'll be separate from my firewall.  I've used OpenWRT in the past, but I've always ended up bricking my unit, probably because I forgot which image I used originally and used a different/wrong image with subsequent updates.  Not sure if you've ever checked their download image lists, but it seems like there are HUNDREDS of different images for a single version of the software.  For this reason alone, I want to try an OpnSense wireless interface, but there's also the interface familiarity.

I've read that MediaTek is most compatible hardware acceleration and wifi 6.

So focusing on MediaTek, I was looking at this interesting little kit.  Any thoughts?

https://www.amazon.com/gp/product/B0G5JW186G

Has anyone heard of or tried this?

https://github.com/JameZUK/os-kea-unbound

It LOOKS like it's a package that allows Kea DHCP to add leases to Unbound.

BufferBloat

Sorry, the pic is too large for upload, so I had to use this file format.  It's A+, but the bottom is the impressive part.  There appears to be minimal difference between the three tests.

Status

After using speedtest.net to test.

Rules 2

Rules

Queues

Pipes

Updated the Pipe - Download pic showing Scheduler Type switch to WFQ.  This seemed to speed up Microsoft Teams initial connection before and during joining Teams meetings.

Greetings everyone.

I've been messing with trying to understand and subsequently configure, the OpnSense Shaper for a while now.  I would chalk it up mostly to my unfamiliarity with firewalls in general, but also not really understanding what needs to be prioritized.

I work from home, and one day my throughput went to crap.  Turns out one of the kids was downloading a new game.  All of a sudden I know what to prioritize. :)

I found a thread that got me started here, https://forum.opnsense.org/index.php?topic=48936.0

With all the threads/questions regarding the Shaper, I figure I'd post my config here.  So if it helps someone, cool.  If not, cool too.

Something to note; the upload rule needed Firewall > Settings > Advanced > Shared Forwarding set to enabled (checked).

Something ELSE to note; your Windows config can also lead to a bad bufferbloat score.  For example, I moved my laptop (on wireless) from a C- to an A+ with the following command;

  netsh int tcp set global autotuning=disabled

Of course, ymmv.