"Recent posts
#1
Hardware and Performance / Multi Threaded PPPOE For Multi...
Last post by jacknife - Today at 07:49:21 PMHello I know about the ways to get PPPOE multi gig speeds with a VM of OPNsense, but I do not want that extra layer.
Is there a way I can do a feature request, or donate or something to help get this feature?
Absolutely love OPNsense, have a ton of servers relying on it.
Is there a way I can do a feature request, or donate or something to help get this feature?
Absolutely love OPNsense, have a ton of servers relying on it.
#2
25.7, 25.10 Series / Re: Intel Thermal Sensor Virtu...
Last post by pfry - Today at 07:45:13 PM"None/ACPI" may be worth a try. I have a Gigabyte board that exports a bunch of sensors via ACPI, including some from add-in cards; my Asrock boards do not.
#3
General Discussion / Re: Can’t get the shaper on OP...
Last post by Seimus - Today at 07:23:14 PMQuote from: mooh on Today at 07:11:53 PMI'm guessing that physical bandwidth below pipe bandwidth may mess with the scheduling.
You are correct. You can not shape BW you do not have.
Imagine for example where you have an ISP contracted WAN throughput of 10Mbit/s.
You set your Pipe to 10Mbit/s and split it using WFQ, you give 5Mbit/s to one Queue and 5 Mbit/s to other.
Now lets say the ISP given BW us highly variable and drops to 5Mbit/s. If one of those Queues goes full it technically eats all the real available BW at the time causing a partial starvation on the other. Because services like DNS are UDP based, packets are dropped without any mechanism to recover it. Thus you may get timeout for DNS.
Regards,
S.
#4
General Discussion / Re: Can’t get the shaper on OP...
Last post by mooh - Today at 07:11:53 PMThanks guys, your discussion adds valuable information that helped me get my setup running (finally). But while experimenting with the settings I noticed something:
At a site with limited upload capacity, traffic from one network needs to be de-prioritised when other traffic is present. So, I added an upload pipe with the full nominal bandwidth to the ISP, added two weighted queues and the rules (great to have interface pairs in rules!). Generally, everything works as expected. Occasionally however, I get DNS resolution failures on the hi-prio networks while the low-prio network is uploading at full speed. This has not been observed before using traffic shaping. I'm not 100% sure what is going on. Shifting queue weights doesn't seem to do much to solve the issue. Latest test is to lower the pipe bandwidth to a few Mbits below the nominal bandwidth because the connection is via VDSL and the actual bandwidth is fluctuating somewhat. I'm guessing that physical bandwidth below pipe bandwidth may mess with the scheduling.
Since the DNS timeouts occur only sporadically, I can't be sure if this really fixes the issue. Has anyone else seen this and is there a know solution?
At a site with limited upload capacity, traffic from one network needs to be de-prioritised when other traffic is present. So, I added an upload pipe with the full nominal bandwidth to the ISP, added two weighted queues and the rules (great to have interface pairs in rules!). Generally, everything works as expected. Occasionally however, I get DNS resolution failures on the hi-prio networks while the low-prio network is uploading at full speed. This has not been observed before using traffic shaping. I'm not 100% sure what is going on. Shifting queue weights doesn't seem to do much to solve the issue. Latest test is to lower the pipe bandwidth to a few Mbits below the nominal bandwidth because the connection is via VDSL and the actual bandwidth is fluctuating somewhat. I'm guessing that physical bandwidth below pipe bandwidth may mess with the scheduling.
Since the DNS timeouts occur only sporadically, I can't be sure if this really fixes the issue. Has anyone else seen this and is there a know solution?
#5
General Discussion / Re: Where is TCP processed - C...
Last post by Seimus - Today at 07:09:28 PMQuote from: chemlud on Today at 03:01:11 PMTells me what? ;-)Tells you if there is something on the device itself beyond the NIC that could case the behaviour.
Yea the next step would be to mess with the driver. Best do it indeed locally.
Regards,
S.
#6
25.7, 25.10 Series / wireguard - totally disable ke...
Last post by FredFresh - Today at 07:00:02 PMI want to totally disable the keepalive signal to peers of wireguard connections, is it possible?
If I put nothing in the box, it sends signals. If I put 0, it is not allowed. It seems the only thing I can do is to use the maximum value allowed of 65535 secs.
Thanks
If I put nothing in the box, it sends signals. If I put 0, it is not allowed. It seems the only thing I can do is to use the maximum value allowed of 65535 secs.
Thanks
#7
25.7, 25.10 Series / Re: How to increase a proxmox ...
Last post by dgrns - Today at 06:50:59 PMThis was a timely nugget of information.
I'm trying to reproduce a multi-site wireguard site-to-site issue and am using VMs to mimic the environments. My VM template disk was too small, but with `touch /.probe.for.growfs` I was back up and running in minutes...
And also a big thanks to @Maurice for the aarch64 images!
I'm trying to reproduce a multi-site wireguard site-to-site issue and am using VMs to mimic the environments. My VM template disk was too small, but with `touch /.probe.for.growfs` I was back up and running in minutes...
And also a big thanks to @Maurice for the aarch64 images!
#8
German - Deutsch / Re: Bridge mit VXLAN verschluc...
Last post by EFS - Today at 06:40:25 PMHallo Patrick,
ich habe folgende gesetzt:
Auch nach dem Ändern der Tunables, inkl. Neustart der OPNsense, hat sich leider nichts geändert.
ich habe folgende gesetzt:
- net.link.bridge.pfil_member = 0
- net.link.bridge.pfil_bridge = 1
Auch nach dem Ändern der Tunables, inkl. Neustart der OPNsense, hat sich leider nichts geändert.
#9
25.7, 25.10 Series / Re: python -- several vulnerab...
Last post by franco - Today at 06:38:52 PMPython has not gone ahead with releasing a new version yet. It was met with a bit of irritation. For now it is what it is.
Cheers,
Franco
Cheers,
Franco
#10
25.7, 25.10 Series / Re: Unbound to DNSmasq/KEA?
Last post by readr00m - Today at 06:26:13 PMI just have a small homelab setup, so I moved to dnsmasq for DHCP only and kept unbound for DNS. I was using KEA for a period of time and it worked fine, but I read that KEA is better for larger setups and smaller/personal setups are better with dnsmasq.
