"
Hi everyone,
I'm running this version of OPNSense in a VM ESXi hosted:
OPNsense 25.7.5-amd64
FreeBSD 14.3-RELEASE-p4
OpenSSL 3.0.18
Since I don't really know when this is happening (I mean since which opnsense update), I got this side effect :
While playing online on a server on my favorite game (squad on pc as an example), I got huge lags for a limited time (dozen of seconds) with effects like no more VOIP, everyone running into walls ect... cause of UDP packets are blocked/not processed by OPNSense. Result is sometimes after the lag and UDP packets transmitted again, I'm disconnected from the server, sometimes I'm not.
My network setup is pretty simple :
My PC : 192.168.2.2/24 using 192.168.2.1/24 (opnsense) as default gateway
Opnsense : using my ISP router as main and only gateway / DNS server (I need to SNAT traffic from/to 192.168.2.0/24 by 192.168.2.1 to my ISP router to access Internet cause I can't setup a static route on my ISP router (which is in 192.168.1.0/24) like "ip route 192.168.2.0/24 via 192.168.2.1/32".
Firewall rules on User interface is : 192.168.2.0/24 any any allow
As drawing is better than writing :
For your understanding of my OPNSense current configuration, list of services (enabled/disabled) :
Start ask chatgpt, redirected me to :
-> bug in opnsense since switching to pf (XD)
-> flush state table (pfctl -F states)
-> UDP State timeout to short
-> Service IDS/IPS suricata (disabled as you seen)
-> Update Bogons / GeoIP (weird cause I shouldn't be able to connect to the game server at the first place no ?)
-> Normalization rules on WAN interface (timeout parameter is missing in GUI)
-> System > Settings > Tunables then add these parameters net.pf.udp_first to 120, net.pf.udp_single to 120 and net.pf.udp_multiple to 180
I don't really know where to look for right now and I don't want to change parameters that I don't really know it will have a good or bad effect without your advices.
Anyone as an idea ? I'm only using GUI, doesn't made in changes via CLI/SSH.
I will investigate if this impact TCP traffic too.
Thanks for your help.
Regards,
vlnc
I'm running this version of OPNSense in a VM ESXi hosted:
OPNsense 25.7.5-amd64
FreeBSD 14.3-RELEASE-p4
OpenSSL 3.0.18
Since I don't really know when this is happening (I mean since which opnsense update), I got this side effect :
While playing online on a server on my favorite game (squad on pc as an example), I got huge lags for a limited time (dozen of seconds) with effects like no more VOIP, everyone running into walls ect... cause of UDP packets are blocked/not processed by OPNSense. Result is sometimes after the lag and UDP packets transmitted again, I'm disconnected from the server, sometimes I'm not.
My network setup is pretty simple :
My PC : 192.168.2.2/24 using 192.168.2.1/24 (opnsense) as default gateway
Opnsense : using my ISP router as main and only gateway / DNS server (I need to SNAT traffic from/to 192.168.2.0/24 by 192.168.2.1 to my ISP router to access Internet cause I can't setup a static route on my ISP router (which is in 192.168.1.0/24) like "ip route 192.168.2.0/24 via 192.168.2.1/32".
Firewall rules on User interface is : 192.168.2.0/24 any any allow
As drawing is better than writing :
For your understanding of my OPNSense current configuration, list of services (enabled/disabled) :
- Captive portal -> Disabled
- DHCRelay -> Disabled
- Dnsmasq DNS & DHCP -> Disabled
- Intrusion Detection -> Disabled
- ISC DHCPv4 -> Enabled
- ISC DHCPv6 -> Disabled
- Kea DHCP -> Disabled
- Monit -> Enabled
- Network Time -> Enabled
- OpenDNS -> Disabled
- Unbound DNS -> Enabled
Start ask chatgpt, redirected me to :
-> bug in opnsense since switching to pf (XD)
-> flush state table (pfctl -F states)
-> UDP State timeout to short
-> Service IDS/IPS suricata (disabled as you seen)
-> Update Bogons / GeoIP (weird cause I shouldn't be able to connect to the game server at the first place no ?)
-> Normalization rules on WAN interface (timeout parameter is missing in GUI)
-> System > Settings > Tunables then add these parameters net.pf.udp_first to 120, net.pf.udp_single to 120 and net.pf.udp_multiple to 180
I don't really know where to look for right now and I don't want to change parameters that I don't really know it will have a good or bad effect without your advices.
Anyone as an idea ? I'm only using GUI, doesn't made in changes via CLI/SSH.
I will investigate if this impact TCP traffic too.
Thanks for your help.
Regards,
vlnc
