Messages

106

24.7 Production Series / Re: Video Doorbells/IOT Devices

« on: September 16, 2024, 03:34:27 pm »

I run IoT devices in separate VLAN. And no such issue.

Are you sure your IoT devices are connected to the WiFi?
Try to ping them.

Regard,
S.

107

24.7 Production Series / Re: How to delete Cron created by the IDS service, that is no longer being used

« on: September 16, 2024, 09:57:12 am »

Are you speaking about the cronjobs visible in System > Settings > Cron?

Those are created using configd in

Code: [Select]

/usr/local/opnsense/service/conf/actions.d/
Have a look there in the files, find the related task in the file that contains it and remove the task.
https://docs.opnsense.org/development/backend/configd.html

Regards,
S.

108

24.7 Production Series / Re: upgrade to 24.7.4 worked perfectly

« on: September 14, 2024, 12:32:21 pm »

Same here, Upgrade went smooth and the new Snapshot function via GUI is superb (dont need to log via CLI anymore).

BTW the Microcode for intel N100 got updated as well!
Before was 0x17 the latest
Newest is 0x1a

Regards,
S.

109

24.7 Production Series / Re: VLAN Issue?

« on: September 13, 2024, 11:10:11 am »

You can compare configs via the GUI to see what you changed

Regards,
S.

110

Hardware and Performance / Re: CPU stuck at 2001

« on: September 13, 2024, 11:05:35 am »

That CPU doesn't support Intel SpeedShift. Which means even if FreeBSD supports it the CPU will not load it. In the boot log you can see if Intel SpeedShift is recognized and used just grep it out.

However if you CPU doesn't use Intel SpeedShift than it can be controlled by PowerD. Usually if you have CPU with Intel SpeedShift you disable PowerD. And if not its vise versa (Its not mandatory to use PowerD if Intel SpeedShift is not present)

Check if you have PowerD enabled and what setting is choosed. Try to disable it, or if its enabled change it to HiAdaptive.

Regards,
S.

111

Zenarmor (Sensei) / Re: Installation done, but Interfaces misconfig and zones not save?

« on: September 11, 2024, 10:40:17 am »

What you showed are routes that OPNsense knows. It will not show connected devices.

If you want to see what is connected to your OPNsense, If OPNsense is a GW for that device / subnet go and check the ARP table.


The TAGs in Zenarmor aka "ZONEs" are there to identify specific ZONEs like WAN, LAN, VPN etc. BY default you need  two TAGs>

wan - which should be on your WAN interface
lan - which should be on your LAN interfaces or parent interface for the LAN

You can not misplace these, if you assign lan TAG on interface that carries WAN traffic you will get wrongly discovered endpoints and you will most likely see what you see.

You can not have LAN and WAN traffic on the same port or the same Parent port.

Regards,
S.

112

24.7 Production Series / Re: VLAN Issue?

« on: September 11, 2024, 10:27:38 am »

The i226-V is compatible.

As mentioned by @Jata go to your interface assignments and check if the interfaces are assigned "created" in the OPNsense.

Regards,
S.

113

General Discussion / Re: How to Ads blocking like PiHole with OPNSense?

« on: September 07, 2024, 01:37:01 pm »

Well put in extra block lists?

https://github.com/hagezi/dns-blocklists

I use the multi Pro+ and TIF + some other per my need.

Regards,
S.

114

Virtual private networks / Re: Help with unstable wireguard

« on: September 07, 2024, 01:34:47 pm »

I have to ask again,

Did you do MSS clamping as is advised in the Docs?
The MTU is set where on OPNsense, on the WG interface or in the WG configuration?

Regards,
S.

115

Hardware and Performance / Re: Help needed with upload speed loss in a 1 Gbit/s PPPoE connection

« on: September 07, 2024, 01:32:17 pm »

Well glad it works for you now as expected.

And yest those offload settings and VLAN HW filtering should be like always disabled. It tents to cause more problems.


P.S. Change your topic description with  [SOLVED] from of it. Lets keep the forum clean

Regards,
S.

116

Hardware and Performance / Re: Help needed with upload speed loss in a 1 Gbit/s PPPoE connection

« on: September 06, 2024, 04:27:11 pm »

It helps with bufferbloat, but reduces throughput a bit. Its a tradeoff.

So that's why I am asking, you would see a bit decrease in throughput like you describe if you would run shaper.

But re-reading your input, when you put OPNsense WAN on DHCP you have seen the targeted throughput. When its PPPoE you see a slight decrease. All of this without Shaper enabled.

Not sure if I recall correctly but PPPoE is a bit tricky, I know there are posts on the forum where people were dealing with something similar in regards of PPPoE. You tried as well tunables, specifically did you enable RSS? And did you have it properly configured?

Regards,
S.

117

Hardware and Performance / Re: Help needed with upload speed loss in a 1 Gbit/s PPPoE connection

« on: September 06, 2024, 04:11:54 pm »

Do you have a shaper configured?

Regards,
S.

118

24.1 Legacy Series / Re: Problems with router and wifi

« on: September 06, 2024, 03:57:53 pm »

Go to Firewall > Nat > Outbound

Make a picture and show what is configured there


From a laptop connected on the WiFi. Do following:

A.

Code: [Select]

ping YOUR_GW_IP
B.

Code: [Select]

tracert YOUR_GW_IP
C.

Code: [Select]

ping 8.8.8.8
D.

Code: [Select]

tracert 8.8.8.8
E.

Code: [Select]

nslookup google.com

Show the outputs of what is in our NAT configuration and the commands (if its linux use traceroute instead of tracert)

Regards,
S.

119

Virtual private networks / Re: Help with unstable wireguard

« on: September 05, 2024, 09:50:15 am »

Check the logs in the VPN > Wireguard > Logs. See whats going in there.

Other than that, did you do MSS clamping for Wireguard as its in the docs?
And what is your MTU set on the Wireguard client on your phone?
Are you using IPs as your Tunnel endpoint or domains?

Regards,
S.

120

24.1 Legacy Series / Re: Problems with router and wifi

« on: September 05, 2024, 09:47:48 am »

Check if you have properly NAT configured. As your providers router gave the OPNsense WAN a Private IP its highly possible you are missing proper NAT rule.

Regards,
S.