"Recent posts
#1
Hardware and Performance / PPPoE performance with current...
Last post by mattuz - Today at 10:55:43 PMHello everyone I have a Lenovo Tiny m910q with I3-7100T and 4GB of RAM. I installed via pci-e a x4 nics rtl8125 card.
In the next month my local isp will hook up fiber optic with up to 2.5GB speed, and I'm getting ready all the hardware.
I started doing some lcoal test and iperf3 between opnsense and a pc results 2.37Gbit/s that seem ok. But using the same pc with linux and creating a PPPoE server is giving awful performance, I cannot get it past 500Mbit/s even with all the optimization recommanded online.
I tried two different pc for the PPPoE server to make sure it wasn't this side bootlenecking (even on a ryzen 9) but I can't get it past that limit. Looking at opnsense host cpu usage during the test it doesn't go over 30% so I don't really get it...
Unfortunatly I do not have any other scenario to test.. I would like to get your input it what might be the cause of this... I would like to get this Lenovo Tiny (opnsense host) to be 2.5GB capable as soon as the connectivity is hooked up
In the next month my local isp will hook up fiber optic with up to 2.5GB speed, and I'm getting ready all the hardware.
I started doing some lcoal test and iperf3 between opnsense and a pc results 2.37Gbit/s that seem ok. But using the same pc with linux and creating a PPPoE server is giving awful performance, I cannot get it past 500Mbit/s even with all the optimization recommanded online.
I tried two different pc for the PPPoE server to make sure it wasn't this side bootlenecking (even on a ryzen 9) but I can't get it past that limit. Looking at opnsense host cpu usage during the test it doesn't go over 30% so I don't really get it...
Unfortunatly I do not have any other scenario to test.. I would like to get your input it what might be the cause of this... I would like to get this Lenovo Tiny (opnsense host) to be 2.5GB capable as soon as the connectivity is hooked up
#2
26.1, 26,4 Series / Re: Help With DHCP, IPv6 and D...
Last post by meyergru - Today at 10:36:17 PMO.K., I never had the need to look at those logs. I do adblocking using browser plugins.
If you normally use OpnSense for all things network-centric, you may be better off to have everything pertaining to logging and things there. Also, if you have DNS problems because of excessive blocking, you can switch centrally on OpnSense only this way, because otherwise you would have to wait for your clients to pick up the alternative DNS server IP.
If you normally use OpnSense for all things network-centric, you may be better off to have everything pertaining to logging and things there. Also, if you have DNS problems because of excessive blocking, you can switch centrally on OpnSense only this way, because otherwise you would have to wait for your clients to pick up the alternative DNS server IP.
#3
26.1, 26,4 Series / Re: Help With DHCP, IPv6 and D...
Last post by nero355 - Today at 10:31:07 PMQuote from: meyergru on Today at 10:24:03 PMWho wants to look at a DNS query log and for what purpose?To check what's going when you need to block something that's not blocked by the current Blocking Lists and/or to see who has been naughty by calling home :)
QuoteAnd even if you do, why not look at OpnSense's DNS logs, if you care about who asks for what?Because I have Pi-Hole + Unbound running on a seperate Server for many years now and like to keep it that way so I have completely Disabled Unbound @ OPNsense right after the first boot.
My OPNsense does Routing/NAT/Firewall/DHCP and that's all it needs to do for me :)
#4
26.1, 26,4 Series / Re: Help With DHCP, IPv6 and D...
Last post by meyergru - Today at 10:24:03 PMWho wants to look at a DNS query log and for what purpose? And even if you do, why not look at OpnSense's DNS logs, if you care about who asks for what?
#5
26.1, 26,4 Series / Re: Help With DHCP, IPv6 and D...
Last post by nero355 - Today at 10:20:34 PMQuote from: meyergru on Today at 12:50:35 PMI would rather instruct OpnSense itself to make use of your PiHole as upstream server and not instruct clients to use that directly.Horrible idea :
The Pi-Hole Query Log will only show the Router IP Address as the Client instead of each Client on your network with it's own IP Address !!
The one and only right way is to tell all your Clients that they should talk to Pi-Hole directly as their only DNS Server.
#6
26.1, 26,4 Series / Re: unable to get DNSmasq to p...
Last post by Monviech (Cedrik) - Today at 09:36:09 PMIn the ipv4 and ipv6 subnets, enable advanced mode and set Domain Type to Interface.
If you run into validation issues, delete the v6 subnet, then change domain type on the v4 subnet, then recreate the v6 subnet.
Reason is that partial ipv6 networks (::...) do not match the configured dhcp domain otherwise.
Its explained in the second attention box here:
https://docs.opnsense.org/manual/dnsmasq.html#dhcpv6-and-router-advertisements
If you run into validation issues, delete the v6 subnet, then change domain type on the v4 subnet, then recreate the v6 subnet.
Reason is that partial ipv6 networks (::...) do not match the configured dhcp domain otherwise.
Its explained in the second attention box here:
https://docs.opnsense.org/manual/dnsmasq.html#dhcpv6-and-router-advertisements
#7
26.1, 26,4 Series / Re: unable to get DNSmasq to p...
Last post by thelittleblackbird - Today at 09:28:46 PMQuote from: dseven on Today at 07:19:11 PMIf you want Unbound (as your resolver) to be able to lookup internal domains managed by dnsmasq, you'll need to configure query forwarding as described at https://docs.opnsense.org/manual/dnsmasq.html#dhcpv4-with-dns-registration
If i udnerstood the howto correctly, this is not going to solve the issue, because in this case unbound is going to forward the dns request to dnsmasq and then we will hit again the problem i am describing.
My problem is that there is not an internal association inside dnsmasq between dhcpv4 and v6 and therefore i dont get a consolidated A and AAAA record for a specific domain name
#8
26.1, 26,4 Series / Re: Unbound DNS log
Last post by OPNenthu - Today at 09:03:04 PMQuote from: FredFresh on June 25, 2026, 09:10:19 PMI have a cpu n100 and 16gb of ram, keeping the unbound dns log active is detrimental for performances?That's what the warning says, but I guess whether you notice it or not depends on your system and query volume. Maybe it's not so bad for a small / not busy network.
#9
26.7 Development Series / Re: OPNsense 26.7-BETA images
Last post by franco - Today at 08:37:21 PM@patient0 sorry, I failed to count properly and this should fix it on top:
# opnsense-patch https://github.com/opnsense/core/commit/283ce7026a
Cheers,
Franco
# opnsense-patch https://github.com/opnsense/core/commit/283ce7026a
Cheers,
Franco
#10
German - Deutsch / Re: pkg repository / freeBSD o...
Last post by Patrick M. Hausen - Today at 08:35:59 PM/usr/local/etc/pkg/repos/* übersteuert /etc/pkg/*.
Kanns also eigentlich nicht gewesen sein.
Kanns also eigentlich nicht gewesen sein.
