Messages

What are some neat features you would like to see on opnsense?

Light work day and spent it going down a rabbit hole

got iperf working, I tested the LAN side that has a 10GB SFP+ X553 DAC into my switch. Looks like I'm getting full bandwidth there. So started to really look hard at the I226-V which connects directly to the modem. After looking the interface:

Code Select Expand

igc1: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500 description: WAN (wan) options=4800028<VLAN_MTU,JUMBO_MTU,HWSTATS,MEXTPG> ether 20:7c:14:f4:3c:51 inet 73.18.207.231 netmask 0xfffffe00 broadcast 255.255.255.255 inet6 fe80::227c:14ff:fef4:3c51%igc1 prefixlen 64 scopeid 0x5 inet6 2001:558:6007:b6:7117:e650:28b1:f71b prefixlen 128 pltime 202602 vltime 202602 media: Ethernet 2500Base-T (2500Base-T <full-duplex>) status: active nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
Confirming my:
-IDS is off
-Shaper Rules: None
-No spike on a single cpu when under load (

Code Select Expand

top -aSH)
-checked counters for errors or anything obvious

Code Select Expand

netstat -i-looked for any kill states

Code Select Expand

pfctl -F state- looked through

Code Select Expand

sysctl -a | grep dev.igc.1.mac_stats for anything that might stick out
Looked through dmesg:

Code Select Expand

dmesg | grep -i igc
for resets, watchdog events, link renegotiations, DMA/ring issues


started to think I needed to look at the threads on the forum about i-226V

I was running NVM version 2.14 ... so I'm updating to 2.32 tonight. successfully updated a couple of the spare NICs already. but not seeing a speed improvement when move my WAN port over to an updated one... though I might be getting them mixed up between the proxmox and opensense. I have failover WAN port that I also use and maintenance por.

For the fun of it, have you tried speed testing directly from the proxmox?

Yes, anything in theory can be done, but it still comes back to the question - what would the new tab show?

The expanded view ofcourse :)

This needs the whole menu logic to be rewritten and will honestly be a disaster.

Example :

- System
-- Access
--- Users

Only Users can be opened in a New Tab ;)

Mouse/Touchpad Middle Click or CTRL+Click = Open link in New Tab.

Got it. I don't see how that could be sensibly changed. Only leaf menu items (Users in this case) actually have a page associated with them, the parent menu items are just group headings. So there is nothing opening them in a new tab is actually able to show, hence the behaviour.

Yeah, I don't know either. But I really don't like it. 😢

In my opinion, the biggest problem with the menu is that you can "middle click" to nothing. If you have not reached the last level of the menu with the actual settings...

Not sure I understand what you mean by this?

Example :

- System
-- Access
--- Users

Only Users can be opened in a New Tab ;)

Mouse/Touchpad Middle Click or CTRL+Click = Open link in New Tab.

Exactly this... And you think everything is fine because a new tab opens but its just the tab you were before duplicated :(

Thanks for the first heads up, if you notice the link it suggests that this would never be changed hence I didn't go looking for it.

I wasn't really looking to limit to users, just reduce the amount of options I know I would never need in a specific install.

The link mentioned that it would not be overwritten during updates, a decade later, many things work differently on opnsense, and thus, this broke.

I know you don't need to limit users, but the result is the same. If you limit your user to not have permissions on options you "would never need in a specific install"

As a separate proposal, I was also contemplating adding a toggle setting that could disable automatic menu collapsing generally. I think the scroll would probably still need to happen though.

In my opinion, the biggest problem with the menu is that you can "middle click" to nothing. If you have not reached the last level of the menu with the actual settings...

Not sure how to optimally fix this. Thats why I like your PR a lot.

Disabling automatic menu collapsing in my mind would quickly lead to a monstrosity.

You can create a user with very specific permissions.

But your best bet is this PR. https://github.com/opnsense/core/pull/10033

Make all of them short.
Or use affinity, a very useful subset of instructions.
Or use the manual configuration to do exactly what you want.

I don't think cloudflare will give you that 🤣

If you want a cool blocklist use crowdsec.

Lower your MTU to 1400.

FreeBSD 15 supposedly fixes this

I also get 104.18.0.0 at https://1.1.1.1/cdn-cgi/trace

Not using opnsense

It has moods.  On some occasions it doesn't work and the session is still active after many hours or the following day.

When it does work, it doesn't drop out to the login screen.  It just expires the session but leaves the current view frozen in the browser tab.  It only drops out to the login screen when I click anywhere in the UI.

On Firefox, FWIW.

That's exactly my experience as well on chrome.

In your experience, does session timeout work? I have set it up to 1 minute for testing, but it doesn't always work.

Is Suricata processing encrypted traffic? I mean you are probably exceeding the memory limit of suricata but I have never seen it happen with encrypted traffic.

At some point, someone will buy it and probe it at bsd-hardware info. Give it some time :)