"Recent posts
#1
Hardware and Performance / Re: CPU recommendations for gi...
Last post by audit13 - Today at 05:46:51 AMI have a Topton n100 running bare metal 26.1 with FTTH PPPoE 1.5 down and 1.0 up.
Without making any changes to the bios and only running Adguard Home, the n100 can get maximum download and upload speed.
Without making any changes to the bios and only running Adguard Home, the n100 can get maximum download and upload speed.
#2
Hardware and Performance / Re: Drowning in (old) hardware...
Last post by OPNenthu - Today at 05:18:09 AMSpeaking only of dedicated desktop appliances, not server platforms or VMs...
If you're expecting IDS/IDP at close to the 2Gbps rate, you're looking at a DEC850 from Deciso (as per the published specs).
DEC750 gets you ~1Gbps.
DEC697 drops to ~540Mbps.
If those are out of budget, you can use them as baselines to figure what comparable CPU/memory you need and add a little bit for overhead. The DEC appliances are efficient for networking tasks and you know what to expect, whereas general purpose mini-PCs might vary in this department. Make sure the one you get has dedicated PCIe lanes for the NICs.
I don't use threat protection but I can tell you that for basic home networking my N5105 box is more than adequate for a 1-1.5Gbps ISP plan and idles most of the time, though I wouldn't dream to run Suricata on it. It can saturate the 2.5Gbps links, however, it requires at least two streams (iperf3 -P 2) in order to realize that because of CPU frequency limitations on a single core. A single stream tops out at ~1.7Gbps or less, IIRC. That's something to consider if you use older SMB protocols for NAS shares, for example, then you might be better served with an N100/N150.
Take a look at the VP66xx series of Protectli for a more capable Suricata/ZA platform. You're talking higher power draw and the need for active cooling, as the tradeoff with the DEC850.
Quote from: PlzKeepMeSafeOPN on Today at 03:57:04 AMI'm struggling to find what specs I'd need for a 10+ device network with IDS/IPS on, for a 2GB internet speed.
If you're expecting IDS/IDP at close to the 2Gbps rate, you're looking at a DEC850 from Deciso (as per the published specs).
DEC750 gets you ~1Gbps.
DEC697 drops to ~540Mbps.
If those are out of budget, you can use them as baselines to figure what comparable CPU/memory you need and add a little bit for overhead. The DEC appliances are efficient for networking tasks and you know what to expect, whereas general purpose mini-PCs might vary in this department. Make sure the one you get has dedicated PCIe lanes for the NICs.
I don't use threat protection but I can tell you that for basic home networking my N5105 box is more than adequate for a 1-1.5Gbps ISP plan and idles most of the time, though I wouldn't dream to run Suricata on it. It can saturate the 2.5Gbps links, however, it requires at least two streams (iperf3 -P 2) in order to realize that because of CPU frequency limitations on a single core. A single stream tops out at ~1.7Gbps or less, IIRC. That's something to consider if you use older SMB protocols for NAS shares, for example, then you might be better served with an N100/N150.
Take a look at the VP66xx series of Protectli for a more capable Suricata/ZA platform. You're talking higher power draw and the need for active cooling, as the tradeoff with the DEC850.
#3
Hardware and Performance / Drowning in (old) hardware try...
Last post by PlzKeepMeSafeOPN - Today at 03:57:04 AMHello,
Apologies if this has been answered, I couldn't find it anywhere.
I have an odd setup I could use some help with.
Currently, I have a UDM Pro with two 10GB SFP+ ports serving as WAN. No modem, this is straight from ISP Fiber ONT. I'll be shortly moving to 2GB ISP speed.
That is connected to a unmanaged TP-LINK switch, with basic port filtering.
I had setup a opnsense on Dell Optiplex 7070 Micro a while ago but when I was given the UDM Pro I swapped it for UDM Pro.
I noticed that I had, what seemed like, speed issues with optiplex running 1GB with any additonal security tools configured, and it has NO ability to add additional NIC's as there is No PCIE slot. Or rather the pCIE slot is dedicated to the NVME slot. the max number of Ethernet ports than is 2, 1 at 1GB and 1 at 2.5GB with a NVME wlan adapter.
I'd like to go back to opnsense since it would allow me to continue learning and exploring more options such as ZenArmour, IDS/IPS, DoH and other tools + customization's. I work in security so although these tools aren't needed for Home use I want to get better at utilizing and understanding them for my career.
I have a Dell R260 Server with multiple 4port 1GB ports and no SFP+ ports. It has dual 750Watt PSU's but they aren't really tapped that hard.
I was thinking of installing proxMox and virtualizing Opnsense on this server + using it as a replacement for my current Plex server. I'd need to purchase likely 1-2 10GB SFP+ cards and/or 1-2 2.5gb ethernet adapters in order to replace the UDM Pro as virtualized opnsense firewall. Power isn't crazy expensive but coming from the UDM pro power draw to approx 150watt minimum for the r260 would be an significant increase. Currently paying around 11KwH. Storage might also be an issue for this route but I need to see if my existing drives will play nice with 1 Raid SAS array and 1 14TB Sata drive.
the R260 has 128GB of ram and the stock Dual Xeon CPU's.
Other option would be to just purchase a different firewall such as the DEC697 but I don't want to spend $800 USD.
I could also repurpose my current plex server, a old gaming PC with a i9-9900k and a single 2.5gb NIC, I'd of course need to purchase additional NIC's but would be possible. I could virtualize this machine as well or run bare metal. Power consumption is not likely to be an issue as it seems it shouldn't pull much more than 80watts.
lastly, I have a very old HP Thin client with a PCIE expansion slot and 16GB of ram, but it's CPU is a quad Core GX-420CA which I suspect will not have enough throughput to use a 2GB ISP connection and run Zenarmour etc.
I'm struggling to find what specs I'd need for a 10+ device network with IDS/IPS on, for a 2GB internet speed.
I have approx $500USD To spend on this project, but would like to spend less if possible.
I feel like purchasing several SFP+ and 2.5GB NIC for the r260 is probably the cheapest route but I'm concerned about power draw and fan noise.
Thoughts?
Apologies if this has been answered, I couldn't find it anywhere.
I have an odd setup I could use some help with.
Currently, I have a UDM Pro with two 10GB SFP+ ports serving as WAN. No modem, this is straight from ISP Fiber ONT. I'll be shortly moving to 2GB ISP speed.
That is connected to a unmanaged TP-LINK switch, with basic port filtering.
I had setup a opnsense on Dell Optiplex 7070 Micro a while ago but when I was given the UDM Pro I swapped it for UDM Pro.
I noticed that I had, what seemed like, speed issues with optiplex running 1GB with any additonal security tools configured, and it has NO ability to add additional NIC's as there is No PCIE slot. Or rather the pCIE slot is dedicated to the NVME slot. the max number of Ethernet ports than is 2, 1 at 1GB and 1 at 2.5GB with a NVME wlan adapter.
I'd like to go back to opnsense since it would allow me to continue learning and exploring more options such as ZenArmour, IDS/IPS, DoH and other tools + customization's. I work in security so although these tools aren't needed for Home use I want to get better at utilizing and understanding them for my career.
I have a Dell R260 Server with multiple 4port 1GB ports and no SFP+ ports. It has dual 750Watt PSU's but they aren't really tapped that hard.
I was thinking of installing proxMox and virtualizing Opnsense on this server + using it as a replacement for my current Plex server. I'd need to purchase likely 1-2 10GB SFP+ cards and/or 1-2 2.5gb ethernet adapters in order to replace the UDM Pro as virtualized opnsense firewall. Power isn't crazy expensive but coming from the UDM pro power draw to approx 150watt minimum for the r260 would be an significant increase. Currently paying around 11KwH. Storage might also be an issue for this route but I need to see if my existing drives will play nice with 1 Raid SAS array and 1 14TB Sata drive.
the R260 has 128GB of ram and the stock Dual Xeon CPU's.
Other option would be to just purchase a different firewall such as the DEC697 but I don't want to spend $800 USD.
I could also repurpose my current plex server, a old gaming PC with a i9-9900k and a single 2.5gb NIC, I'd of course need to purchase additional NIC's but would be possible. I could virtualize this machine as well or run bare metal. Power consumption is not likely to be an issue as it seems it shouldn't pull much more than 80watts.
lastly, I have a very old HP Thin client with a PCIE expansion slot and 16GB of ram, but it's CPU is a quad Core GX-420CA which I suspect will not have enough throughput to use a 2GB ISP connection and run Zenarmour etc.
I'm struggling to find what specs I'd need for a 10+ device network with IDS/IPS on, for a 2GB internet speed.
I have approx $500USD To spend on this project, but would like to spend less if possible.
I feel like purchasing several SFP+ and 2.5GB NIC for the r260 is probably the cheapest route but I'm concerned about power draw and fan noise.
Thoughts?
#4
26.1 Series / Re: Fresh install of 26.1 with...
Last post by NitRoN68 - Today at 03:39:51 AMI backup adguard yaml copy so don't have to retype dang thing.
#5
26.1 Series / OPNsense 26.1_4-amd64 unable t...
Last post by hharry - Today at 03:14:53 AMLAB sand box test environment upgraded from 25.7.11 to 26.1_4-amd64, and now unable to view automatic rules in new firewall.
Under the old firewalls rules, can see all the automatic rules applied, i used the rules migration feature, and cannot view any of the automatic generated rules in the new firewall rules...
Howto view automatic generated rules in new firewall rules ?
Under the old firewalls rules, can see all the automatic rules applied, i used the rules migration feature, and cannot view any of the automatic generated rules in the new firewall rules...
Howto view automatic generated rules in new firewall rules ?
#6
26.1 Series / Schedule on new rules not work...
Last post by NitRoN68 - Today at 03:12:43 AMEdit: see already reported.
After moving rules from old to new interface the schedules attached to rules don't work. Rules don't become inactive when outside of schedules. I'm on 26.1-4
I use rules to control Internet on kids devices and caught em browsing YouTube outside of hours... Which lead me to investigate what broke and discovered this issue after upgrade.
After moving rules from old to new interface the schedules attached to rules don't work. Rules don't become inactive when outside of schedules. I'm on 26.1-4
I use rules to control Internet on kids devices and caught em browsing YouTube outside of hours... Which lead me to investigate what broke and discovered this issue after upgrade.
#7
26.1 Series / Re: Nextcloud Backup creates m...
Last post by FullyBorked - Today at 03:12:36 AMI haven't updated just yet. I do rely on these backups and I'm confused a bit reading all this. Can someone clarify what's going on here? So, each backup file isn't a full backup? For example with a restore we'd need a full and a diff? I clean up backup files on the Nextcloud side, want to make sure I understand this so I don't blow out a full backup and bork up my ability to restore if needed.
Or am I misunderstanding and this just creates a full backup on ANY change? Along with just a goofy naming convention.
Or am I misunderstanding and this just creates a full backup on ANY change? Along with just a goofy naming convention.
#8
26.1 Series / Re: upgrade from 25.7.11_9 an...
Last post by jmcgee - Today at 02:21:06 AMQuote from: passeri on February 03, 2026, 11:02:03 PMIf you are not already using ZFS then consider seriously a reinstallation to employ it, before other work.
I had bought a second machine to operate as backup, it has two nvme drive. I may get it up and running first. Switch to that one, see if I can install second drive into first one.
#9
General Discussion / Re: [Solved] Mark a topic Solv...
Last post by stanps - Today at 01:32:12 AMLOL I never would have figured that out on my own. THANK you!
#10
25.7, 25.10 Series / Automating DHCP static leases ...
Last post by aiwa00 - Today at 01:21:03 AMI'm building a lab automation pipeline and need to provision OPNsense 25.7 unattended. My goal is to manage DHCP static mappings via an API. I've enabled the API and checked the official documentation, but I can't find a core endpoint for dhcpd static leases.
Is there a supported, API-driven method for managing DHCP static leases in the current version that I've missed? If not, is this functionality on the roadmap for the official API?
Is there a supported, API-driven method for managing DHCP static leases in the current version that I've missed? If not, is this functionality on the roadmap for the official API?
