Messages

Fixed it, it turns out that it was a bad ethernet cable. Thanks for all the help

It sounds like either the adaptors or other hardware is limiting. Please check the LAN interface is getting set to the correct speed ie. "1000baseT <full-duplex>" or whatever is right for your hardware, but that is above 100. It sounds like it might be syncing at 100.

You are 100% correct! it is 100baseT in my LAN interface overview. I think this is some kind of issue with my aliexpress Topton PC since it has the newer i226 intel NIC. Anyone know of a workaround?

I don't think the hardware is the issue since it's a n5105 celeron and the CPU is only  at about 30% usage when I check the dashboard. I have only 4gb ram but even this is at about 50% usage at maximum. I have disabled all intrusion prevention (zenarmot and suricata) but still get the same 95MBps rate even when just running iperf between my Mac directly connected to the opnsense box with a cat6 ethernet cable. The fact that all network speed tests hover around 85 to 95Mbps make me think something is setting a speed limit in opnsense.

Has anyone experienced something similar?

Not sure if this is the right forum to post this but i have just set up a mini pc running opnsense and ran iperf using a cat 6 cable connected from the LAN port of the mini PC directly into my macbook (through an ethernet to usb C adaptor) and it gave me speeds around 95Mbits/sec. I tried using macbook connected to 5ghz wifi from access point connected via cat 6 ethernet (to eliminate the USB-c adaptor as the cause of the problem) and still got the same speeds. Running speedtest on my laptop using Ookla also gives 95Mbits/sec using either wifi or ethernet cat6 cable direct to opnsense router. Yet speedtest directly from opnsense is 250Mbits/sec (the speed that i'm paying for). Any ideas why this might happen? I'm thoroughly confused

Thanks

The communication on the same VLAN is not regulated by the firewall, because they are in the same network, there is no routing, UNLESS the switch or APs provide client isolation, That is a feature you will usually find only when the insfrastructure also supports VLANs.

The systematic approach is to categorize devices and put them in separate VLANs and regulate communications between the categories, not between individual clients.

This makes perfect sense. If I end up getting some unifi access points, I assume I need to make a few different SSIDs (for trusted and non trusted) and assign different vlan tags go these different SSIDs using the unifi software and then the same tags on opnsense. Is this correct?

Also until I purchase the new access points and switches, is there an option to make a firewall rule blocking all communication from my non trusted devices to my trusted devices? I only have two laptops and two phones so couldn't I just make aliases for the trusted IPs and non trusted IPs and only allow one way communication from trusted to non trusted? What are the disadvantages of this versus VLANs? Thanks again for the help

Given enough free ports on the OPNsense device you can build a port based VLAN with a bridge interface.

This idea appeals to me since I have a quad NIC and am currently only using two ports (lan and wan). Does this mean I need separate access points for the IOT and trusted networks though?

Thanks

Hi,
I'm new to opnsense and have a very simple network with no switches and opnsense running on a mini PC connected to Asus 86u as access point (+asus 68u as added mesh point). I have about 20 IOT clients including smart light bulbs, xiaomi gateway with child clients, conbee zigbee gateway with child clients and also a Kodi media server + home assistant server. I want these components to be blocked from contacting my phones and laptops so wish to setup two VLANs for trusted and non trusted clients.

I don't really understand how to configure the VLANs as some of my non trusted clients connect ethernet to the access point while others connect via Wifi. Do i have to have all the IOT components connected to the same Wifi SSID for this to work? If not, how can i separate the components into the two VLANs? Also, from what i understand Asus AC86u is a pain to setup VLANs so plan to purchase some Unifi access points. Do i have to do this or can i get away keeping my current setup?

Thanks in advance

Thanks for the reply. Ethernet cabling is out of the question for now since i don't have suitable ceiling space or carpet so it sounds like a LR AP +/- a secondary mesh AP (if needed) may be the way to go. The other end of the house not reached by the primary wired AP will be the bedroom so i don't mind as much if the signal is weak since we primarily use our gadgets in the main living area

Hi, networking noobie here trying to get started with opnsense. I just bought a topton mini PC with quad NIC to run opnsense and am not sure which access points to setup. I live in a large single storey house with no ethernet cabling so probably need two access points with wifi backhaul for one. Otherwise I could use a powerline adaptor to wire the second accesss point. Can anyone recommend which access point might work best for my situation? I prefer wifi 6 so am thinking ubiquiti lite but not sure how I'm going to power the second one since they can only be powered with PoE

Thanks in advance