"Recent posts
#1
25.7, 25.10 Legacy Series / Disable hardware TCP segmentat...
Last post by Dark-Sider - Today at 02:23:28 PMHi,
I'm running opnSense on a china-box with intel 1Gbit/s NICs (igbn). opnsense is virtualized using VMware as hypervisor. The opnSense VM NICs ar configured as VMXNET3.
The Box in question was using a "Deutsche Glasfaser" FTTH connection. WAN received its IP via DHCP. The throughput was 400/200 Mbps (the same speed the ISP offered in their contract).
The ISP was now changed to "1&1" using the same FTTH line. 1&1 requires a connection via PPPoE. From other PPPoE based connections I use with other opnSense gear I know that PPPoE and higher bandwidths on FreeBSD is a bit of an issue.
Im my case switching from DHCP to PPPoE reduced the downstream from 400Mbps to only ~30Mbps. I then remembered some tweak-settings within opnSense. The setting that provided the biggest improvement was "Hardware TSO" within the Interface Settings. Once I "unchecked" Disable hardware TCP segmentation offload, I instantly received 600Mbps in Downstream (the new bandwidth the ISP offers). The settings had no effect towards my upstream which always worked like the contract specified (200 old contract and 300Mbps new contract).
I wonder why moving the TCP sgementation towards "hardware" improves the throughput so much. And why it didn't matter when using DHCP instead of PPPoE. MTU size is 1492 (auto configured by opnSense).
I'm running opnSense on a china-box with intel 1Gbit/s NICs (igbn). opnsense is virtualized using VMware as hypervisor. The opnSense VM NICs ar configured as VMXNET3.
The Box in question was using a "Deutsche Glasfaser" FTTH connection. WAN received its IP via DHCP. The throughput was 400/200 Mbps (the same speed the ISP offered in their contract).
The ISP was now changed to "1&1" using the same FTTH line. 1&1 requires a connection via PPPoE. From other PPPoE based connections I use with other opnSense gear I know that PPPoE and higher bandwidths on FreeBSD is a bit of an issue.
Im my case switching from DHCP to PPPoE reduced the downstream from 400Mbps to only ~30Mbps. I then remembered some tweak-settings within opnSense. The setting that provided the biggest improvement was "Hardware TSO" within the Interface Settings. Once I "unchecked" Disable hardware TCP segmentation offload, I instantly received 600Mbps in Downstream (the new bandwidth the ISP offers). The settings had no effect towards my upstream which always worked like the contract specified (200 old contract and 300Mbps new contract).
I wonder why moving the TCP sgementation towards "hardware" improves the throughput so much. And why it didn't matter when using DHCP instead of PPPoE. MTU size is 1492 (auto configured by opnSense).
#2
General Discussion / Re: v26.1.10 Default deny / st...
Last post by chrisb - Today at 12:31:11 PMI configured my rules the same way.
#3
General Discussion / Re: v26.1.10 Default deny / st...
Last post by Bob.Dig - Today at 12:28:32 PMWhy? Did you make your rule right this time?
#4
General Discussion / Re: v26.1.10 Default deny / st...
Last post by chrisb - Today at 12:25:48 PMI resorted to installing and configuring v25.7.11 - working with no issues.
#5
High availability / Re: Little Confused
Last post by ak13 - Today at 12:12:43 PMi added the "hints" via file xor Tunables ... but without an effect.
i am not sure how to initiate an "update" of the names in opnsens. (i just tried reboot)
can anyone help me?
i am not sure how to initiate an "update" of the names in opnsens. (i just tried reboot)
can anyone help me?
#6
26.1, 26,4 Series / Re: Issues with Reboot / Power...
Last post by wincent - Today at 11:33:06 AMQuote from: mrzaz on Today at 10:00:35 AMNope, as this is not VMWare but rather QEMU under Unraid.
Sorry, my mistake, if your VM using UEFI not legacy BIOS, try this:
Code Select
sysctl hw.efi.poweroff=0
If this works, add to System->Settings->TunablesOR
Code Select
echo "hw.efi.poweroff=0" >> /etc/sysctl.conf
#7
Development and Code Review / Re: Problem with root password...
Last post by franco - Today at 10:41:38 AMThere is a password reset function in the installer you can use.
Cheers,
Franco
Cheers,
Franco
#8
Zenarmor (Sensei) / Re: Install/Deinstall Loop (li...
Last post by ureyni - Today at 10:32:11 AMHi Mlenje,
You can check repo as following command.
root@OPNsense:~ # opnsense-version
OPNsense 26.1.10 (amd64)
root@OPNsense:~ # pkg -d search -r SunnyValley opnsense
DBG(1)[49299]> PkgRepo: verifying update for SunnyValley
DBG(1)[49299]> Pkgrepo, begin update of '/var/db/pkg/repos/SunnyValley/db'
DBG(1)[49299]> (fetch) Request to fetch https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/26.1/4e4bfb87-55a8-4f2a-8c1a-a09178f596f1/meta.conf
DBG(1)[49299]> (fetch) Fetch: fetcher used: https
DBG(1)[49299]> (fetch) Request to fetch https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/26.1/4e4bfb87-55a8-4f2a-8c1a-a09178f596f1/data.pkg
DBG(1)[49299]> (fetch) Fetch: fetcher used: https
root@OPNsense:~ # pkg -d search -r OPNsense graphite2
DBG(1)[49440]> PkgRepo: verifying update for OPNsense
DBG(1)[49440]> Pkgrepo, begin update of '/var/db/pkg/repos/OPNsense/db'
DBG(1)[49440]> (fetch) Request to fetch https://pkg.opnsense.org/FreeBSD:14:amd64/26.1/latest/meta.conf
DBG(1)[49440]> (fetch) Fetch: fetcher used: https
DBG(1)[49440]> (fetch) Request to fetch https://pkg.opnsense.org/FreeBSD:14:amd64/26.1/latest/data.pkg
DBG(1)[49440]> (fetch) Fetch: fetcher used: https
graphite2-1.3.14 Rendering capabilities for complex non-Roman writing systems
root@OPNsense:~ #
root@OPNsense:~ # pkg -d search -r SunnyValley libdeflate
DBG(1)[97076]> PkgRepo: verifying update for SunnyValley
DBG(1)[97076]> Pkgrepo, begin update of '/var/db/pkg/repos/SunnyValley/db'
DBG(1)[97076]> (fetch) Request to fetch https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/26.1/4e4bfb87-55a8-4f2a-8c1a-a09178f596f1/meta.conf
DBG(1)[97076]> (fetch) Fetch: fetcher used: https
DBG(1)[97076]> (fetch) Request to fetch https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/26.1/4e4bfb87-55a8-4f2a-8c1a-a09178f596f1/data.pkg
DBG(1)[97076]> (fetch) Fetch: fetcher used: https
libdeflate-1.25 Fast, whole-buffer DEFLATE-based compression library
root@OPNsense:~ # pkg -d search -r OPNsense libdeflate
DBG(1)[97483]> PkgRepo: verifying update for OPNsense
DBG(1)[97483]> Pkgrepo, begin update of '/var/db/pkg/repos/OPNsense/db'
DBG(1)[97483]> (fetch) Request to fetch https://pkg.opnsense.org/FreeBSD:14:amd64/26.1/latest/meta.conf
DBG(1)[97483]> (fetch) Fetch: fetcher used: https
DBG(1)[97483]> (fetch) Request to fetch https://pkg.opnsense.org/FreeBSD:14:amd64/26.1/latest/data.pkg
DBG(1)[97483]> (fetch) Fetch: fetcher used: https
libdeflate-1.25 Fast, whole-buffer DEFLATE-based compression library
root@OPNsense:~ #
graphite2 doesn't exist in Sunnyvalley Repo.
libdeflate is exist both of repos
libdeflate will removed from Sunnyvalley Repo Zenarmor 2.6.1
Could you check your opnsense ?
You can check repo as following command.
root@OPNsense:~ # opnsense-version
OPNsense 26.1.10 (amd64)
root@OPNsense:~ # pkg -d search -r SunnyValley opnsense
DBG(1)[49299]> PkgRepo: verifying update for SunnyValley
DBG(1)[49299]> Pkgrepo, begin update of '/var/db/pkg/repos/SunnyValley/db'
DBG(1)[49299]> (fetch) Request to fetch https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/26.1/4e4bfb87-55a8-4f2a-8c1a-a09178f596f1/meta.conf
DBG(1)[49299]> (fetch) Fetch: fetcher used: https
DBG(1)[49299]> (fetch) Request to fetch https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/26.1/4e4bfb87-55a8-4f2a-8c1a-a09178f596f1/data.pkg
DBG(1)[49299]> (fetch) Fetch: fetcher used: https
root@OPNsense:~ # pkg -d search -r OPNsense graphite2
DBG(1)[49440]> PkgRepo: verifying update for OPNsense
DBG(1)[49440]> Pkgrepo, begin update of '/var/db/pkg/repos/OPNsense/db'
DBG(1)[49440]> (fetch) Request to fetch https://pkg.opnsense.org/FreeBSD:14:amd64/26.1/latest/meta.conf
DBG(1)[49440]> (fetch) Fetch: fetcher used: https
DBG(1)[49440]> (fetch) Request to fetch https://pkg.opnsense.org/FreeBSD:14:amd64/26.1/latest/data.pkg
DBG(1)[49440]> (fetch) Fetch: fetcher used: https
graphite2-1.3.14 Rendering capabilities for complex non-Roman writing systems
root@OPNsense:~ #
root@OPNsense:~ # pkg -d search -r SunnyValley libdeflate
DBG(1)[97076]> PkgRepo: verifying update for SunnyValley
DBG(1)[97076]> Pkgrepo, begin update of '/var/db/pkg/repos/SunnyValley/db'
DBG(1)[97076]> (fetch) Request to fetch https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/26.1/4e4bfb87-55a8-4f2a-8c1a-a09178f596f1/meta.conf
DBG(1)[97076]> (fetch) Fetch: fetcher used: https
DBG(1)[97076]> (fetch) Request to fetch https://updates.zenarmor.net/opnsense/FreeBSD:14:amd64/26.1/4e4bfb87-55a8-4f2a-8c1a-a09178f596f1/data.pkg
DBG(1)[97076]> (fetch) Fetch: fetcher used: https
libdeflate-1.25 Fast, whole-buffer DEFLATE-based compression library
root@OPNsense:~ # pkg -d search -r OPNsense libdeflate
DBG(1)[97483]> PkgRepo: verifying update for OPNsense
DBG(1)[97483]> Pkgrepo, begin update of '/var/db/pkg/repos/OPNsense/db'
DBG(1)[97483]> (fetch) Request to fetch https://pkg.opnsense.org/FreeBSD:14:amd64/26.1/latest/meta.conf
DBG(1)[97483]> (fetch) Fetch: fetcher used: https
DBG(1)[97483]> (fetch) Request to fetch https://pkg.opnsense.org/FreeBSD:14:amd64/26.1/latest/data.pkg
DBG(1)[97483]> (fetch) Fetch: fetcher used: https
libdeflate-1.25 Fast, whole-buffer DEFLATE-based compression library
root@OPNsense:~ #
graphite2 doesn't exist in Sunnyvalley Repo.
libdeflate is exist both of repos
libdeflate will removed from Sunnyvalley Repo Zenarmor 2.6.1
Could you check your opnsense ?
#9
26.1, 26,4 Series / Re: Issues with Reboot / Power...
Last post by annoniempjuh - Today at 10:15:31 AMQuote from: mrzaz on Today at 10:00:35 AM...
AFAIK there is no QEMU vm support in OpnSense.
...
os-qemu-guest-agent is under community plugins ;)
#10
26.1, 26,4 Series / Re: Issues with Reboot / Power...
Last post by mrzaz - Today at 10:00:35 AMQuote from: wincent on Today at 02:58:09 AMHas your OPNsense installed the os-vmware plugin?
Nope, as this is not VMWare but rather QEMU under Unraid.
AFAIK there is no QEMU vm support in OpnSense.
Regardless, if the power off has stopped working, the power off from console should behave the same or?
It doesn't even try to start shutdown. Like any low level web script to start shutdown.
Basically
/ui/core/reboot
/ui/core/halt
