"Recent posts
#1
General Discussion / Re: Port OPNsense to Linux?
Last post by pfry - Today at 10:20:17 PMQuote from: Patrick M. Hausen on Today at 08:47:27 PMAgain: why not simply use an existing Linux based firewall product like IPfire?[...]
Heh: Did they ever fix their one-VLAN limitation?
It's too bad Vyatta was sold so many times. A victim of endless management musical chairs. DANOS was kind of interesting. I imagine Ciena will dump it if AT&T and IBM stop paying for it.
#2
26.1 Series / Re: New IPv6 address assignmen...
Last post by meyergru - Today at 10:14:55 PMIt does not do that per default. Identity association is the new version of the former "Track Interface". Thus, it depends on how many bits you have in your parent interface's prefix delegation size. AFAIK, you need a shorter than /64 prefix in order to be able to supply a full /64 prefix to any interface.
Maybe your ISP does not give you a /56 (which is pretty much the default) or you did not request as much on your WAN. How many bits is your IA_PD prefix?
Perhaps you should take a look at the official docs: https://docs.opnsense.org/manual/ipv6.html
Or my IPv6 guide (which is still based on track interface): https://forum.opnsense.org/index.php?topic=45822.0
Maybe your ISP does not give you a /56 (which is pretty much the default) or you did not request as much on your WAN. How many bits is your IA_PD prefix?
Perhaps you should take a look at the official docs: https://docs.opnsense.org/manual/ipv6.html
Or my IPv6 guide (which is still based on track interface): https://forum.opnsense.org/index.php?topic=45822.0
#3
26.1 Series / Re: Protectli FW6E cannot get ...
Last post by CyberTend - Today at 10:14:42 PMWooHOO, thanks so much, disabling VGA console and USB based serial ports did the trick.
#4
Tutorials and FAQs / Re: HOWTO - Redirect all DNS R...
Last post by yourfriendarmando - Today at 09:50:46 PMI just block outgoing access to port 853. I have it in an alias full of ports clients have no business accessing.
The alias is used in a Floating rule to block local nets from accessing ports to !local nets
The alias is used in a Floating rule to block local nets from accessing ports to !local nets
#5
Hardware and Performance / Re: Throughput on WAN took a n...
Last post by meyergru - Today at 09:28:38 PMI know. I edited in parallel and now augmented my post.
#6
Hardware and Performance / Re: Throughput on WAN took a n...
Last post by Patrick M. Hausen - Today at 09:27:55 PMQuote from: meyergru on Today at 09:25:15 PMVirtio or passthru NICs?
They wrote passthrough just above :-)
#7
Hardware and Performance / Re: Throughput on WAN took a n...
Last post by meyergru - Today at 09:25:15 PMSigh. I wish people would actually say if they use Proxmox underneath anything before asking seemingly unrelated questions...
Didn't I write something to that extent? Ah, yes, here, point 16.
While we are at this, also take a look at points 10, 22 and 27.
Also: How exactly did you set up your OpnSense under PVE?Virtio or passthru NICs? Did you use multiqueue on the PVE NICs in the VM definition?
You now answered that - in case you use Realtek physical NICs, you inherit all the problems in point 6 of the READ ME FIRST article.
Maybe it is time to also look at: https://forum.opnsense.org/index.php?topic=44159.0, with a caveat that the "hardware checksumming" on virtio interfaces may be fixed already and can be left enabled. If you disabled it before, maybe that explains why the VM became slower.
Didn't I write something to that extent? Ah, yes, here, point 16.
While we are at this, also take a look at points 10, 22 and 27.
Also: How exactly did you set up your OpnSense under PVE?
You now answered that - in case you use Realtek physical NICs, you inherit all the problems in point 6 of the READ ME FIRST article.
Maybe it is time to also look at: https://forum.opnsense.org/index.php?topic=44159.0, with a caveat that the "hardware checksumming" on virtio interfaces may be fixed already and can be left enabled. If you disabled it before, maybe that explains why the VM became slower.
#8
Virtual private networks / Re: Issues with new "IPSec" ve...
Last post by viragomann - Today at 09:21:24 PMQuote from: mrzaz on March 29, 2026, 11:10:16 PMYou only have the following in PSK setting:The ID settings in question are in the local and remote authentication settings. ID is short for identifier.
Local Identifier Here I use my WAN IP.
Remote Identifier Here I use a Distinguished name (same as used in legacy Distinguished name and is a xxx.yyy.zz domain name)
Pre-Shared Key Our joint and unique PSK as set in both ends.
Type PSK
There is really no "Id" to specify here apart from Local and Remote identifier.
In the local specify the same string as the local identifier in the PSK.
And in the remote the same as remote identifier.
#9
Hardware and Performance / Re: Throughput on WAN took a n...
Last post by nullspace - Today at 09:19:31 PMQuote from: Greg_E on Today at 08:26:41 PMSo this is Proxmox... Can it handle the hardware offloading, or is this turned off? If you have it off, can you turn it on. Or the other way around depending on the circumstances.
The NICs are given to opensense with PCI passthrough raw.
#10
General Discussion / Re: Port OPNsense to Linux?
Last post by Patrick M. Hausen - Today at 08:47:27 PMAgain: why not simply use an existing Linux based firewall product like IPfire?
The concepts of the core packet filter, routing, and virtual network components in FreeBSD vs. Linux are so fundamentally different that it's not a matter of heavy lifting. IMHO it plain does not make sense.
The concepts of the core packet filter, routing, and virtual network components in FreeBSD vs. Linux are so fundamentally different that it's not a matter of heavy lifting. IMHO it plain does not make sense.
