Recent posts

#1
General Discussion / Re: Deutsche Telekom - Glasfer...
Last post by chemlud - Today at 08:13:12 AM
I reset my PPPoE every night on purpose, get a fresh IP. Why are people so upset by Zwangstrennung? DynDNS is up again in seconds, no problem.

RE: Netzbremse. That explains that, I mostly do my webbrowsing from outside Telekom. Don't ask for details :-D
#2
26.1 Series / 99.9% utilisation -> Dies
Last post by FredsterNL - Today at 06:39:37 AM
Hi,

I've been getting random events where my firewall becomes completely unresponsive, where the only thing possible to resolve it is literally unplugging it.

My Monit instance manages to send a final email before it dies:

Resource limit matched Service
some.domain.com
Date: Mon, 23 Feb 2026 23:44:12
Action: alert
Host: some.domain.com
Description: cpu usage of 99.9% matches resource limit [cpu usage > 75.0%]

I do not get any warnings other than that single email, which makes me think some process immediately gets the processor up to 100% mark.

The event seems to be happening after approx 2 weeks running after unplugging it and plugging it back in.

It is not something introduced in recent updates (running the latest, fully patched), because i've been having this issue for some time.

How can I find out which process is going rogue, knowing that once it happens I can no longer access anything on the OPNsense??


Is it possible to run a 'top' logging to a file, and if so what options would be useful?

Any help is appreciated!
#3
General Discussion / Re: Deutsche Telekom - Glasfer...
Last post by athurdent - Today at 06:25:18 AM
Quote from: chemlud on February 23, 2026, 09:08:03 PM@athurdent is the peering problem relevant only for Gbit? or even with lower bandwidth? my 120 Mbit DSL from Telekom is not that a problem for my use cases.

What is the problem with Zwangstrennung? I do that "manually" every night, line up again in very few seconds with fresh IP...
As it's peering-related, the problem will affect everyone. E.g. usage of 1.1.1.1 with packet loss, no fun. Lots of websites also use Cloudflare (IKEA, Discord, etc.) so during prime time those were heavily affected a while ago. Now it's OK again, but usually that holds for a few month and the problems start again. See netzbremse.de or Reddit, e.g. an analysis of the most recent event https://www.reddit.com/r/de_EDV/comments/1qkm5vt/zum_dtagrouting_zu_cloudflare/
Zwangstrennung, there's no problem with Telekom. They have turned that off, it'll only reconnect once every 180 days or so. Remove your 24h workaround, it should not make a difference.
#4
German - Deutsch / Re: Kaufberatung
Last post by Patrick M. Hausen - February 23, 2026, 11:31:14 PM
Diese Geräte haben Intel-Netzwerkkarten, da solltest du auch in deiner angestrebten Preisregion fündig werden:

https://www.amazon.de/HSIPC-Firewall-Appliance-Router-i226-V/dp/B0CP1VZRG7

Z.B. N150 mit 16 GB RAM: 319€ - geht auch unter 300€ aber die Ausführung hätte auf jeden Fall genug "Wumms".

(Dank an @meyergru, der den Link in einem anderen Thread gepostet hatte.)

Ich würde von Realtek generell die Finger lassen. Auch wenn es im Moment einen Herstellertreiber gibt, heißt das ja nicht, dass der für FreeBSD 15, 16, ... in der Zukunft auch noch zur Verfügung steht. Der Intel-Support ist im FreeBSD Kernel.


Willkommen im Forum und viel Erfolg,
Patrick
#5
French - Français / Re: Débutant : IPv6 derrière f...
Last post by Maveric - February 23, 2026, 11:27:02 PM
Merci Fred55 et Fredowulf

Voila 2 semaines que je m'arrache les cheveux avec cette ipv6 de free et grâce à vous enfin une config fonctionnelle.
#6
Hardware and Performance / Burst of packages causes slown...
Last post by Sprudeldude - February 23, 2026, 10:33:51 PM
Hi

Lately i'm experiencing slow loading speeds on casual browsing.
When i check the "Health" dashboard and filter on "Packets" of my LAN network, i'm seeing this spikes of "inpass" & "outpass" packets.
These spikes are at the same moment as i'm experiencing the slowness.

The amount of packages, between 4-60 million package looks way too much? As i see earlier in the graph it should be between 100.000 and 500.000 and experiencing no slowness.

Can Opnsense help me further to track down what is causing these spikes?

Kind regards
#7
26.1 Series / Re: Kea DHCPv4 How to remove d...
Last post by Patrick M. Hausen - February 23, 2026, 10:29:47 PM
At the moment yes, because the standard says so. Once a lease is granted it is valid for the relevant time period. Only the client can release it. OPNsense follows the book here, I don't know from the top of my head if a change is planned.

You can find part of the discussion with links to more here:

https://github.com/opnsense/core/issues/9217


If the client is Windows you can use "ipconfig something something /release".
#8
General Discussion / Re: Trouble connecting to PPoE...
Last post by Patrick M. Hausen - February 23, 2026, 10:24:03 PM
If you not get the IP address you expect per your contract, only your ISP can fix that.
#9
26.1 Series / Re: Kea DHCPv4 How to remove d...
Last post by Lip90 - February 23, 2026, 10:24:01 PM
Yes, it's about kea (it's in the title). It can't be right to assign a static IP address and then wait until the dynamic lease expires so that the device can connect to the network. Is that really how it's supposed to work?
#10
26.1 Series / Re: [ISC vs. KEA] Is the effec...
Last post by Patrick M. Hausen - February 23, 2026, 10:23:11 PM
I can only say as much:

Without "ignore client UIDs" checked reservations based on MAC addresses do not work in Kea. I only want to care about MAC addresses, no idea what these UIDs even are and honestly do not care. MAC address --> IP address. Like DHCP has always worked.

HTH
Patrick