"
can you try to switch to a standard theme (opnsense or opnsense-dark) first?
Best regards,
Ad
Best regards,
Ad
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#1
25.7, 25.10 Series / Re: Dropdown Menu Error on Vivaldi (Chromium based browser)
November 27, 2025, 10:31:18 AM #2
General Discussion / Re: FIB/VRF support in OPNsense
November 26, 2025, 09:00:11 AM
Not at all easy to integrate (lots of moving parts), FRR by my knowledge doesn't support fibs either (e.g. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229136), only bird does as far as I know.
Best regards,
Ad
Best regards,
Ad
#3
25.7, 25.10 Series / Re: Dropdown Menu Error on Vivaldi (Chromium based browser)
October 20, 2025, 06:35:42 PM
Hi,
These screenshots are extremely old, this can't be version 25.10. Just for the fun I've installed Vivaldi on my end, which renders the examples without issues on recent versions (even 24.10).
Best regards,
Ad
These screenshots are extremely old, this can't be version 25.10. Just for the fun I've installed Vivaldi on my end, which renders the examples without issues on recent versions (even 24.10).
Best regards,
Ad
#4
Announcements / DEC4200 series bios
August 12, 2025, 03:50:12 PM
Some people reported performance related issues with our DEC4200 series, which after investigation turned out to be a bios related issue.
A new bios has been released which addresses these concerns.
To download the latest version of the bios, please visit https://docs.opnsense.org/hardware/bios.html#dec4200-series
Installation instructions can be found in the same document as well.
Stay safe,
Your OPNsense team
A new bios has been released which addresses these concerns.
To download the latest version of the bios, please visit https://docs.opnsense.org/hardware/bios.html#dec4200-series
Installation instructions can be found in the same document as well.
Stay safe,
Your OPNsense team
#5
Hardware and Performance / Re: DEC4280 - low speed on multi-gig interfaces
August 11, 2025, 12:05:46 PM
Hi,
We just uploaded a new bios version, which can be downloaded from https://docs.opnsense.org/hardware/bios.html#dec4200-series and should resolve the throughput issues we have seen.
Best regards,
Ad
We just uploaded a new bios version, which can be downloaded from https://docs.opnsense.org/hardware/bios.html#dec4200-series and should resolve the throughput issues we have seen.
Best regards,
Ad
#6
Hardware and Performance / Re: DEC4280 - low speed on multi-gig interfaces
August 08, 2025, 04:08:59 PM
@l1lz can you drop me an email? there is a chance this is bios related, in which case I can offer something to test/validate on your end.
#7
Hardware and Performance / Re: DEC4280 - low speed on multi-gig interfaces
August 08, 2025, 10:25:59 AM
@DEC4280Problem, @User65192 it might be better to contact us directly if you purchased a machine and having difficulties with your setup. Creating new accounts (yes, I checked) every week reporting the same challenges usually isn't very helpful.
We have a test setup over here available and do run these tests quite often showing the expected results, when needed we also offer excellent commercial support to debug your setup.
Best regards,
Ad
We have a test setup over here available and do run these tests quite often showing the expected results, when needed we also offer excellent commercial support to debug your setup.
Best regards,
Ad
#8
Hardware and Performance / Re: DEC4280 - low speed on multi-gig interfaces
July 24, 2025, 09:21:19 PM
@l1lz just to be sure, you are testing with the firewall in between iperf3 machines and with our default config. running iperf3 on your firewall is a common testing issue as it influences your measurements (a lot).
our default test setup (which reaches reaches the advertised speeds), is setup like:
[client] --> [firewall] --> [server]
The client uses an iperf3 command like:
Somethings to consider when numbers don't match:
* ice needs firmware loaded, which is in our default config, the tunable is called "ice_ddp_load"
* make sure to disable the default reply-to rule (Firewall: Settings: Advanced), when a gateway is accidentally configured it may send you packets in the wrong direction.
For regular routing in my experience rss doesn't really help much as most network cards already distribute the load properly over different cores. When results are less than expected, always check `top -CHIPS` as it helps figuring out if flows are distributed as one would expect.
Best regards,
Ad
our default test setup (which reaches reaches the advertised speeds), is setup like:
[client] --> [firewall] --> [server]
The client uses an iperf3 command like:
Code Select
iperf3 -c <other-host> -P 8 -Z -t 5 -M 1500
Somethings to consider when numbers don't match:
* ice needs firmware loaded, which is in our default config, the tunable is called "ice_ddp_load"
* make sure to disable the default reply-to rule (Firewall: Settings: Advanced), when a gateway is accidentally configured it may send you packets in the wrong direction.
For regular routing in my experience rss doesn't really help much as most network cards already distribute the load properly over different cores. When results are less than expected, always check `top -CHIPS` as it helps figuring out if flows are distributed as one would expect.
Best regards,
Ad
#9
25.1, 25.4 Series / Re: Web UI and PHP performance issue - config.inc
July 05, 2025, 09:53:20 AM
Hi,
Either the machine is not very capable or your config.xml file is very large (or a combination), although all new code doesn't need to serialize the file to an array (as legacy code is doing), some of the actions still depend on older code.
When there are one or two hotspots and you have identified them, it might make sense opening an issue (https://github.com/opnsense/core/issues).
In some cases rewriting the parts to direct usage of the Config instance isn't a lot of work.
Best regards,
Ad
Either the machine is not very capable or your config.xml file is very large (or a combination), although all new code doesn't need to serialize the file to an array (as legacy code is doing), some of the actions still depend on older code.
When there are one or two hotspots and you have identified them, it might make sense opening an issue (https://github.com/opnsense/core/issues).
In some cases rewriting the parts to direct usage of the Config instance isn't a lot of work.
Best regards,
Ad
#10
General Discussion / Re: Syncing Users and WebGUI with OPNcentral breaks OPNcentral's own access
June 05, 2025, 07:51:39 AM
Hi,
We have thought about macro expansions at one time, but haven't managed to come up with something functional yet.
The flexibility of OPNsense also makes it difficult to come up with a pattern that "just works", but you never know, maybe in a future release.
The issue around the central API key not sticking around does sound like a bug from our end, an omission caused by the major redesign of the user manager. If you drop us an email at support@opnsense.com and refer this post, I'll see if I can send you a version to test before a new minor release is out.
Best regards,
Ad
We have thought about macro expansions at one time, but haven't managed to come up with something functional yet.
The flexibility of OPNsense also makes it difficult to come up with a pattern that "just works", but you never know, maybe in a future release.
The issue around the central API key not sticking around does sound like a bug from our end, an omission caused by the major redesign of the user manager. If you drop us an email at support@opnsense.com and refer this post, I'll see if I can send you a version to test before a new minor release is out.
Best regards,
Ad
#11
Virtual private networks / Re: IPsec policy issues with dynamic reqids
April 25, 2025, 05:15:55 PM
I haven't seen issues earlier to be honest, when suspecting a bug you can always open a ticket on GitHub.
My community support time is too limited to try to reproduce this on my end at the moment.
When hooks are triggered, I believe a log entry is triggered as well.
Best regards,
Ad
My community support time is too limited to try to reproduce this on my end at the moment.
When hooks are triggered, I believe a log entry is triggered as well.
Best regards,
Ad
#12
Virtual private networks / Re: IPsec policy issues with dynamic reqids
April 25, 2025, 01:58:13 PM
Hi Ulf,
That might depend on configured settings, these events are triggered when connected properly to the child instead of a static id:
https://github.com/opnsense/core/blob/3c2ad5d6b3c53f27d747bbde7b6ff81dc4bb7e5f/src/opnsense/mvc/app/models/OPNsense/IPsec/Swanctl.php#L246
Best regards,
Ad
That might depend on configured settings, these events are triggered when connected properly to the child instead of a static id:
https://github.com/opnsense/core/blob/3c2ad5d6b3c53f27d747bbde7b6ff81dc4bb7e5f/src/opnsense/mvc/app/models/OPNsense/IPsec/Swanctl.php#L246
Best regards,
Ad
#13
Virtual private networks / Re: IPsec policy issues with dynamic reqids
April 25, 2025, 09:17:04 AM
Hi,
When using both legacy and new at the same time, overlaps may happen as mentioned https://docs.opnsense.org/manual/vpnet.html#combining-legacy-tunnels-and-connections
You can either lock the reqid's on the new connections too or force the numbering to start with an offset.
The latter should be possible by adding a file /usr/local/etc/strongswan.opnsense.d/reqid-base.conf containing
Given we recently refactored the charon configuration to new mvc code, I also don't mind adding the option in the ui, just open a ticket requesting the feature here https://github.com/opnsense/core/issues
Best regards,
Ad
When using both legacy and new at the same time, overlaps may happen as mentioned https://docs.opnsense.org/manual/vpnet.html#combining-legacy-tunnels-and-connections
You can either lock the reqid's on the new connections too or force the numbering to start with an offset.
The latter should be possible by adding a file /usr/local/etc/strongswan.opnsense.d/reqid-base.conf containing
Code Select
charon {
reqid_base = 8192
}
Given we recently refactored the charon configuration to new mvc code, I also don't mind adding the option in the ui, just open a ticket requesting the feature here https://github.com/opnsense/core/issues
Best regards,
Ad
#14
25.1, 25.4 Series / Re: 25.4 - OPNcentral lost all managed firewalls
April 14, 2025, 11:42:37 AM
Hi Patrick,
I think I found the culprit, can you paste the following in a text file on the OPNcentral node:
assuming the file is called /tmp/opncentral.patch, next run :
If this fixes your issue, we'll schedule a minor upgrade as soon as possible.
Best regards,
Ad
I think I found the culprit, can you paste the following in a text file on the OPNcentral node:
Code Select
diff --git a/deciso/OPNcentral/src/opnsense/mvc/app/models/Deciso/OPNcentral/Central.php b/deciso/OPNcentral/src/opnsense/mvc/app/models/Deciso/OPNcentral/Central.php
index 02c77910d..1e80df3bb 100644
--- /usr/local/opnsense/mvc/app/models/Deciso/OPNcentral/Central.php
+++ /usr/local/opnsense/mvc/app/models/Deciso/OPNcentral/Central.php
@@ -63,7 +63,7 @@ class Central extends BaseModel
$auth_groups[] = (string)$groupNode->gid;
} else {
foreach ($groupNode->children() as $itemKey => $node) {
- if ($itemKey == 'member' && (string)$node != "" && (string)$node == $this_uid) {
+ if ($itemKey == 'member' && in_array($this_uid, explode(',', (string)$node))) {
$auth_groups[] = (string)$groupNode->gid;
}
}
assuming the file is called /tmp/opncentral.patch, next run :
Code Select
patch -p0 < /tmp/opncentral.patch
If this fixes your issue, we'll schedule a minor upgrade as soon as possible.
Best regards,
Ad
#15
25.1, 25.4 Series / Re: 25.4 - OPNcentral lost all managed firewalls
April 14, 2025, 11:07:28 AM
Hi Patrick,
Which user is logged in at the central node? are there any host groups configured? if not, does the browser console show any errors?
Best regards,
Ad
Which user is logged in at the central node? are there any host groups configured? if not, does the browser console show any errors?
Best regards,
Ad
