Topics

Hi,

Glad to see these updated fancy devices in stock > DEC675 / DEC695 !

Are they run coreboot and if not which one and how to get bios updates ?

I really miss the information and or documentation regarding the Bios part especially in the business section.

Thx & Best

Hello Folks,

First of all great work & respect for 22.1  !!

Performs pretty well here, just found one little gui drop down glitch issue in Ipsec phase 1 tunnel subnet menu with Firefox...except this all runs super smooth !

In terms of design decisions I am just curious why is there no clear position or info regarding the offloading settings, It looks like CRC makes super sense ;) to enable per default if you're not using realtek nics or IPS or vm environments and TSO & LRO seem to be always disabled on firewalls, right ?

If this not wrong,  why u're not drop TSO & LRO options from the gui and make them disabled per default as turnable and make CRC enabled by default in the gui (incl. the info for realt. & vms cases) ?

Further I would like to know if you're consider removing the web proxy, dyn masq dns and opendns from core to plugins and put wireguard into core?

Best & Thx !

Hello,

Since r1 and still on rc2 there are no logs in the WebGui...
For testing purposes I enabled log level 5 + log queries still no logs.

Just to let ya know.

Hello,

First of all, pretty cool and I am looking forward to 22.1!

Tdy. I was able to clean install the rc1 on my apu2 and noticed a few issues and want to report them.

1. Zfs
I received the following error '─Error: sysctl'
'sysctl: unknown oid 'vfs.zfs.min_auto_ashift'
1.1 tried a few things including guided and manual zfs install options but I always received the same error but UFS worked.

2. Console
2.1 The following msg. appears: 
'HTTPS: ld-elf.so.1: /lib/libcrypto.so.111: Unsupported relocation type 572213003 in non-PLT relocations'
2.2 Point 10 - Firewall log does not work

3. Services
I do not receive an ip via dhcp on Lan - Configured the lan manually (client side) which worked to get acces to the sense, so I ran the wizard and tried again to get an ip via dhcp but nope.

3.1 I just changed 2 settings (enable forwarding and hide version) and after save and apply unbound crashed and stopped unbound without any logs (gui) + I was not possible to start unbound again via gui + still no logs.

I didn't investigated it deeper just to let u know my few things which might help.

Best & Greets!

Hi,

It's pretty strange, because sometimes it works and sometimes it doesn't but I cannot get what it triggers this behavior.
Eg. trivial wg. roadie setup with no surricata or complex rules tries to ping the fw. which sometimes works and sometimes not. I created a Interface rule indeed and I also created for testing purposes a rule on the new Wireguard group (since 1.9)  Interface to allow all traffic arriving on this interface from any to lan network (any also does not work) The firewall live logs shows the icmp but gets blocked so this tells me my fw. rules does not apply correctly, right ?

I also notice such behaviors with ipsec site2sites.

All ideas and feedback is highly appreciated

Whats wrong with my ipsec settings or is it to much for the apu2?

Ipsec

Code Select Expand

phase1:
128 bit AES-GCM with 128 bit ICV + AESXCBC + DH Group 14

phase2:
aes128gcm16 + AES-XCBC + off



./iperf3 -c 192.168.12.12 -P 2
Connecting to host 192.168.12.12, port 5201
[  4] local 192.168.1.100 port 56513 connected to 192.168.12.12 port 5201
[  6] local 192.168.1.100 port 56514 connected to 192.168.12.12 port 5201
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-1.00   sec   128 KBytes  1.04 Mbits/sec                 
[  6]   0.00-1.00   sec   128 KBytes  1.04 Mbits/sec                 
[SUM]   0.00-1.00   sec   256 KBytes  2.09 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   1.00-2.00   sec   371 KBytes  3.05 Mbits/sec                 
[  6]   1.00-2.00   sec   416 KBytes  3.43 Mbits/sec                 
[SUM]   1.00-2.00   sec   788 KBytes  6.48 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   2.00-3.00   sec   325 KBytes  2.66 Mbits/sec                 
[  6]   2.00-3.00   sec   372 KBytes  3.05 Mbits/sec                 
[SUM]   2.00-3.00   sec   697 KBytes  5.71 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   3.00-4.00   sec   468 KBytes  3.83 Mbits/sec                 
[  6]   3.00-4.00   sec   514 KBytes  4.21 Mbits/sec                 
[SUM]   3.00-4.00   sec   981 KBytes  8.04 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   4.00-5.00   sec   386 KBytes  3.16 Mbits/sec                 
[  6]   4.00-5.00   sec   425 KBytes  3.48 Mbits/sec                 
[SUM]   4.00-5.00   sec   811 KBytes  6.64 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   5.00-6.00   sec   504 KBytes  4.13 Mbits/sec                 
[  6]   5.00-6.00   sec   549 KBytes  4.50 Mbits/sec                 
[SUM]   5.00-6.00   sec  1.03 MBytes  8.63 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   6.00-7.00   sec   368 KBytes  3.01 Mbits/sec                 
[  6]   6.00-7.00   sec   421 KBytes  3.45 Mbits/sec                 
[SUM]   6.00-7.00   sec   789 KBytes  6.46 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   7.00-8.00   sec   480 KBytes  3.94 Mbits/sec                 
[  6]   7.00-8.00   sec   514 KBytes  4.21 Mbits/sec                 
[SUM]   7.00-8.00   sec   994 KBytes  8.15 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   8.00-9.00   sec   360 KBytes  2.94 Mbits/sec                 
[  6]   8.00-9.00   sec   375 KBytes  3.07 Mbits/sec                 
[SUM]   8.00-9.00   sec   734 KBytes  6.01 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   9.00-10.00  sec   516 KBytes  4.23 Mbits/sec                 
[  6]   9.00-10.00  sec   521 KBytes  4.27 Mbits/sec                 
[SUM]   9.00-10.00  sec  1.01 MBytes  8.50 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-10.00  sec  3.81 MBytes  3.20 Mbits/sec                  sender
[  4]   0.00-10.00  sec  3.70 MBytes  3.11 Mbits/sec                  receiver
[  6]   0.00-10.00  sec  4.14 MBytes  3.47 Mbits/sec                  sender
[  6]   0.00-10.00  sec  4.02 MBytes  3.37 Mbits/sec                  receiver
[SUM]   0.00-10.00  sec  7.95 MBytes  6.67 Mbits/sec                  sender
[SUM]   0.00-10.00  sec  7.73 MBytes  6.48 Mbits/sec                  receiver


WG

Code Select Expand

/iperf3 -c 192.168.12.12 -P 2
Connecting to host 192.168.12.12, port 5201
[  4] local 192.168.1.100 port 56480 connected to 192.168.12.12 port 5201
[  6] local 192.168.1.100 port 56481 connected to 192.168.12.12 port 5201
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-1.00   sec  2.96 MBytes  24.8 Mbits/sec                 
[  6]   0.00-1.00   sec  2.40 MBytes  20.1 Mbits/sec                 
[SUM]   0.00-1.00   sec  5.36 MBytes  44.9 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   1.00-2.00   sec  2.55 MBytes  21.3 Mbits/sec                 
[  6]   1.00-2.00   sec  2.68 MBytes  22.5 Mbits/sec                 
[SUM]   1.00-2.00   sec  5.23 MBytes  43.9 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   2.00-3.00   sec  2.97 MBytes  24.9 Mbits/sec                 
[  6]   2.00-3.00   sec  3.15 MBytes  26.5 Mbits/sec                 
[SUM]   2.00-3.00   sec  6.12 MBytes  51.4 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   3.00-4.00   sec  2.74 MBytes  23.0 Mbits/sec                 
[  6]   3.00-4.00   sec  2.82 MBytes  23.7 Mbits/sec                 
[SUM]   3.00-4.00   sec  5.57 MBytes  46.7 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   4.00-5.00   sec  2.98 MBytes  25.0 Mbits/sec                 
[  6]   4.00-5.00   sec  2.67 MBytes  22.4 Mbits/sec                 
[SUM]   4.00-5.00   sec  5.65 MBytes  47.4 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   5.00-6.00   sec  3.13 MBytes  26.2 Mbits/sec                 
[  6]   5.00-6.00   sec  2.36 MBytes  19.8 Mbits/sec                 
[SUM]   5.00-6.00   sec  5.49 MBytes  46.0 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   6.00-7.00   sec  2.48 MBytes  20.8 Mbits/sec                 
[  6]   6.00-7.00   sec  2.13 MBytes  17.9 Mbits/sec                 
[SUM]   6.00-7.00   sec  4.61 MBytes  38.7 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   7.00-8.00   sec  2.26 MBytes  19.0 Mbits/sec                 
[  6]   7.00-8.00   sec  2.17 MBytes  18.2 Mbits/sec                 
[SUM]   7.00-8.00   sec  4.43 MBytes  37.2 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   8.00-9.00   sec  1.80 MBytes  15.1 Mbits/sec                 
[  6]   8.00-9.00   sec  2.14 MBytes  18.0 Mbits/sec                 
[SUM]   8.00-9.00   sec  3.94 MBytes  33.1 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   9.00-10.00  sec  1.78 MBytes  14.9 Mbits/sec                 
[  6]   9.00-10.00  sec  2.78 MBytes  23.3 Mbits/sec                 
[SUM]   9.00-10.00  sec  4.57 MBytes  38.3 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-10.00  sec  25.6 MBytes  21.5 Mbits/sec                  sender
[  4]   0.00-10.00  sec  25.6 MBytes  21.4 Mbits/sec                  receiver
[  6]   0.00-10.00  sec  25.3 MBytes  21.2 Mbits/sec                  sender
[  6]   0.00-10.00  sec  25.2 MBytes  21.1 Mbits/sec                  receiver
[SUM]   0.00-10.00  sec  51.0 MBytes  42.7 Mbits/sec                  sender
[SUM]   0.00-10.00  sec  50.7 MBytes  42.5 Mbits/sec                  receiver

Hello,

Are there know issues when using the Wireguard plugin with assigned Interfaces ?
Because eg. In particular I was able to reproduce two exotic behaviors:

setup:
Two Wg instances (site2site & roadies) on two Opnsense21.7.5  hw boxes.
Both instances are assigned to an Interface each.
Site2site works and the roadies work as well.

It seem that Wg. releated Firewall Rules do not apply correct to Wg. assigned interfaces and or work randomly or just work after a reboot?
See attached two screenshots - Just applied after a reboot !?

Further it is quiet often necessary to manually reload unbound to get it to work for wg roadies (...) ?

All ideas and knowledge will be appreciated !

Hello Opnsense team,

Tdy. I tried to show how great Opnsense is, We started with a fresh installation via serial which worked as already known perfectly great but the update process with all default settings worked not well at all > stucked with dots ............forever without any error or information at all. Did tried several things including bios settings and a reinstall without success. Finally I tried to manually change the mirror to something else and it worked as expected, hallelujah !

So either your default mirror is under attack or under super heavy load,  Anyway It would be cool to implement a solution for such situations to be able to deal with it.

Thanks and greets !

Hello,

Just trying to understand one aspect: If I choose IKEv2 with EAP-MSCHAPv2 for my Mac & Windows Roadie clients I only need to install the Certificates on the clients if I use a self signed Certs. right ?
If I do it with eg. acme - Let's encrypt I not need to install the certs on the clients, is that correct ?

Thanks !

Hello everybody, I try to solve a couple of thoughts and questions around Opnsense;


1. Outgoing rules
I think about outgoing rules and wonder why it is default to allow all traffic...Mabye it was a marketing decision for a good start for new users ?
From my perspective a fw. should drop all outgoing traffic default = equally to incoming traffic and following up and just based on specific needs opening specific ports/ranges and protocols to specific hosts or networks; I would set my bots or malware to call back via port 53, 80, 443, 123, etc. right ?

2. Proxy
Is it still appropriate to use a proxy (2021) or a good idea and if why to use caching for http traffic in terms of performance or security ?
If I use unbound with eg. quad9 as a resolver against malware + blacklist against ad and malware why I also or need to use the blacklist on a proxy level as well ?
I like the idea of blocking traffic on a dns basis in general. Please do not get me wrong I just try to understand and to evaluate the benefit of using a proxy in terms of security and performance except the killa feature of using http inspection as well as ssl inspection = which is a full time job to maintain indeed and also depends on the  scan engines are in use for a proper feeling of security ./ 
   
3. How to completely disable ipv6 in a proper way on Opnsense ?

4. Wireguard
Is there something coming up with 22.1 in terms of kernel module and or a wrapper for User management ?

Hello,

Imho I try to understand the default behavior of unbound on a default installation basis of Opnsense to decide which setup is recommended for my needs.

Unfortunately I was not able to find an equal documentation entry for Opnsense, Pfsense doc snip:

By default, the DNS Resolver queries the root DNS servers directly and does not use DNS servers configured under System > General Setup or those obtained automatically from a dynamic WAN. This behavior may be changed, however, using the DNS Query Forwarding option. By contacting the roots directly by default, it eliminates many issues typically encountered by users with incorrect local DNS configurations, and the DNS results are more trustworthy and verifiable with Domain Name System Security Extensions (DNSSEC).

Is it equal on Opnsense ?
Which results from a dhcp client perspective, the client gets the Opnsense ip as a dns server and Opnsense queries directly the root dns servers ?

If so, it means that the entries under System: Settings: General are getting ignored and will be never used unless I activate the DNS Query Forwarding option  Enable Forwarding Mode  true If I eg. wann use Quad9 there ?

Further I am pretty curious about the dns behavior If I start using Unbound DNS: DNS over TLS - Does this overrule all other dns rel. settings and if in which way ?

Thanks and Best !

Hello,

Just found the new Hardware from OpnSense and I am pretty impressed:
https://shop.opnsense.com/product-categorie/hardware-appliances/

Does it use Core Boot ?
Is anybody using this already and is willing to share experience and or benchmarks ?

Thx & Best

Hi,

is this on the roadmap ?

Best & greets

Hi,

I like the idea of blocking on dns level and now I am trying to understand how this is intendent to work here-

Eg. If I just want to use the predefined ones, I simply select eg. all check the enable button and done?
Doesn't look like....so I tried to schedule to download the unblound dsbl predefined ones, still no luck....

Or is it really necessary to extra add the corresponding urls. for the predefined ones as well....I thought its intendent for custom ones....Don't get it  ::)

Thx & Best

Hi,

I already tried a few tings but want to start from scratch so I resetet the opnsense 20.7.2 to factory defaults and everything except the wizard is untouched.

These are the bios settings (v4.12.0.3)

Code Select Expand

Boot order - type letter to move device to top.

  a USB
  b SDCARD
  c mSATA
  d SATA
  e mPCIe1 SATA1 and SATA2
  f iPXE (disabled)


  r Restore boot order defaults
  n Network/PXE boot - Currently Disabled
  u USB boot - Currently Enabled
  t Serial console - Currently Enabled
  k Redirect console output to COM2 - Currently Disabled
  o UART C - Currently Enabled
  p UART D - Currently Enabled
  m Force mPCIe2 slot CLK (GPP3 PCIe) - Currently Disabled
  h EHCI0 controller - Currently Disabled
  l Core Performance Boost - Currently Enabled
  i Watchdog - Currently Disabled
  j SD 3.0 mode - Currently Disabled
  g Reverse order of PCI addresses - Currently Disabled
  v IOMMU - Currently Disabled
  y PCIe power management features - Currently Disabled
  w Enable BIOS write protect - Currently Disabled
  x Exit setup without save
  s Save configuration and exit


First I connected my macbook via cat6 to the apu board on the lan port and wondering a bit about the ping times:

Code Select Expand

64 bytes from 192.168.1.1: icmp_seq=7 ttl=64 time=1.037 ms
64 bytes from 192.168.1.1: icmp_seq=8 ttl=64 time=0.798 ms
64 bytes from 192.168.1.1: icmp_seq=9 ttl=64 time=0.988 ms
64 bytes from 192.168.1.1: icmp_seq=10 ttl=64 time=1.153 ms
64 bytes from 192.168.1.1: icmp_seq=11 ttl=64 time=1.072 ms
64 bytes from 192.168.1.1: icmp_seq=12 ttl=64 time=0.755 ms
64 bytes from 192.168.1.1: icmp_seq=13 ttl=64 time=1.318 ms
64 bytes from 192.168.1.1: icmp_seq=14 ttl=64 time=0.911 ms
64 bytes from 192.168.1.1: icmp_seq=15 ttl=64 time=0.624 ms

Then I run iperf3 against the apu default:

Code Select Expand

./iperf3 -c 192.168.1.1             
Connecting to host 192.168.1.1, port 5201
[  4] local 192.168.1.100 port 61123 connected to 192.168.1.1 port 5201
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-1.00   sec  35.2 MBytes   295 Mbits/sec                 
[  4]   1.00-2.00   sec  34.5 MBytes   289 Mbits/sec                 
[  4]   2.00-3.00   sec  34.8 MBytes   292 Mbits/sec                 
[  4]   3.00-4.00   sec  35.4 MBytes   297 Mbits/sec                 
[  4]   4.00-5.00   sec  35.5 MBytes   298 Mbits/sec                 
[  4]   5.00-6.00   sec  35.4 MBytes   297 Mbits/sec                 
[  4]   6.00-7.00   sec  35.4 MBytes   297 Mbits/sec                 
[  4]   7.00-8.00   sec  35.8 MBytes   301 Mbits/sec                 
[  4]   8.00-9.00   sec  35.5 MBytes   298 Mbits/sec                 
[  4]   9.00-10.00  sec  35.5 MBytes   298 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-10.00  sec   353 MBytes   296 Mbits/sec                  sender
[  4]   0.00-10.00  sec   353 MBytes   296 Mbits/sec                  receiver


And again with -P 2 -t 20

Code Select Expand

./iperf3 -c 192.168.1.1 -p 5201 -P 2 -t 20
Connecting to host 192.168.1.1, port 5201
[  4] local 192.168.1.100 port 61125 connected to 192.168.1.1 port 5201
[  6] local 192.168.1.100 port 61126 connected to 192.168.1.1 port 5201
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-1.00   sec  34.5 MBytes   290 Mbits/sec                 
[  6]   0.00-1.00   sec  35.1 MBytes   294 Mbits/sec                 
[SUM]   0.00-1.00   sec  69.7 MBytes   584 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   1.00-2.00   sec  33.8 MBytes   284 Mbits/sec                 
[  6]   1.00-2.00   sec  34.6 MBytes   290 Mbits/sec                 
[SUM]   1.00-2.00   sec  68.4 MBytes   574 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   2.00-3.00   sec  34.0 MBytes   286 Mbits/sec                 
[  6]   2.00-3.00   sec  35.1 MBytes   294 Mbits/sec                 
[SUM]   2.00-3.00   sec  69.1 MBytes   580 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   3.00-4.00   sec  33.7 MBytes   282 Mbits/sec                 
[  6]   3.00-4.00   sec  34.7 MBytes   291 Mbits/sec                 
[SUM]   3.00-4.00   sec  68.3 MBytes   573 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   4.00-5.00   sec  34.2 MBytes   287 Mbits/sec                 
[  6]   4.00-5.00   sec  34.9 MBytes   293 Mbits/sec                 
[SUM]   4.00-5.00   sec  69.1 MBytes   580 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   5.00-6.00   sec  33.9 MBytes   284 Mbits/sec                 
[  6]   5.00-6.00   sec  34.6 MBytes   290 Mbits/sec                 
[SUM]   5.00-6.00   sec  68.5 MBytes   575 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   6.00-7.00   sec  32.8 MBytes   275 Mbits/sec                 
[  6]   6.00-7.00   sec  33.3 MBytes   279 Mbits/sec                 
[SUM]   6.00-7.00   sec  66.1 MBytes   555 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   7.00-8.00   sec  33.6 MBytes   282 Mbits/sec                 
[  6]   7.00-8.00   sec  34.4 MBytes   289 Mbits/sec                 
[SUM]   7.00-8.00   sec  68.1 MBytes   571 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   8.00-9.00   sec  33.4 MBytes   280 Mbits/sec                 
[  6]   8.00-9.00   sec  33.5 MBytes   281 Mbits/sec                 
[SUM]   8.00-9.00   sec  66.9 MBytes   561 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]   9.00-10.00  sec  33.0 MBytes   277 Mbits/sec                 
[  6]   9.00-10.00  sec  33.6 MBytes   282 Mbits/sec                 
[SUM]   9.00-10.00  sec  66.6 MBytes   559 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]  10.00-11.00  sec  34.3 MBytes   287 Mbits/sec                 
[  6]  10.00-11.00  sec  34.9 MBytes   293 Mbits/sec                 
[SUM]  10.00-11.00  sec  69.1 MBytes   580 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]  11.00-12.00  sec  34.0 MBytes   286 Mbits/sec                 
[  6]  11.00-12.00  sec  34.9 MBytes   293 Mbits/sec                 
[SUM]  11.00-12.00  sec  69.0 MBytes   578 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]  12.00-13.00  sec  33.8 MBytes   284 Mbits/sec                 
[  6]  12.00-13.00  sec  34.3 MBytes   288 Mbits/sec                 
[SUM]  12.00-13.00  sec  68.1 MBytes   572 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]  13.00-14.00  sec  32.6 MBytes   274 Mbits/sec                 
[  6]  13.00-14.00  sec  33.1 MBytes   277 Mbits/sec                 
[SUM]  13.00-14.00  sec  65.7 MBytes   551 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]  14.00-15.00  sec  26.6 MBytes   223 Mbits/sec                 
[  6]  14.00-15.00  sec  27.0 MBytes   226 Mbits/sec                 
[SUM]  14.00-15.00  sec  53.6 MBytes   449 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]  15.00-16.00  sec  27.0 MBytes   226 Mbits/sec                 
[  6]  15.00-16.00  sec  27.3 MBytes   229 Mbits/sec                 
[SUM]  15.00-16.00  sec  54.3 MBytes   456 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]  16.00-17.00  sec  27.6 MBytes   231 Mbits/sec                 
[  6]  16.00-17.00  sec  27.9 MBytes   234 Mbits/sec                 
[SUM]  16.00-17.00  sec  55.5 MBytes   465 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]  17.00-18.00  sec  27.7 MBytes   232 Mbits/sec                 
[  6]  17.00-18.00  sec  27.9 MBytes   234 Mbits/sec                 
[SUM]  17.00-18.00  sec  55.6 MBytes   466 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]  18.00-19.00  sec  27.6 MBytes   231 Mbits/sec                 
[  6]  18.00-19.00  sec  27.8 MBytes   233 Mbits/sec                 
[SUM]  18.00-19.00  sec  55.4 MBytes   465 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[  4]  19.00-20.00  sec  27.6 MBytes   231 Mbits/sec                 
[  6]  19.00-20.00  sec  27.7 MBytes   232 Mbits/sec                 
[SUM]  19.00-20.00  sec  55.3 MBytes   464 Mbits/sec                 
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-20.00  sec   636 MBytes   267 Mbits/sec                  sender
[  4]   0.00-20.00  sec   636 MBytes   267 Mbits/sec                  receiver
[  6]   0.00-20.00  sec   647 MBytes   271 Mbits/sec                  sender
[  6]   0.00-20.00  sec   647 MBytes   271 Mbits/sec                  receiver
[SUM]   0.00-20.00  sec  1.25 GBytes   538 Mbits/sec                  sender
[SUM]   0.00-20.00  sec  1.25 GBytes   538 Mbits/sec                  receiver


Can somebody confirm equal results ?

The cpu boost seems to go dynamic up to 1400MHz without the turnables set and seem to have no effect on iperf tests but maybe on proxy and idp !?
https://github.com/pcengines/apu2-documentation/blob/master/docs/apu_CPU_boost.md

Does somebody ?

Futher I was woundering that I was not able to get simular results based on this:
https://teklager.se/en/knowledge-base/opnsense-performance-optimization/

Somebody ?

Dear all,

I am on the go switchin from Sophos to OpnSense...for many good reasons...

Therefore I thought if it's possible and a good idea- ideally painless to install OpnSense onto my reds (15 and 50) for my remote sites indeed !?

Does anybody has tried that yet and or could share their experineces about that ?

Best & Greets!