"Recent posts
#1
General Discussion / Re: P2P gaming between two com...
Last post by fornax - Today at 07:36:07 AMThanks for the response. I'm aware of the security implications of UPnP. It's not ideal, but there are a few things it seems to be necessary (or at least the lesser evil) for. But I've tried so many things over the last few days that it's indeed possible I can get away with disabling it now. I'll test that; thanks for mentioning it.
It does. Our current workaround is actually for one of us to connect to the old router which now sits outside the OPNSense network; similar concept. Ultimately though I'd like to get everything under OPNSense. I wouldn't have spent so much time on this if I didn't know it's possible (as the old router handled it without any specific configuration). But it seems to be tricky to get two machines on the same network to connect to each other via a P2P network like Rockstar uses for GTA Online. Still plugging away at it.
Quote from: nero355 on May 25, 2026, 11:26:32 PMDoes your network have Managed Switches that can handle VLAN Tagging ?
If so, then just create a VLAN in which you connect the ISP Router as a Untagged Device and forward it also Untagged to the LAN Ports of the two Gaming PC's and you are DONE! :)
It does. Our current workaround is actually for one of us to connect to the old router which now sits outside the OPNSense network; similar concept. Ultimately though I'd like to get everything under OPNSense. I wouldn't have spent so much time on this if I didn't know it's possible (as the old router handled it without any specific configuration). But it seems to be tricky to get two machines on the same network to connect to each other via a P2P network like Rockstar uses for GTA Online. Still plugging away at it.
#2
26.1, 26,4 Series / Intel ucode Plugin vs Package
Last post by BrandyWine - Today at 04:32:44 AMI have the latest 26.1.x_x version of community OPNsense installed, but I see I still have the OPNsense Intel ucode v1.1 Plugin installed, and also the ucode package "cpu-microcode-intel-20260227" and the "os-cpu-microcode-intel-1.1". Is the plugin even needed if the latest ucode is in the Intel package?
IIRC, long ago I though in some of the upgrade text it had mentioned something about the plugin being deprecated, or something like that.
IIRC, long ago I though in some of the upgrade text it had mentioned something about the plugin being deprecated, or something like that.
#3
General Discussion / Re: Average CPU temperature go...
Last post by newsense - Today at 02:19:22 AMIn Reporting-Settings click on the 3 Reset buttons. Don't repair anything, never works.
You should reset things regularly else the databases grow and in case of corruption peg the CPU. ( Never seen the DNS one having issues yet but it is best to be safe than sorry )
You should reset things regularly else the databases grow and in case of corruption peg the CPU. ( Never seen the DNS one having issues yet but it is best to be safe than sorry )
#4
26.1, 26,4 Series / Re: BOOT LOADER IS TOO OLD. PL...
Last post by newsense - Today at 01:58:32 AM> is there anything I have to be aware
Yes. FreeBSD 15.1 is coming out in July. I wouldn't rush things now since your boot loader is not that old.
FYI, I did a vm just fine. For the rest of the HW I'll just wait until I am on 15.1
Yes. FreeBSD 15.1 is coming out in July. I wouldn't rush things now since your boot loader is not that old.
FYI, I did a vm just fine. For the rest of the HW I'll just wait until I am on 15.1
#5
General Discussion / Multi-WAN IPv6 Prefix Deprecat...
Last post by ciaduck - Today at 12:03:11 AMI'm having some issues with multi-wan failover using IPv6.
WAN is DHCPv6
WAN2 is set to SLAAC via LTE Modem, I'm not as concerned that this doesn't seem to work for ipv6 at the moment. I've been able to get things to work with NPT, but I think I will assign dedicated NAT addresses in the future, because NPT needs to also be updated every time the WAN prefix changes.
LAN is set to "Track Interface"
I'm using radv "Router Advertisements" in the services.
It set to "Assisted" with "Automatic" source address.
I've not set any advanced options, everything is default.
I tested my failover by unplugging the cable from my cable modem. When service was restored, the gateway monitoring functioned, and fail to LTE was fine. Once I plugged it back in, I noticed a lot of delay trying to get to test-ipv6.com
I had the same issue on my phone. I cycled the wifi connection on and off and it solved it.
I can see from a windows client that I still have the old prefix/address.
What can I do to solve this issue? I'd like to have clients properly deprecate/abandon an old address when the WAN flaps.
Here is an example output from ifconfig. The c881 is the new address, and the c800 is the old one.
Should I set radv lifetimes to something more aggressive than the defaults?
WAN is DHCPv6
WAN2 is set to SLAAC via LTE Modem, I'm not as concerned that this doesn't seem to work for ipv6 at the moment. I've been able to get things to work with NPT, but I think I will assign dedicated NAT addresses in the future, because NPT needs to also be updated every time the WAN prefix changes.
LAN is set to "Track Interface"
I'm using radv "Router Advertisements" in the services.
It set to "Assisted" with "Automatic" source address.
I've not set any advanced options, everything is default.
I tested my failover by unplugging the cable from my cable modem. When service was restored, the gateway monitoring functioned, and fail to LTE was fine. Once I plugged it back in, I noticed a lot of delay trying to get to test-ipv6.com
I had the same issue on my phone. I cycled the wifi connection on and off and it solved it.
I can see from a windows client that I still have the old prefix/address.
What can I do to solve this issue? I'd like to have clients properly deprecate/abandon an old address when the WAN flaps.
Here is an example output from ifconfig. The c881 is the new address, and the c800 is the old one.
Code Select
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : home.arpa
IPv6 Address. . . . . . . . . . . : 2601:281:c881:fb80:1a7a:5927:4cd4:e21b
IPv6 Address. . . . . . . . . . . : 2601:281:c800:3910:3e2f:a436:d203:d072
Temporary IPv6 Address. . . . . . : 2601:281:c800:3910:a512:d226:8873:46cb
Temporary IPv6 Address. . . . . . : 2601:281:c881:fb80:a857:a7c4:21fe:3929
Link-local IPv6 Address . . . . . : fe80::d1fd:217e:6ec2:961%25
IPv4 Address. . . . . . . . . . . : 192.168.1.161
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1Should I set radv lifetimes to something more aggressive than the defaults?
#6
26.1, 26,4 Series / Re: Rules [new] vs. Rules
Last post by nero355 - May 25, 2026, 11:59:36 PMQuote from: ks on May 24, 2026, 08:41:39 AMNow my question and request to help/hints is: where should I create new firewall rules in OPNsense?I feel like your issue does not sound like allowing the traffic you mentioned but more like making sure Static-port is applied for this Client after Enabling Hybrid NAT : Am I right ?
/Just checking...
#7
26.1, 26,4 Series / Re: issue with update with pkg...
Last post by nero355 - May 25, 2026, 11:52:25 PMQuote from: newsense on May 24, 2026, 06:23:56 AMNothing applies to this user!As we say here : "Did not know you would get mad!"
LOL! :P
#8
Hardware and Performance / Re: TOPTON Mini PC Running OPN...
Last post by nero355 - May 25, 2026, 11:48:19 PMQuote from: chrcoluk on May 24, 2026, 07:30:45 PMthe issue is that the power connector and data connector are so close together they cant be both in at the same time.And it's not one of those connector combinations that need a special cable when you want to actually use them ?
I think my TopTon has the same one that one of my older AsRock motherboards use :)
#9
Hardware and Performance / Re: DEC750 NVMe thermal pad?
Last post by nero355 - May 25, 2026, 11:44:11 PMQuote from: foxxx0 on May 24, 2026, 09:19:19 AMPS: yes, that is two layers of masking tape on the DEC750 power LED, it is just waaayyyy too bright.There is a simple solution for bright LEDs used by PC cases/Servers/etc. => https://sleepbetterco.com/blackout-stickers/ :)
You can find these pretty much anywhere and from different brands so check your favorite eBay/Amazon/AliExpress-like website and order some :P
#10
Hardware and Performance / Re: CPU Recommendations?
Last post by nero355 - May 25, 2026, 11:38:10 PMQuote from: XrayDoc88 on May 25, 2026, 11:32:25 PMI obviously won't have 10G service from my ISP, but I'd like to upgrade my local networks to 10G. Do I absolutely need that, no. But we do stream a lot of movies from our local NAS servers and sometimes across the internet from a remote NAS. We do have a fair amount of 4K movies to stream. We're in the PLEX eco system for all of our media.You don't need 10 Gbps for that : Movies needing more than 120 Mbps are rare AFAIK so in theory you can stream 8 of those via 1 Gbps ;)
I don't see any WAN Connection info :
- Does your ISP perhaps use PPPoE ?
- What will be the WAN bandwidth ?
