"Recent posts
#1
Hardware and Performance / Re: quad interface fierwall PC...
Last post by Greg_E - Today at 08:10:01 PMI'd have to look it up, still hasn't arrived. I can tell you what ECC server ram costs, been pricing out storage servers and it's just stupid high. I could have beaten the cost buying from different places, but not by enough to make it worth my time, that's why we have approved vendors. I think the price I put together was around $850-$875 and then I have no leverage if there is a problem.
If the firmware gives me problems, I'll go back to the reseller and have them push the manufacturer to fix it. Protectli did suggest Coreboot over the AMI BIOS, so I'll set that up when it arrives.
Now here's the part that I found really interesting... The Protectli devices are on government contract, they are being used a bunch of places that we don't know about.
Model is VP4650 with six i226 ports
Single DDR5 16GB of ram was nearly $200usd, $60 for a small NVME, and $35 for a rack shelf. That puts the rest at around $6xx. I don't have the actual invoice in hand yet.
If the firmware gives me problems, I'll go back to the reseller and have them push the manufacturer to fix it. Protectli did suggest Coreboot over the AMI BIOS, so I'll set that up when it arrives.
Now here's the part that I found really interesting... The Protectli devices are on government contract, they are being used a bunch of places that we don't know about.
Model is VP4650 with six i226 ports
Single DDR5 16GB of ram was nearly $200usd, $60 for a small NVME, and $35 for a rack shelf. That puts the rest at around $6xx. I don't have the actual invoice in hand yet.
#2
General Discussion / Re: TUI for viewing and analys...
Last post by allddd - Today at 08:05:09 PMQuote from: patient0 on December 07, 2025, 08:34:13 PMIt would be helpful if it could read multiple file or a directory...
@patient0 I forgot to mention I've added this in v0.10.0. You can now open multiple files or pipe data via stdin, and it all shows up in one view like it's a single log.
The input has to be a file, so if you want to load a whole dir, use globbing. Everything gets sorted so it doesn't matter what order you pass the files in, the logs are always displayed in chronological order. If you have >40-50gb of logs in the dir, it... takes a while to index, but it works pretty good/fast after that.
#3
General Discussion / 802.1x certificate for the wan...
Last post by Greg_E - Today at 07:51:31 PMI did a quick search, and most of these topics are about LAN side... Is there a way to configure the WAN to use 802.1x certificates to authenticate on the network? I have a use case where this might be needed, or at least make it nicer for the higher level IT department, and wanted to look into the topic. I looked at the webgui and didn't really see anything there, but certainly could have missed it.
Just thought I would be lazy and ask before I do a deeper dive to try and find the answer.
Just thought I would be lazy and ask before I do a deeper dive to try and find the answer.
#4
General Discussion / Re: Business license question ...
Last post by Greg_E - Today at 07:38:46 PMI forgot all about this post, been so busy lately I can't keep up on the things that are important. Just sent an email.
#5
26.1, 26,4 Series / Re: Degraded Speed Ghost
Last post by Seimus - Today at 06:45:53 PMThe Pause frames received are just 3 if this is pasted from the latest visible issue
In case the peer cant keep up it would be a constant flood of Pauses.
Regards,
S.
Quotedev.igb.1.mac_stats.xoff_recvd: 3
In case the peer cant keep up it would be a constant flood of Pauses.
Regards,
S.
#6
General Discussion / Re: v26.1.10 Default deny / st...
Last post by Bob.Dig - Today at 06:45:28 PMWhy do you set a source port... Ok, the WebUI could be a little more specific about that.
#7
26.1, 26,4 Series / Re: Degraded Speed Ghost
Last post by pfry - Today at 05:36:55 PMQuote from: juicemain on Today at 03:17:24 PM[...]Okay, I will check Opnsense logs, as well as various commands in regards to PCIe lane status before and during the speed state[...]
Before is good. "During" should show exactly what "before" showed. I would expect a full device reset to change link parameters.
The pause frames are odd. Do you have the sender MAC? Is it the expected value (provider side of the link)?
The link flaps are also odd. That would seem to indicate a device/driver issue, but multiple issues with multiple loci seems unlikely. Likely useless test: place a switch between the OPNsense device and upstream (L2 only).
#8
25.7, 25.10 Legacy Series / Re: OPNWAF - conflicting TLS c...
Last post by Monviech (Cedrik) - Today at 04:04:07 PMI cannot help with the certificate question.
About the reload, it's probably waiting for all connections to terminate before it restarts the daemon. I found some reports online that it can take a while on busy servers. New connections will not establish until the reload completed.
About the reload, it's probably waiting for all connections to terminate before it restarts the daemon. I found some reports online that it can take a while on busy servers. New connections will not establish until the reload completed.
#9
25.7, 25.10 Legacy Series / Re: BUSINESS Version 25.10 os-...
Last post by Monviech (Cedrik) - Today at 04:01:43 PMHello,
there are no new fine grained exceptions. The only thing we fixed was that all exceptions work now, even if they are in phase1 or phase2.
There is no new GUI available.
~Cedrik
there are no new fine grained exceptions. The only thing we fixed was that all exceptions work now, even if they are in phase1 or phase2.
There is no new GUI available.
~Cedrik
#10
26.1, 26,4 Series / Re: Degraded Speed Ghost
Last post by juicemain - Today at 03:46:49 PMThank you. Unfortunately I did disable flow control, ASPM, and tried other tunables during the first round of troubleshooting. Nothing has helped so far. Hopefully, I will have some new data to report momentarily.
What I tried before:
For flow control:
dev.igb.0.fc=0
dev.igb.1.fc=0
dev.igb.2.fc=0
dev.igb.3.fc=0
For link flaps:
dev.igb.*.iflib.rx_budget=-1 (and tx_budget equivalent)
hw.igb.num_queues=0 (auto queue configuration)
Various per-port versions (e.g., dev.igb.0.iflib.rx_budget=-1)
Have you ever had these issues like this on a desktop machine running a pcie nic before?
What I tried before:
For flow control:
dev.igb.0.fc=0
dev.igb.1.fc=0
dev.igb.2.fc=0
dev.igb.3.fc=0
For link flaps:
dev.igb.*.iflib.rx_budget=-1 (and tx_budget equivalent)
hw.igb.num_queues=0 (auto queue configuration)
Various per-port versions (e.g., dev.igb.0.iflib.rx_budget=-1)
Have you ever had these issues like this on a desktop machine running a pcie nic before?
