"Recent posts
#1
Hardware and Performance / Re: latencyspikes of seconds ...
Last post by thelittleblackbird - Today at 10:54:14 AMas extra information i run a speed test LAN - DMZ via iperf3:
I tried to simulate a high packet rate with a small payload to see if this reproduces the issue, and while the interrupts and system tasks were significantly higher, both of them reached only around 70% of the processor (not great but it could be acceptable).
Could this test suggests that it has something to do with the NAT or perhaps with any WAN rule? (can we discard pf general performance issue?)
Quoteiperf3 -c clouddocker.dmz.home.internal -p 4000 -M 400 -P 8 -l 9000
I tried to simulate a high packet rate with a small payload to see if this reproduces the issue, and while the interrupts and system tasks were significantly higher, both of them reached only around 70% of the processor (not great but it could be acceptable).
Could this test suggests that it has something to do with the NAT or perhaps with any WAN rule? (can we discard pf general performance issue?)
#2
26.1, 26,4 Series / Re: Hostnames not resolving
Last post by jssmithdev81 - Today at 10:47:00 AMAhh I know what I've done I didnt enter them in the A records bit, thanks its all working now lol.
Ever so sorry my brain mustn't have been working then obviously.
Thanks ever so much for all your help.
Ever so sorry my brain mustn't have been working then obviously.
Thanks ever so much for all your help.
#3
Hardware and Performance / Re: Stuck in "Administer Secur...
Last post by vpx23 - Today at 10:22:29 AMFreeBSD does not use secure boot so I guess you can safely choose "Restore Secure Boot to Factory Settings".
The option "Enforce Secure Boot" is greyed out, I found this information in the docs of a Honeywell RT10W tablet:
The option "Enforce Secure Boot" is greyed out, I found this information in the docs of a Honeywell RT10W tablet:
QuoteEnabling "Enforce Secure Boot" will not work, as the option is greyed out. This is due to missing credentials. To get default credentials inserted, the option "Restore Secure Boot to Factory Settings" needs to be enabled. A following reboot is required. Afterwards "Enforce Secure Boot" is available.https://sps-support.honeywell.com/s/article/RT10W-In-the-BIOS-Enforce-Secure-Boot-is-grayed-out
#4
26.7 Development Series / Re: OPNsense 26.7-BETA images
Last post by patient0 - Today at 10:20:18 AMForgot: thanks franco for the remark about "... go to option 8 and type "opnsense-installer" in the console.", I didn't know that.
Syste: Firmware: Reporter (without the dmesg)
Quote from: franco on Today at 09:58:02 AMThis patch should help:That didn't resolve it for me, the patch did apply find though.
# opnsense-patch https://github.com/opnsense/core/commit/5716c7184
Syste: Firmware: Reporter (without the dmesg)
Code Select
--- system information ---
User-Agent Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0
FreeBSD 15.1-RELEASE volatile/26.7-n283588-da0c912a9737 SMP amd64
OPNsense 26.7.b_110 a1d16690c
Plugins os-bind-devel-1.34_2 os-crowdsec-devel-1.0.12 os-git-backup-devel-1.1_3 os-nextcloud-backup-devel-1.2 os-qemu-guest-agent-devel-1.3 os-sftp-backup-devel-1.1_2 os-tailscale-devel-1.4 os-tayga-devel-1.5 os-theme-cicada-devel-1.41_1 os-theme-rebellion-devel-1.9.4 os-theme-vicuna-devel-1.51 os-zerotier-devel-1.3.2_6
Time Sat, 27 Jun 2026 10:14:26 +0200
OpenSSL 3.5.7
Python 3.13.14
PHP 8.5.7
--- PHP Errors: ---
[27-Jun-2026 10:11:35 Europe/Berlin] ErrorException: fputcsv(): the $escape parameter must be provided as its default value will change in /usr/local/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php:198
Stack trace:
#0 [internal function]: {closure:/usr/local/opnsense/www/api.php:27}(8192, 'fputcsv(): the ...', '/usr/local/opns...', 198)
#1 /usr/local/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php(198): fputcsv(Resource id #9, Array, ';', '\\')
#2 /usr/local/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/MigrationController.php(79): OPNsense\Base\ApiControllerBase->exportCsv(Array)
#3 /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Dispatcher.php(166): OPNsense\Firewall\Api\MigrationController->downloadOutboundAction()
#4 /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Router.php(156): OPNsense\Mvc\Dispatcher->dispatch(Object(OPNsense\Mvc\Request), Object(OPNsense\Mvc\Response), Object(OPNsense\Mvc\Session))
#5 /usr/local/opnsense/mvc/app/library/OPNsense/Mvc/Router.php(139): OPNsense\Mvc\Router->performRequest(Object(OPNsense\Mvc\Dispatcher))
#6 /usr/local/opnsense/www/api.php(36): OPNsense\Mvc\Router->routeRequest('/api/firewall/m...', Array)
#7 {main}
[27-Jun-2026 10:11:58 Europe/Berlin] PHP Warning: Undefined array key "network" in /usr/local/www/firewall_nat_out.php on line 471
Shall I open an GH issue for it? #5
26.7 Development Series / Re: OPNsense 26.7-BETA images
Last post by patient0 - Today at 10:12:57 AMQuote from: newsense on Today at 10:05:41 AM@patient0 Thanks. And your setting in Outbound NAT was Automatic, Hybrid or Manual?@newsense: it is set to 'Hyprid'
#6
26.1, 26,4 Series / Re: Maltrails fail2ban doesn't...
Last post by Taomyn - Today at 10:11:13 AMQuote from: franco on Today at 09:59:34 AMIt's going to be available in 26.1.11 and 26.4.1p1.Thank-you
Cheers,
Franco
#7
26.7 Development Series / Re: OPNsense 26.7-BETA images
Last post by newsense - Today at 10:05:41 AM@patient0 Thanks. And your setting in Outbound NAT was Automatic, Hybrid or Manual?
#8
Hardware and Performance / Re: latencyspikes of seconds ...
Last post by thelittleblackbird - Today at 10:00:46 AMNope, intel NIC
I dont think it has something to do with the NIC, remember that when i disable the FW the load of the system under the same test is < 18%....
I am pretty sure it is something related to the processing of the rules / NAT. But i am surprised by the numbers i get and i can not imagine what is going on...
Code Select
root@OPNsense:~ # pciconf -lv | grep -A4 ethernet
subclass = ethernet
igb1@pci0:2:0:0: class=0x020000 rev=0x03 hdr=0x00 vendor=0x8086 device=0x1539 subvendor=0x8086 subdevice=0x0000
vendor = 'Intel Corporation'
device = 'I211 Gigabit Network Connection'
class = network
subclass = ethernet
igb2@pci0:3:0:0: class=0x020000 rev=0x03 hdr=0x00 vendor=0x8086 device=0x1539 subvendor=0x8086 subdevice=0x0000
vendor = 'Intel Corporation'
device = 'I211 Gigabit Network Connection'
class = network
subclass = ethernet
igb3@pci0:4:0:0: class=0x020000 rev=0x03 hdr=0x00 vendor=0x8086 device=0x1539 subvendor=0x10f3 subdevice=0x0101
vendor = 'Intel Corporation'
device = 'I211 Gigabit Network Connection'
class = network
subclass = ethernet
I dont think it has something to do with the NIC, remember that when i disable the FW the load of the system under the same test is < 18%....
I am pretty sure it is something related to the processing of the rules / NAT. But i am surprised by the numbers i get and i can not imagine what is going on...
#9
26.1, 26,4 Series / Re: Maltrails fail2ban doesn't...
Last post by franco - Today at 09:59:34 AMIt's going to be available in 26.1.11 and 26.4.1p1.
Cheers,
Franco
Cheers,
Franco
#10
26.7 Development Series / Re: OPNsense 26.7-BETA images
Last post by franco - Today at 09:58:02 AMThis patch should help:
# opnsense-patch https://github.com/opnsense/core/commit/5716c7184
Cheers,
Franco
# opnsense-patch https://github.com/opnsense/core/commit/5716c7184
Cheers,
Franco
